| The way they have set things up, every github account/organization (the first thing after a slash) is it's own separate 'source' to rubygems. (I am sure they have done this because it would be inconvenient to integrate with rubygems/bundler any other way). So you'd still need to add a separate source for each dependency hosted on github to your own project Gemfile. Including for each indirect dependency, knowing which indirect dependencies exist that need a github repo source. If you could list this for the entire project... it'd probably be a performance issue as rubygems/bundler check every repo source you list for every dependency (including every indirect dependency; a Rails app has hundreds, still an order of magnitude or two less than a react JS project heh). Even if you could only list "github's ruby registry" once (per project? for your account? and keep in mind this is hypothetical, you can't), it would still mean any gem expressing a dependency on another gem hosted on github would have to include in it's instructions "oh, if you use this, you need to manually make sure to add github to your sources. Or you'll get an error that says some gem you've never heard of can't be found, and have no idea how to fix it." Unless it's a bid to get _everyone_ to do that, and basically make github ruby registry a standard part of the ecosystem that everyone just always adds to every project. I don't think there's enough/any value added by the github ruby registry to get the ecosystem to shift like that. It's unclear what it does that the 'standard' rubygems.org gem source doesn't do already (unless rubygems.org can't solve their recent severe compromised account security problems... but as it is, with the indirect dependency problem, I think github registry will be too painful to use even if you'd like to to escape rubygems.org security issues). https://help.github.com/en/articles/configuring-rubygems-for... |