The default gems source for Rails in the gem file is: <pre class="prettyprint"><code>source 'https://rubygems.org' </code></pre> Changing that to <pre class="prettyprint"><code>source 'http://rubygems.org' </code></pre> makes bundle install much faster so I am trying to understand what is behind the decision of making https the default. Is there something that I need to be aware of?

Why Rails Gemfile defaults to https when http makes bundler so much faster?

Tags:

ruby

ruby-on-rails

The default gems source for Rails in the gem file is:

source 'https://rubygems.org'

Changing that to

source 'http://rubygems.org'

makes bundle install much faster so I am trying to understand what is behind the decision of making https the default. Is there something that I need to be aware of?

960

asked Oct 24 '13 07:10

Vassilis

1 Answers

form here:

Switching to HTTP is dangerous. It opens you to MITM attacks. Switching to HTTP allows hostile parties to replace gem contents with malicious contents. Switching to HTTP is not recommended.

128