Discussion
[Update: it was a hostile takeover: https://narrativ.es/@janl/115258495596221725]
What the fuck is going on with Ruby? For the moment we have to consider all gems compromised: https://pup-e.com/goodbye-rubygems.pdf
Ah, oof: https://indieweb.social/@sstephenson/115231391147943333
And even more context (bad): https://bsky.app/profile/mikemcquaid.com/post/3lz7klsyue22f
@janl you mean besides the person who controls all of it being a very proud Nazi?
@janl ok so yes this looks really really bad but:
""we were offered millions of dollars from a hostile donor in exchange for control of the RubyGems infrastructure” <-- that's a HELL of an accusation to make, and I can't see any evidence of that whatsoever. Is there something I'm missing?
Because otherwise until we learn more this really seems like a "never attribute to malice what you can attribute to incompetence" sort of situation - right?
broken ruby gems social scene or something 😄 #SorryBrokenSocialScene #RubyIsMyFavouriteProgrammingLanguageButItIsNotImmuneToTheFollyOfHumans :-)
@janl they looked at npm and said “Hold my beer”
@janl I know this is about the programming language and presumably gems are a type of library or package, but for a second I thought "oh shit, are there any other langs named after gems like Ruby and Perl that are compromised"
It wouldn't be hard to just pull the gems from git directly, then put the commit IDs into a checked-in lock file the way mruby does it. From there, you could automate pushing the clones to your own repos if you need them.
@janl What a mess.. and what does that mean for mastodon which is written in ruby.
A space for Bonfire maintainers and contributors to communicate
