RubyGems and Bundler are the package management systems for Ruby applications used by developers worldwide. They’re also the backbone of a thriving world of Ruby software. For nearly two decades, these tools have simplified how developers develop, share, and install gem libraries, extending the simple Ruby programming language into a powerful and versatile ecosystem. 

Software engineers working in Ruby, including Rails, use these tools every day when they initialize their development environment and deploy an application, making them vital to innovation, entrepreneurship, and several aspects of the world economy. However, maintaining this essential infrastructure has been a long and complex adventure that has led to forming a new governance model.

This article explores the historical journey of RubyGems and Bundler, the infrastructure that hosts them, the transition from Ruby Together to Ruby Central, and why a new governance model, spearheaded by the new Open Source Software committee, is essential for ensuring long-term sustainability and growth.

Timeline of RubyGems and Bundler Evolution

  • 2003RubyGems is conceptualized at RubyConf, laying the groundwork for a standardized library management system.
  • 2004RubyGems is officially launched, providing Ruby developers with an easy way to install and manage gem libraries.
  • 2009Bundler is created to solve dependency management conflicts, ensuring that the correct versions of libraries are used in Ruby applications.
  • 2010-2014Bundler and RubyGems saw widespread adoption and became essential tools in the Ruby ecosystem, with core contributions from Yehuda Katz. Engine Yard, a cloud services company and software developer, supported the tools.
  • 2015André Arko forms Ruby Together to raise funds and begin paying the maintainers of RubyGems and Bundler after Engine Yard steps back from its technical support role for these tools.
  • 2019Ruby Together faces ongoing challenges with securing consistent funding, prompting discussions of a merger with Ruby Central.
  • 2022Ruby Together merges with Ruby Central, bringing the operational and financial management of RubyGems and Bundler under one organization for greater sustainability.
  • 2023—The Ruby Central Open Source Software (OSS) Committee is formed. Its focus is on formal governance, reducing technical debt, enhancing security, and ensuring the long-term sustainability of RubyGems and Bundler.

The origins of RubyGems and Bundler

RubyGems was launched in 2004, following its development at RubyConf 2003. It addressed a critical need by providing a standardized way for Ruby developers to install and manage gem libraries used in their Ruby code. This package manager quickly became integral to Ruby development, allowing for easy distribution and integrating third-party libraries into any Ruby application or script.

As individual applications became more complex and started using more and more gems, simply installing gems often led to conflicts where different gems wanted different versions simultaneously. The core team working on Merb (a Rails competitor) began building a tool to automatically manage gem versions and conflict resolution. Funded by Engine Yard, Yehuda Katz and Carl Lerche built out the concept of Bundler to support their work separating Rails into many separate gems.

In 2009, Bundler launched alongside Rails 3.0 to solve dependency management within applications, ensuring developers and deployments always have the same versions of libraries. Over time, Bundler became indispensable and was eventually merged into the RubyGems project to streamline development work. While they remain distinct tools in usage, they now share a single codebase for greater efficiency, with RubyGems handling gem installations and Bundler managing dependency resolution.

Early infrastructure and maintenance

RubyGems initially stored gems on RubyForge, a fork of SourceForge written mostly in PHP. Convinced a better website could be made, Nick Quaranto created Gemcutter, a Rails application hosted on Heroku, as a Ruby-native way to host and share gems. Within a few years, Gemcutter had so much momentum within the community that Ruby Central promoted it to become the official RubyGems.org software. While depending entirely on volunteers worked in the early years, the growing Ruby ecosystem outpaced the capabilities of this informal setup. RubyGems needed stability, scalability, and regular maintenance to support the increasing number of gems and developers.

The transition to Ruby Together

Alarmed by the dwindling volunteer team, André Arko founded Ruby Together in 2015, a non-profit 501(c)6 trade association dedicated to maintaining and developing essential tools like RubyGems and Bundler. Supported by corporate sponsors and many community members contributing a few dollars a month, Ruby Together helped keep these services operational by funding the part-time work of several maintainers of RubyGems, Bundler, RubyGems.org, The Ruby Toolbox, and other projects.

Despite its popularity, Ruby Together faced long-term challenges in securing consistent funding and communicating its mission to the broader community. There was also confusion about the roles of Ruby Together, which funded maintenance, and Ruby Central, which paid for hosting RubyGems.org out of conference profits.

Ruby Together’s merger with Ruby Central

While Ruby Central covered the hosting costs for RubyGems.org, Ruby Together managed much of the operational and development work. Recognizing the inefficiencies of this divided structure, the boards of directors at Ruby Central and Ruby Together collaborated to unify the organizations. They believed this merger would improve the management of Ruby's infrastructure, simplify non-profit operations, and address Ruby Together’s fundraising challenges.

In 2022, Ruby Together officially merged with Ruby Central, bringing both operational and financial oversight of RubyGems and Bundler under one umbrella. This change aimed to create a more sustainable model for managing these projects while reducing non-profit administrative burdens. During this period, Ruby Central faced difficulties hosting in-person events due to the global pandemic, leading to the postponement of some events and experimentation with online-only and hybrid formats. 

At the same time, Ruby Central’s open source work began to receive significant financial support from partners such as Shopify, the Sovereign Tech Agency, Amazon Web Services, the Linux Foundation’s Alpha-Omega Project, Sidekiq, and others. Along with these new funding partners, the team took on additional administrative responsibilities, including project management for larger teams, reporting progress to partners, expanding their network at open source events, and publishing updates to enhance transparency. 

Coming out of the pandemic era, Ruby Central has refocused on supporting the Ruby Community more broadly, including increasing organizational support for open source work. Former director Marty Haught rejoined Ruby Central in the summer of 2024 to support this new focus and lead the necessary additional work. 

The Ruby Central OSS Committee is formed

The merger of Ruby Together into Ruby Central emphasized the need for a formal governance structure to manage the growing complexity of RubyGems and Bundler. Previously, these projects were overseen informally. However, as the Ruby ecosystem expanded, the community required a structured model to address technical debt—such as outdated code and inefficiencies—and organizational debt, including unclear roles, informal processes, and a lack of oversight. Despite these challenges, RubyGems.org consistently delivered enterprise-level reliability, often achieving extremely low downtime that surpassed that of many commercial services.

To tackle these issues and ensure the long-term sustainability of RubyGems and Bundler, the Open Source Software (OSS) Committee was formed in August 2023. The founding members were Mike Dalessio, Gabi Stefanini, Ufuk Kayserilioglu, and Marty Haught.  Marty resigned as a committee member in August 2024 to take on the OSS Lead role but remains active as a representative for the OSS staff.  By formalizing leadership, improving project management, and creating a pipeline for contributors, the committee is laying the groundwork for the continued success of these essential Ruby Central tools. Like any new committee, the members addressed urgent issues while wondering what the group's remit should be. We are excited to share our vision for the future with our community.

The OSS Committee has become crucial for implementing structured governance and providing long-term oversight, especially now that these projects operate fully under the Ruby Central umbrella. A future post will discuss the details of how the committee works, so stay tuned. 

Responsibilities and Goals of the OSS Committee

The Ruby Central OSS Committee is pivotal in sustaining Ruby’s core open source projects—RubyGems, Bundler, and RubyGems.org. By implementing a formal governance model, it provides essential oversight and strategic direction to meet the community's evolving needs and ensure a secure, resilient, and supportive ecosystem.

Core Responsibilities of the OSS Committee

  • Governance and Oversight: The committee provides a structured governance framework that guides high-level decisions across Ruby Central’s open source projects. This includes drafting policies, defining roles and responsibilities, managing member rotation, and enhancing accountability and operational stability.
  • Strategic Planning and Prioritization: In its governance role, the OSS Committee sets strategic priorities for security and infrastructure improvements, aligning with community needs. Through resource allocation and roadmap development, the committee supports long-term growth and resilience.
  • Transparency and Community Engagement: Committed to transparency, the committee maintains open communication through public roadmaps, RFCs on GitHub, and a feedback mechanism that allows the community to influence Ruby’s development direction actively.
  • Funding and Budget Management: To support critical initiatives, the OSS Committee manages budget allocation and has secured sustainable funding through grants and donations. Clear guidelines on sponsorships ensure financial support aligns with Ruby Central’s mission, balancing community and corporate interests.
  • Risk and Compliance Management: In response to evolving regulations, the committee is implementing robust security and compliance protocols, including multi-party approval for production changes and audit trails to uphold security standards, notably in line with regulations like the EU’s Cyber Resilience Act.

Current OSS Committee Initiatives

  • Operational Continuity and Leadership Sustainability: To prevent contributor burnout and ensure stability, the committee is establishing succession plans and distributing responsibilities, maintaining resilience across Ruby’s infrastructure.
  • Building a Security-First Culture: Security remains a top priority. The committee provides a trusted development environment within Ruby's ecosystem through audits, manual malware checks, and community-supported gem scans.
  • Contributor Pipeline and Diversity Initiatives: To sustain community growth, the OSS Committee is fostering diversity by actively developing a contributor pipeline focused on historically underrepresented developers, enriching the community with diverse perspectives and innovation.
  • Clear Communication and Community Accountability: The committee promotes transparency and accountability by providing regular updates to the Ruby Central board and community. This provides clear insights into project updates and opens channels for feedback, fostering trust and engagement.
  • Strengthening Community and Corporate Partnerships: The committee actively engages with both the Ruby community and corporate sponsors to ensure financial sustainability, enhancing RubyGems and Bundler while balancing community and corporate support.

Looking forward: A new chapter for RubyGems

The formation of Ruby Central’s OSS Committee marks a key milestone in the evolution of RubyGems and Bundler. By formalizing governance, reducing technical debt, and involving community leaders and corporate sponsors, Ruby Central ensures these tools remain secure, stable, and well-maintained for the long term.

This effort goes beyond managing code and servers—it’s about fostering a thriving community, supporting developers, and safeguarding essential tools. With a renewed focus on governance, transparency, and sustainability, Ruby Central is building a more resilient foundation for Ruby’s growing open source ecosystem.

As Ruby Central enters this new chapter, the community can trust that RubyGems and Bundler will continue to thrive. Understanding and sharing the long and sometimes winding path to the present is important to better plan for a more mature and robust future that benefits every Ruby developer. Through the dedication of contributors, sponsors, and community members, Ruby Central is working to ensure the long-term stability and growth of our development environment and our community.