1.3.0 switches meaning of source :rubygems to https?

[LeifWarner]

Same Gemfile we've always been using, w/ source :rubygems.
Been getting that deprecation warning on that for like a week or two now.
This morning things started breaking on jruby-1.6.7
https://gist.github.com/LeifWarner/5042799
A coworker fixed it by changing :rubygems to http://rubygems.org/.
I fixed it by doing a gem install jruby-openssl beforehand.

Curious that deprecation message still says:
"The source :rubygems is deprecated because HTTP requests are insecure."
and then further down it says:
"Fetching gem metadata from http://rubygems.org/"
after installing jruby-openssl, and still leaving the source as :rubygems.

[alup]

Http is deprecated but still supported. To avoid this warning message just switch to https protocol.
:rubygems points to plain http requests so it is also a bad choice.

[LeifWarner]

Just saying, Gemfiles w/ source :rubygems on jruby-1.6.7 started triggering a stacktrace and failing (see linked gist) when Bundler 1.3.0 came out. (unless jruby-openssl gem is also installed).

[alup]

Cannot reproduce it with jruby-1.7.3.

[LeifWarner]

Yes, this only affects jruby-1.6.x - jruby-1.7.x can do https w/out jruby-openssl gem, apparently.

[LeifWarner]

Not a terrible issue - trivial workaround is to change ":rubygems" to "http://rubygems.org", or just "gem install jruby-openssl" (or even upgrade to jruby 1.7) - just giving a heads-up of the change.

[LeifWarner]

Seems to fix it - thanks!