[DRE-maint] Bug#448639: +1 for /usr/local
Adam Jacob
adam at opscode.com
Sun Aug 29 05:20:07 UTC 2010
On Aug 28, 2010, at 6:26 PM, Daigo Moriwaki <daigo at debian.org> wrote:
> I have little idea on CPAN or pypi culture. Are unsigned packages (i.e. no
> infrastructure checking packages consistency) common on CPAN or pypi? Don't CPAN
> or pypi users have no security concern?
They do not have any kind of signing, as far as I know. In all cases, they have basic security schemes primarily at the point at which maintainers upload packages.
When end users install a gem, they take the responsibility for understanding the contents. It truly is no different than installing a source tarball in that regard.
Thank you for being open minded and willing to engage on this topic, Daigo, and for the work you put in to making ruby work well on debian.
Adam
More information about the Pkg-ruby-extras-maintainers
mailing list