Rafael França
LightNews LightNews
rmfranca.bsky.social
Rafael França
@rmfranca.bsky.social
150 followers 61 following 26 posts
Rails developer
Posts Replies Media Videos
Reposted by Rafael França
adrienpoly.com
Dear gem maintainers 👋

Rails 8.1 just dropped, but many gems can’t be used because of overly strict gemspec constraints.

Please don’t hard-restrict Rails versions, let us test early and report real issues sooner! ❤️

Thanks
October 30, 2025 at 9:06 PM
Reposted by Rafael França
hsbt.org
Anyone with experience obtaining and addressing CVEs knows that it is shameful for an OSS programmer to disclose information about a security incident before sharing it with relevant parties and coordinating a response.
October 9, 2025 at 8:51 PM
Reposted by Rafael França
pixeltrix.bsky.social
Ruby Central dropped the ball here on securing the root account and effectively lost control of it for 11 days - however, that's nothing compared to changing the root password. If an ex-employee did that to me I'd be calling the police.
October 9, 2025 at 7:18 PM
Reposted by Rafael França
searls.bsky.social
People jumped to conclusions about this RubyGems thing
People jumped to conclusions about this RubyGems thing
For context, last week I wrote a post bringing to light a number of things Andre Arko had said and done (/posts/why-im-not-rushing-to-take-sides-in-the-rubygems-fiasco/) in the past as a way to provide some context. Context that might explain why any of the principal actors involved in the RubyGems maintainer crisis (summarized well up to that point by Emanuel Maiberg (https://www.404media.co/how-ruby-went-off-the-rails/)) would take such otherwise inexplicable actions and then fail to even attempt to explain them. Today, Jean shed some light on Shopify's significant investments in Ruby and Rails open-source (https://byroot.github.io/opensource/ruby/2025/10/09/dear-rubyists.html), and it actually paints a picture of corporate investment in open source done right. (Disclosure: I know and am friends with several people who work at Shopify on these teams, and unless they're all lying to me, they sure seem to prioritize their work based on what Ruby and Rails need, as opposed to what Shopify wants.) Jean went a step further by contrasting Shopify's approach with the perverse incentives at play when individuals or groups receive sponsorships to do open source. He also drew a pretty clear line of those incentives playing out based on how RubyGems and Bundler maintainers reacted to Shopify's feature submissions. Read the post, it's good.
justin.searls.co
October 9, 2025 at 7:46 PM
Reposted by Rafael França
rubycentral.org
Here’s a note from our Executive Director regarding our recent security incident.
rubycentral.org/news/rubygem...
Rubygems.org AWS Root Access Event – September 2025
As part of standard incident-response practice, Ruby Central is publishing the following post-incident review to the public. This document summarizes the September 2025 AWS root-access event, what…
rubycentral.org
October 9, 2025 at 5:34 PM
Reposted by Rafael França
st0012.dev
Thank you for writing this, especially:

> Aaron got nerd sniped into making Bundler faster, and now he’s being called out for supposedly being part of a hostile takeover? Give me a break.
October 9, 2025 at 2:59 PM
Reposted by Rafael França
byroot.bsky.social
This is by far the most sensible take ever since all this mess started.

Glad there are still some people capable making the difference between unsubstantiated conspiracy theories and proper reporting of facts.

Thank you ❤️
October 7, 2025 at 4:22 PM
Reposted by Rafael França
valeriecodes.bsky.social
Hi folks, I am the president of the Ruby Central board. I don’t have time to reply to posts individually, but I do want to make clear that recent changes to permissions in our open source projects were done in collaboration with the organization’s leadership and not by one person unilaterally 🧵
September 19, 2025 at 2:30 PM