Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve security for the rubygems on GitHub with https instead of git #133

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

kamataryo
Copy link
Contributor

Hi, Tim,

When installing the rubygems on GitHub, three of them raise warnings.

This looks to be a feature of bundler >=1.13.0.
https://github.com/bundler/bundler/blob/1-13-stable/lib/bundler/dsl.rb#L268..L273

This PR declares usage of https, remove the warnings and improve users security.

vagrant@vagrant-ubuntu-trusty-64:/srv/mapwarper$ bundle install
The git source `git://github.com/timwaters/audited.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
The git source `git://github.com/timwaters/actionpack-action_caching.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
The git source `git://github.com/rails-api/active_model_serializers.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
Fetching gem metadata from https://rubygems.org/.........

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant