Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Rubygems outdated certificate #154

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

64kramsystem
Copy link
Contributor

The bundled Rubygems certificate `AddTrustExternalCARoot.pem` is outdated; replaced it with the current `GlobalSignRootCA_R3.pem`, from the Rubygems project.

See:

- rubygems/rubygems#4099
- rubygems/rubygems#4100
- https://github.com/rubygems/rubygems/blob/master/lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA_R3.pem
@64kramsystem 64kramsystem force-pushed the sav/fix_rubygems_outdated_certificate branch from 366f6c5 to 440cf89 Compare February 17, 2021 11:28
@64kramsystem
Copy link
Contributor Author

Rebased - my fork master branch was old.

@tasdendu
Copy link

@frederickjh
Copy link

This issue is affecting me too. Looks like since the checks have all failed that this merge has been put on hold.

@64kramsystem
Copy link
Contributor Author

64kramsystem commented Mar 23, 2021

This issue is affecting me too. Looks like since the checks have all failed that this merge has been put on hold.

There are multiple issues in the current master branch, that I've all fixed in several PRs, however, the repository is effectively abandondoned, and the maintainer is ignoring people's contributions. I'm planning to create a fixed fork, but I don't have currently the resources.

@frederickjh
Copy link

frederickjh commented Mar 23, 2021

@saveriomiroddi Thanks for the update. I have been trying to get the michaeltelford/broken_link_finder gem into a binary for a box that I do not have root on, but I think that am running into multiple issues.

@64kramsystem
Copy link
Contributor Author

@saveriomiroddi Thanks for the update. I have been trying to get the michaeltelford/broken_link_finder) gem into a binary for a box that I do not have root on, but I think that am running into multiple issues.

In order to get a working version, fork my repository, and merge all the branches corresponding to the open PRs.

You should get a working version. I can't guarantee 100% it works because a month passed since when I opened the PRs. But a month ago the project was building! 😄

@frederickjh
Copy link

Seems this is not the only project to make Ruby programs easy to install that is facing the issue of maintainability. In searching for other alternatives I found Traveling Ruby and then a blog post by the maintainer about its future. After reading the blog post I am first surprised that two programmer manage to mostly single handed to get two projects to make Ruby programs easier to install up and running. But I am not surprised that they are having a hard time maintaining them and keeping up with the steady march in software technology. Looks like a team of maintainers and sponsorship will be needed to keep one afloat.

@64kramsystem
Copy link
Contributor Author

64kramsystem commented May 30, 2021

Seems this is not the only project to make Ruby programs easy to install that is facing the issue of maintainability. In searching for other alternatives I found Traveling Ruby and then a blog post by the maintainer about its future. After reading the blog post I am first surprised that two programmer manage to mostly single handed to get two projects to make Ruby programs easier to install up and running. But I am not surprised that they are having a hard time maintaining them and keeping up with the steady march in software technology. Looks like a team of maintainers and sponsorship will be needed to keep one afloat.

It's important to separate the theoretical aspect from the concrete one.

It's absolutely true that open source maintainers owe nothing to the users, so if they struggle to maintain, they are entitled to stop the project maintenance cold feet.

On the other hand though, it's disrespectful towards the users not to make it clear that a project is abandoned, for two reasons:

  1. users waste their time thinking that a project works, while it's broken;
  2. even worse, developers may spend their time fixing the issues, and have their contributions ignored.

Another additional problem is that the reference, broken, project will divert attention from the fixed forks.

It takes a couple of clicks to make a project read-only, so there's no excuse for not doing it.

I'm a maintainer myself, not only a user, so I'm familiar with maintenance conduct.

@frederickjh
Copy link

@saveriomiroddi I agree whole heartily with you. I too am a maintainer of projects and have had to abandon them. I always try to find someone to maintain them if there seems to be a number of users but I alway archive the project if it is done. I have run into this before. Now I try to check what the last commit to a project is before looking to use it. Also a look at the issue queue give a good feel for a projects health.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

ruby-packer fails with SSL error
3 participants