undefined | Better HN

0 pointsilikepi5mo ago0 comments

There have been several releases with incremental but still notable performance improvements. The overall cadence has been pretty steady, intentionally targeting roughly one minor release per year since 2019-ish, with handfuls of quality of life improvements in each. Arguably RubyGems and Bundler are infrastructure, so the major feature is stability. What sort of big feature are you imagining is missing from your dependency management system?

0 comments

x0x05mo ago

André is working on a combination of rbenv/asdf, bundler, and gem that I think is interesting. Not that they're wildly broken, but I'd rather have fewer tools and it always seemed a bit odd that they're separate when they're notionally managing the environment in which your ruby code executes.

Given the rise in supply chain attacks, I'd also like a private rubygem instance where I can whitelist gems and even versions for my company in a way that doesn't let anything else install. I'm not sure if they're taking that on or not, but I'd like it.

the rv thesis is here: https://andre.arko.net/2025/08/25/rv-a-new-kind-of-ruby-mana...

riffraff5mo ago

> I'd also like a private rubygem instance

that was always possible https://guides.rubygems.org/run-your-own-gem-server/

(there's also "gem server")

baggy_trough5mo ago

That's basically my point. I'm not missing anything, so I'm happy if it just gets small / stability fixes, which doesn't seem like it needs a six member maintainer group. That team should go off and do a great job with 'rv' or whatever the next brand new idea is, and just let rubygems sit there with minor updates, same as we do for the ruby logger or date class.

woodruffw5mo ago

It seems unrealistic to believe that packaging infrastructure can just “sit there,” particularly in light of changing expectations around the bare minimum a packaging ecosystem should do to protect its users. I think a more reasonable assumption would be that the (former) RubyGems team did a good job, which translated to boring normality for you.

krainboltgreene5mo ago

> so I'm happy if it just gets small / stability fixes

Seems like you're the ideal consumer for this new service, since it actually has people who can do that.

j / k navigate · click thread line to collapse