Updating rubygems nothing to update

Gem signing has received some recent attention due to the breach of in January of 2013.

However, the concept of trust policies and signed gems is not a new one - rubygems itself has had the We've open-sourced a simple tool to help you determine which of your dependencies are signed and which trust policies are available to your app.

updating rubygems nothing to update-2

= 2.8 needed by rubygem-vagrant-1.7.2-7.1.x86_64 Solution 1: do not install rubygem-vagrant-1.7.2-7.1.x86_64 Solution 2: break rubygem-vagrant-1.7.2-7.1.x86_64 by ignoring some of its dependencies Choose from above solutions by number or cancel [1/2/c] (c): 1 Resolving dependencies... https://en.opensuse.org/User: Tsu2/In..SUSE_repos Then, Try again.

[email protected] ~ First make sure Ruby 2.1 is installed, have you installed the packages I describe in my Wiki? If you wish to try to continue to install using the open SUSE repos, you may need to submit a bug.

I switched to trying with the Vagrant Cent OS RPM instead. The difference and the reason is probably in there. Whether you find a certain reason or not, It'd be helpful to submit a bug report with your findings as much as you can do to https://bugzilla.

Even following your assist, TSU, the Vagrant Debian RPM continued to throw rubygem errors. You might do a quick inspection of the contents running the following command (I'd be surprised if it contains more than just the vagrant script and a manifest) and compare to the open SUSE RPM. The difference and the reason is probably in there.

This probably isn't the best use of our time - we have to iterate over all our gems, check their certificates against some trusted public authority by hand, and then find a way to get that certificate list to our staging and production hosts as well. Of these, eight are fetched directly from git (where signatures are not checked, since there's no packaged gem), eight are signed (with six different keys), and the remaining 167 are unsigned. In subsequent posts, I'll talk more about why gem signatures are useful, and about how the trust model works.

Comments