[dudleyf]

From the context, it seems like mame was trying to say that Ruby is not a security-focused project, so the core team has not attracted many volunteers who are familiar with SSL/TLS.

I inferred from this not that Ruby team doesn't care about security, but that they lack the expertise to handle it properly. They're aware of that, and choose to leave these decisions up to the experts.

It's a reasonable position, but, as a user, "We don't know how" doesn't help me any more than "We don't care".