I'm sorry that I missed this issue. However I think it's reasonable to storing the credential into env.
I believe that the ruby should provide way to access credential which is put on environment as a tool. Using this feature or not is depends on the user.
But if majority do not agree to enable this pach, I'm ok to reverting it soon.
I've sent the patch because this behavior is the expected since many unix tools (curl, wget, apt-get) and programming languagues (nodejs, python) respect the environment variable http_proxy.
This makes very hard to use some ruby tools in the enterprise world, where the proxy is required, and you try to use a gem or program that didn't care to be proxy compliant.
curl, wget and apt-get supports storing passwords in .curlrc, .wgetrc, .netrc or apt.conf.
So users can store password in a file if environment variable is not appropriate.
Your patch only supports environment variable.
It encourages users to store passwords in a environment variabe even if it is not appropriate.
I think the missing piece is a library for password store for storing passwords in a file.
(The file should be possible to be encrypted.)
Sorry to insist on this, but what about other languages like python and nodejs working fine while ruby fails with "407 Proxy authentication required"?
From an user point of view it's a unexpected behavior, since ruby reads the string, and ignores some parts of it (user & password), while other languages work out of box in his enterprise setup.
This is very annoying when you just want to consume a gem but the author didn't include explict proxy support, and net/http doesn't provide it either.
Updated by 
Updated by 
Updated by 
Updated by 
Updated by