This allows you to cryptographically sign ruby gems, so that a user can later verify that they've downloaded a copy that hasn't been tampered with or hacked.
When a gem is retrieved for the first time, the signing key id should be stored somewhere, so we can tell when it changes, similar to .ssh/known_hosts.
If a gem is updated in the future and the key has changed, the UI will either provide a warning or fail outright, and provide an explanation.
When a gem is retrieved for the first time, the signing key id should be stored somewhere, so we can tell when it changes, similar to .ssh/known_hosts.
If a gem is updated in the future and the key has changed, the UI will either provide a warning or fail outright, and provide an explanation.