Skip to content

Improve security for the rubygems on GitHub with https instead of git#133

Open
kamataryo wants to merge 1 commit intotimwaters:masterfrom
kamataryo:master
Open

Improve security for the rubygems on GitHub with https instead of git#133
kamataryo wants to merge 1 commit intotimwaters:masterfrom
kamataryo:master

Conversation

@kamataryo
Copy link
Contributor

@kamataryo kamataryo commented Aug 26, 2017

Hi, Tim,

When installing the rubygems on GitHub, three of them raise warnings.

This looks to be a feature of bundler >=1.13.0.
https://github.com/bundler/bundler/blob/1-13-stable/lib/bundler/dsl.rb#L268..L273

This PR declares usage of https, remove the warnings and improve users security.

vagrant@vagrant-ubuntu-trusty-64:/srv/mapwarper$ bundle install
The git source `git://github.com/timwaters/audited.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
The git source `git://github.com/timwaters/actionpack-action_caching.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
The git source `git://github.com/rails-api/active_model_serializers.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
Fetching gem metadata from https://rubygems.org/.........

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kamataryo