zlacker

>>jolux+(OP)
An update from Ruby Central: Strengthening the Stewardship of RubyGems and Bundler

https://rubycentral.org/news/strengthening-the-stewardship-o...

>>thomas+pH
Aren’t supply chain attacks caused by package maintainer accounts being compromised? I suppose too many people with keys to the package repository itself is also liability, but those accounts being compromised just hasn’t been what is happening.

>>coryth+jN
The other side of the story came out, and of course, it’s very reasonable https://apiguy.substack.com/p/a-board-members-perspective-of...