A board member's perspective of the RubyGems controversy

(apiguy.substack.com)

104 points Qwuke | 3 comments | 21 Sep 25 19:20 UTC | HN request time: 0.705s | source

Show context

hyperpape ◴[22 Sep 25 19:35 UTC] No.45338396[source]▶

A lot of people are arguing about whether locking down access was justified to resolve the security issues. I guess it's debatable.

But I don't see any excuse for not putting out a statement when you do it. You have to know there will be a fight, and you will look like the bad guy. Perhaps I could see directly communicating to the maintainers that you expect that they'll be reinstated. But to say nothing? To let the post by duckinator float around for days without having a "we did this because of security concerns, we want to work together and find a resolution..." It's incomprehensible that they thought this would go well.

replies(1): >>45339095 #

1. nenenejej ◴[22 Sep 25 20:34 UTC] No.45339095[source]▶

>>45338396 #

I mean imagine you are at work and you need to so this for SOC2 or something but dont tell your colleagues.

replies(1): >>45340443 #

2. danielheath ◴[22 Sep 25 22:33 UTC] No.45340443[source]▶

>>45339095 (TP) #

Firstly, you can tell them you’re working on SOC2 compliance, and secondly, those colleagues are getting paid in dollars, not doing it for the love of the work.

replies(1): >>45340526 #

3. nenenejej ◴[22 Sep 25 22:43 UTC] No.45340526[source]▶

>>45340443 #

> Firstly, you can tell them you’re working on SOC2 compliance

Bingo

↑