theartisan changed the topic of #rubygems-trust to: Current Status: drafting requirements. please leave comments on http://goo.gl/ybFIO :: Logs at http://irclog.whitequark.org/rubygems-trust
billdingo is now known as billdingo-afk
qmx|away is now known as qmx
davidbalber|away is now known as davidbalbert
qmx is now known as qmx|away
davidbalbert is now known as davidbalber|away
lmarburger has quit [Ping timeout: 256 seconds]
lmarburger has joined #rubygems-trust
yorickpeterse has joined #rubygems-trust
<yorickpeterse> So what's the status of the whole debate? I've been out for a bit but it seems no real progress has been made
sj26 has quit [Ping timeout: 276 seconds]
sj26 has joined #rubygems-trust
billdingo-afk is now known as billdingo
<theartisan> yorickpeterse: http://goo.gl/ybFIO
<yorickpeterse> Is that the Rubygems requirements doc? I read that like 2 weeks ago
<yorickpeterse> Yeah seems so
<theartisan> yeah, and raggi is looking into https://www.updateframework.com
<yorickpeterse> So with Bundler adopting signing, wouldn't it be easier to fix the current system?
<theartisan> im not sure where they are on that though.
<yorickpeterse> As in, encrypt stuff, unfuck it in the Gemspec and distribute it in an easier way
<yorickpeterse> (stuff being the keys)
* yorickpeterse probably isn't making a lot of sense
<dstufft> MediumSecurity allows the use of unsigned gems, but if a gem is signed, it makes sure the signature is valid and also has a proper certificate chain. :V
<dstufft> yorickpeterse: gem signing is nice and all, but actually signing and verifying signatures isn't all that useful
<dstufft> Not unless it's backed by a sane trust model
<dstufft> And the UX on that bundler one is _horrible_
<dstufft> the vast bulk of people will not run even MediumSecurity becasue it's annoying
<yorickpeterse> dstufft: oh, very true
qmx|away is now known as qmx
davidbalber|away is now known as davidbalbert
davidbalbert is now known as davidbalber|away
davidbalber|away is now known as davidbalbert
qmx is now known as qmx|lunch
qmx|lunch is now known as qmx
qmx is now known as qmx|lunch
raggi has left #rubygems-trust [#rubygems-trust]
billdingo is now known as billdingo-afk
billdingo-afk is now known as billdingo
qmx|lunch is now known as qmx
davidbalbert is now known as davidbalber|away
davidbalber|away is now known as davidbalbert
davidbalbert is now known as davidbalber|away
pietr0 has quit [Ping timeout: 252 seconds]
pietr0 has joined #rubygems-trust
pietr0 has quit [Ping timeout: 245 seconds]
pietr0 has joined #rubygems-trust
davidbalber|away is now known as davidbalbert
pietr0 has quit [Read error: Operation timed out]
pietr0 has joined #rubygems-trust
workmad3 has joined #rubygems-trust
qmx is now known as qmx|away
<yorickpeterse> HEY GAIS, I HAVE A GREAT IDEA
<yorickpeterse> LETS ENCRYPT GEMS USING MD5. THAT'S NOT A PROBLEM FOR INTERNAL STORAGE RIGHT? RIGHT?
<yorickpeterse> (yes caps are mandatory)
workmad3 has quit [Ping timeout: 252 seconds]
davidbalbert is now known as davidbalber|away
nirix has quit [Quit: ZNC - http://znc.in]
nirix has joined #rubygems-trust
davidbalber|away is now known as davidbalbert
davidbalbert is now known as davidbalber|away