On Aug 28, 2010, at 6:26 PM, Daigo Moriwaki <da...@debian.org> wrote: > I have little idea on CPAN or pypi culture. Are unsigned packages (i.e. no > infrastructure checking packages consistency) common on CPAN or pypi? Don't > CPAN > or pypi users have no security concern?
They do not have any kind of signing, as far as I know. In all cases, they have basic security schemes primarily at the point at which maintainers upload packages. When end users install a gem, they take the responsibility for understanding the contents. It truly is no different than installing a source tarball in that regard. Thank you for being open minded and willing to engage on this topic, Daigo, and for the work you put in to making ruby work well on debian. Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
