Ruby’s Trustquake

In this episode of C4, Andrew Mason and Rachael Wright-Munn join Drew to unpack recent controversies surrounding Ruby Central and its alleged takeover of Ruby Gems and Bundler. The trio delves into the timeline of events, conflicting narratives, communication failures, and the underlying security concerns. They address theories and facts, scrutinize the governance of Ruby Central, and discuss the implications for the Ruby community. The episode emphasizes the importance of asking questions and seeking clarity, while advocating for a balanced and constructive approach to resolving the community's issues.

Sources discussed*:

• Ellen's first post on the RubyGems controversy 
• A board member's perspective on the RubyGems controversy
• An Update From Ruby Central (Video)
• Investigation (allegedly) reveals Shopify manipulated Ruby Central to force takeover of Bundler and RubyGems
• Strengthening the Stewardship of RubyGems and Bundler
• Martin Emde's post on Bluesky
• Reddit post for "An update from Ruby Central" 
• Bundler Policies on GitHub  
• Ruby Central "About" page  
• Advocacy for Reduced Rails Usage  
• Alpha-Omega Project
• Organization & Structure of Open Source Software Development Initiatives - Cyberlaw Clinic
• Ruby Central News Post: Alpha-Omega support
• StepSecurity: npm supply chain compromise
• Socket: npm supply chain attack
• Palo Alto Networks Unit 42: npm supply chain attack

* Some sources include unverified information being presented as fact. Read with caution.

Send us some love.

Support the show