tiegz
commented
2 years ago Doh, forgot to merge this!
Also, good news today that Ruby is [maybe eventually] getting gem signing via sigstore as a default: https://github.com/rubygems/rfcs/pull/37
Closed tiegz closed 2 years ago
tiegz
commented
2 years ago Doh, forgot to merge this!
Also, good news today that Ruby is [maybe eventually] getting gem signing via sigstore as a default: https://github.com/rubygems/rfcs/pull/37
rochlefebvre
commented
2 years ago Doh, forgot to merge this!
Also, good news today that Ruby is getting gem signing via sigstore as a default soon: rubygems/rfcs#37
Thanks for the shoutout! ❤️ At this point, our RFC proposal has about as much weight as this RFC 😆 .
There's a new feature in Rubygems that lets you require MFA on privileged gem operations by setting metadata in your gemspec. Once this is pushed to Rubygems, it will enforce this flag.
It would also display the requirement on the gem page, e.g.: