Our stewardship: Where we are, what's changing and how we'll engage

Summary

Dear Rubyists,Thank you for giving me this opportunity to share with you. We take our stewardship of the Ruby Gems ecosystem seriously. Our mission is clear: keep the language and the infrastructure you rely on stable, safe, and trustworthy. Before we get to what the next steps will be, here is a quick recap from the video that we shared last week.Moving parts:We recognize there is confusion between some of the moving parts in this conversation, and we would like to add some clarity around that.The rubygems client and bundler source code both live in the rubygems/rubygems Github monorepo Similarly, the source code for the rubygems.org service lives in the rubygems/rubygems.org Github repoLastly, the production rubygems.org service is run on AWS servers by Ruby Central operators.These components are distinct but related, and work together to provide gems from developers to end-users. Ruby Central’s role is to ensure the whole platform runs securely and reliably end-to-end, from gem publishing to gem hosting and, eventually, to gem installation on end-user machines.The rubygems repository README and the rubygems.org repository README both explicitly state that they are “managed by Ruby Central”Where we areWe implemented a temporary, procedural change to privileged access to the rubygems/rubygems repository, to the rubygems/rubygems.org repository and to the production systems for the rubygems.org service. Why we did this and how long it lasts are outlined in the next section.Publishing and installing gems continue as usual; on-call coverage and incident response remain active.We are prioritizing the finalization of Operator Agreements for access to our Rubygems.org production systems as a priority, followed by Contributor Agreements for contributions to the open-source above-mentioned repositories, both on a firm timeline. The operator agreements are essential to define who can access production systems, under what conditions, and with what accountability. This preven...