-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix Rubygems outdated certificate #154
base: master
Are you sure you want to change the base?
Fix Rubygems outdated certificate #154
Conversation
The bundled Rubygems certificate `AddTrustExternalCARoot.pem` is outdated; replaced it with the current `GlobalSignRootCA_R3.pem`, from the Rubygems project. See: - rubygems/rubygems#4099 - rubygems/rubygems#4100 - https://github.com/rubygems/rubygems/blob/master/lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA_R3.pem
366f6c5
to
440cf89
Compare
Rebased - my fork |
Where am I supposed to replace. |
This issue is affecting me too. Looks like since the checks have all failed that this merge has been put on hold. |
There are multiple issues in the current master branch, that I've all fixed in several PRs, however, the repository is effectively abandondoned, and the maintainer is ignoring people's contributions. I'm planning to create a fixed fork, but I don't have currently the resources. |
@saveriomiroddi Thanks for the update. I have been trying to get the michaeltelford/broken_link_finder gem into a binary for a box that I do not have root on, but I think that am running into multiple issues. |
In order to get a working version, fork my repository, and merge all the branches corresponding to the open PRs. You should get a working version. I can't guarantee 100% it works because a month passed since when I opened the PRs. But a month ago the project was building! 😄 |
Seems this is not the only project to make Ruby programs easy to install that is facing the issue of maintainability. In searching for other alternatives I found Traveling Ruby and then a blog post by the maintainer about its future. After reading the blog post I am first surprised that two programmer manage to mostly single handed to get two projects to make Ruby programs easier to install up and running. But I am not surprised that they are having a hard time maintaining them and keeping up with the steady march in software technology. Looks like a team of maintainers and sponsorship will be needed to keep one afloat. |
It's important to separate the theoretical aspect from the concrete one. It's absolutely true that open source maintainers owe nothing to the users, so if they struggle to maintain, they are entitled to stop the project maintenance cold feet. On the other hand though, it's disrespectful towards the users not to make it clear that a project is abandoned, for two reasons:
Another additional problem is that the reference, broken, project will divert attention from the fixed forks. It takes a couple of clicks to make a project read-only, so there's no excuse for not doing it. I'm a maintainer myself, not only a user, so I'm familiar with maintenance conduct. |
@saveriomiroddi I agree whole heartily with you. I too am a maintainer of projects and have had to abandon them. I always try to find someone to maintain them if there seems to be a number of users but I alway archive the project if it is done. I have run into this before. Now I try to check what the last commit to a project is before looking to use it. Also a look at the issue queue give a good feel for a projects health. |
The bundled Rubygems certificate
AddTrustExternalCARoot.pem
is outdated; replaced it with the currentGlobalSignRootCA_R3.pem
, from the Rubygems project.See:
Closes #141.