Issue #15384 has been updated by vo.x (Vit Ondruch).


There is even `Gem::Request.get_cert_files`

----------------------------------------
Bug #15384: ssl_certs are duplicated in RubyGems and Bundler
https://bugs.ruby-lang.org/issues/15384#change-77119

* Author: vo.x (Vit Ondruch)
* Status: Assigned
* Priority: Normal
* Assignee: hsbt (Hiroshi SHIBATA)
* Target version: 
* ruby -v: ruby 2.6.0dev (2018-11-29 trunk 66092) [x86_64-linux]
* Backport: 2.4: UNKNOWN, 2.5: UNKNOWN
----------------------------------------
It is pity that the same ssl_certs are shipped on multiple places, once as part of RubyGems and the other set as part of Bundler. This makes the security review much harder (actually, in Fedora/RHEL packages, we are not supposed to ship any certificates, so it makes it harder to remove them).

Therefore, please ship just one copy of the certificates if really necessary (it should not be necessary on properly maintained systems).

---Files--------------------------------
unify-certification-bundler.patch (14.3 KB)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>