Opening Note

We all make mistakes, and fundamentally, the havoc caused by this incident was due to a flaw in the design of rdkafka-ruby. While the disappearance of librdkafka from GitHub was unexpected, this article aims to clarify and explain how rdkafka-ruby should have prevented it and what was poorly designed. By examining this incident, I hope to provide insights into better practices for managing dependencies and ensuring more resilient software builds for the Ruby ecosystem.

rdkafka-ruby

librdkafka

rdkafka-ruby

Incident Summary

On July 10, 2024 15:47 UTC, users of the rdkafka gem faced issues when the librdkafka repository on GitHub unexpectedly went private. This break in the supply chain disrupted installations, causing widespread frustration and, in many cases, completely blocking the ability to deploy rdkafka-based software.

rdkafka

librdkafka

Fetching rdkafka 0.16.0 Installing rdkafka 0.16.0 with native extensions Gem::Ext::BuildError: ERROR: Failed to build gem native extension.

current directory: /rdkafka-0.16.0/ext /usr/local/bin/ruby