[Catalog-sig] RubyGems Threat Model and Requirements
Nick Coghlan
ncoghlan at gmail.com
Tue Feb 12 08:57:02 CET 2013
On Tue, Feb 12, 2013 at 10:39 AM, Donald von Stufft
<donald.stufft at gmail.com> wrote:
> The folks on the ruby side of things who are dealing with a lot of
> the same problems as Python/PyPI is have put together a document
> containing a threat model and requirements of the system. While the
> terminology is obviously ruby specific the concepts all apply to us.
>
> The document can be found here: http://goo.gl/ybFIO
>
> Further more since both languages are trying to solve the same problem
> it would probably be a really good idea to join forces and hash out a system
> and then diverge to actually implement it instead of both languages having
> the same conversations in parallel.
Thanks for posting this Donald - I was just coming to post it myself
after it was initially published earlier today (Kurt grabbed me on IRC
yesterday and suggested I have a look once he found out I had some
involvement with PyPI security discussions).
For Giovanni and others, this is the kind of high level "so what
problem are we actually trying to solve?" thinking that I believe is
needed before we rush off to devise tactical solutions to strategic
problems (there *are* plenty of tactical problems that need to be
addressed as well, we just need to make sure we distinguish between
the two).
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Catalog-SIG
mailing list