Issue #9439 has been updated by Sam Kottler.


Shyouhei Urabe wrote:
> > All what gem need is the digital sigunature.
> 
> To be precise it only needs to verify signatures.  Signing itself can be done using other tools, like gpg(1).

Not really. GPG implementations are platform specific and require a higher level of end-user involvement than just plain SSL. Additionally, we need a way to handle secure public-key delivery and SSL is simply the most simple, and bulletproof way to do that.

----------------------------------------
Feature #9439: Remove OpenSSL from stdlib
https://bugs.ruby-lang.org/issues/9439#change-44525

* Author: Zachary Scott
* Status: Open
* Priority: Normal
* Assignee: 
* Category: lib
* Target version: current: 2.2.0
----------------------------------------
Regarding [ruby-core:59943], I agree with nobu that we should remove OpenSSL from ruby.

It's become too hard to maintain, and would better serve our users to encourage the use of a different implementation.

Another benefit of removing OpenSSL is the impact backport fixes have on the release management team.

Although I haven't yet determined the extent of work required to remove it (ie: tooling, tests, etc). We can discuss them here.



-- 
http://bugs.ruby-lang.org/