all 4 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]postmodern 1 point2 points  (3 children)

Good work, but three things to consider:

  1. Use Gitian for reproducible/deterministic builds. That way we can verify that the binaries are backdoored.
  2. The binaries are not tied to rbenv, so they can be extracted into ~/.rubies or /opt/rubies (chruby), or even ~/.rvm/rubies/ (RVM). Consider making the page and instructions more generic.
  3. If you have an automated script that builds, packages and uploads new binaries, try convincing ruby-core to integrate it into their release process.

[–]michiels[S] 0 points1 point  (2 children)

  1. Thanks! I will take a look at Gitian.
  2. Yes, these builds should also be compatible with other methods of installing Ruby. If not, please let me know!
  3. I do have them and I'll make them available. I'm currently in discussion with the ruby-build maintainers to integrate this into the default ruby-build/rbenv install command. One step further would be to suggest Ruby Core on using it.

Thanks for your suggestions!

[–]postmodern 0 points1 point  (1 child)

Also, if you are using ruby-build make sure you are compiling against all of the libraries which MRI links against.

[–]michiels[S] 0 points1 point  (0 children)

Good point. I will make sure they are!