If you make a gem with Bundler, you will get a rake release task that will instantly publish your gem to rubygems.org for all the world to admire. For private gems this is very bad.
To make sure this cannot happen, rubygems 2.2+ allows you to restrict eligible push hosts:
Gem::Specification.new 'my_gem', '1.0' do |s|
  # ...
  s.metadata['allowed_push_host'] = 'https://gems.my-company.example'
end
In case you already messed up, follow these instructions to get your gem removed Show archive.org snapshot . Of course, it's not possible to delete anything on the Internet, so this will only help a bit.
Posted by Tobias Kraze to makandra dev (2014-11-17 12:28)