Now, rb_path_check still exists as part of the public API, with Ruby itself never using or testing it. I believe it should have been deprecated and was simply missed. Should it be deprecated today or is that not worth the effort?
I think that rb_path_check is a separate thing from "object taintedness", and that the removal of path_tainted_p in env_aset in despite of it is in !OBJ_TAINTED side was unintentional.
From looking at the history, rb_path_check was originally used by rb_env path_tainted, presumably to check whether the PATH environment variable was tainted, so as not to trust it. That may be why it is in the hash.h header instead of the file.h header, even though it makes no sense in the hash.h header.
rb_path_check was used in MJIT, to check for unsafe header files, but that was the last usage I could see in CRuby. I'm guessing that is a reason it may not have been deprecated/removed when $SAFE/taint was deprecated/removed.
If we can do a gem codesearch for rb_path_check, and nothing important comes up, I am in favor of deprecating and then removing it. I looked through the first 5 pages of GitHub results and nothing of note came up, other than the fact that TruffleRuby does not implement the function.
Interesting, I thought the removal of that warning was intentional, do other languages have similar warnings? I guess it doesn't matter if it already used to do that 🤷
Yes, I am also coming from the background of docker. Ruby is being build with ENABLE_PATH_CHECK=0 to supress the warning, similar to the workflow shared above, and I noticed it doesn't actually do anything anymore on recent versions.
As a UNIX user from ancient time, I feel a world writable directory is too dangerous to allow. But if everyone is OK to accept the new situation (especially with virtual environments), I don't strongly object.
Updated by 
Updated by 
Updated by 
Updated by 
Updated by