Project

General

Profile

Actions

Patch #13173

closed

Put source :rubygems url HTTP secure

Added by Benjamin Jeanjean almost 12 years ago. Updated almost 12 years ago.

Status:
Closed
Priority:
Normal
Category:
Third-party libraries
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

I've got some warnings after upgrade my Apache passenger's module to a newer version.
It seems like we now have to use HTTPS instead of HTTP in the Gemfile for "source".

I've attached a patch.


Files

source_secure.patch (322 Bytes) source_secure.patch Patch for Gemfile Benjamin Jeanjean, 2013-02-14 15:04

Related issues

Has duplicate Redmine - Feature #13254: Secure Gem-SourceClosed

Actions
Actions #1

Updated by Benjamin Jeanjean almost 12 years ago

Problem happens with gem bundler v 1.2.4
More informations here : https://github.com/ooyala/barkeep/pull/396
And the bundler commit which make the warnings : https://github.com/carlhuda/bundler/commit/fcadf1f9d2eaca9be6370dddeb78d4ca5b30bf40

Actions #2

Updated by Jean-Philippe Lang almost 12 years ago

  • Target version set to Candidate for next minor release
Actions #3

Updated by Daniel Felix almost 12 years ago

Well I would appreciate that this could get it's way in 2.3, as it is just a small change but would give a little bit more security. :-)

Actions #4

Updated by Jean-Philippe Lang almost 12 years ago

  • Category set to Third-party libraries
  • Status changed from New to Closed
  • Assignee set to Jean-Philippe Lang
  • Target version changed from Candidate for next minor release to 2.3.0

Change done.

Actions #5

Updated by Toshi MARUYAMA almost 12 years ago

  • Status changed from Closed to Reopened

r11486 roll backed http.
Why?

Actions #6

Updated by Jean-Philippe Lang almost 12 years ago

Sorry, I had to remove it when trying ruby 2.0 (cert validation error) but I didn't mean to commit it.
This error needs further investigation.

Actions #7

Updated by Toshi MARUYAMA almost 12 years ago

Jean-Philippe Lang wrote:

Sorry, I had to remove it when trying ruby 2.0 (cert validation error) but I didn't mean to commit it.

I cannot reproduce on Ruby 2.0 which installed by rvm on CentOS 6.

$ ruby --version
ruby 2.0.0p0 (2013-02-24 revision 39474) [x86_64-linux]

$ ruby script/about 
/REDMINE/hg-workdir/redmine-bb-all/lib/plugins/rfpdf/lib/tcpdf.rb:42: warning: class variable access from toplevel
/REDMINE/hg-workdir/redmine-bb-all/lib/plugins/rfpdf/lib/tcpdf.rb:43: warning: class variable access from toplevel
/REDMINE/hg-workdir/redmine-bb-all/lib/SVG/Graph/Graph.rb:3: warning: class variable access from toplevel

Environment:
  Redmine version                          2.3.0.devel
  Ruby version                             2.0.0 (x86_64-linux)
  Rails version                            3.2.12
  Environment                              production
  Database adapter                         SQLite
Redmine plugins:
  no plugin installed

Actions #8

Updated by Toshi MARUYAMA almost 12 years ago

  • Status changed from Reopened to Closed

Toshi MARUYAMA wrote:

r11486 roll backed http.

Reverted in r11487.

Actions

Also available in: Atom PDF