Replies: 1 comment 1 reply
-
I also prefer to set "https://rubygems.org" as a default. But We have concern to prevent to supply-chain attack by implicitly source of rubygems. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I don't imagine this is a new idea, but I haven't found discussion of it anywhere.
When using
bundler/inline
, you have to specify asource
directive. Are there reasons to not usehttps://rubygems.org
if it's left unspecified? Is it something we can add?It seems like unnecessary overhead when inlining a gemfile, prone to typos and errors, and otherwise taking up lines of code that seem like it should be handled by the framework above.
Example:
Beta Was this translation helpful? Give feedback.
All reactions