Another day, another reminder to be careful about installing software downloaded from the Internet: This time, the warning is for the Ruby community. The team behind RubyGems.org closed two security ...

Ruby Central, a non-profit organisation of the Ruby community, seized control of the GitHub repositories and some important gems of the RubyGems and Bundler package ecosystems without warning in ...

"RubyGems.org sends an email to all gem owners when a gem version is published or yanked. We have not received any support emails from gem owners indicating that their gem has been yanked without ...

Frustration spread among the maintainers, especially as they themselves were working on improvements to governance, which were abruptly interrupted by the incident. Shortly before the takeover, Martin ...

Ruby Central, a non-profit organization that manages a package management system for Ruby, has expelled the maintainer of a related system called RubyGems, sparking controversy over a 'takeover.' A ...

Below is a copy and paste of a PDF written by a maintainer named Ellen Dash about the RubyGems controversy, written by a Hacker News user. Ellen, who has been a member of the Ruby community since she ...

Volunteers at RubyGems.org are scrambling to recover the software repository after it was compromised yesterday. An unknown user uploaded a malicious code package to RubyGems that executed on its ...

RubyGems patched an unsafe object deserialization vulnerability this week that could have allowed attackers to remotely execute code on vulnerable systems. RubyGems, a package of software tools that ...