Do you ever stop and wonder if the library you’re about to “gem install” is safe? Have you thought about what’s the worst that could happen by using a gem? Today, I (yes, yours truly) explore those questions in a talk I gave a RuLu this summer.
What’s the worst that could happen if your app has a dependency on a malicious gem? How easy would it be to write a gem that could compromise a box?
Much of the Ruby community blindly trusts our gems. This talk will make you second guess that trust. It will also show you how to vet gems that you do choose to use.