←back to thread

Ruby Central's Attack on RubyGems [pdf]

(pup-e.com)
664 points jolux | 6 comments | 19 Sep 25 08:09 UTC | HN request time: 0.827s | source | bottom
Show context
krmbzds ◴[19 Sep 25 13:05 UTC] No.45301255[source]
The recent actions taken by Ruby Central - removing long-time RubyGems and Bundler maintainers without warning, seizing administrative access, and consolidating control under a small, centralized group - represent a serious breach of trust within the Ruby ecosystem.

This was not a misunderstanding. It was a hostile takeover of key infrastructure, undermining both the long-standing maintainers and the broader community that relies on RubyGems and Bundler every day.

The Ruby ecosystem thrives on collaboration, openness, and mutual respect. What we've witnessed over the past week violates those principles. Ruby Central's actions - unilateral access revocations, exclusion of experienced volunteers, and refusal to engage in transparent dialogue - are not just organizational missteps. They're a threat to the decentralized and community-driven spirit that has sustained Ruby for decades.

I oppose this power grab.

Even more concerning is the idea that contributor access could become contingent on employment status or ideological alignment. Whether someone is employed by Ruby Central - or holds left-leaning, right-leaning, or apolitical views - should have no bearing on their ability to contribute to open source. Merit, dedication, and community trust must remain the foundation.

If Ruby Central is serious about supporting the Ruby community, they must:

- Immediately restore access to all maintainers removed during this incident.

- Publicly commit to a transparent, community-driven governance model, similar to what the RubyGems team had begun drafting.

- Respect the autonomy of open source maintainers, regardless of whether they are employed by Ruby Central.

- Acknowledge the harm caused by these actions and engage in meaningful dialogue to rebuild trust.

The Ruby community has always been about people - diverse, passionate, and united by a love for a beautiful language. It's time we demand that the institutions claiming to represent us act accordingly.

And if Ruby Central does not do this we must pressure sponsors to stop funding Ruby Central and ultimately; if all else fails, we must build and maintain our own infrastructure unencumbered by these shenanigans. Also, in order to re-establish trust in the community; the people responsible for causing this ruckus should be fired.

Ruby-Level Sponsors (Top Tier): Alpha Omega, Shopify, Sidekiq

Gold-Level Sponsor Flagrant

Silver-Level Sponsors: Cedarcode, DNSimple, Fastly, Gusto, Honeybadger, Sentry

replies(6): >>45301272 #>>45301522 #>>45301533 #>>45301996 #>>45302057 #>>45302537 #
byroot ◴[19 Sep 25 13:36 UTC] No.45301533[source]
> What we've witnessed over the past week

Who is "we"? And what did they witness?

All we got right now is one side of the story.

It is indeed surprising such change wouldn't be immediately followed by a public announcement, but they've been founding and managing RubyGems for a very long time now, so it's not even clear to me how this can be a "takeover".

I'll happily join with my pitchfork if it turns out this is indeed a malevolent move, but until I've read their side of the story, I'd rather wait and see.

Edit: 35 minutes later, here we go: https://rubycentral.org/news/strengthening-the-stewardship-o...

replies(2): >>45301669 #>>45301813 #
1. tremon ◴[19 Sep 25 13:49 UTC] No.45301669[source]
All we got right now is one side of the story

That's because Ruby Central chooses not to communicate. I'm not going to reserve judgment against intentionally mute hostile actors.

replies(1): >>45301768 #
2. byroot ◴[19 Sep 25 14:00 UTC] No.45301768[source]
Organizations are necessarily slower to communicate than individuals, give them a couple days. People need to chill out before jumping to conclusions like that.
replies(4): >>45301812 #>>45301971 #>>45302626 #>>45304246 #
3. milliams ◴[19 Sep 25 14:04 UTC] No.45301812[source]
Based on the OP, the initial changes were made 10 days ago - more than enough time to communicate something publicly.
4. mrbombastic ◴[19 Sep 25 14:20 UTC] No.45301971[source]
What why? An organization is made up of individuals who had a heads up because they had a bunch of meetings and made the decision to do this, if anything they had a head start on communication. Their silence is their choice.
5. adgjlsfhk1 ◴[19 Sep 25 15:20 UTC] No.45302626[source]
Organizations should not do things like this without having their communication done in advance. They new what they were going to do, so they should have the blog post explaining exactly what and why they were doing to release (at the latest) at the same time.
6. x0x0 ◴[19 Sep 25 17:29 UTC] No.45304246[source]
They couldn't email longtime contributors with a heads up, here's whats happening before revoking commit rights and making changes like this? That's nonsense.