mirror of
https://github.com/ruby/ruby.git
synced 2025-08-25 05:55:46 +02:00
69d7e9a12e
1. Use the checksum provided by the server if provided: provides security
knowing if the gem you downloaded matches the gem on the server
2. Calculate the checksum from the gem on disk: provides security knowing
if the gem has changed between installs
3. In some cases, neither is possible in which case we don't put anything
in the checksum and we maintain functionality as it is today
Add the checksums to specs in the index if we already have them
Prior to checksums, we didn't lose any information when overwriting specs
in the index with stubs. But now when we overwrite EndpointSpecifications
or RemoteSpecifications with more generic specs, we could lose checksum
info. This manually sets checksum info so we keep it in the index.
|
||
|---|---|---|
| .. | ||
| executable_spec.rb | ||
| gem_tasks_spec.rb | ||
| inline_spec.rb | ||
| load_spec.rb | ||
| platform_spec.rb | ||
| require_spec.rb | ||
| self_management_spec.rb | ||
| setup_spec.rb | ||
| with_unbundled_env_spec.rb | ||