←back to thread

Ruby Central's Attack on RubyGems [pdf]

(pup-e.com)
659 points jolux | 1 comments | 19 Sep 25 08:09 UTC | HN request time: 0.23s | source
Show context
hu3 ◴[19 Sep 25 12:15 UTC] No.45300774[source]
Copy-pasted below for posterity in case it goes down because I think this is a huge deal:

## Ruby Central’s Attack on RubyGems

Hi! I’m Ellen, but you probably know me as duckinator or puppy.

I really wish I didn’t have to write this, but I feel the Ruby community needs to know it.

I have been part of the Ruby community since I was 13, and one of the RubyGems maintainers for the last decade.

This community has helped me through very hard times, and you mean the world to me.

One of the most important lessons I learned from y’all is this:

> A person’s character is determined not only by their actions,

> but also the actions they stay silent while witnessing.

## This Month Has Been A Fuck Of A Year

This is what unfolded between September 9 2025 and September 19 2025, as I understand it.

On September 9th, with no warning or communication, a RubyGems maintainer unilaterally:

renamed the “RubyGems” GitHub enterprise to “Ruby Central”, added non-maintainer Marty Haught of Ruby Central, and removed every other maintainer of the RubyGems project.

He refused to revert these changes, saying he would need permission from Marty to do so.

On September 15th, this maintainer said he restored the previous permissions after talking with Marty. Marty stated the deletion was a “mistake” and “should never have happened”.

The “restoration” kept a notable change: Marty was now an owner of the GitHub enterprise.

The RubyGems team responded by immediately began putting in place an overdue official governance policy, inspired by Homebrew’s.

On September 18th, with no explanation, Marty Haught revoked GitHub organization membership for all admins on the RubyGems, Bundler, and RubyGems.org maintainer teams.

By doing this, he took control for himself and other full-time employees of Ruby Central.

Later that day, after refusing to restore GitHub permissions, Ruby Central further revoked access to the bundler and rubygems-update gems on RubyGems.org

I will not mince words here: This was a hostile takeover.

## My Stance On This

I consider Ruby Central’s behavior a threat to the Ruby community as a whole.

The forceful removal of those who maintained RubyGems and Bundler for over a decade is inherently a hostile action. Ruby Central crossed a line by doing this.

When called out, these changes were mostly reverted. Then, it was done again.

By crossing that line a second time after being called out for it, Ruby Central has made it extremely clear to me that they are not engaging in good faith.

Ruby Central’s behavior has forced my hand. I refuse to watch this without speaking up.

I am resigning from my position at Ruby Central, effective immediately.

To remove any doubt: Ruby Central unilaterally, with no explanation, revoked all access to RubyGems against both my wishes and the wishes of the entire RubyGems team.

Ellen Dash (@duckinator)

September 19, 2025

replies(1): >>45301671 #