Hi everyone, a full post-mortem is coming, but here's what happened from my perspective. I got mentioned on twitter about this thread while I was on the bus. I asked @evanphx
to put the site into maintenance mode immediately.
Just a general PSA, please, if you find an issue like this, be nice. Tell the maintainers privately. Don't post to Reddit, HN, or a public Gist. RubyGems.org is completely
volunteer run. No one gets paid to work on it. Thanks for your patience everyone.
-- @qrush (HN)
@nayafia
Nick. I don’t support today's PoC, I don't, really. But I told you. Twice in a week. I feel deeply sad now.
--blambeau (HN)
Yes, and thanks for telling us. Really, we should have disabled gem pushes immediately. Hindsight is 20/20, and I'm not sure why I didn't think of doing so earlier. The pain of not being
able to push gems would have forced us to fix it.
I'm sorry about this. I don't know what else to say. I wish we didn't have to deal with this kind of problem in the Ruby community.
“Every person who...comment[s] on an issue or submit[s] code is a member of a project’s community. Just being able to see them means that they have crossed the line
from being a user to being a contributor.”
Node.js contributor definition
@nayafia
(psst- how do I find projects to contribute
to?)
@nayafia
Start with projects you use
@nayafia
Find nice people and communities :>
@nayafia
Look for issues tagged for first
timers
@nayafia
Assume you don’t know anything
@nayafia
Read the docs before you ask for things
@nayafia
Baby steps are ok
@nayafia
Make contributions as clear and simple as
possible
@nayafia
Don’t contact maintainers privately (unless security-related or they ask)