Issue #9439 has been updated by Usaku NAKAMURA.


I would like to clarify the problem.

As already stated, RubyGems uses OpenSSL.
To say strictly, RubyGems uses OpenSSL for https, signing, and its verification.
Therefore, the option which we can take is as follows:
(1) Maintain the present condition. 
(2) Remove OpenSSL and RubyGems together.
(3) Prepare the alternate features of https, signing, and its verification after removing OpenSSL.
(4) Remove the dependence to these features from RubyGems after removing OpenSSL.
(5) Mixture of (3) and (4).  That is, remove the dependence to some features from RubyGems, and prepares substitutes about another features.

To my understanding, Shyouhei is taking a position on (4).
That is, changing RubyGems to use plain http in default, and write substitutes for about signing and its verification (with GPG?).

There may be also a position in which (a part of) the features which OpenSSL offers is still required as a part of Ruby, even if RubyGems sets aside.
I understand that Fabian said that the https support itself is required.

How do you think, everyone?
I am in the same position about https support as Fabian, and I think the above (2) is too much nonsense.


----------------------------------------
Feature #9439: Remove OpenSSL from stdlib
https://bugs.ruby-lang.org/issues/9439#change-44577

* Author: Zachary Scott
* Status: Open
* Priority: Normal
* Assignee: 
* Category: lib
* Target version: current: 2.2.0
----------------------------------------
Regarding [ruby-core:59943], I agree with nobu that we should remove OpenSSL from ruby.

It's become too hard to maintain, and would better serve our users to encourage the use of a different implementation.

Another benefit of removing OpenSSL is the impact backport fixes have on the release management team.

Although I haven't yet determined the extent of work required to remove it (ie: tooling, tests, etc). We can discuss them here.



-- 
http://bugs.ruby-lang.org/