We’re proud to say RubyGems.org’s uptime has been uninterrupted for over 8 and a half years since Ruby Together, and then Ruby Central, began funding maintenance on RubyGems. With 147,326,326,048 total gem downloads, 181,745 users, and an average of 2 billion requests per weekday as of October 2023, this has been no easy feat. Security Lead on RubyGems and Ruby Central’s AWS Security Engineer in Residence Samuel Giddins gave a talk at RubyConf 2023 outlining the history of the vital gem hosting service used by Rubyists every day, and all that it has taken to “keep the lights on” at RubyGems.org, then and now.
In his talk he highlighted, by the numbers, the impact that RubyGems has had on the Ruby ecosystem worldwide, and how it has been maintained from its creation at RubyConf 2004 to its current state in 2023. He shared the challenges open source contributors have faced through RubyGems’ growing pains, including recurring security issues, precarious infrastructure and the lack of an official, dedicated support team for RubyGems.org.
He also outlined the accomplishments RubyGems/Bundler and RubyGems.org contributors achieved in 2023 in spite of all this — shipping new features, like a beta version of `bundle compose`, merging hundreds of pull requests, and migrating towards managing infrastructure as code — all to make the developer experience better for both users and maintainers.
Finally, he shared a vision for new projects and goals that are on the horizon and ready to begin as soon as consistent support is made possible via sponsors and growth of our Ruby central membership. We are on the way to introducing cutting edge best practices around security and code provenance — like completing our trusted publishing project — and projects that improve the quality of life for gem developers, like increased gem information and in-browser gem playgrounds, among several others.
He made clear that the continued growth, security and health of RubyGems is expensive, and relies not only on many groups of consistent volunteer contributors, but server and infrastructure services, paid part-time developers and organizational costs totaling around $500,000 a month — all handled by Ruby Central. These expenses would not be manageable without the support of Ruby Central’s individual and company members, and our Open Source Sustaining Membership sponsors.
The Ruby community has never let us down, and we look forward to continuing to grow and improve the RubyGems service with your support! You can support our work and goals simply by watching and sharing this talk, spreading the word about Ruby Central’s work and events or getting even more involved in ways that work for you. Thanks in advance for helping us improve the Ruby ecosystem for everyone.