Gem.coop
Posted3 months agoActive3 months ago
gem.coopTechstoryHigh profile
heatedmixed
Debate
80/100
RubygemsOpen SourceCommunityForking
Key topics
Rubygems
Open Source
Community
Forking
The RubyGems community has forked the original RubyGems project to create Gem.coop, sparking controversy and debate around the motivations and implications of this move.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
3h
Peak period
129
Day 1
Avg / period
26.7
Comment distribution160 data points
Loading chart...
Based on 160 loaded comments
Key moments
- 01Story posted
Oct 6, 2025 at 12:59 AM EDT
3 months ago
Step 01 - 02First comment
Oct 6, 2025 at 3:37 AM EDT
3h after posting
Step 02 - 03Peak activity
129 comments in Day 1
Hottest window of the conversation
Step 03 - 04Latest activity
Oct 17, 2025 at 2:50 AM EDT
3 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45487771Type: storyLast synced: 11/22/2025, 11:00:32 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
It is said the underlying cause is that devs push rv which is threatening RubyGems.
https://bsky.app/profile/rmfranca.bsky.social/post/3lz7alpob...
See https://spinel.coop/
"Spinel develops rv, the next-generation Ruby version manager"
If Rubygems was a company, they'd have a trademark, they'd have patents, they'd have lawyers to protect the money they were making from their brand and product. But we are speaking about not-for-profit open-source projects, not for for-profit corporations!
Doesn't it seem like a bit of a security risk to you?
It was sparked after Ruby Central chose to platform an extremist figure prominently for their last RailsConf against the wishes of the sponsors, losing them a lot of sponsorship money, as well as community support.
https://joel.drapper.me/p/rubygems-takeover/
This is so incredibly one-sided that it misleads more than it informs.
The person they are talking about is DHH. Inviting the creator of Rails to speak at RailsConf – a conference for Rails – is not the outlandish behaviour this comment makes it sound like.
The whole DHH argument, for instance, as well as some people having a vendetta about him, is not, or not directly, related to the hostile take-over of rubygems.org. There is a slight partial overlap, but it is a separate discussion (even if DHH was involved with the take-over via Shopify because he does not like Arko or Shopify wanting more power-control to bully the independent developers at rubygems.org with more corporate rules and restrictions; and, by the way, DHH never mentions Arko's name, but even this is a separate discussion still. For instance I specifically do not care about rails nor DHH really, but the hostile take-over was a complete no-go. Ruby Central really pissed off too many people here and unfortunately there are still many open questions that ruby-core has to think about. I am not necessarily saying all came with malicious intent, because I think there is an english language barrier too in regards to Hiroshi Shibata, but even then it may be better to have someone with better knowledge about the english language in charge of gems; there seems to be some strange disconnect or translation going on between english, into japanese and japanese culture, and it is super-confusing.)
That's entirely unsubstantiated.
We don’t have multiple first hand accounts. All we have is second hand account being relayed by someone with a massive axe to grind against Shopify.
There are a lot of truly committed Rubyists at Shopify, particularly the one handling the relationship with Ruby Central.
The idea that Shopify had done what Joel aledges without a single one of the involved parties on the Shopify side blowing the whistle is preposterous.
Let's add here that YOU also worked at Shopify, until recently.
IF we are going to be critical, then let's be complete here.
I actually think there is a lot of validity to the statement made that Shopify is NOT a neutral party here. We can dispute how much Shopify was involved, but to assume "all is unsubstantiated" while not even disclosing one's own work at Shopify, feels super-strange here.
Did he point out how it ended, and how he spent the better part of two years having public tantrums about it on Twitter?
Disclosing that you worked somewhere isn't relevant. Worse, it can easily give the impression that there is some insider knowledge involved.
What is relevant is how the relationship ended.
> Let's add here that YOU also worked at Shopify, until recently.
Yes, and I left over some major disagreements, hence if I have a bias, it would be against Shopify, not in favor.
The fash problem in the Rails ecosystem is next on the list, and I hope there is community consensus to fork this as well.
https://www.benjaminfleischer.com/2013/11/08/how-to-sign-you...
Here's some fun facts:
- DHH enforced a "No Politics at Work" policy.
- DHH wrote a post expressing that he wouldn't want to live in London anymore because it's "no longer full of native Brits", and expressed support for a Tommy Robinson march he called "heartwarming". Tommy Robinson is described as "an anti-Islam campaigner and one of the UK's most prominent far-right activists.". The march DHH praised featured speakers calling for ethnic cleansing via "remigration" and banning all non-Christian religions.
- DHH also promoted "demographic replacement" conspiracy theories and used language connecting immigration to crime, particularly regarding "Pakistani rape gangs" and street theft.
- DHH has been publicly critical of Diversity, Equity, and Inclusion initiatives. This one isn't backed by facts, so take it with a grain of salt.
And no, I'm not saying that Danes are racist.
As a Norwegian I respect Denmark for putting its people first.
Saying what he said about London is, at the very least, a fascinating example of failure to stay in his lane. In fact, if one were of the mindset to be denigrating immigrants, one could, perhaps, raise questions around what business a Dane has telling Brits which members of their former colonies do and do not count as British or, indeed, what it means to be British.
Hey.com is 37Signals' Gmail, not the company's private domain.
The Ruby community in general, and the Rails community in particular, likes to style itself as people who care about people. "Matz is nice so we are nice" (MINSWAN) is a cornerstone concept that the community passes around. As a result, they have a tendency to care about this sort of thing; community standards of behavior didn't get bolted-on later, they were there at the start.
I once watched a Rails community member pretty well pillory someone for entertaining the thought experiment that if ReiserFS were more technically competent, the software-engineering community wouldn't care the creator murdered his wife and would still invite him to speaking engagements telecast from jail. It is therefore interesting to watch how the Rails community is reacting to the Rails creator having concerns not nearly as bad as killed-his-wife, but extremely disquieting nonetheless.
People really like to misuse terms like fascism these days, huh…
How the hell is any of that facism
Racism could be a much better fit. The blog post in question: https://world.hey.com/dhh/as-i-remember-london-e7d38e64
The interpretation that raises some pretty interesting points about the inherent racism in the expressed worldview: https://jakelazaroff.com/words/dhh-is-way-worse-than-i-thoug...
There is, however, an interpretation that explains how this specific kind of racism can be seen as at least fascism-adjacent: https://davidcel.is/articles/rails-needs-new-governance
The question of whether he wants politics in the workplace is moot when he's making public blog posts like this. For the open-source community, the open Internet is the workplace. People aren't just going to pretend DHH didn't say what he said (in public, of his own free will, using his own megaphone) because he didn't post it to ruby-core@ml.ruby-lang.org.
I'm done letting these labels deter my rational thinking.
The racist part was him asserting he could walk down the streets of London and guess who was British. Given the disparity between his estimated number and the actual percentage of Brits by census (and the remarkable similarity to his number and the probable skin color of Brits by census), it is real hard to find the generosity to assume that he doesn't just mean "When did the Brits stop being white?" And that kind of thinking has nothing to do with immigration control and everything to do with believing that there's a right skin color to have.
I'm Norwegian by the way and I belong to quite a small ethnic minority, but because of the color of my skin, people assume a whole lot of things about my background which isn't true. And I don't get to be proud about my heritage for some reason. Weird that.
Yes, but… https://www.smbc-comics.com/comic/arthur
It doesn't take much 4D-chess reading of his actual words to infer, I think correctly, that he's saying it's not ethnic British... And that's wrong. At least wrong for him (and wrong for the Brits, since he goes on to assert that "it's tough to blame the Brits for being pissed").
"I thought I might move there [London] one day.
That was then. Now, I wouldn't dream of it. London is no longer the city I was infatuated with in the late '90s and early 2000s. Chiefly because it's no longer full of native Brits."
... I mean, I'm having a real hard time finding a reading for those sentences that isn't "I was more comfortable when Britain was full of native Brits and I am not comfortable now." If I assume your assertion that he means ethnicity, not culture or citizenship-birth... What the hell, DHH? What is it about "non-ethnic Brits" that is giving you the heebie-jeebies?
> can be a Japanese citizen but I cannot be Japanese.
That's going to be a difference of definition. If I may, "I can be a Japanese citizen but I cannot be ethnically Japanese."
And whether that's true or not: this is perhaps a thing that Japanese people can have traditionally, or Danes. It would be the height of hypocrisy, given the Empire's history, for the Brits to do this, and DHH is swimming way outside his lane opining on how Britain should be or what makes him, a non-Brit, most comfortable in London.
Do you want to know when the Brits stopped "looking British?" Around the time Victoria crowned herself Empress of India, creating a country of about 28.9 million "ethnic Brits" (I'm going to speak loosely here, and my Irish and Welsh cousins will give me a proper thrashing for it later) and 250 million "ethnic Indians." And the fact India later gained its independence again has no bearing on the people who are Brits who look "non-ethnic" because of 90 years of British rule of a subcontinent. If DHH, or the British, or anyone want someone to blame for Britain suffering a "demographic nightmare" (whatever the hell that means)... They can probably blame the Widow of Windsor.
> Why is that?
Because some nations were expansionist and some were isolationist. Ethnic and national identity lack 1-to-1 overlap, and that matters more in some nations than others. I'm not in the business of telling the Japanese how they should see themselves (if I were, I would be making meaningful harumphing noises about the easiest possible way to curb their apparent birthrate crisis...). But DHH has put himself in the business of telling Brits how they should be seen, and in so doing he decided to wade into a conversation that makes him, yeah, the racist in the story.
He's free to walk it back any time he wants to stop causing controversy in the Ruby community so people can focus on the tech again.
> I'm Norwegian by the way and I belong to quite a small ethnic minority
Oh, you've opened quite a door. I want to guess but guessing feels rude so I will refrain. For what it's worth, every person I ever met while visiting Norway had a lot to be proud of (hell, waking up every day in that climate and giving death herself a middle finger is damn impressive to me!), so whoever is making you feel like you don't have a right to be proud of your heritage can probably pound sand.
What I'd really like to see is a whole bunch of people acting more professionally. Who you pray to, who you vote for, and who you sleep with are irrelevant to a professional context - and open source development is a professional context. So everyone needs to keep their professional and personal lives separate. I know that at best I would be disciplined, and at worst sacked if I made comments on the lines that some of the lead players in this sorry saga have made. And that's not pointing the finger at any one person.
(neither the "me" nor the "you" here refer to you or me personally ofc.)
This whole "DHH situation" with Rails has put my mind in weird position. I admire the Rails creator, the business man, the speaker. I admire what he builds, how passionate he is about his work and open-source software. But I very strongly disagree with his vision of immigration, nationalism, parenting, well most of his vision of society.
I was made aware about these opinions because people talked about it. Thanks to these people, I read and listen to him with more nuance, more critical thinking. That does not necessarily mean I would discard Rails, cancel the dude or write shit about him, but that surely means that I will be more careful about how the opinions of this 1 person could impact mine, the ecosystem I work with and the larger ecosystem I live in that is society.
No it’s not. Indifference is not approval.
Open source is global and someone in a university in Argentina contributing some features does not “approve” of anything because she didn’t participate in some bickering about US identity politics.
There actually is a binary view on your stance against things when you see unfettered hate spread by others and choose (at some level) to not have an opinion. We've seen it before, we see it now, we'll see it again. Not everyone has the same privilege as you to remain head under sand until there's no commotion left to dodge.
No, the world does not revolve around your pet problems.
I do not know the regional politics of Bulgaria and if people started spewing Bulgarian politics in my open source community, my lack of participation is not acceptance of the status quo. I don’t even know what the status quo is and there are just two sides screeching at each other.
I disagree. We don't have to have an opinion on everything. And what worries me is those (both on the left and on the right) who think that silence is a form of opinion or approval. It's getting very close to "those who are not with us are against us". And that's a worldview I have very little time for.
Definitely definitely. When a racist paramilitary is disappearing my neighbors my primary concern is whether people will consider me complicit for publicly stating that I have no duty to interfere.
You don't have to have an opinion on everything but you do have to have an opinion on some things. Or I mean, obviously you don't, but then you have to accept the social consequences of cowardice.
If you believe we shouldn't have borders than just say so.
Only people who already live in a position of privilege get to have "little time" and settle for worldviews which advocate for a sort of bland tolerance of extremism. I can assure you, for people who are being actively harmed by hateful rhetoric and political policies, "those who are not with us are against us" is absolutely a reality.
Close by where I live is a monument for civilians who were taken from their houses and shot by the German occupiers during the last months of WWII. Simply because they were suspected of having distributed pamphlets. There wasn't even evidence to that claim, and retribution was a thing.
I passed that monument countless of times during my youth, giving me pause to contemplate.
It's a tangible reminder of what ultimately happens when people stay silent about something as final and poignant as one group denying the existence of another group for whatever reasons.
I have no problem with expressing differences over world views. I take issue when that world view entails denying the other side's existence because of differences, and a fervent intent to act on that notion.
It's a matter of boundaries, and speaking up.
I was answering a comment about a vote that would put you in a torture camp, so a vote on which you are certainly opinionated about.
In other words, don't self-censor when you think something is not right.
Short of that, it's NBD right? Not really comparable.
There may very well simply be political eras where the floor of trust isn't there for open source to spring forward by leaps and bounds.
I hope they find financing to cover hosting costs.
The most likely reason it was flagged from my perspective is that David Heinemeier Hansson (who created rails) is kind of the figurehead of this community and he has controversial opinions[1] which people believe make him unfit to represent their community. The controversy has manifested as people speaking out against DHH in his position. So this post seems to have been flagged for being "political" because it is seemingly in opposition to rubygems for the DHH reason.
0: https://hn.algolia.com/?dateRange=pastMonth&page=0&prefix=fa...
1: https://davidcel.is/articles/rails-needs-new-governance (this article has a lot of examples from DHH's blog)
2: https://news.ycombinator.com/item?id=45348390
Personally, I think the reason this post about gem.coop has been flagged is that we've reached the point at which new HN threads about things related to the recent RubyGems shake-up quickly devolve into people rehashing the DHH "aspect" of it all. So it has become less about flagging the actual target of the post and more about flagging the parts of the discussion that seem to go nowhere.
EDIT: expanded
Edit:
> flagging the parts of the discussion that seem to go nowhere
This is and isn't what actually happens, though. People do flag the parts of the discussion that don't go anywhere but then people also flag the post itself because they think there's no reason to discuss it at all for the fact there's a vocal part (minority or majority doesn't really matter) that wants to discuss a topic that's not going anywhere.
People shouldn't flag the post itself just because it's likely to gather or even has gathered a crowd that will discuss such directionless topics when there are better topics to discuss, even (especially?) if they're not currently being discussed.
Basically just a blog post from some guy aghast that DHH has different political opinions to him. I'm politically on the left too but I can't imagine getting so incensed about someone else having right-leaning views.
Do these people never leave the house to meet anyone outside their echo chamber? The mind boggles.
This a fact. By this alone I don't think Andre Arko is an honest person.
André is absolutely a standup individual.
I have tried to stay in good terms with the other people involved in this (except DHH), but this claim was always ridiculous.
[1] https://web.archive.org/web/20150919025358/https://rubytoget...
[2] https://web.archive.org/web/20150919025603/https://rubytoget...
Since no /teams page was archived before March 2015, here's the Github commit of the overly vague team page https://github.com/rubytogether/rubytogether.org/blob/9a03c4.... This page was linked from https://web.archive.org/web/20150425040538/http://RubyTogeth... which stated "We pool funds from corporate and individual members to pay our team[github link]"
Altogether, it demonstrates how Andre misled his audience on who was getting the money. IMO, I see a distinct pattern of him crossing boundaries and then covering it up using his social skills & friend group.
Frankly that page is even more clear than I remembered. All of this happened so long ago.
At the time I'd sent the email I was unaware Ruby Together was on HN front page (and that's why people were pinging me)
> This resulted in a nonzero number of donors believing they were funding the work of people like Steve Klabnik, Aaron Patterson, and Sarah Mei, when in fact only Andre was being paid at the time.
Steve said "that didn't happen to me" and then Aaron said "that definitely did happen to me". Seems pretty relevant. I don't think he was claiming steve was wrong in not having heard that, but Aaron was saying it did happen to him, so the claim is true.
(and in terms of evidence, do you want him to share the emails he got? A first hand account seems enough evidence to me)
Seems pretty unambiguous, and a good reason to chime in.
I absolutely wouldn't want people to think that I'd be getting the money, so I think clarifying it was a good thing, regardless.
EDIT: Misread the comment and thought it was only about `rv`, not both `uv` and `rv`
[0]: https://astral.sh/blog/introducing-pyx
https://spinel.coop/
This entire post is practically the case in point, except I’m not clear on how they got real time sync with RubyGems and if any other competitor would have the same capability.
To use Astral and uv as an example, they would have to fork PyPI and maintain all the infra for that and not just the tool that manages the dependencies.
https://rubycentral.org/news/rubygems-org-aws-root-access-ev... discusses that a precipitating event was Andre asking for a copy of the http access logs to monetize them.
I think this is confirmed by Mike Perham's comment in https://www.reddit.com/r/ruby/comments/1o2bxol/comment/ninn6...
> In this case I have first hand knowledge since he pitched me on the idea: would Sidekiq, being a big sponsor of Ruby Central in the past, be interested if rubygems could somehow use the remote IP to identify the companies downloading the sidekiq gem so I could use that to upsell those companies
As I see it, there is the original rubygems, which has lost all of it's maintainers, and this new one, that has most of the original active maintainers? (how many were there before? it has most of the ones I think about, but I didn't know who was active over there. I mostly saw activity from deivid and didn't know about most of the others to be honest).
It kind feels like this fork is the better maintained piece of software now.
Does anyone have any thoughts on this? Are any people thinking of moving over soon?
Is there any information on what the funding model will be? Also @joeldrapper/anyone is there anything you can share about how the hosting is being covered?[0]
[0] https://news.ycombinator.com/item?id=45490386
They can win me over with a gem distribution site that requires code signing out of the box and a bundler that enforces it out of the box.
Does the original have many maintainers left?
History has shown over and over that when a for-profit org takes over public infrastructure, maintenance is cut to the bone.
I honestly can't tell if this is satire.
You think no commits for 10 days for a piece of software that has existed for around 20 years is a sign that it's dead?
What kind of code churn do you think this project requires? Perhaps the old development was too unstable if there wasn't a single 10 day window without a commit in 15 years, for what is essentially a solved problem and a tool that people depend on to be stable.
Package management cannot be a 'solved problem' or there would be no innovation there, and you don't have to look far to find is not the case.
As for the idea that rubygems is 'dead' (not what mperham said), that is still too early to say for sure, as I imagine mperham would also agree, but it is definitely not a good sign. If we only get a trickle of changes to something that was once a very vibrant and lively community repo then that is to the detriment of the whole Ruby ecosystem. That would also be a bad sign.
[0] https://github.com/rubygems/rubygems/issues
Oh, how times have changed. If Oracle were to close source OpenSolaris today, many here would likely rally behind it, especially if Larry Ellison appeared to align with the right. Submissions about Illumos would have been heavily flagged, much like this one has been for a while.
André is a better man than I. I wouldn't be able to resist making threats about turning off prod.
Fortunately he’s a standup guy and not a real security risk, so he emailed them immediately to let them know.
I'm unsure on who is better placed to handle that stuff now. My view is that the people that were doing that are now with gem.coop, but rubygems still has the infra (i.e. you'd email security@rubygems.org still for now).
I'm unsure about what to think about longer term (my personal approach is currently "wait and see").
Similarly, I'm perfectly happy with bundler for now, but if `rv` turns out to be like `uv`, I'd happily switch (drop-in replacement, but faster/some better features).
[0] https://www.bleepingcomputer.com/news/security/60-malicious-...
[1] https://blog.rubygems.org/2025/08/08/malicious-gems-removal....
Given the rise in supply chain attacks, I'd also like a private rubygem instance where I can whitelist gems and even versions for my company in a way that doesn't let anything else install. I'm not sure if they're taking that on or not, but I'd like it.
the rv thesis is here: https://andre.arko.net/2025/08/25/rv-a-new-kind-of-ruby-mana...
that was always possible https://guides.rubygems.org/run-your-own-gem-server/
(there's also "gem server")
Seems like you're the ideal consumer for this new service, since it actually has people who can do that.
This does not bode well for the team having the socio-technical savviness to see this project through.
The reason is spam. Before these can get wide spread "normal" adoption they can be heavily used by spammers. Its hard to say if that is because they have desirable look-a-likes available, or if its because the first year is offered at a deep discount. So, systems will get flooded, and on inspection they will see that they don't have any legit traffic from those tlds and will whole sale block them.
.xyz is kind of infamous for being in this situation. https://news.ycombinator.com/item?id=28554400
I have no idea if that applies to .coop though.
[0] https://bsky.app/profile/indirect.io/post/3m2j2pcinz22j
144 more comments available on Hacker News