Over the past several months, there has been significant discussion, disagreement, and concern about RubyGems, Bundler, and Ruby Central’s role in stewarding RubyGems and supporting the Ruby ecosystem.
Because this matter has involved ongoing legal discussions, we have been limited in what we could say publicly. Our priority has been to resolve the situation responsibly and avoid escalating a conflict that affects the broader Ruby ecosystem.
With several new board members joining Ruby Central in recent months, it has also taken time to come up to speed on a complicated situation and begin charting a path forward.
Ruby Central’s actions during this period were taken in response to a breakdown in a working relationship with an individual who had significant access to infrastructure and code. Our responsibility is to protect the stability and security of services that the Ruby ecosystem depends on, including RubyGems.org.
At the time, we believed a serious risk had been introduced to RubyGems and related services. As stewards of services relied upon by millions of developers, we took that risk seriously and made the decision to act quickly to protect that infrastructure.
A full, independent security audit has now been completed. The review was ultimately inconclusive because key logs required for a complete analysis were no longer available. We recognize that this creates continued uncertainty.
A detailed incident report will be published next week to provide additional context on what occurred, who was involved, and how decisions were made.
Our intent was to stabilize a situation that was quickly escalating to work toward an amicable resolution. Ruby Central did not initiate litigation and has consistently sought a path that would allow the community to move forward without prolonged conflict.
At the same time, we recognize that aspects of how this situation was handled and communicated did not meet the expectations of the community. Decisions were made quickly, and we did not engage the existing maintainers or the broader community in the way we should have. This created confusion and frustration, and we take responsibility for that.
Ruby Central’s mission is to support and sustain the Ruby ecosystem and the infrastructure it relies on. The Ruby ecosystem has thrived for decades because of the contributions of maintainers, volunteers, companies, and community members across the world, and Ruby Central is committed to ensuring that stewardship of RubyGems reflects that collaborative spirit.
Looking forward, we want RubyGems to be shaped and supported by a broader group of maintainers, contributors, and companies so that no single person or organization is ever a point of failure.
In the coming weeks, we will share concrete steps we are taking to strengthen governance, improve transparency, and expand community participation in the stewardship of RubyGems. We will also outline how we plan to work more collaboratively with maintainers and the broader community to improve RubyGems and support continued innovation across the Ruby ecosystem.
We, as a Board, are committed to ensuring RubyGems remains stable, secure, and a strong foundation for the Ruby community. We are committed to working together to build a stronger and more resilient future for RubyGems.
Freedom Dumlao, President
Brandon Weaver, Secretary
Ran Craycraft, Treasurer
on behalf of the board and in support of the staff and volunteers of Ruby Central