Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add gemspec flag that requires MFA for gem privileged operations. #759

Merged
merged 2 commits into from
Jan 28, 2022

Conversation

tiegz
Copy link
Contributor

@tiegz tiegz commented Jan 13, 2022

There's a new feature in Rubygems that lets you require MFA on privileged gem operations by setting metadata in your gemspec. Once this is pushed to Rubygems, it will enforce this flag.

It would also display the requirement on the gem page, e.g.:

Screen Shot 2022-01-13 at 10 49 50 AM

Copy link
Collaborator

@jaredbeck jaredbeck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great idea. I wonder why they picked such a weird syntax for it.

@tiegz
Copy link
Contributor Author

tiegz commented Jan 28, 2022

Doh, forgot to merge this!

Also, good news today that Ruby is [maybe eventually] getting gem signing via sigstore as a default: rubygems/rfcs#37

@tiegz tiegz merged commit 0c9da9d into master Jan 28, 2022
@tiegz tiegz deleted the tiegz/require-mfa-on-gem branch January 28, 2022 15:41
@rochlefebvre
Copy link

Doh, forgot to merge this!

Also, good news today that Ruby is getting gem signing via sigstore as a default soon: rubygems/rfcs#37

Thanks for the shoutout! ❤️ At this point, our RFC proposal has about as much weight as this RFC 😆 .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants