Most active commenters
  • khamidou(3)

←back to thread

A board member's perspective of the RubyGems controversy

(apiguy.substack.com)
104 points Qwuke | 13 comments | 21 Sep 25 19:20 UTC | HN request time: 0.266s | source | bottom
1. reenorap ◴[22 Sep 25 18:16 UTC] No.45337357[source]
The only reason why Ruby and other open source projects survive is because large companies can trust them to do the right thing. Given the critical nature of the supply chain attacks, what the board did was 100% right. Like he said, some people's egos got hurt but if no one can trust the maintainers, then Ruby has no future in the industry and it will die quickly.

This is basically like fixing technical debt. It's painful and it's political but sometimes you have to do the right thing for the community as opposed to trying to assuage individuals' egos.

replies(4): >>45337519 #>>45338453 #>>45338928 #>>45340252 #
2. khamidou ◴[22 Sep 25 18:28 UTC] No.45337519[source]
I think you got things mixed up, open source projects survive because volunteers believe in them and want to contribute to them. Large companies rarely get involved, occasionally with some funding.

It sounds like they sold something to their donors they couldn't really guarantee – supply chain safety – and they decided to alienate their contributors to try to appease them.

Only time will tell if this was really damaging to the ruby community or just a temporary hurdle

replies(1): >>45337663 #
3. dewey ◴[22 Sep 25 18:39 UTC] No.45337663[source]
Look at the core maintainers of Rails for example. Many are paid by Shopify and Basecamp, so it’s much more commercial than your regular open source project.

Which isn’t a bad thing that people get to contribute on company time.

replies(2): >>45337763 #>>45341412 #
4. khamidou ◴[22 Sep 25 18:46 UTC] No.45337763{3}[source]
Again this is mixed causality. Rails did not take off because of commercial interests – besides dhh who was working on it on the side, all the initial committers were doing that for fun.

Eventually they brought rails in many commercial companies and these companies succeeded to the point they could pay people to maintain rails.

replies(2): >>45337889 #>>45338085 #
5. stickfigure ◴[22 Sep 25 18:57 UTC] No.45337889{4}[source]
However it started, there's a big hosting bill and somebody has to pay it.
replies(2): >>45338080 #>>45338094 #
6. khamidou ◴[22 Sep 25 19:11 UTC] No.45338080{5}[source]
For sure – but maybe it doesn't have to be the side project of a non-profit whose main thing is RailsConf.
replies(1): >>45338875 #
7. dewey ◴[22 Sep 25 19:12 UTC] No.45338085{4}[source]
Rails was built in a company to build commercial products so I’d say it had commercial interests from day one.

> 37signals built Rails for Basecamp and has since used it to create all their web products.

From: https://rubyonrails.org/foundation/37signals

8. weaksauce ◴[22 Sep 25 19:12 UTC] No.45338094{5}[source]
most of the hosting is donated for free outside of the influence of monetary donations.
9. cyanydeez ◴[22 Sep 25 19:39 UTC] No.45338453[source]
The ego is what created the software. If you say f the ego, youre saying you want new maintainers
10. ryoshoe ◴[22 Sep 25 20:14 UTC] No.45338875{6}[source]
To be fair to RubyCentral, this year's RailsConf was the last one they have planned, though it's likely that they'll shift focus to on RubyConf in its place
11. blibble ◴[22 Sep 25 20:19 UTC] No.45338928[source]
was it even their project?

just because they host it doesn't mean it's theirs

my webhost doesn't own the community around my projects simply because it's on their server

12. gsinclair ◴[22 Sep 25 22:12 UTC] No.45340252[source]
The board was not 100% right, not even close. I’ll assume their technical actions were justified. But they screwed the communication badly in a domain where informal trust is an important commodity. Therefore, they flubbed a big chunk of their responsibility.
13. type0 ◴[23 Sep 25 00:28 UTC] No.45341412{3}[source]
of course Rails is mainly commercial

gems and bundler is for everyone though, even hobbyists writing scripts. Alienating contributors who support common infrastructure for no good reason is just plain stupid especially when those projects wasn't theirs to begin with