Ruby Central's response to the RubyGems situation
a day ago
- #RubyGems
- #Open Source
- #Security
- Ruby Central is strengthening governance of RubyGems.org, RubyGems, and Bundler to ensure sustainability, transparency, and security.
- Only Ruby Central-employed or contracted engineers will have administrative permissions to RubyGems.org to enhance security.
- Proactive steps are being taken to safeguard the Ruby gem ecosystem against supply chain attacks, including secure management of administrative access.
- Ruby Central plans to transition these projects to a more transparent, community-centered governance model, involving public core, committers, and triage teams.
- A community Q&A session is scheduled for September 23 to discuss these changes and gather feedback from the Ruby community.
- Ruby Central expresses gratitude to past maintainers of Bundler and RubyGems, acknowledging their foundational contributions to Ruby tooling.