I'm assuming this is just one of many different efforts to cryptographically protect gems, right? It's phrased as if this was the de facto standard way to do it, but this is the first I've heard of it. Or does waxseal just automate something RubyGems already does?

Looks like it's just adding convenience to built-in RubyGems signing.

Relevant lines:

https://github.com/steakknife/waxseal/blob/master/bin/waxsea... (generates the signature using "gem cert --build ...")

https://github.com/steakknife/waxseal/blob/master/bin/waxsea... (modifies your gemspec file to include the signing key and cert)

The readme barely says what it is and what it does.

Something something signing gems.

It's a good idea, but wow, super thin on documentation.

If rubygems would sign the gems themselves it would already be an improvement (and rubygems the library check for it). It would make distribution of the gems to third-party for mirroring or over http possible.