[LRUG] Keeping track of new security vulnerabilities?

Joel Chippindale joel at joelchippindale.com
Mon Jun 30 01:40:46 PDT 2014


I've converted this to a pull request which adds a section the Ruby gems
guides outlining what to do if you spot a security vulnerability in your
own, or someone else's gem, see https://github.com/rubygems/guides/pull/89

I am sure that there are many LRUGers who know far more about this subject
than I do, so please feel free to suggest improvements.

J.


On 29 December 2013 08:01, Joel Chippindale <joel.chippindale at gmail.com>
wrote:

> I've opened an issue on rubygems guides suggesting that the guides include
> information about what to do if you find or fix a security problem with a
> gem, see https://github.com/rubygems/guides/issues/62
>
> Do please comment on the issue if you have views on this,
>
> J.
>
>
>
> On 26 September 2013 08:19, Joel Chippindale <joel.chippindale at gmail.com>
> wrote:
>
>>
>> On 20 September 2013 10:11, Frederick Cheung <frederick.cheung at gmail.com>
>>
>>>
>>> To turn this problem on its head, people who maintain gems: where would
>>> you submit the info that a gem has been updated with a security release?
>>> More than a few times I've found out about problems in smaller gems
>>> through twitter - hardly ideal!
>>>
>>
>> On the assumption that no one replied to Fred because no one knew what
>> the *best* way to do this was - does anyone who has tried to report a
>> vulnerability want to share their experiences (good or bad)?
>>
>> J.
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20140630/97d90e6c/attachment.htm>


More information about the Chat mailing list