On Jan 17, 2011, at 5:23 PM, Hiroshi Nakamura wrote: > Hi Nick, > > You are right. Thanks for pointing this! > > On Tue, Jan 18, 2011 at 01:01, Nick Quaranto <n...@quaran.to> wrote: >> I'm not sure what to do about the cert stuff, but we do need OpenSSL >> as a dependency since `gem push`, `gem owner`, and the like use SSL to >> talk to rubygems.org. Unless if you prefer your passwords sent in the >> clear. :) > > I wrote too much. Sorry. I should have written; > > - It's the only reason why rubygems depends on openssl *by default*, > even if user doesn't want to use its feature. With removing 'cert' > command, *some features of* rubygems gets openss free. > > Users who want to push gem still needs openssl. And users who adds > 'https://rubygems.org/' like me needs openssl to scan the central > repository. > > *For me*, it's more important that rubygems tries to require 'openssl' > only when it's really needed, not by default. I know current rubygems > doesn't depends on openssl. It works even if there's no openssl > installed but this hidden dependency makes it harder for jruby to > reduce startup time.
i think i already did this in the rubygems repo, didn't i? > > Of course it's jruby and jruby-ossl issue and it's not a point of my > proposal. If rubygems really has an openssl dependency, it's OK. > Please consider other points I wrote regardless of this point. :) > > Regards, > // NaHi > _______________________________________________ > Rubygems-developers mailing list > http://rubyforge.org/projects/rubygems > Rubygems-developers@rubyforge.org > http://rubyforge.org/mailman/listinfo/rubygems-developers _______________________________________________ Rubygems-developers mailing list http://rubyforge.org/projects/rubygems Rubygems-developers@rubyforge.org http://rubyforge.org/mailman/listinfo/rubygems-developers
