Activeadmin: git source insecure warning

Created on 22 Oct 2016  ·  3Comments  ·  Source: activeadmin/activeadmin

Given

gem 'activeadmin', github: 'activeadmin'

bundler throws this warning

The git sourcegit://github.com/activeadmin/activeadmin.gituses thegitprotocol, which transmits data without encryption. Disable this warning withbundle config git.allow_insecure true, or switch to thehttpsprotocol to keep your data secure.

any alternatives?

picture daya

Most helpful comment

This is what I do:

# Force the `github:` syntax to use HTTPS instead of the Git protocol.
# The Git protocol isn't encrypted, and so is subject to MITM attacks.
# This can be removed once Bundler 2.0 is released.
# https://github.com/bundler/bundler/pull/2569
git_source :github do |repo|
  repo = "#{repo}/#{repo}" unless repo.include? '/'
  "https://github.com/#{repo}.git"
end
picture seanlinsley on 23 Oct 2016
🎉5

All 3 comments

This is a bundler issue, see: http://bundler.io/v1.13/man/gemfile.5.html#GITHUB
This can fix your problem: http://bundler.io/v1.13/man/gemfile.5.html#GIT (via https)

timoschilling picture timoschilling on 23 Oct 2016

This is what I do:

# Force the `github:` syntax to use HTTPS instead of the Git protocol.
# The Git protocol isn't encrypted, and so is subject to MITM attacks.
# This can be removed once Bundler 2.0 is released.
# https://github.com/bundler/bundler/pull/2569
git_source :github do |repo|
  repo = "#{repo}/#{repo}" unless repo.include? '/'
  "https://github.com/#{repo}.git"
end
seanlinsley picture seanlinsley on 23 Oct 2016
🎉5

Any easier solution in novadays?

dmitry picture dmitry on 11 Jul 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

seanlinsley picture seanlinsley  ·  3Comments
kaspernj picture kaspernj  ·  3Comments
Awatatah picture Awatatah  ·  3Comments
Plinpod picture Plinpod  ·  3Comments
amitach picture amitach  ·  3Comments