Hasty Briefsbeta

The Rubygems.org takeover

4 days ago
  • #RubyGems
  • #OpenSource-Governance
  • #SupplyChain-Security
  • Ruby Central, a nonprofit, took control of RubyGems and Bundler GitHub repositories in September, removing long-time maintainers without warning.
  • The takeover was justified by Ruby Central as necessary for supply-chain security, but many in the Ruby community view it as a hostile action influenced by corporate sponsors, particularly Shopify.
  • Former maintainers, including André Arko, were locked out of repositories and gem publishing access, leading to accusations of unethical behavior and lack of transparency from Ruby Central.
  • Ruby Central's funding struggles, including the loss of a major sponsor (Sidekiq) due to controversies involving Rails creator DHH, may have motivated the takeover.
  • In response, former maintainers launched gem.coop, an alternative service, while Ruby Central handed over repository ownership to the Ruby core team in October.
  • Public statements from Ruby Central have been criticized as insufficient, with claims of corporate interference and poor governance decisions.
  • The conflict highlights broader issues of open-source project governance, funding dependencies, and corporate influence in community-driven projects.