From e487a7f53cffbadf0bf15ff169c9cb5898503250 Mon Sep 17 00:00:00 2001
From: drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 26 Aug 2013 20:24:51 +0000
Subject: * lib/rubygems:  Import RubyGems 2.1.0 Release Candidate *
 test/rubygems:  ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42693 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/rubygems/security/policy.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'lib/rubygems/security/policy.rb')

diff --git a/lib/rubygems/security/policy.rb b/lib/rubygems/security/policy.rb
index 98e41b812c..7238b2e477 100644
--- a/lib/rubygems/security/policy.rb
+++ b/lib/rubygems/security/policy.rb
@@ -213,6 +213,9 @@ class Gem::Security::Policy
       if @only_signed then
         raise Gem::Security::Exception,
           "unsigned gems are not allowed by the #{name} policy"
+      elsif digests.empty? then
+        # lack of signatures is irrelevant if there is nothing to check
+        # against
       else
         alert_warning "#{full_name} is not signed"
       end
@@ -246,6 +249,8 @@ class Gem::Security::Policy
 
     if @only_trusted then
       check_trust chain, digester, trust_dir
+    elsif signatures.empty? and digests.empty? then
+      # trust is irrelevant if there's no signatures to verify
     else
       alert_warning "#{subject signer} is not trusted for #{full_name}"
     end
-- 
cgit v1.2.3