I'm not sure of the best way to go about it, but if all the dependency gems are also on Github, a script might be able to pull the SHAs from the right version of each dependency and return the proper entries for a Gemfile.
gemspecs/Gemfiles rarely list the gh repo, so you'll likely have to get it from a source which is probably rubygems. If it's compromised, they could update the gh repo location as well.
I guess, at least for the most common gems, there could be an independent list which maps gem names to their Github repos. Of course, that list would have to be trustworthy. It would be nice to solve that mapping problem anyway, because sometimes it's not entirely clear which Github repo is the official source for a project.
purephase|13 years ago
boonedocks|13 years ago