Skip to content

Instantly share code, notes, and snippets.

@hone
Forked from matiaskorhonen/speaker.md
Last active August 29, 2015 13:57
Show Gist options
  • Save hone/9899310 to your computer and use it in GitHub Desktop.
Save hone/9899310 to your computer and use it in GitHub Desktop.

Terence Lee

Contact details

Speaker bio

Terence leads Heroku's Ruby Task Force curating the Ruby experience on the platform. He also works some OSS projects such as Ruby (the language), Bundler, as well as helping with the Rails Girls movement. When he's not going to an awesome Heroku or Ruby event, he lives in Austin, TX, the taco capital of America.

(Terence loves Friday hugs, EVERY DAY OF THE WEEK! Give him a big one when you see him!)

Ruby & You

  • Desired talk duration: 30 minutes

Abstract

On November 22, 2013, a devastating security exploit was publicized to the Ruby community: Heap Overflow in Floating Point Parsing CVE-2013-4164. There was no fixes provided for Ruby 1.9.2. In fact, Ruby 1.9.2 has never had a formal end of life announcement. At Heroku we realized this impacted our ability to provide reliable runtime support. Not wanting to leave our customers high and dry, Heroku released Ruby 1.8.7 and 1.9.2 security patches on our runtimes and pushed to get them upstream. This situation paved the way for me to join ruby-core to help maintain security fixes for 1.8.7 and 1.9.2.

Over the course of the year with help from zzak, I’ve been figuring out how to work with ruby core as well as proposing policy changes for more transparency. This talk, goes through the steps and mistakes that I learned on how to interact with members of ruby core as well as telling war stories of my experience on core. We’ll remove the opacity around getting contributions upstreamed and how you can have meaningful discussions with the implementers about the language we all know and love. Help us make Ruby better.

Notes

I'm going to be giving this talk at Ancient City Ruby this year. I've been focused this year and working on ruby-core to get us to a better place for supporting applications. zzak and I have a goal to pave the way to get as many ruby developers to be active with the development of Ruby. Showing people it isn't a black box is an important part of that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment