Ruby Core Team Takes Ownership of Rubygems and Bundler
Key topics
The Ruby core team has taken ownership of RubyGems and Bundler, resolving a contentious issue that sparked debate among the Ruby community, with some welcoming the move as a stabilizing force and others expressing concerns about the implications.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
6m
Peak period
108
0-6h
Avg / period
20
Based on 160 loaded comments
Key moments
- 01Story posted
Oct 17, 2025 at 8:15 AM EDT
3 months ago
Step 01 - 02First comment
Oct 17, 2025 at 8:21 AM EDT
6m after posting
Step 02 - 03Peak activity
108 comments in 0-6h
Hottest window of the conversation
Step 03 - 04Latest activity
Oct 20, 2025 at 2:32 PM EDT
2 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
The pickaxe guys coined it. People repeat it without thinking about it.
If matz were to say "jump from the bridge", people would do it, because matz is nice?
Just to point out: I do think matz is nice and a great language designer. That in itself doesn't mean anything. Why would I proxy my own decisions based on any mindless slogan? That makes no sense. Why do people in the ruby ecosystem keep on repeating those pointless slogans?
I don't know about the Ruby community, but I've seen this sort of complaint made about many other online spaces (including HN) and my general finding is that it simply isn't true. The problem is that for a proper call-out, both form and content matter, and most people in a mindset to make call-outs don't seem very interested in norms surrounding either of those things. Especially the part where part of good form is accepting that not all kind, well-meaning people have the same moral values and calculus.
> Try calling out Python's inner circle politely while they are openly rude to you.
...You do know who you're responding to, right? I have first-hand experience of that (https://zahlman.github.io/posts/2024/07/31/an-open-letter-to...). (Although I don't think most of their rudeness is intentional; it seems to come from a failure to understand that not everyone has the same social norms.) I spoke in generalities for a reason.
The current situation is ultimately mostly about callouts of DHH, which are happening all over the place (including here) and the form and substance of most of those callouts is... not good.
If by both statements you mean "all children must be in exactly the same position", yes ... but that's a wilfully obtuse interpretation.
The statement is ambiguous. I interpret it as "no child left behind THE STANDARD FOR THEIR AGE". In that interpretation, other kids being ahead of that standard doesn't mean the other kids have to be behind the standard. Every kid could be not "left behind" the standard even if some are ahead of the standard.
Of course, NCLB has a lot of other issues, but I think the name isn't the issue.
As always, there's a relevant xkcd: https://xkcd.com/1170/
...but seriously, what on earth do you think you're saying here?
I don't think I've ever seen Matz be rude to anyone on the Ruby bug tracker. I've actually witnessed him deal with controversial topics firmly yet gracefully, making decisions that avoid turmoil in the community and that leave no room for escalation into flamewars. Other projects weren't so lucky.
I wrote some Ruby in my teenage years and his conduct certainly made an impression on me. I try to remember this guy whenever I get too angry about stuff. We should all try to be more like him.
That's what the phrase is saying, by the way. It's an encouragement to follow in his footsteps.
Exactly, why would you? But ignoring a hypothetical communal bridge jumping situation, do you have a problem with Matz having stewardship over RubyGems? Use your own thinking. If you're okay with it, then... is it because Matz is nice?
They were stolen from André Arko, Colby Swandale, David Rodríguez, Ellen, Josef Šimánek, Martin Emde and Samuel Giddins.
As long as Matz is involved, I have a lot of faith things will get better, not worse, unless you have some strong indication of otherwise. If anything, because things will be nicer.
Where is the theft? The projects were open source, they are still open source.
The name is not for the taking. You can download the code, modify and release it, but you can't just claim ownership over a product.
NPM was a company and it was acquired and it was voluntary. I don't think you can compare it to this situation - this is more of a messy situation with everything open source collaborations, rather than having clear ownership in a single entity:
https://github.blog/news-insights/company-news/npm-is-joinin...
Or are you referring to the pre-2014 situation where NPM wasn't VC Funded, but in a more nebulous state? It didn't last that long.
When you left RubyGems and Bundler (let's call them "Projects") team, you handed over your authority to whoever was left and/or was added later. It doesn't matter in which order things happened. What matters is that Ruby Central _and the rest of the team_ were the stewards of Projects. The important part here being _and the rest of the team_. André had every right to keep being part of that team, and he was for a long time, together with many other team members, all of which were removed by "a representative from Ruby Central". What an inhuman way to remove someone from a Project. "Hire" someone to do the dirty job for you so you don't have to. The decisions in a team should be done by reaching a team consensus. Not by one actor. I believe it's for the better that André was removed from the team, but it shouldn't have been done like this. Ruby Central lost their trust in the eyes of many. They could've achieved the same goal in a much better way. How can I trust an organization with management of something if they failed to manage this whole situation? Claiming this is all in the name of security and then not even knowing how to properly remove access from someone. So much about security...
It may be best in the future direction to have Ruby Central's role on RubyGems and bundler completely eliminated and simply just hand them over to Ruby Core and Ruby Foundation in Japan. I will gladly donate just to avoid any more US politics and drama.
What was your maintainership status when this all kicked off? Were you one of the owners removed by HSBT?
Joel Drapper is fibbing & playing memory games in a weird attempt to exert ownership over the community. It’s good to hear someone credible set the record straight.
Edit: Seems like maybe a hostile take-back actually.
I find “BDFLs” and open source communities so incredibly interesting. Especially in the context of geopolitics and state entities. Linux!
This stuff is PHD material for sociology and polisci post-grads and I’m so interested in following the progression of history with these types of things.
I feel like BDFLs are akin to the concept of village elders; they're not immune to corruption or scandal, but they often have this beloved status that can paper over a lot of cracks. That's probably dependant on their leadership style - the hard headed (Linus, DHH) vs the grandfatherly (Matz, Van Rossum).
Which, going back to your note on geopolitics, leads me to wonder: Is it just that more power corrupts more, or is it that (modern-day definitions of) democracy require a desire for power? I guess as the "FL" part of "BDFL" comes to bite more of the communities, we'll see better how different succession styles have different effects. I also wonder if the analytical nature of the individuals within the "populations", and inability to police defectors will mean uprisings will be more successful, either in causing BDFL attitude adjustments, or just overturning the community completely (for example, there's already a lot of momentum for a complete fork of Rails)
(Edit: having submitted this, I now see others have had very similar thoughts! Definitely an excellent conversation topic)
I think a lot of this is due to how so much is a scandal these days, for better and worse. (I'm obviously going to keep politics as much out of my response as possible.)
A few decades ago, people could have political views without ostracizing roughly 50% of the global population, or generally causing a ruckus at the holiday family dinner. (Obviously politics + holiday dinners has been an issue for a long time, but back then it was just something people tried to sweep under the rug. Now? Holiday dinners are getting cancelled or families are splitting up.)
It used to be that a scandal in the OSS community required you killing your wife (thinking back to ReiserFS). Now, a remark on Twitter is all it takes.
Again, I am absolutely not taking sides here. I'm just noticing a difference in the times, and agreeing that it is indeed interesting to watch.
People are far more happy to cling to the tribe they choose, and the tribe that has their back, over the tribe they were born to. Then, there are those who see that trend as dangerous to society (where, in many cases, society is really just a proxy for their own power or social status - ironically as viewed through their own chosen tribes more than the tribe they were born to)
That is to say, I don't think it's the political views that are splitting the families. Individuals have decided that care for each other should come secondary to those political views. I feel like there used to be a certain amount of care in the "sweeping under the rug" - it was the tribe against the world, it was protecting the family image as much as it was protecting the individual from society. These days, being a thing "in private" means being a thing alone, and that's no longer a compelling thought when external tribes are willing to embrace you.
Which probably applies to software tribes just as much as family ones.
This is ahistorical.
Not only was it the norm forever to ostracize entire sections of your society (protestant vs catholic and lots of other religions, black vs white, any form of non-hetero behavior, the Roma people and any form of outsider)
It often was the law
Americans shot their family members over whether we should own black people or not.
My french and white ancestors were expelled to Louisiana, intermarried with black people, and then when the US bought the french land, they introduced laws that made such families illegal.
Reagan made a hobby of publicly claiming his coworkers were communist. Thought that maybe we should be allowed to form unions? 100 years ago that was enough to get you investigated by the senate. Americans voted for him so hard the Democratic party is still floundering to have support. "We should allow unions" or "we should regulate companies" is still half-verbotten.
Do you know how many kids are still kicked out of their homes for the crime of being born gay?
This idea of "You used to be able to hold diverse opinions in public" is outright wrong. This past never existed.
Weird Christians in the US have tried to cancel things like Harry Potter and halloween for gods sake. They took a teacher to trial for teaching evolution. They made playing pen and paper RPGs a sin! When preachers molested kids, they shunned the kids
Being too chummy with another guy in public was a scandal! Being a woman who wanted an education was a scandal! Getting pregnant out of wedlock was a scandal that would tear apart families. Getting divorced was verbotten. Expressing support for social policy could get you fired, or murdered
Bush Jr literally said "You're either with us or against us" about supporting a criminal war and America pitched a globally public fit when other countries did not pledge allegiance.
https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2f...
See that question asked:
"Isn't supply chain security a corporate concern?"
He tries to bring arguments to invalidate that. And failed in an epic manner. Now people are more suspicious than before. Kind of strange to see, too.
Not up until the incident that motivated him to resign, anyway.
I think there's going to be an interesting and complicated churn as several major projects under the BDFL model have their Ds succeed at passing the torch, struggle to pass the torch, struggle to realize the torch needs to be passed, or take the torch and do their best to burn the whole project down so it can't outlive them.
The diference is that with an open source licence, the comunity can just fork the project (assuming they have enough developers), so the BDFL must master the art of herding cats.
A country has clear phisical borders and tanks, and people can't fork them and ignore the old power structure.
> As a Japanese developer, I’ve been worried about the direction things were going, so it’s reassuring to see this.
I am actually much more worried now. I don't live in the USA; I don't live in Japan. To me it seems as if Japan and the USA are totally over-dominating in the ruby ecosystem. While this is understandable that it is Japan (local community, I get it, this is different to english-speaking ones), I am absolutely upset that the USA has so much proxy-influence here. But I guess there is nothing that can be done. I guess in Python the USA also over-dominates. I just think this sucks really.
I'm considering switching to Erlang, which was developed at a corporation from the start and appears to be drama and cancel free.
I would love to see such options become available in Europe (insofar as additional options existing, not taking away the ones that already exist). But that would require some extremely successful European companies working to change it.
Why? Japanese culture is more conservative, less prone to knee jerk decisions, and Ruby is their biggest home grown programming language.
I'm also not American nor Japanese and I think this is the best possible outcome.
> we gave stewardship of RubyGems
I didn't sign anything.
I also remember the original creators of rubygems. How old is Ruby Central? 10 years? 15 years? There were several years before that.
- Corporate entity doesn't have copyright over your creative output. Just because word can open and view ("run") your novel does not give them ownership.
- Locking your access completely on your resources would be akin to a ransomware attack or account compromise
Would you label those actions hostile? Or just accept it as right because "maintain security"?
If you would label the above hypothetical actions as hostile (if not outrageous overreach, something akin to theft?); what is fundamentally different to what Ruby Central did by taking over the source code of a GitHub repository?
The "maintainers" weren't volunteers. They were paid employees.
Also none of the ones complaining were the original authors of gem nor bundler.
You work for Microsoft as an independent contractor, as a night watchman/groundskeeper. So do a number of others. You were hired because you and your crew of weirdos were writing the story of advanced gardening and building maintenace; which people including those at many famous and powerful companies used and found useful. A number of years ago someone said "huh, maybe these guys should get funding", and a few others agree; and Microsoft ends up in charge of distributing that funding.
The above still happens. They have locked your computer with a ransomware message that says "we will give you back access if you get rid of one of you". To lock your computer, which is airgapped, it would require someone with admin privileges to your computer to walk in and manually do this. It turns out one of your has colleagues done this, added an account for the Director of Night Maintenance at Microsoft to your machine.
You and almost all of the "paid employees", again, a number of whom are independent contractors, resign in protest; leaving only the person who tampered with your computer.
https://bsky.app/profile/duckinator.bsky.social/post/3lz6exz...
> The behavior Ruby Central exhibited was so egregious that I sincerely thought someone's account had been compromised at one point
During this chaos; which all happened between September 9 and September 18;
- at midday LA time/2:40pm New York time; Microsoft terminates the contract with one specific individual; who was the one they demanded the group gets rid of if they wanted access back - 8 hours later, that person locks the doors; changes nothing else, etc.
Some basic analysis about the situation you need to do:
- Did the actions on September 19th, even if you believe it was a crime of the most serious nature, justify the actions on Sept 9-18 where Microsoft took access, said whoopsie, then did it again?
- Treating the Sept 19 actions as a crime; did the person who did it do so with a criminal intent? (Mens rea). Did they intend harm? Or were they indifferent to the harm caused? Should this be prosecuted, has that person provided justification or similar that could in any way be reasonable doubt?
- If the actions on September 19 are a crime in your viewpoint; would paying/influencing someone to lock the accounts of all of the maintainers also be a crime? Why or why not?
Note that you'll want to read https://www.law.cornell.edu/uscode/text/18/1030
First off, was anything involved a "protected computer"? No, probably not, not by the legal definition there; yes by what we as laypeople would assume.
But, let's roll with the assumption it's "literally a crime" and not a civil matter; but apply that standard equally.
> (4)knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;
* Is the draft novel/rubygems source code a thing of value? Yes. $5000 worth? Tricky to say with the open source licencing! But RC were distributing $ to maintain it; and that cost them more than $5000/year. Cost does not equal value; but I think we can argue yes, kinda here.
> (7)with intent to extort from any person any money or other thing of value, transmits in interstate or foreign commerce any communication containing any—
* Did anyone attempt to extort anyone else to remove a person? (Get rid of x if you want access back!) * Did that have value? (Gee, I hope the treasurer didn't post, it was about the funding deadlines/only to have that walked back!) Also a bit murky as the value isn't coming from the extortion directly, only indirectly.
> (b)Whoever conspires to commit or attempts to commit an offense under subsection (a) of this section shall be punished as provided in subsection (c) of this section.
* Did anyone conspire? (Two or more people agree to criminal act, followed by an overt act)
Can you plausibly see how if you try to apply US law to argue one individual on one side is a criminal; that same law would likely make the other side just as criminal; if not more so?
---
> none of the ones complaining were the original authors of gem nor bundler.
Doesn't hold water.
From the individual: https://andre.arko.net/2025/09/25/bundler-belongs-to-the-rub...
"I joined the team at a pivotal moment, in February 2010, as the 0.9 prototype was starting to be re-written yet another time into the shape that would finally be released as 1.0. By the time Carl, Yehuda, and I released version 1.0 together in August 2010, we had fully established the structure and commands that Bundler 2.7.2 still uses today."
IE: Claims to be a significant contributor, predating any "stewardship" by RubyCentral. I would argue this can be born out by contributions and the fact he proposed the darned merger with RC in the first place; and that merger assigns no intellectual property rights or similar.
* DHH said some things on his blog that some people believe to be deeply racist / fascist (not going to unpack whether they were or not because answering that question is irrelevant to the fact pattern; consult other threads for that debate).
* A Ruby conference run by Ruby Central was asked to deplatform him. Since he's the creator of Rails, they declined.
* In response to their decision, a major sponsor (Sidekiq) pulled out of supporting the conference and Ruby Central in general, to the tune of $250k a year.
* This created a "blood in the water" situation where Shopify hit Ruby Central with an ultimatum: they would back-fill the lost sponsorship for oversight control of Ruby Central (and the gem repository they maintain, rubygems.org). And if Ruby Central didn't take the deal, Shopify was going to pull their funding also, leaving them in dire straits (this, BTW, is a fairly common corporate tactic when multiple partners share support of a service that doesn't independently generate revenue. Look for it in your own business, startup company, and nonprofit dealings!).
* Shopify now de-facto controls rubygems.org and people immediately started backing towards the exits because corporate takeover tends to be a harbinger of enshittification. As if to prove the point, Shopify's folks immediately ham-fisted the access controls, yanking several gem creators from the admin roles of the gems they created. They claim this was a mistake; several in the community do not want to give them a benefit of the doubt they are not believed to have earned.
* Community members are standing up gem.coop as an alternative gem repository.
> When they finally did reply, they seem to have developed some sort of theory that I was interested in “access to PII”, which is entirely false. I have no interest in any PII, commercially or otherwise. As my private email published by Ruby Central demonstrates, my entire proposal was based solely on company-level information, with no information about individuals included in any way. Here’s their response, over three days later.
At this point, it's probable that any attempt to just list the pertinent events isn't going to end up being as neutral as one might hope because even the choice of what context to include or exclude is itself editorial. This is the same lesson people might learn in a high school history class, just applied to something much more recent.
Unfortunately for him he basically admitted to a crime because it came after he was terminated. He tried appealing to community and whatnot but anyone who's ever worked for a corporation knows that once you're terminated, it doesn't matter if HR forgot to take away your credentials or not, you simply don't attempt to access anything ever again. Having keys to something doesn't make you the owner.
You’re likely aware, though it’s worth mentioning, that the new owners ousted all existing maintainers without any explanation[1]. This follows a prior incident where access was revoked and later restored, with assurances that it was a mistake. This situation can only be viewed as a malicious attack, in which only the new owners had a full understanding of what transpired. Changing the password was a reasonable and appropriate response that any competent person in a similar position would've considered.
I’m shocked that we seem to be experiencing a Freenode 2.0 situation, but with some supporting the usurpers instead of the longstanding maintainers. It’s only been four years since the Freenode debacle, yet certain types of people seem to have grown bolder since then. A "win" for freedom of expression, huh?
[1]: https://pup-e.com/goodbye-rubygems.pdf
It’s telling that you can write multiple paragraphs claiming the moon is made of cheese while expecting others to communicate only in brief, misleading soundbites.
Perfect neutrality is unachievable but that doesn't mean that every possible way of presenting the facts is equally valid, or even that it's impossible to distinguish presentations that are or aren't missing important context (see, e.g., the surprising success of Twitter's Community Notes).
https://andre.arko.net/2025/10/09/the-rubygems-security-inci...
I'm only going by the corporate narrative structure of the director's post, who clearly wants to throw someone under the bus and cover up organizational incompetence. "Open" source has become so despicable.
"As this situation occurred, I was the primary on-call. My contractual, paid responsibility to Ruby Central was to defend the RubyGems.org service against potential threats."
For instance, DHH and his fancy blog, are not 100% related or relatable to RubyCentral ousting long-term developers. There may be some connection (DHH on shopify's board, tons of ruby developers being paid by shopify and still writing "my opinion is totally unbiased" like byroot did), but there is no 1:1 overlap. For instance, I could not care what DHH writes on his blog any less. rubygems.org changing policies though - that affects me. And if shopify is in part responsible, and DHH sits on shopify and makes decisions, then yes, something changed here. But there are also people who have a vendetta against DHH and they leak into other spaces too. I am not among those people and they shouldn't try to hijack other communities either.
By the way, the Shopify ultimatum also does not explain why all other ruby devs were ousted. Ruby Central lost the narrative here. And, since they accuse Arko as the ultimate bad boy - why haven't they sued him? Why do they continue to refuse to do so? (Because they know their case would be rubbish nonsense and they would have to open up ALL emails, which may make many more people suddenly ... very funky.)
As someone who has sued someone else and won, it can take months for your legal team to gather the facts, decide on strategy, and then file suit.
It's related because it led to Sidekiq dropping their funding, which increased shopify's power over ruby central.
You are alleging that Shopify was retaliating. Do you have any reliable context that Shopify was acting in a retaliatory manner?
Given the power dynamics, the burden of proof is on Shopify to proove it wasn't retaliating at the behest of, or in a misguided attempt to defend DHH's honor.
Per the concept of "innocent until proven guilty", there is no burden on Shopify to prove they didn't do what you believe. The burden is on you to provide evidence for the motivations behind their actions.
I personally doubt Tobi got Shopify to where it was by making rash decisions based on emotions and drama.
That's how a reasonable society works.
Your second para is appeal to authority. A former CEO of mine (not a billionaire though, but a mere centimillionaire) was a drama magnet, thin-skinned, and a vengeful little shit.
That’s just a way of saying “I don’t have any evidence of what I’m claiming”
I have seen the "soft-hostile takeover" executed in other contexts, however. I don't think it's necessary to presume DHH used his influence as a Shopify board member to seal the deal or that he would have ulterior motive in doing so; in my experience, it's sufficient for a company to see a valuable piece of a puzzle they care about go vulnerable to acquisition offers to make the offer (with the corresponding stick). I'm willing to be convinced otherwise in either direction if more information presents itself; all I know is that Shopify put the offer on the table "We'll back-fill your funding gap or we'll make it much worse; your call." And I've seen that offer made in a completely capitalism-red-in-tooth-and-claw "business is business" way in the past.
* DHH is not only considered racist / fascist due to some blog posts, but also for making Hyprland the default DE in Omarchy, developed by someone who goes by the name Vaxry Vaxerski, who is also considered fascist and racist, and thus banned from contributing to freedesktop projects due to supposed breach of CoC:
https://blog.vaxry.net/articles/2024-fdo-and-redhat
* Hyprland and all its contributors are now also considered fascist from taking sponsorship money from 37signals, DHH's company, due to it being an important part of Omarchy.
https://account.hypr.land/sponsors
* Due to the fact that both DHH and Vaxry are both considered fascist / racist, Framework and its CEO (yes, that Framework) are now considered to be supporters of fascism, because Framework is sponsoring and supporting both Omarchy and Hyprland.
https://account.hypr.land/sponsors
* Cloudflare (yes, that Cloudflare) is considered to support fascism because they support Omarchy and the Ladybird webbrowser (which is a project also run by someone considered to be a fascist)
https://blog.cloudflare.com/supporting-the-future-of-the-ope...
* Last but not least, Tobi (Shopify CEO) and thus Shopify are also considered by many to be supporters of fascism when this drama started to unroll for standing by DHH no matter what when activists wanted to deplatform and ban DHH from his own creation (Ruby on Rails). Which makes the Ruby Central drama due to the involvement of Shopify even more interesting:
https://xcancel.com/tobi/status/1970944464303923687
Me? I want to hop in a time machine back to the 90s/early 00s before all this crap started and everybody was just generally nice to each other.
This methodology is definitely not how you discover fascism. But it is how fascists and communists defined and traced their enemies in the 20th century.
While I am all for making conscious choices on what to support I can't take anything phrased like that seriously "all is contributors".
Hyprland, while inferior (imo) in some aspects to sway on the wayland tiling manager landscape is a fine piece of software that I use on my non-work computer (I still use sway for stability).
Back on the topic: I reiterate I'd be happy to avoid using or supporting projects based on non-purely technical issues (discussion on "pure technicality" omitted for brevity).
It's just... What, do I need to know every persons imo completely irrelevant opinions on whatever du jour hot political topic? Maybe the answer could be yes,
I would be fine with dropping Hyprland support, maybe I will after digging a bit more. But this whole thing just reeks to me of terminally informed and ragebaited people looking for a platform to vomit their completely irrelevant opinions, actions speak more (e.g. fostering a dangerous environment _adjacent to the project_ based on discrimination).
I just feel I want to nope out of this industry and everything related to it, it's very overwhelming.
No. But if they're using their social capital they've built via their software contributions (like DHH) to spread racist nonsense, then maybe it's worth considering alternatives, or at the very least, stop supporting those projects.
"should keep their bullshit to themselves" <---> "should perhaps take leadership and avoid having their public channel a cesspool" <---> "actively encourages/participates in discriminatory practices" <---> "raging maniac hurting people, rallying for X"
Specifically on the topic of RubyGems:
I couldn't care less about what DHH posts or not, I certainly care that he uses his position to influence a chain of actors to interfere with something that always worked just because X.
I couldn't care less about the other side on the "cancel" mission, I care about influencing a chain of actors to interfere with something that always worked just because Y.
Please quarantine your political polarization/culture wars bullshit, non-anglo countries don't need it.
People need to step back and breathe. It’s possible to feel one thing about a (frankly shite) blog post and its author without tarring everybody within six degrees of separation with the same brush, and it’s quite unsettling that people find such nuance so difficult.
The internet was never nice. It, however, did at one time require technical savvy to use. With that savvy came the understanding that computers and people aren't the same thing, so when the computer emitted something not nice you'd laughed at how quant the technology was instead of getting your emotions all tied up in a knot and try to hold a person accountable like those who have no idea about what's going on around them do.
We tried "Don't feed the trolls." It's how we got where we are now.
We may just be working under different definitions. Are you claiming that when I type things into, say, Hacker News and hit reply, the words you read aren't the words I wrote?
Or are you asserting the "person" of the words in the computer is not the same person I am behind the keyboard?
I'd argue that the latter is the disproven hypothesis. It turns out people who said awful things online were actually awful people; they may not show it as often in public, but they weren't different human beings. Broadly speaking, they believed the things they said and tended to act on them in real life.
Laughing off things on the computer as not real was how at least one shooting went unchecked.
> Ladybird webbrowser (which is a project also run by someone considered to be a fascist)
Do you mean awesomekling? Why is he considered a fascist?
There are definitely actual fascists in tech (like Curtis Yarvin) which I (centrist liberal, not a tankie) fully support deplatforming where possible, but why are they considered fascists?
I hope you can see this because my posts in this thread are getting attacked and downvoted.
This pretty much summarizes how it started (copied from Google):
https://lunduke.locals.com/post/5823666/ladybird-web-browser...
(note that while the exact word never is seen in evidence added to this post but it sure is or hinted towards elsewhere.)
and evidenced by this its ongoing:
https://xcancel.com/awesomekling/status/1971287738268909576
because some people disagree with things like this:
https://xcancel.com/awesomekling/status/1966456391146606806
And there are tons more posts that show that some people are not exactly nice towards him on his X timeline.
Also there's direct proof of these accusations out there but I will not link to those out of professional courtesy for those involved (yes, some people still have that).
It should also be noted Lunduke is also not neutral and has his own political agenda.
I think we have to wait and see how much momentum gem.coop can build. Right now they have promised "things for the future"; they will most likely also deliver eventually. But right now they are not there.
If and when they open beta, though, I'll begin to republish my old gems (not all, some I merged into other gems but most of the core stuff will be back) there. They have some things they should improve on though - documentation (also a problem that ruby doc was separate by the way), namespacing (this is in part also a problem that ruby had no primary way of namespacing; this is also a feature, but it should have a way to separate concerns when possible or wanted).
Anyway, I think we'll soon see what happens - I say people should evaluate again in about half a year or so, say like ... end of May 2026. I think this would be a more realistic time frame.
I do, however had, also suspect that DHH may become the biggest asset to gem.coop - every further snide remark he does on his blog, will gain new people who are upset, and some of those will eventually help contribute and benefit gem.coop. So for the end user this may be a win-win situation since they can install things how they like it, thus having more flexibility. Many can and will stay with rubygems.org, others may prefer gem.coop, many others will probably use and combine both (this may be a bit more difficult; guess gem.coop needs to think of a way to specify different gem sources on a per-gem basis too. Lots of work to be had for certain).
No serious business with real (business) customers will accept that kind of risk and gem.coop will never be a thing outside of hobbyists.
He logged in and changed the password after the board emailed him and told him his services were terminated. That includes/specifically mentions his on-call services. His response claims only silence from the board and that he was just performing his on-call duties.
I've been a corporate stooge for 25 years or so now. On call duties are one of my main responsibilities. I would NEVER probe out which logins I still have access to after receiving notice of termination. He admits to doing this in multiple places.
All his justifications are that he was under contract to do work that he was already notified was terminated. Everything that follows either tells me that he has bad judgment, that he's lying (by omissions), or in the worst case totally delusional.
If he was so worried about operational takeover, why did he _change a password_ without notifying anyone else with operational capabilities that he was doing so? Nobody reasonable would _ever_ do that. There's a certain amount of upfront communication and CYA required of reasonable actors in this space and he doesn't have it (Not that Ruby Central did any better).
So no, I won't be changing my mind, and I don't know why you put "(again)" in there.
Regardless of what Ruby Central did, his own actions warrant every bit of criticism he's getting. Stop trying to redirect the narrative. There are other threads where that discussion is happening.
You can view Ruby Central as being in the wrong all you want and I won't argue with you, but that doesn't mean Arko is not-wrong as well. It's not zero-sum.
I don't understand how Matz accepted this as-is. Taking over these projects without addressing the takeover makes them toxic assets that will taint the Ruby community for a long, long time.
What you're doing is called a Whataboutism. I was responding to a comment about gem.coop.
Andre Arko is not credible and thus gem.coop is not credible. He can explain all he wants but his actions were plainly inexcusable. Whatever Ruby Central did is immaterial to the point of whether or not Andre Arko can be involved with services that we rely on.
All in all, I don't see sound judgement from Andre Arko or from RubyCentral. That seems the common takeaway from neutral third parties https://archive.md/SEzoV
> Regarding Arko’s blog post about his removal, McQuaid [Homebrew Maintainer] told me it’s good that Arko is crediting other people for their contribution and that he’s following open source principles of community and transparency, but that “his ‘transparency’ here has been selective to things that benefit him/his narrative, he seems unwilling or unable to admit that he failed as a leader in being unwilling or unable to introduce a formal governance process long before this all went down or appoint a meaningful successor and step down amicably.”
It tripples the attack surface making it more vulernable to having security vulnerabilities.
I prefer the Go solution where the package manager uses the git repos instead of a separate package index that might or might not correspond to the git repos.
I'm not counting something like C++ where there's effectively no "packages" to speak of.
218 more comments available on Hacker News