Post-install verification
nyarly opened this issue · comments
A cursory review of the gem
command's documentation reveals that --trust-policy is an option for install and update - any trust proposal that includes revocation will need to also extend Rubygems to verify installed gems even if they don't have a new version (maybe pristine, or query?)
Likewise, I'd suggest that Bundler.setup should (by default) check the validity of the installed gems.