---
date: "2004-08-25T11:50:59Z"
title: RubyGem Thoughts
---
Last night I created RubyGems for FAM-Ruby, Imlib2-Ruby, Joystick-Ruby, MB-Ruby, and Xmms-Ruby (with a Raggle gem coming soon). The gems I've made so far are available here. RubyGems seems promising, here are my thoughts so far:
- Easy to use: once you get the hang of things it only takes a few minutes to create a gem for a package. There's a guide called "Create a Gem in 10 Minutes", but it looks like it's about 20 minutes too old; some of the command-line flags have changed since the guide was written.
- Seems to be popular: A lot of popular projects seem to be creating gems (check out the list so far).
- No build-in signing! Or at least it's not in the documentation I sifted through. There should be either a built-in way of attaching signatures (you're already loading the files and encoding them; MD5 or SHA-1 the contents, then sign that with GnuPG). I home they address this soon, because I think a package management system without some sort of end-to-end security is dead in the water.
- Funky YAML storage format that's "not much larger than tar". That's nice, why don't you just use tar instead? RPA-Base does. To be fair, according to the RPA FAQ, RubyGems is adopting the RPA file format in the next release.
- I want mirrors of the main gem distribution site. It's easy enough to create and maintain one, someone just needs to step up to the plate.
- The
--ri-site
option should work for RDoc inside the gemspec
files. Right now it doesn't seem to.
- Gem Server is neat!
- Should have some sort of dependency removal on uninstall feature, ala RPA-Base and
aptitude
.
- Generating Ruby code inside the gem worries me, especially without any sort of developer signing going on.
I'll keep fiddling and let everyone know what I come up with.