Shopify, pulling strings at Ruby Central, forces Bundler and RubyGems takeover
7 hours ago
- #RubyGems
- #OpenSource
- #Shopify
- Ruby Central took over RubyGems and Bundler projects without maintainers' consent.
- Shopify pressured Ruby Central to take control, threatening to withdraw funding.
- Sidekiq withdrew $250,000/year sponsorship after Ruby Central platformed DHH at RailsConf 2025.
- HSBT and Marty Haught executed the takeover, reducing maintainers' permissions.
- Ruby Central misrepresented the takeover as a supply chain security measure.
- Maintainers, including André Arko, were locked out of GitHub and gem ownership.
- Shopify organized an on-call rotation to replace the previous maintainers.
- Ruby Central's board voted for the takeover despite understanding the risks.
- The RubyGems source code and service were conflated to justify the takeover.
- Spinel, a new cooperative, is developing 'rv' as an alternative to RubyGems and Bundler.