←back to thread

Ruby Central's Attack on RubyGems [pdf]

(pup-e.com)
659 points jolux | 1 comments | 19 Sep 25 08:09 UTC | HN request time: 0s | source
Show context
krmbzds ◴[19 Sep 25 13:05 UTC] No.45301255[source]
The recent actions taken by Ruby Central - removing long-time RubyGems and Bundler maintainers without warning, seizing administrative access, and consolidating control under a small, centralized group - represent a serious breach of trust within the Ruby ecosystem.

This was not a misunderstanding. It was a hostile takeover of key infrastructure, undermining both the long-standing maintainers and the broader community that relies on RubyGems and Bundler every day.

The Ruby ecosystem thrives on collaboration, openness, and mutual respect. What we've witnessed over the past week violates those principles. Ruby Central's actions - unilateral access revocations, exclusion of experienced volunteers, and refusal to engage in transparent dialogue - are not just organizational missteps. They're a threat to the decentralized and community-driven spirit that has sustained Ruby for decades.

I oppose this power grab.

Even more concerning is the idea that contributor access could become contingent on employment status or ideological alignment. Whether someone is employed by Ruby Central - or holds left-leaning, right-leaning, or apolitical views - should have no bearing on their ability to contribute to open source. Merit, dedication, and community trust must remain the foundation.

If Ruby Central is serious about supporting the Ruby community, they must:

- Immediately restore access to all maintainers removed during this incident.

- Publicly commit to a transparent, community-driven governance model, similar to what the RubyGems team had begun drafting.

- Respect the autonomy of open source maintainers, regardless of whether they are employed by Ruby Central.

- Acknowledge the harm caused by these actions and engage in meaningful dialogue to rebuild trust.

The Ruby community has always been about people - diverse, passionate, and united by a love for a beautiful language. It's time we demand that the institutions claiming to represent us act accordingly.

And if Ruby Central does not do this we must pressure sponsors to stop funding Ruby Central and ultimately; if all else fails, we must build and maintain our own infrastructure unencumbered by these shenanigans. Also, in order to re-establish trust in the community; the people responsible for causing this ruckus should be fired.

Ruby-Level Sponsors (Top Tier): Alpha Omega, Shopify, Sidekiq

Gold-Level Sponsor Flagrant

Silver-Level Sponsors: Cedarcode, DNSimple, Fastly, Gusto, Honeybadger, Sentry

replies(6): >>45301272 #>>45301522 #>>45301533 #>>45301996 #>>45302057 #>>45302537 #
byroot ◴[19 Sep 25 13:36 UTC] No.45301533[source]
> What we've witnessed over the past week

Who is "we"? And what did they witness?

All we got right now is one side of the story.

It is indeed surprising such change wouldn't be immediately followed by a public announcement, but they've been founding and managing RubyGems for a very long time now, so it's not even clear to me how this can be a "takeover".

I'll happily join with my pitchfork if it turns out this is indeed a malevolent move, but until I've read their side of the story, I'd rather wait and see.

Edit: 35 minutes later, here we go: https://rubycentral.org/news/strengthening-the-stewardship-o...

replies(2): >>45301669 #>>45301813 #
1. bradly ◴[19 Sep 25 14:04 UTC] No.45301813[source]
> All we got right now is one side of the story

Well, we have all of Ruby Centrals actions including their action to not be more public during these actions. Their actions are their story. If their actions don't communicate their intent, that is on them to handle that in a professional way to not be in this situation.