Hacker News new | ask | show | jobs
by aaronblohowiak 4881 days ago 

    echo "--no-ri --no-rdoc" >> ~/.gemrc
install every gem much faster, avoid rdoc vulnerabilities. Since gem installation can run arbitrary code, I am suspicious of rdoc xss vulnerabilities being a cause for concern (if you are not running a publicly-accessible gem documentation site...)
2 comments
why-el 4881 days ago
This will run these options for every gem command though. Better restrict it to install and update.
link
scraplab 4881 days ago
Like so:

    install: --no-rdoc --no-ri 
    update:  --no-rdoc --no-ri
link
regularfry 4881 days ago
Also add --env-shebang so that you don't get stupid shebang lines which lock you to a specific interpreter.
link
kawsper 4881 days ago
Is it a problem that this gets passed to every gem command?
link
why-el 4881 days ago
Yes because it does not make sense to pass it to some commands. For instance, what would `gem list --no-rdoc --local` mean? You will get a lot of invalid option errors.
link
lobster_johnson 4880 days ago
The .gemrc file is YAML [1], does that even work without "gem:" in front? Mine looks like this:

    gem: --no-rdoc --no-ri --both
    verbose: true
    update_sources: true
    sources:
    - http://rubygems.org/
    backtrace: false
    bulk_threshold: 1000
    benchmark: false
[1] http://docs.rubygems.org/read/chapter/11
link