GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Already on GitHub? Sign in to your account
Same Gemfile we've always been using, w/ source :rubygems.
Been getting that deprecation warning on that for like a week or two now.
This morning things started breaking on jruby-1.6.7
A coworker fixed it by changing :rubygems to http://rubygems.org/.
I fixed it by doing a gem install jruby-openssl beforehand.
gem install jruby-openssl
Curious that deprecation message still says:
"The source :rubygems is deprecated because HTTP requests are insecure."
and then further down it says:
"Fetching gem metadata from http://rubygems.org/"
after installing jruby-openssl, and still leaving the source as :rubygems.
Http is deprecated but still supported. To avoid this warning message just switch to https protocol.
:rubygems points to plain http requests so it is also a bad choice.
Just saying, Gemfiles w/ source :rubygems on jruby-1.6.7 started triggering a stacktrace and failing (see linked gist) when Bundler 1.3.0 came out. (unless jruby-openssl gem is also installed).
Cannot reproduce it with jruby-1.7.3.
Yes, this only affects jruby-1.6.x - jruby-1.7.x can do https w/out jruby-openssl gem, apparently.
Not a terrible issue - trivial workaround is to change ":rubygems" to "http://rubygems.org", or just "gem install jruby-openssl" (or even upgrade to jruby 1.7) - just giving a heads-up of the change.
Seems to fix it - thanks!