A board member's perspective of the RubyGems controversy

Does “lest we lose critical funding because we don’t have proper agreements with our committers” not cut it as a reason for you? Genuinely curious, it seems like a reasonable explanation assuming it’s true.

It does not, for me.

Given that access was cut, then restored, then cut again, then days, then someone finally says "hey were were going to lose critical funding" makes it seem like a post-facto excuse for a hostile takeover.

And the whole "oh, well, we're bad at comms" makes it sound even worse!

Which is the whole crux of the issue. At no point in any of this did Ruby Central do anything reasonable. The they tried to explain that their unreasonable actions were reasonable, if you only knew the things they knew, which they were for some reason unable to tell people until just now.

Could it be true? Sure, absolutely.

Does it seem reasonable at the moment? Hell no.

From TFA:

> Let's get some kind of committer agreement in place with those folks who need access (the same way many other high profile open source projects have), and remove access from those who don't, while still being fully open to accepting PRs and being open to re-welcoming them as committers if they decide that is how they want to spend their time in the future.

> Here's the challenge. How do you tell someone that has had commit and admin access to critical infrastructure long after that need has expired that you need to revoke that access without upsetting them?

deivid-rodriguez's last commits were Sept 18: https://github.com/rubygems/rubygems/commits/master/?since=2...

With 7873 commits since 2018 he's 2x over the second one and crushingly the most active contributor since then: https://github.com/rubygems/rubygems/graphs/contributors

However you slice it, none of that fits into TFA's above narrative.

His access being revoked can only be described as complete bonkers.

Then you act in advance or with notice to get those agreements in place. Just dropping an atom bomb on the commit rights of the biggest contributor is very disrespectful.

If you can't work out an agreement after a good faith period... then that can become a good reason.

Ruby Central sponsors him to work on the project. They also own the project. Sure it’s not ideal that they’ve apparently come to an impasse of some sort but locking him out is not bonkers.

It sure fucking is bonkers.

Ruby Central as an organization touts that it is responsible for RubyGems. Assuming this narrative is accurate, they needed to get agreements in place with contributors to appease some funding partners.

This shit happens. Especially as an open-source project started by one dude in 2009 turns into critical infrastructure managed by a 501(c)(3) non-profit.

That they failed so fucking spectacularly speaks incredibly poorly of their board.

It's to secure the supply chain.

From the guy who has supplied most of the chain.

What's the point of a foundation having funding if there's no ecosystem left to spend it on? And if a single source of funding is so critical that they can demand immediate wide-spreading changes to the ecosystem, is the foundation even independent at all, or just a corporate puppet pretending to be?

Who cares that you have funding for things like build servers and meetups when your core developers walk away and the project is left to rot?

> They also own the project

I've seen some contention around that. RC owns the rubygems infrastructure. But it's not clear that they should own the repos of the open source rubygems or bundler projects that they use. They just seem to have fallen to that organization by way of some admin owner passing through, rather than an official hand off.