[#90399] [Ruby trunk Feature#14813] [PATCH] gc.c: make gc_enter+gc_exit pairs dtrace probes, too — ko1@...
Issue #14813 has been updated by ko1 (Koichi Sasada).
3 messages
2018/12/10
[#90417] [Ruby trunk Bug#15398] TestThread#test_signal_at_join fails on FreeBSD — naruse@...
Issue #15398 has been reported by naruse (Yui NARUSE).
4 messages
2018/12/11
[#90423] Re: [Ruby trunk Bug#15398] TestThread#test_signal_at_join fails on FreeBSD
— Eric Wong <normalperson@...>
2018/12/11
[email protected] wrote:
[#90519] Spoofing warnings for mail from bugs.ruby-lang.org — Charles Oliver Nutter <headius@...>
I'm getting a spoofing warning for emails sent from bugs.ruby-lang.org when
4 messages
2018/12/13
[#90522] Re: Spoofing warnings for mail from bugs.ruby-lang.org
— Eric Wong <normalperson@...>
2018/12/13
Charles Oliver Nutter <[email protected]> wrote:
[#90533] [Ruby trunk Feature#15413] unmarkable C stack (3rd stack) — normalperson@...
Issue #15413 has been reported by normalperson (Eric Wong).
3 messages
2018/12/14
[#90581] [Ruby trunk Bug#15424] Ruby 2.6.0rc1 & 2.6.0rc2 mutex exception — mat999@...
Issue #15424 has been reported by splitice (Mathew Heard).
3 messages
2018/12/17
[#90595] [Ruby trunk Bug#15430] test_fork_while_parent_locked is failing status on Ruby CI — hsbt@...
Issue #15430 has been reported by hsbt (Hiroshi SHIBATA).
3 messages
2018/12/18
[#90614] [Ruby trunk Bug#15430][Assigned] test_fork_while_parent_locked is failing status on Ruby CI — hsbt@...
Issue #15430 has been updated by hsbt (Hiroshi SHIBATA).
4 messages
2018/12/19
[#90630] Re: [Ruby trunk Bug#15430][Assigned] test_fork_while_parent_locked is failing status on Ruby CI
— Eric Wong <normalperson@...>
2018/12/20
> It still exists. https://rubyci.org/logs/rubyci.s3.amazonaws.com/centos7/ruby-trunk/log/20181218T230003Z.fail.html.gz
[#90820] Re: [ruby-cvs:73697] k0kubun:r66593 (trunk): accept_nonblock_spec.rb: skip spurious failure — Eric Wong <normalperson@...>
[email protected] wrote:
3 messages
2018/12/30
[ruby-core:90596] Re: Suggestion for gem verification
From:
"Urabe, Shyouhei" <shyouhei@...>
Date:
2018-12-18 03:59:07 UTC
List:
ruby-core #90596
JFYI Rubygems packages can be signed. See also: https://guides.rubygems.org/security/ On Mon, Dec 17, 2018 at 10:18 PM <[email protected]> wrote: > > > Hello > > Many OpenBSD, BSD-license inventions have become adopted elsewhere. Examples: > SSH - everywhere > PF firewall - MacOS, iOS, FreeBSD > LibreSSL - Alpine Linux > dhclient - many Linux distros > sudo - many Linux distros, MacOS > > One that has had perhaps less attention is 'signify'. > It is similar to gpgv but probably simpler, with a BSD license. > > At present the security of Ruby gems depends 100% on HTTPS and the integrity of > the servers that run rubygems.org. So it requires alot of trust. > > However, with signify, you would only have to trust the developer, after a > trust-on-first-use model. Or signify public keys could be downloaded via the OS > package manager, for example. > > All major operating systems nowadays use cryptographic signatures for package > verification. Perhaps Ruby should be leading the way for package managers of > scripting languages? > The enterprise may find this appealing too. > > A few ports of signify are available on a few Linux distributions. Admittedly, > I don't know how much work it would take to make a highly portable port. > > You can read the introduction to signify here: > https://www.openbsd.org/papers/bsdcan-signify.html > > > Unsubscribe: <mailto:[email protected]?subject=unsubscribe> > <http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core> Unsubscribe: <mailto:[email protected]?subject=unsubscribe> <http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>