> with the recent increase of software supply chain attacks, we are taking proactive steps to safeguard the Ruby gem ecosystem end-to-end. To strengthen supply chain security, we are taking important steps to ensure that administrative access to the RubyGems.org, RubyGems, and Bundler is securely managed
So the recent supply-chain attacks on npm has made the Ruby folks a bit worried and wanted to be more cautious and secured in preparation for similar attacks on RubyGems
> Ruby Central has to safeguard the supply chain and protect the stability of the ecosystem. We are strengthening our governance processes and tightening access to production systems. So only engineers employed or contracted by Ruby Central will hold administrative permissions to the RubyGems.org
This is not an exact quote, I removed some fluff. But this is basically their reason for the hostile takeover?
I think the meat is in these two paragraphs
> with the recent increase of software supply chain attacks, we are taking proactive steps to safeguard the Ruby gem ecosystem end-to-end. To strengthen supply chain security, we are taking important steps to ensure that administrative access to the RubyGems.org, RubyGems, and Bundler is securely managed
So the recent supply-chain attacks on npm has made the Ruby folks a bit worried and wanted to be more cautious and secured in preparation for similar attacks on RubyGems
> Ruby Central has to safeguard the supply chain and protect the stability of the ecosystem. We are strengthening our governance processes and tightening access to production systems. So only engineers employed or contracted by Ruby Central will hold administrative permissions to the RubyGems.org
This is not an exact quote, I removed some fluff. But this is basically their reason for the hostile takeover?