1 files changed, 10 insertions, 8 deletions

diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb
index bc75e83908..274b558c1b 100644
--- a/lib/bundler/definition.rb
+++ b/lib/bundler/definition.rb
@@ -107,12 +107,14 @@ module Bundler
       end
 
       @locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
-      @disable_multisource = @locked_gem_sources.all?(&:disable_multisource?)
+      @multisource_allowed = @locked_gem_sources.any?(&:multiple_remotes?) && (sources.aggregate_global_source? || Bundler.frozen_bundle?)
 
-      unless @disable_multisource
-        msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. You should run `bundle update` or generate your lockfile from scratch."
+      if @multisource_allowed
+        unless sources.aggregate_global_source?
+          msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure."
 
-        Bundler::SharedHelpers.major_deprecation 2, msg
+          Bundler::SharedHelpers.major_deprecation 2, msg
+        end
 
         @sources.merged_gem_lockfile_sections!
       end
@@ -156,8 +158,8 @@ module Bundler
       end
     end
 
-    def disable_multisource?
-      @disable_multisource
+    def multisource_allowed?
+      @multisource_allowed
     end
 
     def resolve_only_locally!
@@ -510,7 +512,7 @@ module Bundler
     private
 
     def precompute_source_requirements_for_indirect_dependencies?
-      sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && sources.no_aggregate_global_source?
+      sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && !sources.aggregate_global_source?
     end
 
     def current_ruby_platform_locked?
@@ -627,7 +629,7 @@ module Bundler
     end
 
     def converge_rubygems_sources
-      return false if disable_multisource?
+      return false unless multisource_allowed?
 
       return false if locked_gem_sources.empty?