Hello! Welcome to the March newsletter. Read on for announcements from Ruby Central and a report of the OSS work we’ve done from the previous month.
In February, Ruby Central's open source work was supported by Shopify, AWS, the German Sovereign Tech Fund (STF), as well as Ruby Central memberships from 29 other companies, including Zendesk and Ruby Shield sponsor and Partner-level member Contributed Systems, the company behind Mike Perham’s Sidekiq. In total, we were supported by 174 members. Thanks to all of our members for making everything that we do possible. <3
Ruby Central News
Ruby Central Receives Alpha-Omega Grant
We’re thrilled to announce that we have been awarded a $250,000 grant from Alpha-Omega to support critical open source projects on RubyGems.org, RubyGems and Bundler. Read more about how we’ll be using this funding here.
Keep up with Ruby Central’s AWS Software Engineer in Residence
- Samuel Giddins, RubyGems.org lead Security Engineer and our Software Engineer in Residence, has been sharing the highs, lows, and progress updates of his security work on his blog. Last month his development work included a new security event logging feature, a new gem research tool, a pure Ruby implementation of sigstore verification and more. You can learn more and follow along here. Thank you to AWS for supporting this work!
New Jobs Added to Ruby Central Job Board
- Did you know that we have a job board? It’s free to use, and finding and posting new positions is simple, quick and easy! Several new opportunities were added last week. Check it out here.
Ruby Meet-ups News
- Directory coming soon: We’re creating a directory of ALL active Ruby meetups to help us connect with one another, and so we can offer resources and support. Everyone who joins will have their Meetup.com bill covered by Ruby Central! Over 30 meet-ups have already signed up from Asia, Australia, South America, Europe, and all over North America! Click to fill out the form below and register your Ruby meet-up today.
- Second Bay Area meetup: March 28! Our first meetup was a success, so we're hosting another one; this time in collaboration with Evil Martians. Join us on Thursday, March 28th, 2024 at GitHub HQ in the US! RSVP here.
Upcoming Conferences
- Ruby Central
- ICYMI the RailsConf program is live! Check it out and then join us this year in Detroit on May 7 - 9. Conference tickets are on sale now! Prices will be increasing after March 31st — so get your tickets now to lock in these early rates!
- SAVE THE DATE. RubyConf Chicago will take place Nov 13-15th at the Hilton Downtown Chicago! If you're on our mailing list, you'll be the first to receive access to tickets when they go on sale. So tell all your #RubyFriends to sign up!
- Community Conferences
- April is chock-full of Ruby conferences in Brazil, Australia, Australia again(!), Poland and Bulgaria. Visit their event websites to find out more.
- RubyKaigi 2024 (on May 15th) is looking for sponsors! Apply here before the end of March (some packages require an even earlier deadline).
- Updated information is always available at rubyconferences.org, which includes a super-handy iCal feed.
Get Involved
- If you'd like to get involved and help make our community and events even better, we'd love to have you! Check out our volunteer page, and/or feel free to shoot an email to our executive director, Adarsh, to find the best way to get plugged in.
- Want to promote your company at RailsConf or RubyConf in 2024? Secure your sponsorship now to reach all our attendees, showcase your thought leadership, and cultivate invaluable industry relationships by emailing our wonderful sponsorships manager, Tom.
- Remember, you can receive exclusive benefits like conference discounts and more by signing up for a Ruby Central membership. Check to see if your employer matches donations to Ruby Central, Inc. through Benevity and double your support!
RubyGems News
In February, RubyGems released RubyGems 3.5.6 and Bundler 2.5.6. These updates include enhancements such as improved deep copy requirements in Gem::Specification and Gem::Requirement specifications, and improvements to the gem login scope. These efforts are part of our ongoing commitment to improving the RubyGems development experience.
Another accomplishment from the team this month:
Merging a new gem rebuild command
- The goal of this feature was to help create a simplified version of gem rebuild command as a standalone tool, so reproducible builds are available for existing RubyGems versions (since RubyGems versions have to match a build to be reproduced properly). The process involved setting up reproducible gem builds as a default, and including the Gem.source_date_epoch value into the metadata of built gems.
- The groundwork for this command involved a preliminary rebuild script to assess reproducibility requirements. Special thanks to @duckinator for their significant contributions in developing this feature.
In February, RubyGems gained 97 new commits contributed by 16 authors. There were 691 additions and 329 deletions across 120 files.
RubyGems.org News
February’s updates to RubyGems.org reflect a strong commitment to improving user experience, enhancing security, and modernizing the platform. Sponsored hosting for RubyGems.org in February was provided by AWS, Fastly, and DataDog.
The following are highlights of what the team worked on this month:
Converted RubyGems.org to Importmap + Stimulus Controllers
- The goal of adding stimulus controllers is to enable a modern, faster and simpler development experience for devs, and to bring us all the way up to the most modern Rails default.
- We introduced importmaps on RubyGems.org last month creating a foundation for using stimulus.js.
- Now we’ve now begun implementing stimulus controllers one at a time. We have added controllers for navigation, API keys and search autocomplete.
- We also made a follow-up attempt at Stimulus best practices in the navigation controller. If you’re interested in learning more about some patterns that can improve your stimulus implementation, read some of the references we used here and here.
Improving the Design of RubyGems Gems page
- We are exploring and user testing a new design for the RubyGems.org site and in particular, the gem info page.
- The gem info page on RubyGems ranks as the most visited page of the website (for example, here’s Bundler’s gem page). It is crucial to closely examine the needs of Ruby engineers and ensure that the page structure and design align with their objectives.
- Through interviews and discussions with RubyGems power users and stakeholders, we are identifying fundamental values of the interface elements, understand the reasons behind their development, track their evolution, and determine the most beneficial next steps for our broader user base.
- We are excited to start to share some of the new design work as soon as it is ready for a wider audience.
Initiating the Gem Research Tool Project
- This will be most relevant for RubyGems developers. The team will be able to use this as a playground for features that we want to expose to the public eventually, like browsing gem contents and being able to make queries. We also have been able to use this for security research to assess the impact of particular changes across the entire published gem ecosystem.
- The creation of this tool has involved (and will continue to involve) a lot of investigation, experimentation and steps like renting a dedicated server from Hetzner to host the gem research tool, after repeatedly running out of disk space!
Developing a Pure Ruby Sigstore Implementation
- This project kicked off with a long-term goal of integrating it directly into RubyGems. The team is drawing inspiration from the existing sigstore and The Update Framework (TUF) implementations in Python.
- We intend to focus on meeting the sigstore compliance specifications through continuous iterations. Additionally, by analyzing code and branch coverage, we're identifying sections that need more extensive testing.
- A critical part of this project is creating a protobuf implementation that does not depend on native extensions, ensuring it can be seamlessly incorporated into RubyGems.
In February, RubyGems.org gained 86 new commits contributed by 13 authors. There were 5,265 additions and 2,022 deletions across 270 files.
Total spent
In February we spent $101,322.02 on development work.
Thank you
Thank you to all the contributors of RubyGems and RubyGems.org for this month! Your contributions are greatly appreciated, and we are grateful for your support.
Contributors to RubyGems:
- @nobu Nobuyoshi Nakada
- @martinemde Martin Emde
- @deivid-rodriguez David Rodríguez
- @VitaliySerov Vitaliy Serov
- @flavorjones Mike Dalessio
- @jgarber623 Jason Garber
- @kimesf Kim Emmanuel
- @hsbt Hiroshi Shibata
- @ccutrer Cody Cutrer
- @simi Josef Šimánek
- @mame Yusuke Endoh
- @segiddins Samuel Giddins
- @dduugg Douglas Eichelberger
- @indirect André Arko
Contributors to RubyGems.org:
- @jenshenny Jenny Shen
- @martinemde Martin Emde
- @segiddins Samuel Giddins
- @hsbt Hiroshi Shibata
- @simi Josef Šimánek
- @colby-swandale Colby Swandale
- @sh0n0 sh0n0
- @coorasse Alessandro Rodi
- @CuddlyBunion341 Daniel Bengl
- @albertchae Albert Chae
- @bradly Bradly Feeley
- @ekyburz EtienneKyburz
- @indirect André Arko