Closed tiegz closed 2 years ago
Doh, forgot to merge this!
Also, good news today that Ruby is [maybe eventually] getting gem signing via sigstore as a default: https://github.com/rubygems/rfcs/pull/37
Doh, forgot to merge this!
Also, good news today that Ruby is getting gem signing via sigstore as a default soon: rubygems/rfcs#37
Thanks for the shoutout! ❤️ At this point, our RFC proposal has about as much weight as this RFC 😆 .
There's a new feature in Rubygems that lets you require MFA on privileged gem operations by setting metadata in your gemspec. Once this is pushed to Rubygems, it will enforce this flag.
It would also display the requirement on the gem page, e.g.: