RubyGem Thoughts

Last night I created RubyGems for FAM-Ruby, Imlib2-Ruby, Joystick-Ruby, MB-Ruby, and Xmms-Ruby (with a Raggle gem coming soon). The gems I've made so far are available here. RubyGems seems promising, here are my thoughts so far:

  • Easy to use: once you get the hang of things it only takes a few minutes to create a gem for a package. There's a guide called "Create a Gem in 10 Minutes", but it looks like it's about 20 minutes too old; some of the command-line flags have changed since the guide was written.
  • Seems to be popular: A lot of popular projects seem to be creating gems (check out the list so far).
  • No build-in signing! Or at least it's not in the documentation I sifted through. There should be either a built-in way of attaching signatures (you're already loading the files and encoding them; MD5 or SHA-1 the contents, then sign that with GnuPG). I home they address this soon, because I think a package management system without some sort of end-to-end security is dead in the water.
  • Funky YAML storage format that's "not much larger than tar". That's nice, why don't you just use tar instead? RPA-Base does. To be fair, according to the RPA FAQ, RubyGems is adopting the RPA file format in the next release.
  • I want mirrors of the main gem distribution site. It's easy enough to create and maintain one, someone just needs to step up to the plate.
  • The --ri-site option should work for RDoc inside the gemspec files. Right now it doesn't seem to.
  • Gem Server is neat!
  • Should have some sort of dependency removal on uninstall feature, ala RPA-Base and aptitude.
  • Generating Ruby code inside the gem worries me, especially without any sort of developer signing going on.

I'll keep fiddling and let everyone know what I come up with.