
Weekly Update — Friday, October 3
Thanks for holding us to a regular cadence. I’m liking being able to share with you all regularly.
Today’s Friday update is brief, as we shared a comprehensive status on Tuesday, and much of that work is still in motion. Here’s where things stand:
Production services (rubygems.org operations)
- We remain on track to finalize and execute operator agreements on the schedule we set.
- Service is stable; publishing and installing gems continue as normal with on-call coverage active.
Code & repositories (Ruby Gems/Bundler and rubygems.org source)
- A narrow set of elevated permissions remains under the temporary procedural hold while roles are confirmed and least-privilege + MFA are verified. This matches the process we outlined Tuesday.
Governance & stewardship
- We’re drafting a proposed governance framework to clarify roles, accountability, and review cycles. We’ll share more soon.
- We have launched our Corporate Stewardship Program. If your company can offer in-kind engineering or adjacent support (e.g., SRE, security review, incident response, compliance), please reach out: contact@rubycentral.org.
Discovery reminder
We continue our discovery work related to supply-chain security and governance concerns. We’ll share facts as soon as we’re able. As noted Tuesday, our current focus is formalizing accountability and auditability.
How to engage
- We’ll keep publishing updates on a predictable weekly Friday schedule.
- Companies needing security/controls details can request a briefing at contact@rubycentral.org.
- Please continue sending questions via our Community Feedback form; we’ll batch responses on cadence.
With respect,
Shan Cureton
Executive Director, Ruby Central
October 03, 2025