Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Add cryptographic signature to the gem #496
In light of the recent Rubygems security issues, I think it would be prudent to add a signature to the gem and include it in releases. This isn't something I can issue a PR for, since you (the project owner) would need to own the cert files.
The how-to is here:
While this would be a self-signed certificate, the presence of the pubkey in the canonical repo will allow people verify that the gem they installed from Rubygems (or where ever) was signed by the project maintainer, and has not been altered.