Maciej Mensfeld chce zrobić o tym prezentację
OSS supply chain security for Ruby
Ruby gems aren't fundamentally safe. Several gems were infected last year, and constant attempts are being made to do the same with others. It's not only the execution that is a problem but the installation process as well.
Are there any ways for OSS users to regain control over what is being executed on their machines and their servers? Are there any ways for libraries maintainers to provide higher transparency over what they ship? Come, find out and let's exploit the Ruby gems world together!