Ruby Central basically took over the RubyGems GitHub repos and gem ownership
This is the strange part for me. Why did the RubyGems service need that level of permission? Giving a service permission to change the owner is invasive, like giving someone the key to your house. And why didn't people find it strange the service required this permission?
I'm not a Ruby developer but I have experience with PHP and Javascript package managers. And I checked the permissions. I don't see them wanting permission that allows them to take over a project.
If they wanted security they could add a system that filters the gems.
Former Java engineer turned Ruby engineer who is trying to understand Ruby and Rails, MacOS and a lot of other things. Worked at Flywheel, FNBO, ACI Worldwide.
Yea, that is really hard for me to understand too. They say they were trying to secure the ecosystem, but by removing the maintainers with the years of knowledge, and leaving all those gaps, it seems less secure. Plus this is not the RubyGems service (which they already controlled, and how you actually upload/download the gems aka https://rubygems.org) but the RubyGems GitHub, just where the open source code was maintained.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
This is the strange part for me. Why did the RubyGems service need that level of permission? Giving a service permission to change the owner is invasive, like giving someone the key to your house. And why didn't people find it strange the service required this permission?
I'm not a Ruby developer but I have experience with PHP and Javascript package managers. And I checked the permissions. I don't see them wanting permission that allows them to take over a project.
If they wanted security they could add a system that filters the gems.
Yea, that is really hard for me to understand too. They say they were trying to secure the ecosystem, but by removing the maintainers with the years of knowledge, and leaving all those gaps, it seems less secure. Plus this is not the RubyGems service (which they already controlled, and how you actually upload/download the gems aka
https://rubygems.org) but the RubyGems GitHub, just where the open source code was maintained.