---
date: "2004-08-25T11:50:59Z"
title: RubyGem Thoughts
---
Last night I created RubyGems for FAM-Ruby,  Imlib2-Ruby, Joystick-Ruby, MB-Ruby, and Xmms-Ruby (with a Raggle gem coming soon).  The gems I've made so far are available here.  RubyGems seems promising, here are my thoughts so far:
- Easy to use: once you get the hang of things it only takes a few minutes to create a gem for a package.  There's a guide called "Create a Gem in 10 Minutes", but it looks like it's about 20 minutes too old; some of the command-line flags have changed since the guide was written.
- Seems to be popular: A lot of popular projects seem to be creating gems (check out the list so far).
- No build-in signing!  Or at least it's not in the documentation I sifted through.  There should be either a built-in way of attaching signatures (you're already loading the files and encoding them; MD5 or SHA-1 the contents, then sign that with GnuPG).  I home they address this soon, because I think a package management system without some sort of end-to-end security is dead in the water.
- Funky YAML storage format that's "not much larger than tar".  That's nice, why don't you just use tar instead?  RPA-Base does.  To be fair, according to the RPA FAQ, RubyGems is adopting the RPA file format in the next release.
- I want mirrors of the main gem distribution site.  It's easy enough to create and maintain one, someone just needs to step up to the plate.
- The --ri-siteoption should work for RDoc inside thegemspecfiles.  Right now it doesn't seem to.
- Gem Server is neat!
- Should have some sort of dependency removal on uninstall feature, ala RPA-Base  and aptitude.
- Generating Ruby code inside the gem worries me, especially without any sort of developer signing going on.
I'll keep fiddling and let everyone know what I come up with.