havenn has quit [Remote host closed the connection]
ereslibre has quit [Ping timeout: 256 seconds]
ereslibre has joined #rubygems
rup3rt|out is now known as rup3rt
hahuang65 has quit [Quit: Computer has gone to sleep.]
hahuang65 has joined #rubygems
hahuang65 has quit [Client Quit]
hahuang65 has joined #rubygems
Elhu has joined #rubygems
Elhu has quit [Client Quit]
hahuang65 has quit [Quit: Computer has gone to sleep.]
jeer has joined #rubygems
EmilyAFK is now known as Emily
bnzmnzhn` has quit [Ping timeout: 255 seconds]
havenn has joined #rubygems
hahuang65 has joined #rubygems
havenn has quit [Remote host closed the connection]
havenn has joined #rubygems
hahuang65 has quit [Quit: Computer has gone to sleep.]
yut148 has joined #rubygems
bnzmnzhn` has joined #rubygems
unsay has quit [Ping timeout: 245 seconds]
kgrz has quit [Quit: Computer has gone to sleep.]
greggroth has joined #rubygems
jivebot has quit [Quit: Computer has gone to sleep.]
hahuang65 has joined #rubygems
unsay has joined #rubygems
unsay has quit [Ping timeout: 252 seconds]
greggroth has quit [Quit: WeeChat 0.3.9.2]
unsay has joined #rubygems
hahuang65 has quit [Quit: Computer has gone to sleep.]
teancom has quit [Read error: Connection reset by peer]
teancom has joined #rubygems
ben_h has quit [Quit: ben_h]
onemanjujitsu has joined #rubygems
ben_h has joined #rubygems
jivebot has joined #rubygems
gmurphy has quit [Quit: Leaving]
adf has quit [Quit: Computer has gone to sleep.]
onemanjujitsu has quit [Ping timeout: 248 seconds]
werdnativ has joined #rubygems
thorncp has quit [Quit: hills]
jcaudle has joined #rubygems
stevenhaddox has joined #rubygems
imajes has quit [Excess Flood]
imajes has joined #rubygems
adf has joined #rubygems
jivebot has quit [Quit: Computer has gone to sleep.]
billyoc has joined #rubygems
onemanjujitsu has joined #rubygems
eighthbit has quit [Quit: eighthbit]
onemanjujitsu has quit [Quit: onemanjujitsu]
billyoc has quit [Remote host closed the connection]
onemanjujitsu has joined #rubygems
ctracey has quit [Ping timeout: 256 seconds]
ben_h has quit [Quit: ben_h]
ben_h has joined #rubygems
stevenhaddox has quit [Remote host closed the connection]
ctracey has joined #rubygems
hahuang65 has joined #rubygems
hahuang65 has quit [Client Quit]
onemanjujitsu has quit [Quit: onemanjujitsu]
Perceptes has quit [Quit: Leaving.]
jstr has quit [Quit: Computer has gone to sleep.]
Guest32128 has quit [Quit: Leaving...]
porkbelt has joined #rubygems
Boxcar21 has joined #rubygems
eighthbit has joined #rubygems
baburdick has quit [Ping timeout: 248 seconds]
baburdick has joined #rubygems
baburdick has quit [Ping timeout: 264 seconds]
Perceptes has joined #rubygems
baburdick has joined #rubygems
Spaceghost|work has joined #rubygems
baburdick has quit [Ping timeout: 252 seconds]
Perceptes has quit [Ping timeout: 252 seconds]
baburdick has joined #rubygems
jstr has joined #rubygems
jstr has quit [Client Quit]
baburdick has quit [Ping timeout: 248 seconds]
jstr has joined #rubygems
bnzmnzhn` has quit [Ping timeout: 252 seconds]
baburdick has joined #rubygems
aniero has left #rubygems ["Leaving..."]
baburdick has quit [Ping timeout: 264 seconds]
baburdick has joined #rubygems
fromonesrc has quit [Quit: fromonesrc]
baburdick has quit [Ping timeout: 264 seconds]
baburdick has joined #rubygems
mockra has joined #rubygems
mockra has quit [Remote host closed the connection]
baburdick has quit [Ping timeout: 252 seconds]
baburdick has joined #rubygems
imajes has quit [Excess Flood]
imajes has joined #rubygems
ben_h has quit [Quit: ben_h]
baburdick has quit [Ping timeout: 248 seconds]
baburdick has joined #rubygems
andrewhubbs has quit [Quit: Leaving.]
baburdick has quit [Ping timeout: 248 seconds]
Boxcar21 has quit [Quit: Leaving...]
vertis has quit [Ping timeout: 252 seconds]
Spaceghost|work has quit [Remote host closed the connection]
baburdick has joined #rubygems
baburdick has quit [Ping timeout: 248 seconds]
baburdick has joined #rubygems
jcaudle has left #rubygems [#rubygems]
bnzmnzhn` has joined #rubygems
bnzmnzhn` has quit [Ping timeout: 252 seconds]
andrewhubbs has joined #rubygems
backjlack has joined #rubygems
backjlack has left #rubygems [#rubygems]
Perceptes has joined #rubygems
andrewhubbs has quit [Ping timeout: 276 seconds]
jigfox has joined #rubygems
_br_ has quit [Excess Flood]
eighthbit has quit [Quit: eighthbit]
_br_ has joined #rubygems
imajes has quit [Excess Flood]
imajes has joined #rubygems
mockra has joined #rubygems
mockra has quit [Ping timeout: 255 seconds]
Boxcar21 has joined #rubygems
osaut has joined #rubygems
jigfox has quit [Quit: jigfox]
lsegal has quit [Quit: Quit: Quit: Quit: Stack Overflow.]
jigfox has joined #rubygems
jigfox has quit [Client Quit]
Elhu has joined #rubygems
craigmcnamara has quit [Quit: craigmcnamara]
andrewhubbs has joined #rubygems
jstr has quit [Quit: Leaving.]
andrewhubbs has quit [Ping timeout: 248 seconds]
imajes has quit [Excess Flood]
workmad3 has joined #rubygems
imajes has joined #rubygems
Elhu has quit [Quit: Computer has gone to sleep.]
gdott8 has joined #rubygems
Boxcar21 has quit [Quit: Leaving...]
workmad3 has quit [Ping timeout: 264 seconds]
Elhu has joined #rubygems
vertis has joined #rubygems
jigfox has joined #rubygems
Hypn has joined #rubygems
Egbrt has joined #rubygems
Elhu has quit [Quit: Computer has gone to sleep.]
<yorickpeterse>
Morning
johndouthat has quit [Quit: johndouthat]
Emily is now known as EmilyAFK
EmilyAFK is now known as Emily
kseifried has quit [Ping timeout: 245 seconds]
KewinWang has joined #rubygems
andrewhubbs has joined #rubygems
andrewhubbs has quit [Ping timeout: 246 seconds]
imajes has quit [Excess Flood]
imajes has joined #rubygems
Plume has joined #rubygems
kek has joined #rubygems
kek has quit [Client Quit]
adf has quit [Quit: Computer has gone to sleep.]
jigfox has quit [Quit: jigfox]
jigfox has joined #rubygems
gibsop1 has joined #rubygems
<gibsop1>
Can anyone confirm if the rubygems.org ssl cert has changed in the last couple of days? We seem to get ssl errors when using https://rubygems.org as the cert seems to be wildcarded on *.rubygems.org
Elhu has joined #rubygems
zai has joined #rubygems
<yorickpeterse>
it changed over the weekend I believe
unsay has quit [Ping timeout: 276 seconds]
<gibsop1>
Thanks yorickpeterse, do you know if they moved from an explicit rubygems.org cert to a *.rubygems.org cert? Openssl doesn't like to verify rubygems.org against the *.rubygems.org cert
<yorickpeterse>
I'm not sure but I remember some of the Rubygems folks talking about it
<yorickpeterse>
At least Chrome considers it valid for me
<gibsop1>
Yes Chrome does for me too, which logically seems sane to me, just openssl being a pain, yet this defo has changed for us since Friday, cheers for your help
jesser has quit [Ping timeout: 252 seconds]
kek has joined #rubygems
jstr has joined #rubygems
<dbussink>
gibsop1: looks like your client doesn't pick up the subject alternative name
<dbussink>
it has one for rubygems.org
<gibsop1>
Yes thanks dbussink, just noticed it has a SAN, do you know if openssl usually does? Also do you have any idea what the cert on rubygems.org was prior to this change?
workmad3 has joined #rubygems
<dbussink>
gibsop1: no idea about the previous cert, it should work afaik
wlll has quit [Read error: Connection reset by peer]
<dbussink>
gibsop1: what's your client?
KewinWang has quit [Quit: Leaving]
<gibsop1>
We're trying to do a bundle and it's failing, by the looks of it because it's going to rubygems.org but trying to verify with openssl we get the same error so I assume it's ultimately a openssl issue?
<gibsop1>
from openssl: "Verify return code: 20 (unable to get local issuer certificate)"
<gibsop1>
from wget: "ERROR: certificate common name `*.rubygems.org' doesn't match requested host name `rubygems.org'."
andrewhubbs has joined #rubygems
Emily is now known as EmilyAFK
EmilyAFK is now known as Emily
kek has quit [Quit: kek]
andrewhubbs has quit [Ping timeout: 248 seconds]
<gibsop1>
Cheers for your help guys, one of our devs has fixed this by changing the url in bundler, laters
imajes has quit [Excess Flood]
gdott8 has quit [Ping timeout: 244 seconds]
gdott8 has joined #rubygems
Emily is now known as EmilyAFK
imajes has joined #rubygems
osaut has quit [Quit: osaut]
kek has joined #rubygems
<dbussink>
gibsop1: maybe an old openssl version on those systems/
<dbussink>
?
dgheath21 has joined #rubygems
gdott8 has quit [Ping timeout: 240 seconds]
gdott8 has joined #rubygems
tekin has joined #rubygems
kek has quit [Quit: kek]
havenn has quit [Remote host closed the connection]
kek has joined #rubygems
vertis has quit [Quit: vertis]
vertis has joined #rubygems
Perceptes has quit [Quit: Leaving.]
Cakey has quit [Ping timeout: 260 seconds]
kek has quit [Quit: kek]
andrewhubbs has joined #rubygems
andrewhubbs has quit [Ping timeout: 276 seconds]
baphled has joined #rubygems
imajes has quit [Excess Flood]
imajes has joined #rubygems
<gibsop1>
dbussink - not sure - but downloading the pem and running it against openssl clearly shows the correct names in the cert so really not sure...fun monday morning anyhow
meise_ has quit [Quit: leaving]
<whitequark>
gibsop1: there was a bug in curl where it ignored subjectAltName
<whitequark>
I *think* it was fixed in Debian-specific patch and not fixed upstream. if that was actually a bug in openssl, the fix could apply as well
markstarkman has quit [Remote host closed the connection]
breakingthings has joined #rubygems
markstarkman has joined #rubygems
fryguy9 has quit [Remote host closed the connection]
Elhu has quit [Remote host closed the connection]
phlipper_ is now known as phlipper
Elhu has joined #rubygems
voodoofish has quit [Ping timeout: 246 seconds]
andrewhubbs has joined #rubygems
AntiTyping_ has joined #rubygems
injekt has left #rubygems [#rubygems]
AntiTyping has quit [Ping timeout: 248 seconds]
AntiTyping_ is now known as AntiTyping
twopoint718 has joined #rubygems
twopoint718 has quit [Changing host]
twopoint718 has joined #rubygems
DonOtreply has joined #rubygems
baphled has joined #rubygems
imajes has quit [Excess Flood]
imajes has joined #rubygems
andrewhubbs has quit [Quit: Leaving.]
voodootaco has joined #rubygems
_maes_ has quit [Ping timeout: 246 seconds]
Spaceghost|work has quit [Remote host closed the connection]
bradland has joined #rubygems
atomgiant has quit [Quit: atomgiant]
_maes_ has joined #rubygems
twopoint718 has quit [Quit: leaving]
regularfry has joined #rubygems
dwradcliffe is now known as dwradcliffe_brb
<regularfry>
Hi guys
<regularfry>
so... there's an http->https redirect set up on rubygems.org
<regularfry>
this breaks `gem install jruby-openssl`, for obvious reasons
<regularfry>
is there a quick fix at my end?
EmilyAFK is now known as Emily
_maes_ has quit [Ping timeout: 264 seconds]
baburdick has quit [Quit: Leaving.]
<bradland>
regularfry: can you gist a stacktrace of the failure so those not familiar with the specific issue can maybe have a look at the rubygems code?
AntiTyping_ has joined #rubygems
_maes_ has joined #rubygems
kek has quit [Ping timeout: 244 seconds]
AntiTyping has quit [Read error: Operation timed out]
<regularfry>
the "Fetching http..." lines are a quick patch I put into remote_fetcher.rb to see what uri was being requested
tmilewski has quit [Quit: tmilewski]
Cakey has quit [Ping timeout: 260 seconds]
werdnativ has quit [Quit: werdnativ]
<bradland>
regularfry: output of `gem -v` ?
xcat has quit [Ping timeout: 248 seconds]
dwradcliffe_brb is now known as dwradcliffe
<regularfry>
bradland: 1.3.6
krohrbaugh has joined #rubygems
tmilewski has joined #rubygems
<bradland>
regularfry: oy, that version is three years old. i don't do any jruby dev. are there compat issues with 1.8?
eighthbit has quit [Quit: eighthbit]
baphled has quit [Ping timeout: 260 seconds]
rubygems has quit [Quit: Leaving.]
<regularfry>
Yeah, it's only 3 years old. It's the version which ships with Debian stable.
<regularfry>
Not sure what you mean by "compat issues"?
<bradland>
regularfry: i see. you're using the system packages then. i assumed that you were running an older gem version because of compatibility issues with jruby.
<bradland>
i'm out of my depth here. i tend to stay away from distro packages because they're so old. sorry i can't be more help.
<regularfry>
No, I'm not using the system packages right now - I'm developing on a more up-to-date system, but I need to have that version installed so that I can test against it.
<stevenhaddox_>
bradland, regularfry: this was mentioned last night on Twitter. Let me see if I can find it. I think it has to do with your .gemrc settings probably.
<regularfry>
stevenhaddox_: thanks
<stevenhaddox_>
regularfry: whoa... I'll find the convo, but not sure it'll help with your situation :P
<regularfry>
:-)
<bradland>
yeah, there has been some change to the way openssl is loaded in newer versions of rubygems
<regularfry>
I've thought of a sort-of temporary fix, which is to set up a local gem server, wget the jruby-openssl gem and gem install --source to avoid https, but it's really streemacs
<regularfry>
soddit
<regularfry>
really painful
<regularfry>
yeah, no gemcutter.org in my .gemrc
<bradland>
another option would be to grab the gemfile for jruby-openssl and install it as part of your bootstrap process
<bradland>
so that it's available for other gem installs
<bradland>
still hacky
<bradland>
can you update rubygems to 1.8.x in your dev env and provide a stacktrace for that?
<regularfry>
guess what happens when I `gem update --system`? :-)
<bradland>
hahaha
<bradland>
cert errors?
<regularfry>
OpenSSL::SSL requires the jruby-openssl gem (LoadError)
<bradland>
but of course
jigfox has quit [Quit: jigfox]
Egbrt has quit [Quit: Egbrt]
<bradland>
i've got a debian distro here. i'm going to do some tinkering. can't promise anything, but i'll ping back if i find a work around.
<regularfry>
...and 1.8.25 is new enough that jruby-1.5.1 trips over an old date parsing bug...
<regularfry>
So it looks to me like the http->https redirect forcibly deprecates jrubies older than 1.7.0, which was when the need for jruby-openssl went away.
_maes_ has quit [Remote host closed the connection]
smoil has quit [Quit: smoil]
atomgiant_ has joined #rubygems
<bradland>
hrm, jruby 1.7 is a relatively recent release
<bradland>
the problem is that the juby-openssl requirement becomes recursive when https is the only option for installing gems
<bradland>
given the push for increased security, i don't see the http option coming back
rubygems has joined #rubygems
<regularfry>
yeah, I've confirmed the same problem I'm seeing on jruby-1.6.8, which has gems -v == 1.8.24
<bradland>
if you're absolutely stuck on the version of jruby that you have, i think your only option is going to be something like grabbing a compatible version of jruby-openssl.gem using curl, then installing that as part of your jruby bootstrap process
<regularfry>
yeah, the annoying part is that even if I have it in a local server or install it from the file, if I have rubygems.org in my .gemrc it'll barf on the SSL before installing the gem
marcosan has joined #rubygems
marcosan has quit [Client Quit]
<regularfry>
anyway, home time. Gonna fight this some more tomorrow. Thanks for your help...
<stevenhaddox_>
regularfry: wait, even if you tell it a direct path to install from it queries rubygems.org?
<stevenhaddox_>
regularfry: what if you pass -f to force install w/out deps checks?
<stevenhaddox_>
regularfry: -l, --local - Restrict operations to the LOCAL domain
<stevenhaddox_>
regularfry: maybe that would work?
ckrailo has joined #rubygems
damnitjim has quit [Quit: damnitjim]
<stevenhaddox_>
regularfry: I also wonder if the proxy flag might help in some way...
<regularfry>
That's the badger. Now it's complaining about bouncy-castle-java, but at least it's not barfing on ssl. I think we have a winner.
<regularfry>
the -l flag, that is/
<bradland>
nice
<stevenhaddox_>
regularfry: sweet.
* stevenhaddox_
got a lucky guess for once
<regularfry>
:-)
havenn has joined #rubygems
<regularfry>
Thanks again :-)
regularfry has quit [Quit: leaving]
rossta has quit [Read error: Connection timed out]
rossta has joined #rubygems
Spaceghost|work has joined #rubygems
vanstee has joined #rubygems
jfoy has joined #rubygems
jfelchner has quit [Ping timeout: 255 seconds]
terceiro has joined #rubygems
jfelchner has joined #rubygems
vertis has quit [Ping timeout: 240 seconds]
afred has left #rubygems [#rubygems]
eighthbit has joined #rubygems
breakingthings has quit []
the_mentat has quit [Quit: Computer has gone to sleep.]
fromonesrc has quit [Quit: fromonesrc]
tcopeland has joined #rubygems
smoil has joined #rubygems
kseifried has joined #rubygems
workmad3_ has quit [Ping timeout: 255 seconds]
tcopeland1 has quit [Ping timeout: 248 seconds]
mockra has joined #rubygems
tmilewski has quit [Quit: tmilewski]
ctracey has quit [Quit: Coyote finally caught me]
ctracey has joined #rubygems
jigfox has joined #rubygems
adf has joined #rubygems
hahuang65 has joined #rubygems
craigmcnamara has joined #rubygems
dgheath21 has quit [Quit: dgheath21]
Elhu has quit [Quit: Computer has gone to sleep.]
imajes has quit [Excess Flood]
imajes has joined #rubygems
thorncp has joined #rubygems
jstr has joined #rubygems
baburdick has joined #rubygems
zai has quit [Read error: Connection reset by peer]
jfelchner1 has joined #rubygems
tmilewski has joined #rubygems
the_mentat has joined #rubygems
jfelchner2 has joined #rubygems
jfelchner has quit [Ping timeout: 245 seconds]
mbulat has joined #rubygems
fromonesrc has joined #rubygems
jfelchner1 has quit [Ping timeout: 245 seconds]
jstr has quit [Quit: Computer has gone to sleep.]
jshsu has quit [Ping timeout: 255 seconds]
jshsu has joined #rubygems
huoxito has joined #rubygems
werdnativ has joined #rubygems
jesser has quit [Quit: jesser]
cowboyd has quit [Remote host closed the connection]
krohrbaugh has quit [Quit: Leaving.]
krohrbaugh has joined #rubygems
mr_ndrsn has joined #rubygems
Plume has quit [Remote host closed the connection]
mr_ndrsn has quit [Read error: Connection reset by peer]
mr_ndrsn_ has joined #rubygems
krohrbaugh has quit [Quit: Leaving.]
jfoy has quit [Remote host closed the connection]
jstr has joined #rubygems
jfoy has joined #rubygems
rossta has left #rubygems [#rubygems]
<devn>
Hey everyone, I received a private email about a fairly serious security vulnerability discovered in a large ruby library I co-maintain.
<devn>
Given the recent experience with rubygems I'm looking for advice on how to let library consumers know once I've fixed it.
breakingthings has joined #rubygems
<devn>
Should I go through previous releases of the gem and make the change across all releases? So many questions...
<bradland>
what's your versioning schema?
<devn>
maj.min.tiny
<bradland>
so first up is to decide how many .min releases you're going to backport
<bradland>
i'd follow the same pattern as the rails team did
<bradland>
patch a reasonably far back .min release, and include patch files so people can see the changes easily, if they want to do their own custom patch
<bradland>
but ultimately, it's up to you. if you only want to patch your most recent mag.min release, then you're free to do that
<bradland>
you may even find that the community delivers pull requests for the same fix to older versions once you've released the new .tiny version fixes along with patch files
<pencil>
and how should he let his user know, that he fixed some serious bug?
<devn>
bradland: in terms of how to get the largest number of users to know
<devn>
yeah pencil that's my big concern
<bradland>
that's a much harder question. i'm not aware of any method for pinging users of your gem unless they've volunteered some information.
<bradland>
otherwise it's a matter of pushing the word out every way you can: blog post, twitter, here, etc
<jjarmoc>
pretty much however you would advertise a new feature-release/enhancement
<jjarmoc>
mailing list, blog, release page, twitter feed, whatever you're got at your disposal
<bradland>
how popular is the gem?
<pencil>
so basically most people won't notice...
krohrbaugh has joined #rubygems
<pencil>
do you start following a user on twitter once you installed his gem?
<bradland>
no, i track gems through releases
<jjarmoc>
pencil: in some cases, yes.. in others no..
<bradland>
we do regular reviews
<jjarmoc>
but there's really only so much that can be done, you're not gonna get CNN to run an article or anything (well, unless maybe you're rails.. heh)
<jjarmoc>
if it's a reasonably large gem, consider contacting mitre and see if they'll assign you a CVE.. that'll catch the eye of lots of security companies and their vuln feeds may in turn notify customers
<jjarmoc>
s/large/popular/
<bradland>
devn, mind if i ask what library? would love to stay ahead of the issue if i'm using your gem.
<jjarmoc>
similarly, posting to bugtraq or similar
drbrain has quit [Remote host closed the connection]
<devn>
sorry, stepped away for a moment, catching up
<devn>
bradland: the gem is very popular
<devn>
jjarmoc: how do i contact mitre?
<devn>
bradland: I'll be happy to let you know once it's fixed and released. :)
<bradland>
ah, good call
<samkottler>
can we please not announce an unpatched security issue here...
<devn>
i have absolutely no intention of doing that samkottler
<bradland>
thought you had the fix already. just re-read.
<samkottler>
devn: yep, and thank you for that
Boxcar21 has quit [Quit: Leaving...]
<devn>
I think I have it fixed locally, but before I push it and someone sniffs out why the patch was applied I'd like to figure out the best set of steps for letting everyone who is using it in production know so they have a little lead time to patch
<devn>
or maybe you guys have an opinion?
<devn>
Should I cut a release ASAP and then go to town on telling everyone?
<bradland>
IMO, you should tell at the moment you release
<devn>
Or tell as many people as I can privately?
<devn>
bradland: that was my line of thinking as well
<bradland>
because, if the gem is popular, the bad guys might be watching the release
<bradland>
and they'll see it before anyone else has a chance to notice
<samkottler>
devn: you aren't going to keep it private and even if you talk to people privately it's going to get out
<devn>
*nod*
<samkottler>
devn: first, get a CVE issued for the problem, embargo the problem until it's released and then be very public about how and why people should upgrade
crandquist has joined #rubygems
tbuehlmann has quit [Remote host closed the connection]
<devn>
So, the only maintainer who has the ability to push releases to rubygems is someone who is currently out of the country. Is there an admin I could speak to who could give me "emergency privleges" to release?
vertis has joined #rubygems
drbrain has quit [Ping timeout: 264 seconds]
workmad3 has quit [Ping timeout: 245 seconds]
stevenhaddox_ has left #rubygems [#rubygems]
schisamo has left #rubygems ["Be back later"]
franckverrot_ has quit [Quit: WeeChat 0.3.7]
Elhu has quit [Quit: Computer has gone to sleep.]
andrewhubbs has joined #rubygems
twoism has joined #rubygems
Elhu has joined #rubygems
ben_h_ has quit [Read error: Connection reset by peer]
cowboyd has joined #rubygems
brad[] has quit [Ping timeout: 276 seconds]
<qrush>
hi devn
<qrush>
evan and drbrain should be around
breakingthings has quit []
<qrush>
have you talked to them?
<qrush>
i also dont understand how this is a rubygems specific issue
<qrush>
if this is an issue with one specific gem
brad[] has joined #rubygems
<samkottler>
qrush: it's not - he's asking for push access for a specific gem
workmad3 has joined #rubygems
<qrush>
fun
<qrush>
thats not something i really want to just give out :(
<qrush>
we'd need some proof that the original maintainer has granted you permission. we usually do this via help.rubygems.org
haidangwa has joined #rubygems
<devn>
qrush: i understand
<qrush>
this has taken a considerable amount of time in some extreme cases if the original maintainer is MIA
<devn>
qrush: i haven't spoken with drbrain or evan yet
<qrush>
i assume you have talked to the maintainer if you know they're out of the country?
<devn>
qrush: i expect that he'll get back to me in a timely fashion. he's currently on vacation in a country without great coverage
<devn>
i've made a few attempts to contact him but haven't heard back yet
<haidangwa>
We maintain an internal mirror of rubygems.org. We turned off our mirroring when the incident occurred. Now, I've just turned mirroring back on, but there's a redirect error. What's changed?
fbernier has quit [Read error: Connection reset by peer]
_br_ has joined #rubygems
derekprior has joined #rubygems
krohrbaugh has joined #rubygems
_br_ has quit [Excess Flood]
aquaranto has quit []
_br_ has joined #rubygems
teancom has joined #rubygems
jcaudle has quit [Quit: jcaudle]
astrostl has joined #rubygems
<astrostl>
installed rubyems-update on ubuntu lucid 10.04 to upgrade its system-provided gems from 1.3.5 to the current version (for multi_json). that worked, but now all of the pre-existing gems are 'invisible' - they exist on the filesystem, but 'gem list' doesn't see them. any ideas?
mattski has quit [Quit: This computer has gone to sleep]
<drbrain>
astrostl: system-provided gems exist in a different path, I think /var/lib/ruby/gems or something, you'll need to add it to ENV['GEM_PATH']
<astrostl>
just ran into 'gem env'
<astrostl>
it does default to /usr not /var
vertis has joined #rubygems
<astrostl>
where am i supposed to set these gem variables?
<astrostl>
(e.g. for cli use)
<drbrain>
in your .bash_profile
<drbrain>
or .bashrc
<astrostl>
thx! and if you don't mind - what separator do i use?
<astrostl>
the default has multiples
<drbrain>
same as PATH
<drbrain>
(so : on unix, and whatever it is on windows)
<astrostl>
works. thx so much!
<drbrain>
for some reason ubuntu patches rubygems instead of using the defaults file support in rubygems
<astrostl>
was just checking to see if the front page still announced the out-of-date version
BigFatFatty has joined #rubygems
atomgiant has quit [Quit: atomgiant]
<astrostl>
site is back up. subheadline still points to the older blog post (which tells people to install insecure 3.0.19 and 2.3.15 versions)
<astrostl>
owell :)
the_mentat has quit [Quit: Computer has gone to sleep.]
<drbrain>
astrostl: odd, it says "I'd like to announce that 3.0.20, and 2.3.16 have been released. These releases contain one extremely critical security fix so please update IMMEDIATELY." for me
<astrostl>
the blog does, front page doesn't
<drbrain>
ah
<drbrain>
no, that's the front page for me
<astrostl>
i was trying to check earlier and the blog was down :-|
havenn has quit [Remote host closed the connection]
markstarkman has quit [Remote host closed the connection]
krohrbaugh has joined #rubygems
onemanjujitsu has joined #rubygems
baphled has quit [Ping timeout: 255 seconds]
tmilewski has quit [Quit: tmilewski]
tkramer has quit [Quit: Leaving]
krohrbaugh has quit [Quit: Leaving.]
krohrbaugh has joined #rubygems
Emily is now known as EmilyAFK
baburdick has quit [Ping timeout: 244 seconds]
baburdick has joined #rubygems
kzoo_ has joined #rubygems
<kzoo_>
since morning all our devs are getting "Unfortunately, a fatal error has occurred. Please see the Bundler" while fetching listing from rubygems.org. Is it because V1 API is down according to http://status.rubygems.org/?
onemanjujitsu has quit [Quit: onemanjujitsu]
bfleischer has quit [Quit: bfleischer]
<evan>
kzoo_: what command are you running to get that?
qmx|away has quit [Ping timeout: 248 seconds]
<kzoo_>
evan: bundle install
<evan>
what do you have configured as the source in the Gemfile?
<evan>
it seems like you're having a problem talking to AWS
<evan>
well, thats weird.
<evan>
why you try to ping rubygems.org
<evan>
what address does it say rubygems.org is at?
qmx|away has joined #rubygems
<kzoo_>
54.245.255.174
<evan>
ok, thats right.
<evan>
hm.
<evan>
try http instead of https to curl
<evan>
does that change anything?
stevenharman has joined #rubygems
<kzoo_>
that seem to work - i got 200
<evan>
interesting.
<evan>
do you have a proxy configured at all?
<kzoo_>
no
danthompson has quit [Ping timeout: 252 seconds]
<evan>
are you behind a complicated firewall?
<jfoy>
Hey all -- earlier today `curl -D - http://rubygems.org` would return a 301 redirect to https:… Now it returns 200 and the home page. Is this on purpose?
<evan>
jfoy: it is, yes.
<kzoo_>
nothing like that
<evan>
the force redirect to SSL for everything was causing some issues for some ruby implementations
<jfoy>
evan: thanks, yes, I was discussing that in here earlier, and was surprised to see the revert
EmilyAFK is now known as Emily
<evan>
I'd prefer to force SSL for all
<evan>
but we'll need to communicate us doing that before we do again