search

mezis / yarp

Yet Another Rubygems Proxy
68 stars 10 forks source link

Trust, non-HTTPS and bundler-audit #9

Open gretel opened 10 years ago

gretel commented 10 years ago

Running bundler-audit on a Gemfile having

source 'http://eu.yarp.io'

results in:

Vulnerabilities found:
> [#] Insecure source URI found: http://eu.yarp.io/

Therefore, i kindly request a HTTPS capable backend. Performance should not override security, so i do like yarp but have to stay with

source 'https://rubygems.org'

for now.

mezis commented 10 years ago

Hi @gretel, given Yarp is a personal project I haven't spent the money on SSL certificates (yet).

Would you mind trying with https://yarp-eu.herokuapp.com? If that works fine I'll update the README accordingly.

gretel commented 10 years ago

thanks @mezis https://yarp-eu.herokuapp.com works fine. maybe setting up gratipay/ex-gittip could bring up some money to have the certs. regards

mezis commented 10 years ago

maybe setting up gratipay/ex-gittip could bring up some money to have the certs

Good idea. I'll set that up and see what happens ;)