Thanks for holding us to a regular cadence. I’m liking being able to share with you all regularly.

Today’s Friday update is brief, as we shared a comprehensive status on Tuesday, and much of that work is still in motion. Here’s where things stand:

Production services (rubygems.org operations)

  • We remain on track to finalize and execute operator agreements on the schedule we set.
  • Service is stable; publishing and installing gems continue as normal with on-call coverage active.

Code & repositories (Ruby Gems/Bundler and rubygems.org source)

  • A narrow set of elevated permissions remains under the temporary procedural hold while roles are confirmed and least-privilege + MFA are verified. This matches the process we outlined Tuesday.

Governance & stewardship

  • We’re drafting a proposed governance framework to clarify roles, accountability, and review cycles. We’ll share more soon. 
  • We have launched our Corporate Stewardship Program. If your company can offer in-kind engineering or adjacent support (e.g., SRE, security review, incident response, compliance), please reach out: contact@rubycentral.org.

Discovery reminder

We continue our discovery work related to supply-chain security and governance concerns. We’ll share facts as soon as we’re able. As noted Tuesday, our current focus is formalizing accountability and auditability.

How to engage

  • We’ll keep publishing updates on a predictable weekly Friday schedule.
  • Companies needing security/controls details can request a briefing at contact@rubycentral.org.
  • Please continue sending questions via our Community Feedback form; we’ll batch responses on cadence.

With respect,

Shan Cureton

Executive Director, Ruby Central