You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
GPG proved itself as notoriously unreliable tool which breaks RVM installation 2 times out of 10.
It would be nice to have any alternative verification method, like SHA sum verification or whatever, which would work each time and would provide any reliable verification method with a decent security level. Currently, we have to trust to some vague GPG keys installed from unknown server in the Internet, instead of relying on HTTPS with proven authority.
The text was updated successfully, but these errors were encountered:
@tioteath is so true. We use RVM for many years now, and the GPG part always gives you a hard time. You cannot automate RVM installation (e.g. via Ansible) in a reliable way, because 50% of time there's some issue with GPG.
No expert in packaging or security here, but since RVM is the only software I know requiring GPG for installation, I assume there's a better alternative.
GPG proved itself as notoriously unreliable tool which breaks RVM installation 2 times out of 10.
It would be nice to have any alternative verification method, like SHA sum verification or whatever, which would work each time and would provide any reliable verification method with a decent security level. Currently, we have to trust to some vague GPG keys installed from unknown server in the Internet, instead of relying on HTTPS with proven authority.
The text was updated successfully, but these errors were encountered: