Hello! Welcome to the November newsletter. Read on for announcements from Ruby Central and a report of the OSS work we’ve done from the previous month.

In October, Ruby Central's open source work was supported by Ruby Shield sponsor Shopify, AWS, the Sovereign Tech Agency (STA), and Ruby Central memberships from 29 other companies, including Partner-level member Sidekiq. In total, we were supported by 186 members. Thanks to all of our members for making everything that we do possible. <3

Ruby Central News

RubyConf 2024: Our Biggest Event Since the Pandemic

RubyConf 2024 took place in Chicago last week, bringing together over 600 attendees for three unforgettable days celebrating the Ruby language and community!

Highlights included an opening keynote from the one-and-only Yukihiro “Matz” Matsumoto and keynotes from Nadia Odunayo, Brandon Weaver, Nickolas Means, and Drew Bragg. We also had a RubyKaigi-inspired track that brought a taste of Japan stateside, plus a greater focus on technical talks compared to previous conferences. 

Yukihiro “Matz” Matsumoto presenting his keynote at RubyConf 2024. Photo by Double Sunday Studios.

From the incredible talks to game night and other social events, this RubyConf will be living in our heads rent-free til the next one!

Thank you to everyone who participated—including our speakers, sponsors, volunteers, and attendees—and for making this our biggest event since 2020. 

Missed it? Keep an eye on our social channels—more photos and videos are coming soon!

Help Make the Last RailsConf Happen 

RailsConf is the longest-running gathering of Rails developers, dedicated to building, managing, and testing Rails applications. After almost 20 years, RailsConf 2025 will be our final Rails-specific event—a celebration of the community and the incredible legacy we’ve built together.

We are aiming to host RailsConf in July in Philadelphia. We’re working hard to finalize these plans and secure our venue, but we need your support to make this vision a reality.

Philadelphia, the historic city where we hope you'll join us to create a historic event!

Let us know if you’re interested in attending RailsConf 2025 by sharing your email here! Understanding the level of interest from the community is crucial as we move forward with planning and making this event a success.

Additionally, you can help by becoming a sponsor, or suggesting your company sponsor! Sponsoring this final RailsConf will showcase your dedication to the Rails and Ruby ecosystem, provide unparalleled visibility in the global Rails community, and highlight your support for open source and developer education. Email Tom Chambers at sponsors@rubycentral.org for more information.

Ruby Central Open Source Program Launch

Ruby Central has established the Open Source Program to ensure the long-term sustainability of Ruby’s core tools: RubyGems, Bundler, and RubyGems.org. This marks a significant step in formalizing management and processes for maintaining these crucial projects, which are used by developers worldwide every day. The Open Source Program’s mission is to sustainably provide high-quality and secure infrastructure through RubyGems to reliably build Ruby software that enables businesses and our community to thrive.

Early initiatives include Trusted Publishing for secure gem releases and Organization Accounts for better team management, with more improvements on the way. By introducing structured oversight and fostering community collaboration, the Open Source Program is creating a stronger foundation for the Ruby ecosystem and paving the way for a more sustainable future for Rubyists and the technology we all love.

You can read more about the Open Source Program here. 

In case you missed it, you can also read about the history of forming the Open Source Program and role of the Open Source Committee here.

Read Our First Annual Open Source Report

Ruby Central’s first Annual Open Source Report is now live, offering a detailed look at everything we’ve achieved in the past year!

From November 2023 to November 2024, our Open Source Program has focused on enhancing the infrastructure, security, and usability of core tools like RubyGems, Bundler, and RubyGems.org. Highlights include:

  • Trusted Publishing for secure gem releases
  • ~99.99% uptime on RubyGems.org thanks to expanded 24/7 on-call support
  • Upcoming Organization Accounts feature to improve gem management for teams

The report also outlines our vision for 2025, built on the pillars of Security, Stability, and Sustainability. We’re prioritizing supply chain protections, robust disaster recovery planning, and long-term funding to ensure Ruby remains a top choice for developers worldwide. 

These efforts have been made possible through partnerships with organizations like Shopify, AWS, the Alpha-Omega Project, and the Sovereign Tech Agency, as well as contributions from individual and corporate members.

You can read the Annual Open Source Report here.

Catch Up on “The State of RubyGems”

If you missed our “State of RubyGems” talk at RubyConf, don’t worry—you can see the slides here! 

Marty Haught (Director of Open Source), Samuel Giddins (Security Engineer in Residence), and Martin Emde (Principal Engineer) shared updates on security, infrastructure improvements, and what’s ahead for RubyGems in 2025. As a complement to our Annual OSS Report, these slides offer a high-level overview of the work being done to strengthen the Ruby ecosystem and ensure its long-term reliability.

Highlights of RubyGems.org's new design, featured in this year's State of RubyGems talk.

We will also share the video as soon as it’s available.

Fastly Grants for Local Ruby Meetups

Fastly has partnered with Ruby Central to offer grants of up to $300 to support local Ruby meetups worldwide! Funds can be used to cover expenses like venues, food, speaker costs, and more (excluding alcohol). 

Want to bring together Rubyists in your area? Apply for a grant!

Become a Ruby Central Member

Ruby Central’s membership program is a simple and impactful way for Rubyists (like you!) to support the tools and infrastructure that keep our ecosystem thriving. 

Member contributions help sustain:

  • RubyGems and Bundler, the backbone of Ruby development
  • Support for Ruby local meetups and regional conferences worldwide
  • Administrative costs for running our nonprofit organization

Join us today and help ensure the long-term success of the Ruby ecosystem!

Follow Ruby Central on BlueSky

Ruby Central is officially on BlueSky! Follow us for updates on our OSS work and events (including RubyConf and RailsConf), as well as more educational content and community collaborations in the future. 

Communication & Transparency

We’ve heard your feedback—you want more transparency and better communication from us. 

The good news is that we’ve recently added new marketing support and are working on fresh ways to connect with and engage the community in 2025. Stay tuned for updates as we release exciting new projects and content!

RubyGems News

In October, we released RubyGems 3.5.21 and 3.5.22 along with Bundler 2.5.21 and 2.5.22. These releases bring a series of enhancements and bug fixes designed to improve the overall developer experience with RubyGems. Notable improvements include updates to the vendored uri and net-http libraries, fixes to prevent gem pristine etc from resetting twice and the removal of code that degraded the accuracy of suggest_gems_from_name.

Some other important accomplishments from the team this month include:

Improved Support for Shared GEM_HOMEs

  • Sharing GEM_HOME across environments, though common, often leads to complex errors tied to native library incompatibilities. These issues are challenging to diagnose and frequently reported by users. Our goal with this update was to reduce these reports, enhance user experience, and free maintainers to focus on other priorities.
  • Initially, we aimed to detect and clarify these errors, but their varied nature made precise messaging difficult. Further analysis showed that RubyGems and Bundler already handle such cases by ignoring improperly built extension gems, except when conflicts involved default gems. Recognizing this, we implemented a straightforward bug fix to resolve these edge cases.

Enhanced Bundler Integration with RubyGems, Resolving bundle exec Edge Case

  • A reported issue involved bundler failing to run (with a final "r"), prompting a suggested fix. However, the affected code resided within Bundler's monkeypatches applied during bundle/setup to RubyGems, which has long been a suboptimal approach. This presented an opportunity to improve Bundler's integration with RubyGems, offering potential long-term maintenance benefits.
  • We resolved the issue by eliminating these monkeypatches entirely. This was achieved by correcting Bundler's usage of the RubyGems API for setting gem specifications Gem::Specification.all=, which had previously overlooked default gems (including Bundler itself). Once corrected, the other monkeypatches were rendered unnecessary.
  • Beyond fixing this edge case, our goal is to gradually integrate Bundler with RubyGems using proper APIs, reducing technical debt and potentially paving the way for a unified library in the future.

Improved Webauthn CLI Experience

  • Recent webauthn support for the CLI encountered issues when gem push or other commands required two authenticated requests, such as when an API key had invalid scopes or when signing in before using the gem CLI. This required obtaining or fixing the API key before completing the intended operation.
  • The issue arose from reusing the same OTP obtained through webauthn for both requests, which is not permitted. The solution was to perform two separate webauthn requests to generate distinct OTP codes.

In October, RubyGems gained 166 new commits contributed by 15 authors. There were 1,302 additions and 14,205 deletions across 529 files.

RubyGems.org News

The updates made this month to RubyGems.org reflect a strong commitment to improving user experience, enhancing security, and modernizing the platform. Sponsored hosting for RubyGems.org in October was provided by AWSFastly, and DataDog.

The following are highlights of what the team worked on this month:

Released Maintainer Role Feature

  • Until now, every gem owner on Rubygems.org had the same permissions, regardless of their role or trust level within their organization. This highlighted a significant weakness: users with lower levels of trust could potentially cause considerable harm to widely used gems.
  • To address this, we’ve introduced a new role field for gem ownerships. This enhancement allows gem owners to assign and configure roles for their gems, better reflecting real-world organizational structures and reducing potential security risks.

Converted RubyGems.org to Use Propshaft

  • With Rails 8 adopting Propshaft as the default, we aimed to make the switch. After transitioning to importmaps earlier this year, we were largely ready to move from Sprockets. However, our first attempt led to styles not loading on staging, prompting us to delay.
  • While working on a new design, we realized our site’s caching behavior could be longer than expected, and Propshaft might work fine. After thorough staging checks and timing refresh intervals, we deployed to production. Unfortunately, things broke longer than on staging. New assets triggered 404 errors, causing some initial panic before resolving on their own.
  • Lesson learned: A smoother deploy would have involved loading new assets alongside old ones to allow for gradual cache warming. We underestimated the impact and duration of the disruption—apologies for the temporary issues. All is working fine now!

Added bcrypt Password Validation

  • This update introduces bcrypt password validation to enhance security for password handling on RubyGems.org. It uses byte-size validation to prevent passwords longer than 72 bytes, as bcrypt silently truncates passwords exceeding this length.

In October, RubyGems.org gained 106 new commits contributed by 9 authors. There were 5,008 additions and 2,076 deletions across 288 files.

Total Spent

In October we spent $99,803.16, on development work.

Thank you

Thank you to all the contributors of RubyGems and RubyGems.org for this month! Your contributions are greatly appreciated, and we are grateful for your support.

Contributors to RubyGems:

Contributors to RubyGems.org:

If we missed you, please let us know so we can include you in our shout out!