RubyGems Fracture Incident Report
9 hours ago
- #Access Control
- #Open Source Governance
- #RubyGems
- RubyGems Fracture incident occurred from September 10-18, 2025, involving GitHub access changes due to offboarding two engineers leaving Ruby Central.
- Key individuals involved were André Arko and Samuel Giddens, leading to a walkout of paid contributors (maintainers) over control of GitHub organization/enterprise permissions.
- Root causes included lack of documented offboarding policies, poor communication, and intertwined production/GitHub access, leading to accidental full removals.
- Lessons learned: need for clear policies, distinguishing remarks from requests, decoupling access from identity, and better communication during access changes.
- Timeline included initial access removal on September 10, temporary restoration on September 16, and final removal on September 18 with mistakes and miscommunications.
- Outcome: maintainers quit, public backlash, and Ruby Central committing to transparency and structural changes for future operations.