Hi Nick, You are right. Thanks for pointing this!
On Tue, Jan 18, 2011 at 01:01, Nick Quaranto <[email protected]> wrote: > I'm not sure what to do about the cert stuff, but we do need OpenSSL > as a dependency since `gem push`, `gem owner`, and the like use SSL to > talk to rubygems.org. Unless if you prefer your passwords sent in the > clear. :) I wrote too much. Sorry. I should have written; - It's the only reason why rubygems depends on openssl *by default*, even if user doesn't want to use its feature. With removing 'cert' command, *some features of* rubygems gets openss free. Users who want to push gem still needs openssl. And users who adds 'https://rubygems.org/' like me needs openssl to scan the central repository. *For me*, it's more important that rubygems tries to require 'openssl' only when it's really needed, not by default. I know current rubygems doesn't depends on openssl. It works even if there's no openssl installed but this hidden dependency makes it harder for jruby to reduce startup time. Of course it's jruby and jruby-ossl issue and it's not a point of my proposal. If rubygems really has an openssl dependency, it's OK. Please consider other points I wrote regardless of this point. :) Regards, // NaHi _______________________________________________ Rubygems-developers mailing list http://rubyforge.org/projects/rubygems [email protected] http://rubyforge.org/mailman/listinfo/rubygems-developers
