Ruby Together - Ruby Language Development Fund
Having slipped a couple of times in conditional Ruby Weekly, the Ruby Together initiative site did not catch my attention, although it should have. Let's figure out what we are offered to spend our labor dollar on.
Ruby Together is a nonprofit organization dedicated to attracting and distributing money for the development of the Ruby language infrastructure. Already under the wing of the organization are the pillars of the Ruby ecosystem: the bundler gem , the rubygems.org repository , and the rubygems project itself . The organization is managed by a board of directors , which consists of names that are familiar to all rubistas: André Arko, Aaron Patterson ( interview for Habr ), Steve Klabnik ( interview for Habr , “How do I find time?”), Sarah Mei, Terence Lee, Ines Sombra, Joel Watson.
Individual membership in the organization costs $ 40 per month, corporate membership - $ 800. Contributions give the right to vote and a number of bonuses, about which under the cut. For those who just want to help the project with money, there is a “friend” status, without access to internal resources and voting rights, with a monthly fee of $ 10, or a one-time fee of an arbitrary amount. Currently, Stripe and Engine Yard have joined the project, as well as more than 30 individual participants.
Take part .
The team already has concrete proposals on how and where to send the fund's money. I must admit, the list of plans is very inspiring.
New RubyGems Index Format
Read more about the new index here:
Dependency Resolution API Optimization
Now quite often there are situations when, for various reasons, the API responds to yours
bundle installwith great delays. They plan to fix this problem by optimizing the API for heavy loads.
Local cache server for gems
The new index format will greatly simplify local work with the gem cache. This will make it possible to develop an easy-to-configure cache server that any team of rubists can raise for their own needs.
The update framework
RubyGems.org has had serious security issues several times in recent years. The Ruby Together team plans to implement The Update Framework specification for RubyGems.org, which will protect the repository from attacks of a certain spectrum. Specifications for several years. There are implementations for python and go. Comprehensive information is on the site:
Vulnerability Alert Mechanism
Unfortunately, now everyone knows about vulnerabilities in gems in their own way. Some of them are from the New Relic interface, some of the newsletters, some of Khomakov’s blog, and some are not at all interested in what is happening. The existence of a single mechanism would greatly help the community.
- Unified dependency resolution mechanism for Bundler / RubyGems / CocoaPods.
- Bundler 2.0 release.
- Plugin system for the Bundler.
- Collection of statistics on the use of RubyGems, its analysis and display.
- Notification of existing threats when installing vulnerable gems.
What gives membership in Ruby Together?
If at least part of what was mentioned above is realized with money from contributions, this is already a great investment. But, of course, there is an additional profit:
- Your name will be mentioned on the project page.
- You will receive an invite to the Slack chat team. Corporate contribution gives up to five invites.
- You get access to all current and future Ruby Together projects.
- The company logo will be included in the presentation of all project participants in their public speeches.
- You get the opportunity to vote in the annual “board of directors" election.
The idea of such an initiative is not new, remember the same gittip (now Gratipay), which works on similar mechanisms (and supports some projects from the same sandbox). If you look at the current statistics , you can see quite a serious infusion. So, for almost three years of its existence, the project scored 2,881 (out of more than 39 thousand joined) active participants, passing $ 157,805 through itself.
But in my opinion, the Ruby Together mechanism of operation looks much older and can bring a lot more benefit to the community. The money here will go to solve specific problems that can be confidently called priority, while Gratipay works on the personal sympathy of users for individual programmers or projects, without at the same time declaring goals and not monitoring their implementation.
We must not forget about the vanity of rubists, as well as the direct benefit of companies from corporate contributions: Gratipay does not offer a corporate subscription and does not conduct Hall of Fame, depersonalizing all payments.
Only registered users can participate in the survey. Please come in.
Are you interested in participating?
- 6.8% Yes, I will pay $ 40 19
- 5.3% Yes, I will pay $ 10 15
- 8.6% Yes, I will pay a one-time fee 24
- 12.9% No, too expensive 36
- 20.5% No, I'm rubist, but I'm not interested 57
- 45.6% No, I'm not a rubist 127