[#92063] [Ruby trunk Misc#15723] Reconsider numbered parameters — zverok.offline@...
Issue #15723 has been updated by zverok (Victor Shepelev).
3 messages
2019/03/31
[ruby-core:91847] [Ruby trunk Bug#15384] ssl_certs are duplicated in RubyGems and Bundler
From:
v.ondruch@...
Date:
2019-03-15 10:15:08 UTC
List:
ruby-core #91847
Issue #15384 has been updated by vo.x (Vit Ondruch). vo.x (Vit Ondruch) wrote: > Is the patch correct? Will it work when RubyGems are updated via `gem update --system`? I have not tested it, just wondering ... `Gem::RUBYGEMS_DIR` should be probably used to initialize the `rubygems_certs_dir` https://github.com/rubygems/rubygems/blob/master/lib/rubygems.rb#L116 ---------------------------------------- Bug #15384: ssl_certs are duplicated in RubyGems and Bundler https://bugs.ruby-lang.org/issues/15384#change-77118 * Author: vo.x (Vit Ondruch) * Status: Assigned * Priority: Normal * Assignee: hsbt (Hiroshi SHIBATA) * Target version: * ruby -v: ruby 2.6.0dev (2018-11-29 trunk 66092) [x86_64-linux] * Backport: 2.4: UNKNOWN, 2.5: UNKNOWN ---------------------------------------- It is pity that the same ssl_certs are shipped on multiple places, once as part of RubyGems and the other set as part of Bundler. This makes the security review much harder (actually, in Fedora/RHEL packages, we are not supposed to ship any certificates, so it makes it harder to remove them). Therefore, please ship just one copy of the certificates if really necessary (it should not be necessary on properly maintained systems). ---Files-------------------------------- unify-certification-bundler.patch (14.3 KB) -- https://bugs.ruby-lang.org/ Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe> <http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>