Funding Ruby Infrastructure as a Non-Profit

Transcript

1. Funding Ruby Infrastructure as a Non-Profit Samuel Giddins RubyConf Taiwan

   2025 RubyGems.org

2. Your Presenter Samuel Giddins @segiddins → RubyGems, Bundler, RubyGems.org maintainer

   → Long-time bug author → Security Engineer in Residence @ Ruby Central RubyGems.org

3. Your Presenter Samuel Giddins @segiddins → Has opinions that are

   his own, → and not necessarily those of his employer. RubyGems.org

4. Ruby Central → 501(c)(3) non-profit founded in 2001 → Organizes

   RubyConf (USA) → Previously RailsConf → Operates RubyGems.org → Mission: Sustain and grow the Ruby ecosystem RubyGems.org

5. The Mission To sustainably provide high-quality and secure infrastructure through

   RubyGems to reliably build Ruby software that enables businesses and the community to thrive. Dedicated to supporting impactful open source projects on behalf of the Ruby community and fostering the growth of open source contributors to ensure the continuity of the Ruby ecosystem. RubyGems.org

6. Ruby Ecosystem is Open Source → RubyGems.org - Package registry

   → Bundler - Dependency management → Ruby - MRI, standard library → Rails, Sinatra, Hanami - Web frameworks → RSpec, Minitest - Testing frameworks → Puma, Unicorn - Application servers RubyGems.org

7. A Taxonomy of Open Source Understanding the Economics RubyGems.org

8. Who's Involved? Maintainers → Write and maintain code, docs, and

   designs → Handle issues and PRs → Set project priorities → Click the "Release" button Consumers → Use the software → Report bugs → Benefit from the work RubyGems.org

9. The Economics 💻 DEVELOPMENT 🏗️ OPERATIONS RubyGems.org

10. For-Profit: Simple Math Revenue → Development + Operations → Companies

    pay developers → Companies pay for infrastructure → Customers pay companies RubyGems.org

11. On the Other Hand RubyGems has: → 0 revenue →

    Expensive operations (40+ billion downloads/year) → Complex development needs (security, performance, features) RubyGems.org

12. How Engineering Time Gets "Paid" Companies Pay Employees work on

    OSS as part of their job Money Appears Somehow funding materializes to pay maintainers No One Gets Paid Maintainers essentially pay with their time RubyGems.org

13. Infrastructure Can Be Donated → Cloud credits → Hosting infrastructure

    → CDN → SaaS products But someone still needs to manage it RubyGems.org

14. XKCD #2347: Dependency RubyGems.org

15. The Tragedy Of The Commons RubyGems.org

16. The Old Model & Its Limits How Ruby Infrastructure Was

    Maintained RubyGems.org

17. Historical Maintenance → Volunteer-driven development and operations → Best-effort availability

    and security → Individual maintainers without backup → Frustration-driven feature development RubyGems.org

18. The Breaking Point 0 FULL-TIME MAINTAINERS ∞ HOURS NEEDED $0

    TRADITIONAL FUNDING RubyGems.org

19. The Burnout Reality Volunteer burnout is real RubyGems.org

20. Infrastructure is more than Code Writing code vs Operating infrastructure

    → Code contribution: Creative, flexible timing, done when motivated → Operations/oncall: Stressful, immediate response required, disrupts life → Volunteers willing to code on weekends → Far fewer willing to handle 3am outages (and carry a laptop 24/7) RubyGems.org

21. Why Funding Matters More Than Ever → Supply chain security

    is now a critical business concern → Regulatory requirements (CRA, etc.) make that concern a legal requirement → Increased focus goes hand in hand with increased vulnerability exploitation of open source → These become asks of open source projects RubyGems.org

22. Scale & Visibility In May 2025: 4.05B GEMS DOWNLOADED 1.15PB

    TOTAL BANDWIDTH 431MB /s AVG TRAFFIC 1514 GEM DOWNLOADS/S → Scale of usage requires expensive infrastructure → Visibility requires quick remediation of vulnerabilities → 2025 demands more than 2005 RubyGems.org

23. If RubyGems.org Went Down RubyGems.org

24. Immediate Impact → All gem install commands fail globally →

    All bundle install commands fail globally → CI/CD pipelines break for Ruby projects → New deployments blocked without vendored gems or prebuilt container images RubyGems.org

25. Cascading Effects → Development teams paralyzed across thousands of companies

    → Production deployments blocked globally → Open source contributions halt → Ruby's reputation damaged as a production-grade ecosystem RubyGems.org

26. Ruby Central's Evolution From Conference Organizer to Infrastructure Steward RubyGems.org

27. Ruby Central: A Model → 501(c)(3) non-profit since 2001 →

    Originally organized RubyConf and RailsConf RubyGems.org

28. The Evolution → Now maintains RubyGems.org infrastructure → Natural actor

    to match funding with work → Neutral steward with aligned incentives → Not a competitor to any company RubyGems.org

29. Key Turning Points → 2001: Founded for conference organization →

    2009: Took over RubyGems.org hosting → 2022: Ruby Together merger, paying for open source development → 2023: Full-time security employee RubyGems.org

30. Structuring for Sustainability → Professional governance and operations with board

    oversight → Transparent financials and reporting → Multiple revenue streams reduce risk → Community input in major decisions RubyGems.org

31. 2024 Ruby Central Funding 15% DONATED SERVICES 62% PROGRAM- SPECIFIC

    8% MEMBERSHIPS 15% CORPORATE SPONSORSHIPS RubyGems.org

32. Ruby Central Funding Programs → Infrastructure Donations: AWS, Fastly, Datadog,

    others donate services → Grants (60% of budget): Alpha-Omega, Sovereign Tech Agency, AWS → The Alpha-Omega grant covers my residency → Corporate Sponsorship: $10K+ annually for overall support of the organization → Shopify's Ruby Shield program is $1MM over four years → Open Source Supporter Program: $2,500-$5,000 annually specifically for open source → Individual Membership: Low-dollar community support (launching soon) → One-Time Donations: Flexible, no-strings-attached support RubyGems.org

33. Why Non-Profits Work for Open Source The Fundamental Truths →

    Open source continues to grow in importance → Open source will always require resources to maintain → Largest projects require a "steward" → Someone needs to be responsible for the commons Non-Profits as the Solution → Formalize "the community" as a legal entity → Not a competitor to any company → Not a government making sweeping mandates → Aligned incentives to improve ecosystem for everyone RubyGems.org

34. The Current Landscape Where Ruby Infrastructure Stands Today RubyGems.org

35. Ruby Packaging Infrastructure Today 1 FULL-TIME EMPLOYEE Secure SUPPLY CHAIN

    24/7 ONCALL 40B+ DOWNLOADS / YEAR RubyGems.org

36. Other Role Models Python Software Foundation → PyPI infrastructure →

    Multiple full-time staff → Conference revenue + donations Rust Foundation → Corporate members → Clear governance → Diverse funding sources RubyGems.org

37. Emerging Challenges → Growing scale requires more resources → Security

    threats are increasingly sophisticated → Compliance requirements add operational complexity → Community expectations for reliability increase RubyGems.org

38. New Opportunities → Corporate awareness of supply chain risks →

    Government funding for critical infrastructure → Foundation support for open source sustainability → Community willingness to contribute financially RubyGems.org

39. Looking Forward The Future of Open Source Infrastructure RubyGems.org

40. Reasons for Optimism → Proven models exist and are working

    → Corporate understanding of OSS value is growing → Funding sources are diversifying → Community engagement is increasing → OSS is stronger than ever RubyGems.org

41. How the Community Can Help Individuals → Monthly donations →

    Advocate at work → PRs welcome Companies → Sponsor at appropriate level → Provide infrastructure → Allow employee contributions RubyGems.org

42. The Ruby We Want → Reliable infrastructure that never goes

    down → Fast security responses to protect all users → Professional maintenance → State-of-the art features → Sustainable funding for decades to come RubyGems.org

43. Questions? Samuel Giddins • @segiddins Funding Ruby Infrastructure as a

    Non-Profit [email protected] https://rubycentral.org/support RubyConf Taiwan 2025 RubyGems.org