RubyGems now requires MFA for owners of top gems

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • RubyGems

    The Ruby community's gem hosting service.

    If anyone is looking to do some open source contributions on a mature, production Ruby on Rails site, I highly recommend contributing to the rubygems.org project. The code is extremely clean and the repo is very, very well run.

    https://github.com/rubygems/rubygems.org

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • CocoaPods

    The Cocoa Dependency Manager.

    This is fantastic work by the RubyGems maintainers!

    One interesting (IMO) aspect of this: there are secondary package ecosystems that piggyback on RubyGems that don't qualify for the 2FA mandate at the moment (since, as user-installed packages, they don't have quite the same volume as an extremely popular library package).

    The biggest one I can thing of is CocoaPods[1] -- huge swaths of the iOS and macOS ecosystems rely on it, but it has "only" 57 million RubyGems downloads[2] and therefore doesn't qualify as a top-100 package. This demonstrates (again, IMO) the need for manual curation on top of a uniform policy for the top N packages.

    [1]: https://cocoapods.org/

    [2]: https://rubygems.org/gems/cocoapods

  • ios-application

    A native, lightweight and secure one-time-password (OTP) client built for iOS; Raivo OTP!

    I recently migrated all of my 2FA logins to Raivo [0]. It's iOS-only but open source and very nicely built. The key feature that made me switch is that it can export by 2FA tokens as a backup.

    I got worried when I started thinking about this scenario, and realized Google Authenticator offers no way to back up the tokens. The only way out is to transfer to a new device using a QR code. They pretty much lock you in to using Google Authenticator.

    And, crucially, backing up the phone DOESN'T SAVE THE TOKENS.

    I almost learned this the hard way when I got a new phone, restored from backup, and right before I wiped my old phone I decided on a lark to check that Google Authenticator was working on the new one. The app was there, but the tokens were not.

    0: https://raivo-otp.com/

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Xcode 14.3 is completely unacceptable

    4 projects | /r/iOSProgramming | 18 Apr 2023
  • Xcode Update Error Chaos: Tips for a Newbie

    2 projects | /r/iOSProgramming | 4 Apr 2023
  • Unofficial Hasura iOS SDK

    2 projects | dev.to | 3 May 2022
  • MagazineLayout

    2 projects | dev.to | 10 Jan 2022
  • Popular Mac app 'Bartender' acquired by new unknown developer

    7 projects | news.ycombinator.com | 5 Jun 2024

Did you konow that Ruby is
the 12th most popular programming language
based on number of metions?