From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mongrel-unicorn-bounces@rubyforge.org>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN: AS33070 50.56.128.0/17
X-Spam-Status: No, score=-0.2 required=5.0 tests=AWL shortcircuit=no
 autolearn=unavailable version=3.3.2
X-Original-To: archivist@yhbt.net
Delivered-To: archivist@dcvr.yhbt.net
Received: from rubyforge.org (50-56-192-79.static.cloud-ips.com
 [50.56.192.79]) by dcvr.yhbt.net (Postfix) with ESMTP id AAAEB44C001 for
 <archivist@yhbt.net>; Mon, 11 Mar 2013 22:55:59 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1]) by rubyforge.org
 (Postfix) with ESMTP id 7E3882E099; Mon, 11 Mar 2013 22:56:00 +0000 (UTC)
X-Original-To: mongrel-unicorn@rubyforge.org
Delivered-To: mongrel-unicorn@rubyforge.org
Received: from dcvr.yhbt.net (dcvr.yhbt.net [64.71.152.64]) by rubyforge.org
 (Postfix) with ESMTP id 805FE2E099 for <mongrel-unicorn@rubyforge.org>; Mon,
 11 Mar 2013 22:48:14 +0000 (UTC)
Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net
 (Postfix) with ESMTP id 30F9844C001; Mon, 11 Mar 2013 22:48:12 +0000 (UTC)
Date: Mon, 11 Mar 2013 22:48:12 +0000
From: Eric Wong <normalperson@yhbt.net>
To: unicorn list <mongrel-unicorn@rubyforge.org>
Subject: Re: Signing the gem with a PGP key
Message-ID: <20130311224812.GA26407@dcvr.yhbt.net>
References:
 <CAM3ce8Hmmz_Hi_a96QxG7mJUjoARu3FmNkTYEir2pjhdDUYANQ@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To:
 <CAM3ce8Hmmz_Hi_a96QxG7mJUjoARu3FmNkTYEir2pjhdDUYANQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-BeenThere: mongrel-unicorn@rubyforge.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <unicorn-public@bogomips.org>
List-Unsubscribe: <http://rubyforge.org/mailman/options/mongrel-unicorn>,
 <mailto:mongrel-unicorn-request@rubyforge.org?subject=unsubscribe>
List-Archive: <http://rubyforge.org/pipermail/mongrel-unicorn>
List-Post: <unicorn-public@bogomips.org>
List-Help: <mailto:mongrel-unicorn-request@rubyforge.org?subject=help>
List-Subscribe: <http://rubyforge.org/mailman/listinfo/mongrel-unicorn>,
 <mailto:mongrel-unicorn-request@rubyforge.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: mongrel-unicorn-bounces@rubyforge.org
Errors-To: mongrel-unicorn-bounces@rubyforge.org

Hongli Lai <hongli@phusion.nl> wrote:
> After the recent Rubygems.org hack it became clear that somethings
> needs to be done about authenticating gems. One of the efforts that
> was launched is http://www.rubygems-openpgp-ca.org/. We at Phusion
> have just finished signing all our gems and repositories with our PGP
> key, and our PGP key has been verified and signed by this CA.
> 
> It would be great if Unicorn can participate as well by signing future
> releases. If you already use GnuPG then the process is extremely
> straightforward.

Can we designate gems be signed by a trusted third party (e.g. you?)
That's how Debian (and presumably other OS distros work).

_Nobody_ should trust me.  I have and maintain zero credibility.
The only credibility any unicorn has is what its users give it.
_______________________________________________
Unicorn mailing list - mongrel-unicorn@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-unicorn
Do not quote signatures (like this one) or top post when replying