#rubygems on 2019-05-22 — irc logs at freenode.irclog.whitequark.org

00:14 houhoulis has quit [Ping timeout: 272 seconds]

01:59 houhoulis has joined #rubygems

02:14 houhoulis has quit [Ping timeout: 258 seconds]

02:19 houhoulis has joined #rubygems

02:24 houhoulis has quit [Ping timeout: 248 seconds]

02:24 houhoulis has joined #rubygems

03:27 houhoulis has quit [Remote host closed the connection]

10:21 _whitelogger has joined #rubygems

17:37 tubbo has joined #rubygems

17:37 <tubbo> hi folks...i'm having a bit of trouble understanding the idea behind signed gems.

17:37 <tubbo> reading a few different articles, it seems the solution is kinda haphazard and no one can agree on what we should be doing

17:38 <tubbo> mostly looking thru https://guides.rubygems.org/security/ and the rubygems-trust repo

18:17 <havenwood> tubbo: It's easy to check signatures with -P/--trust-policy but most gems aren't signed and most folk aren't checking signatures.

18:17 <havenwood> tubbo: I think the best path forward if we want to improve is to pick up the work on TUF: https://github.com/rubygems/rubygems/pull/719

19:21 tubbo has quit [Ping timeout: 268 seconds]

23:28 darix has quit [Quit: may the packets be with you...]

23:35 darix has joined #rubygems