Yesterday, we released our Security Incident Report, a comprehensive review of the September AWS root-access event. The report reflects both independent and internal analysis, outlining what occurred, what was verified, and the actions we’ve taken to strengthen our systems and practices. You can read the full report here → Rubygems.| Ruby Central
Ruby Central posted an extremely concerning “Incident Response Timeline” today, in which they make a number of exaggerated or purely misleading claims. Here’s my effort to set the record straight. First, and most importantly: I was a primary operator of RubyGems.org, securely and successfully, for over ten years. Ruby Central does not accuse me of any harms or damages in their post, in fact stating “we have no evidence to indicate that any RubyGems.org data was copied or retained by u...| André.Arko.net
As part of standard incident-response practice, Ruby Central is publishing the following post-incident review to the public. This document summarizes the September 2025 AWS root-access event, what occurred, what we verified, and the actions we’ve taken to strengthen our security processes.| Ruby Central
I’ve been meaning to write a post about my perspective on Open Source and corporate entities. I already got the rough outline of it; however, I’m suffering from writer’s block, but more importantly, the whole post is a praise of how Shopify engages with Open Source communities. Hence, given the current climate, I don’t think I could publish it without addressing the elephant in the room first anyway.| byroot’s blog
Thanks for holding us to a regular cadence. I’m liking being able to share with you all regularly. Today’s Friday update is brief, as we shared a comprehensive status on Tuesday, and much of that work is still in motion. Here’s where things stand:| Ruby Central
Dear Rubyists, Thank you for giving me this opportunity to share with you. We take our stewardship of the Ruby Gems ecosystem seriously. Our mission is clear: keep the language and the infrastructure you rely on stable, safe, and trustworthy. Before we get to what the next steps will be,| Ruby Central
We are in the midst of a Ruby drama for the ages. I'm sure a bunch of people figured we were all too old for this shit, but apparently we are not. This debate has been eating at me ever since the news first broke, but I've tried to keep the peace by staying out of it. Unlike most discourse about what's going on, my discomfort stems less from the issue at hand—what Ruby Central did, how they did it, and how poorly it was communicated—and more to do with how one-sided the public discussion ...| justin․searls․co
Updated 2025-09-25 to reflect: Postponement of Q&A Session and link to updated statement. Ruby Community, At the heart of Ruby Central’s mission is our responsibility to steward the open source tools that power the Ruby ecosystem. That commitment is only as strong as the people and processes behind| Ruby Central
A post from CEO Jason Fried last week kicked off a week of chaos.| The Verge
Ruby Central recently took over a collection of open source projects from their maintainers without their consent.| joel.drapper.me
What a week it's been as a Ruby Central Board Member.| apiguy.substack.com
Hey, #ruby folks! I've been one of the #RubyGems maintainers for the last decade. Ruby Central has forcefully taken control of the RubyGems organization on GitHub, the `rubygems-update` and `bundler` gems on rubygems[.]org, and more. You can read the details here: https://pup-e.com/goodbye-rubygems.pdf https://rubygems.org| Bluesky Social
Ages ago, when I was still a student, I taught myself Ruby on Rails for my senior thesis and fell in love. Fifteen years later, and I’ve used Rails at every job I’ve ever held in the tech industry. Fifteen years, and I still love Rails! But there’s something rotten at its core, and we share a name.| davidcel.is
For the last ten years or so of working on Bundler, I’ve had a wish rattling around: I want a better dependency manager. It doesn’t just manage your gems, it manages your ruby versions, too. It doesn’t just manage your ruby versions, it installs pre-compiled rubies so you don’t have to wait for ruby to compile from source every time. And more than all of that, it makes it completely trivial to run any script or tool written in ruby, even if that script or tool needs a different ruby t...| André.Arko.net
Recently, Socket.dev published research highlighting malicious gems| RubyGems Blog
Documentation for the missing package manager for macOS (or Linux).| Homebrew Documentation
RubyGems and Bundler are the package management systems for Ruby applications used by developers worldwide. They’re also the backbone of a thriving world of Ruby software. For nearly two decades, these tools have simplified how developers develop, share, and install gem libraries, extending the simple Ruby programming language into| Ruby Central
Why subscribe to LWN?| lwn.net
uv is an extremely fast Python package and project manager, written in Rust.| docs.astral.sh
A special announcement for the Ruby community We normally announce next year’s RailsConf location at the end of the conference, but this time we are going to do something a little different and share two pieces of news: We are delighted to announce that we want to involve you| Ruby Central
