pmq20
Fix Rubygems outdated certificate
The bundled Rubygems certificate AddTrustExternalCARoot.pem is outdated; replaced it with the current GlobalSignRootCA_R3.pem, from the Rubygems project.
See:
- https://github.com/rubygems/rubygems/issues/4099
- https://github.com/rubygems/rubygems/pull/4100
- https://github.com/rubygems/rubygems/blob/master/lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA_R3.pem
Closes #141.
- https://github.com/rubygems/rubygems/blob/master/lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA_R3.pem
Where am I supposed to replace.
This issue is affecting me too. Looks like since the checks have all failed that this merge has been put on hold.
This issue is affecting me too. Looks like since the checks have all failed that this merge has been put on hold.
There are multiple issues in the current master branch, that I've all fixed in several PRs, however, the repository is effectively abandondoned, and the maintainer is ignoring people's contributions. I'm planning to create a fixed fork, but I don't have currently the resources.
@saveriomiroddi Thanks for the update. I have been trying to get the michaeltelford/broken_link_finder gem into a binary for a box that I do not have root on, but I think that am running into multiple issues.
@saveriomiroddi Thanks for the update. I have been trying to get the michaeltelford/broken_link_finder) gem into a binary for a box that I do not have root on, but I think that am running into multiple issues.
In order to get a working version, fork my repository, and merge all the branches corresponding to the open PRs.
You should get a working version. I can't guarantee 100% it works because a month passed since when I opened the PRs. But a month ago the project was building! :smile:
Seems this is not the only project to make Ruby programs easy to install that is facing the issue of maintainability. In searching for other alternatives I found Traveling Ruby and then a blog post by the maintainer about its future. After reading the blog post I am first surprised that two programmer manage to mostly single handed to get two projects to make Ruby programs easier to install up and running. But I am not surprised that they are having a hard time maintaining them and keeping up with the steady march in software technology. Looks like a team of maintainers and sponsorship will be needed to keep one afloat.
Seems this is not the only project to make Ruby programs easy to install that is facing the issue of maintainability. In searching for other alternatives I found Traveling Ruby and then a blog post by the maintainer about its future. After reading the blog post I am first surprised that two programmer manage to mostly single handed to get two projects to make Ruby programs easier to install up and running. But I am not surprised that they are having a hard time maintaining them and keeping up with the steady march in software technology. Looks like a team of maintainers and sponsorship will be needed to keep one afloat.
It's important to separate the theoretical aspect from the concrete one.
It's absolutely true that open source maintainers owe nothing to the users, so if they struggle to maintain, they are entitled to stop the project maintenance cold feet.
On the other hand though, it's disrespectful towards the users not to make it clear that a project is abandoned, for two reasons:
- users waste their time thinking that a project works, while it's broken;
- even worse, developers may spend their time fixing the issues, and have their contributions ignored.
Another additional problem is that the reference, broken, project will divert attention from the fixed forks.
It takes a couple of clicks to make a project read-only, so there's no excuse for not doing it.
I'm a maintainer myself, not only a user, so I'm familiar with maintenance conduct.
@saveriomiroddi I agree whole heartily with you. I too am a maintainer of projects and have had to abandon them. I always try to find someone to maintain them if there seems to be a number of users but I alway archive the project if it is done. I have run into this before. Now I try to check what the last commit to a project is before looking to use it. Also a look at the issue queue give a good feel for a projects health.