(pup-e.com)

659 points jolux | 2 comments | 19 Sep 25 08:09 UTC | HN request time: 0s | source

Show context

thomascountz ◴[19 Sep 25 14:09 UTC] No.45301861[source]▶

An update from Ruby Central: Strengthening the Stewardship of RubyGems and Bundler

https://rubycentral.org/news/strengthening-the-stewardship-o...

replies(13): >>45301914 #>>45301919 #>>45301946 #>>45302039 #>>45302069 #>>45302082 #>>45302089 #>>45302099 #>>45302120 #>>45302227 #>>45302468 #>>45305713 #>>45308969 #

corytheboyd ◴[19 Sep 25 14:44 UTC] No.45302227[source]▶

>>45301861 #

Aren’t supply chain attacks caused by package maintainer accounts being compromised? I suppose too many people with keys to the package repository itself is also liability, but those accounts being compromised just hasn’t been what is happening.

replies(1): >>45302567 #

krmbzds[dead post] ◴[19 Sep 25 15:14 UTC] No.45302567[source]▶

>>45302227 #

[flagged]

woodruffw ◴[19 Sep 25 15:25 UTC] No.45302677[source]▶

>>45302567 #

Your last sentence reads like a weird swipe: as best I can tell, there's no cultural war dimension to this whatsoever?

replies(1): >>45302955 #

krmbzds[dead post] ◴[19 Sep 25 15:48 UTC] No.45302955[source]▶

>>45302677 #

[flagged]

1. woodruffw ◴[19 Sep 25 18:04 UTC] No.45304601{3}[source]▶

>>45302955 #

I’m not seeing how this is related to the subject of the thread. But also, I think DHH’s politics are manifestly controversial: downplaying that doesn’t make for a good argument.

replies(1): >>45305924 #

2. krmbzds ◴[19 Sep 25 20:07 UTC] No.45305924[source]▶

>>45304601 (TP) #

Yes, the argument was: You shouldn't freeze the bank accounts of people (trucker or not) just because you disagree with them. I don't see how this can be seen as controversial. The relation to the subject of the thread is Ruby Central. Here's the relation: https://www.mermaidchart.com/play#pako:eNqrVkrOT0lVslJKL0osy...

↑

Ruby Central's Attack on RubyGems [pdf]