RubyGems.org 遭入侵

這幾天的大新聞。依照 [RubyGems 1/30/13 Incident Status] 的說明,建議各位至少先看 Notes/Important Links 段落,找到檢查自己 local 端 gems 的程式(例如:https://gist.github.com/4678189),做基本的 checksum 掃描。

另外,[Let’s figure out a way to start signing RubyGems] 這篇則倡議要對 Ruby Gems 做簽章驗證,讓我想起了之前 Arch Linux 也是過了許久才想對 packages 做全面簽章驗證…。

CC BY-SA 4.0 This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Leave a Reply

Your email address will not be published. Required fields are marked *