Particle.news
Download on the App Store
4 ARTICLES
·
48m ago

Ruby Central Takes Administrative Control of RubyGems and Bundler, Citing Security

The nonprofit says the shift is a temporary measure to tighten supply‑chain protections pending formal governance agreements.

A Community at Odds: RubyGems Maintainers Kicked Off GitHub

Overview

  • Multiple longtime maintainers were removed from the GitHub organization on Sept. 18 and lost ownership of the bundler and rubygems-update gems, a move some labeled a hostile takeover.
  • Ruby Central says it will temporarily hold administrative access to RubyGems, Bundler, and production systems while it finalizes operator and contributor agreements guided by legal counsel.
  • The GitHub enterprise was renamed to Ruby Central on Sept. 9, when Marty Haught was added as an owner and other maintainers’ permissions were reduced, enabling the later transition.
  • Executive messages indicate only Ruby Central employees or contractors will retain administrative permissions to the RubyGems.org service as part of a broader supply‑chain security posture.
  • Reporting from Joel Draper alleges Shopify pressured Ruby Central to assume control and that Sidekiq withdrew major sponsorship earlier this year, claims not confirmed by Ruby Central or Shopify.