Project

github-safegem

0.01
Repository is archived
No commit activity in last 3 years
No release in over 3 years
github-safegemgithub/safegemHomepageDocumentationSource Code
GitHub's safe gem eval web service
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
32,760
Stars
14
Forks
7
Watchers
13
 Releases
Current version
0.2.10
Total releases
12
First release
2009-02-10
Latest release
2009-04-08
 Development
Primary Language
Ruby
Average date of last 50 commits
2009-05-05
Reverse Dependencies
0

 Dependencies

Runtime

json
>= 1.1.3
sinatra
>= 0.9.1.1
thin
>= 1.0.0
 Project Readme
NOTE: This repository is no longer supported or updated by GitHub. If you wish to continue to develop this code yourself, we recommend you fork it.

SafeGem: GitHub's Safe Gem Eval Web Service
-------------------------------------------

Help make GitHub's gem build process more secure and robust!

SafeGem is a Sinatra app that safely converts Ruby gemspecs into YAML gemspecs.

It works as follows:

1) Receives a request with the repo location and the ruby gemspec
2) Returns immediately and schedules the following via EM.defer:

1) Makes a shallow clone of the repo and chdir's to that repo
2) Evals the spec in a separate thread with a higher $SAFE level
3) Converts spec to YAML
4) Posts the YAML to the specified callback

Goals
-----
* Lower the $SAFE level to allow methods like Dir.glob, but without compromising security.