有人的地方就有江湖，开源世界也并不例外。 最近，一位长期参与开源项目的开发者愤怒指责，称自己深度维护了十多年的项目遭到了“恶意接管”，自己落了个被「踢出局」的下场。随后，这个项目被一家非营利公司的开源总监接手了，其还大刀阔斧地移除了 ...

A decade-long RubyGems maintainer, Ellen Dash (also known as duckinator), has resigned from Ruby Central following what she described as a "hostile takeover" of the open source project.… RubyGems is ...

New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users. RubyGems is a package manager for the Ruby ...

Ruby Central, a non-profit organization that manages a package management system for Ruby, has expelled the maintainer of a related system called RubyGems, sparking controversy over a 'takeover.' A ...

Below is a copy and paste of a PDF written by a maintainer named Ellen Dash about the RubyGems controversy, written by a Hacker News user. Ellen, who has been a member of the Ruby community since she ...

The RubyGems package repository has fixed a critical vulnerability that would allow anyone to unpublish ("yank") certain Ruby packages from the repository and republish their tainted or malicious ...

Over 700 malicious packages with names similar to legitimate ones have been uploaded to RubyGems, a popular repository of third-party components for the Ruby programming language. The upload took ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Vivek Yadav, an engineering manager from ...