←back to thread

Ruby Central's Attack on RubyGems [pdf]

(pup-e.com)
659 points jolux | 4 comments | 19 Sep 25 08:09 UTC | HN request time: 0s | source
1. jmuguy ◴[19 Sep 25 14:28 UTC] No.45302069[source]
So essentially they randomly cut off a bunch of long time maintainers for some vague legal and/or security reasons. If there was real reason to do that in a hurry, that's what we need to see, not a corporate PR message.
replies(2): >>45305218 #>>45305953 #
2. awilson5454 ◴[19 Sep 25 19:06 UTC] No.45305218[source]
100%. I assumed this was inspired by the supply chain attack, but what a horrible way to address this. Reverting it back before revoking it a second time is even more bizarre. Severely mixed messages from leadership, perhaps?
3. gedy ◴[19 Sep 25 20:09 UTC] No.45305953[source]
It’s not clear to me - did they entirely cut them off, or did they reduce their role as admin of the GitHub org?

If so, I'm not defending it, and I could understand why someone would feel insulted by that - but also get why an org doesn't want too many with elevated privileges.

replies(1): >>45306731 #
4. favorited ◴[19 Sep 25 21:17 UTC] No.45306731[source]
According to the author's PR where she removed herself as a maintainer, she lost commit access.

https://github.com/rubygems/rubygems/pull/8987