A cursory review of the gem command's documentation reveals that --trust-policy is an option for install and update - any trust proposal that includes revocation will need to also extend Rubygems to verify installed gems even if they don't have a new version (maybe pristine, or query?)

Likewise, I'd suggest that Bundler.setup should (by default) check the validity of the installed gems.