Issue #9439 has been updated by Luis Lavena.


Shyouhei Urabe wrote:
> > All what gem need is the digital sigunature.
> 
> To be precise it only needs to verify signatures.  Signing itself can be done using other tools, like gpg(1).

That means gpg becomes an external dependency of the build/integration process.

gpg is not available in all the platforms.

There has been a bunch of research and investigation in relation to trusted RubyGems, I strongly recommend that is been analyzed prior the decision to remove such critical package like OpenSSL is made.


----------------------------------------
Feature #9439: Remove OpenSSL from stdlib
https://bugs.ruby-lang.org/issues/9439#change-44516

* Author: Zachary Scott
* Status: Open
* Priority: Normal
* Assignee: 
* Category: lib
* Target version: current: 2.2.0
----------------------------------------
Regarding [ruby-core:59943], I agree with nobu that we should remove OpenSSL from ruby.

It's become too hard to maintain, and would better serve our users to encourage the use of a different implementation.

Another benefit of removing OpenSSL is the impact backport fixes have on the release management team.

Although I haven't yet determined the extent of work required to remove it (ie: tooling, tests, etc). We can discuss them here.



-- 
http://bugs.ruby-lang.org/