[pnako]

> Earlier today, a former Chef employee removed several Ruby Gems, impacting production systems for a number of our customers.

That's some horrendous infosec. Why would ICE or anyone use this? Can't Chef use, err, Chef or something like that to remove all credentials as soon as employees leave the organization?

[mwarkentin]

It was his own gem, hosted under his own account, not Chef's. It's apparently just relied on by almost the entire Chef ecosystem, including Chef's own systems.