1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
---
date: "2004-08-25T11:50:59Z"
title: RubyGem Thoughts
---
<p>
Last night I created <a href='http://rubygems.rubyforge.org/'>RubyGems</a> for <a href='/software/fam-ruby/'>FAM-Ruby</a>, <a href='/software/imlib2-ruby/'>Imlib2-Ruby</a>, <a href='/software/joystick-ruby'>Joystick-Ruby</a>, <a href='/software/mb-ruby/'>MB-Ruby</a>, and <a href='/software/xmms-ruby/'>Xmms-Ruby</a> (with a <a href='/software/raggle/'>Raggle</a> gem coming soon). The gems I've made so far are available <a href='/download/gems/'>here</a>. <a href='http://rubygems.rubyforge.org/'>RubyGems</a> seems promising, here are my thoughts so far:
</p>
<ul>
<li>Easy to use: once you get the hang of things it only takes a few minutes to create a gem for a package. There's a guide called <a href='http://rubygems.rubyforge.org/wiki/wiki.pl?CreateAGemInTenMinutes'>"Create a Gem in 10 Minutes"</a>, but it looks like it's about 20 minutes too old; some of the command-line flags have changed since the guide was written.</li>
<li>Seems to be popular: A lot of popular projects seem to be creating gems (check out the <a href='http://gems.rubyforge.org/gems/'>list so far</a>).</li>
<li>No build-in signing! Or at least it's not in the documentation I sifted through. There should be either a built-in way of attaching signatures (you're already loading the files and encoding them; <acronym title='Message Digest'>MD5</acronym> or <acronym title='Secure Hashing Algorithm 1'>SHA-1</acronym> the contents, then sign that with <a href='http://www.gnupg.org/'>GnuPG</a>). I home they address this soon, because I think a package management system without some sort of end-to-end security is dead in the water.</li>
<li>Funky <a href='http://www.yaml.org/'><acronym title="YAML Ain't a Markup Language">YAML</acronym></a> storage format that's "not much larger than tar". That's nice, why don't you just use tar instead? <a href='http://rpa-base.rubyforge.org/'>RPA-Base</a> does. To be fair, according to the <a href='http://rpa-base.rubyforge.org/wiki/wiki.cgi?Rpa_FAQ'>RPA FAQ</a>, <a href='http://rubygems.rubyforge.org/'>RubyGems</a> is adopting the RPA file format in the next release.</li>
<li>I want mirrors of <a href='http://gems.rubyforge.org/gems/'>the main gem distribution site</a>. It's easy enough to create and maintain one, someone just needs to step up to the plate.</li>
<li>The <code>--ri-site</code> option should work for <a href='http://rdoc.sourceforge.net/'>RDoc</a> inside the <code>gemspec</code> files. Right now it doesn't seem to.</li>
<li>Gem Server is neat!</li>
<li>Should have some sort of dependency removal on uninstall feature, ala <a href='http://rpa-base.rubyforge.org/'>RPA-Base</a> and <a href='http://packages.debian.org/cgi-bin/search_packages.pl?keywords=aptitude'><code>aptitude</code></a>.</li>
<li>Generating <a href='http://www.ruby-lang.org/'>Ruby</a> code inside the gem worries me, <em>especially</em> without any sort of developer signing going on.</li>
</ul>
<p>
I'll keep fiddling and let everyone know what I come up with.
</p>
|
