mccOct 9

So, after the seeming hostile takeover of RubyGems, I this week saw this announcement:

https://gem.coop/

Of a reboot of RubyGems by its own former maintainers, governance structure to be announced tomorrow. Can people who are plugged into the Ruby community give me a sense of how significant an event this is? Does it have a chance to displace RubyCentral?

gem.coop

We’re excited to introduce gem.coop – a new server for gems in the Ruby ecosystem. We aim for fast, simple hosting, that is compatible with Bundler but optimized for the next generation. It’s built for the community by the former maintainers and operators of RubyGems.org.

gem.coop
Show threadmcc

RubyCentral do seem to have, in their coup, successfully claimed the "instutitions" of Ruby in the sense of domain names and github repos. But the community, and (a lot?) (most of?) the authors of the source in those github repos do not seem to be on board:

https://andre.arko.net/2025/09/25/bundler-belongs-to-the-ruby-community/

So this seems like a really key test case, whether open source is made of living communities or just an opaque content pipeline for corporate actors to plug their build systems into

Bundler belongs to the Ruby community

I’ve spent 15 years of my life working on Bundler. When I introduce myself, people say “oh, the Bundler guy?”, and I am forced to agree. I didn’t come up with the original idea for Bundler (that was Yehuda). I also didn’t work on the first six months worth of prototypes. That was all Carl and Yehuda together, back when “Carlhuda” was a super-prolific author of Ruby libraries, including most of the work to modularize Rails for version 3.

André.Arko.net
Oct 9 at 4:23pmWeb
Show threadmccOct 9
Well. This is a worrisome statement if the coop wants people to start putting that domain in gemfiles https://mastodon.fixermark.com/@mark/115345096616304556
Mark T. Tomczak (@[email protected])

@[email protected] I look forward to that URL being accessible through my corporate firewall.

Mastodon server for fixermark.com
Show threadsystemd-jaded.timerOct 9
@mcc though, if people aren't able to get firewall exceptions within 24h, what is *the company* doing here
Show threadspork (pathetic girlfailure)Oct 9
@leftpaddotpy at my old job, it took at least 24h to find the correct people to contact about a firewall exception, and once you got through to them, they'd stonewall you for weeks
Show threadspork (pathetic girlfailure)Oct 9
@leftpaddotpy for a time, the company cafeteria's website was blocked on the corp network
this is just how big company IT/security behaves
Show thread6874 (standy backup account)Oct 9
@flamingspork @leftpaddotpy who needs food anyway hehe
Show threadspork (pathetic girlfailure)Oct 9
@hypha @leftpaddotpy all the website did was save you the walk over to the cafeteria to see what today's food is, so it wasn't *essential*
Show threadHoward Chu @ SymasOct 9
@mcc stuff like this and npm and go really make me question the wisdom of tightly integrating remote code repositories into a programming language.
Show threadPete KeenOct 9

@mcc This feels like an important addendum. Assuming the screenshot is true I don't know if I want any involvement with ruby anymore, at least on a personal level.

edit: forgot the link https://rubycentral.org/news/rubygems-org-aws-root-access-event-september-2025/

Rubygems.org AWS Root Access Event – September 2025

As part of standard incident-response practice, Ruby Central is publishing the following post-incident review to the public. This document summarizes the September 2025 AWS root-access event, what occurred, what we verified, and the actions we’ve taken to strengthen our security processes.

Ruby Central
Show threadmccOct 9
@zrail I do not see a screenshot above.
Show threadPete KeenOct 9
@mcc augh sorry meant to link https://rubycentral.org/news/rubygems-org-aws-root-access-event-september-2025/ (also edited post you replied to)
Rubygems.org AWS Root Access Event – September 2025

As part of standard incident-response practice, Ruby Central is publishing the following post-incident review to the public. This document summarizes the September 2025 AWS root-access event, what occurred, what we verified, and the actions we’ve taken to strengthen our security processes.

Ruby Central