Q&A highlight
Posted3 months ago
Key Takeaways
I think a total of half a paragraph is about current events in any form.
Through all this I will say that Ruby Central hired a non-technical director whose responsibilities I would expect to include communication and operational expertise to not let these situations happen or at least contain the volatility. That was a failure by Ruby Central regardless of the actions of engineers.
No one is expecting him to speak out in favour of Ruby Central's side, and he several times mentions how poorly they've executed and communicated whatever they're trying to do. And the complaints about that are well-known to anyone reading this post, and don't need to be rehashed.
So no, I think he is indeed reserving judgment, but because of what he feels the need to emphasize given the narrative so far, it looks disproportionately critical of one side.
Given Shopify's strong internal culture of "Strong Opinions, Weakly Held" I feel comfortable holding them accountable to that same standard.
And I was part of the Ruby community for the period being addressed in the blog post, and I interacted with him back then, and he was certainly at a minimum difficult to deal with. None of it seems to be relevant at all to what just happened. Whatever Andre did or didn't do with Ruby Together funds, that organization no longer exists.
Also, in not into the faux shock at him paying himself $200-$250/hr as his rate for RT. He's presumably paying his own health care and living in SF so that actually seems pretty reasonable. If he was employed at a tech company earning that much, nobody would bat an eyelash.
The article has been updated and the correct figure appears to have been $150/hr. That seems very cheap for a contracting rate -- another comment[1] went through RT's public disclosures and it seems that he was getting paid ~$30k/yr on average (with a maximum of $60k for one year) which paints a completely different picture to TFA.
This article is the missing piece explaining why:
1. Shopify, allegedly, "specifically demanded that at least one of the RubyGems maintainers, André Arko, be excluded from returning to the project."[0]
2. Rafael França, a member of Rails Core, publicly listed concerns[1] about "competitor tooling"/"admin trust" r.e. rv.
Both are components of Joel Drapper's post that gave me pause on my first read, as these statements aren't something said without basis. That basis being correct or not is another matter, but I wouldn't expect either Shopify or a member of Rails Core to have such concerns simply because they don't like someone.
Personally, I don't come away from this article with the sense the author dislikes André, just that there's perhaps more rationale coming from a camp that's largely not said much so far.
Looking into the crystal ball of future predictions, the battle lines we're going to see in the Ruby community will be based around the acceptance or rejection of some of the allegations here about Ruby Together's spending.
I recall Ruby Together advocating for personal sponsorships in addition to corporate. It's one thing to be treating Apple adapters as disposable HB pencils & buying dinners on the company card if companies are funding you, but it's a different matter of fiscal responsibility when you're potentially spending personal donations.
Coming out of this, I'll suspect everyone will align that open-source contributors should be paid, and companies should in some way support open-source, but we'll see fractures over if André's alleged behaviour is acceptable.
I'm looking forward to someone/something assembling an entity which is trustworthy & responsible. If Ruby Central can't be that entity, we'll need a replacement.
[0]: https://joel.drapper.me/p/rubygems-takeover/#:~:text=Shopify...
[1]: https://bsky.app/profile/rmfranca.bsky.social/post/3lz7alpob...
> but I wouldn't expect either Shopify or a member of Rails Core to have such concerns simply because they don't like someone.
Being given authority doesn't result in a person being given the ability to be reasonable. Of Rails, there is several years of controversy of how one notable member presents his concerns and who he targets with his concerns.
> Later, in August 2017, Andre accused Google Cloud Platform of wholesale copying gemstash's codebase, going so far as to threaten legal action in his opening message. He juxtaposed the accusation with the complaint that Google had, "repeatedly declined to support Ruby Together." The incident appeared to fit a pattern of behavior to pair high-conflict messaging with an admonition of the target's failure to fund the organization that paid him. Ultimately, Andre's claim turned out to be factually baseless—Google hadn't copied gemstash's code, after all.
The history strongly suggests a pattern behind current events.
And a single instance of something is hardly a pattern.
It's exposing events that have been somewhat of an semi-open secret among Ruby maintainers for a very long time.
The link with the current events is that so far, neither Ruby Central nor Shopify have responded to Joel Drapper accusations, so the vast majority of people only have one side of the story.
Justin is just explaining why, based on what he knows of one of the main protagonists's character, he'd rather reserve judgment. Which also happens to be my stance ever since this thing started.
For multiple years now, I've heard more than one people involved in Ruby Central telling me they were very worried of the Ruby Central relationship with André. Whether they had reasons to be worried or whether they were blowing it out of proportion, I can't say for sure. All I can say is that there was massive trust issues.
Whether he actually did something that triggered the recent events, or whether RC or Shopify tried to act proactively I don't know either. But I can only suspect that RC and Shopify are not speaking out, or at least are slow at doing it, because of potential legal consequence.
NB: Until not long ago, I was employed by Shopify, if I still was today I wouldn't be writing this comment.
As an example, I might have a non-profit that serves soup at soup kitchens and also pays me to manage it. If someone gives $100k, suppose I pay myself $90k and use $10k to serve soup.
When someone threatens to cut the contribution, I say "This will affect the non-profit's mission since the $100k a year goes to critical things like all the soup served at kitchens".
The impression is to imply that the majority of it goes to the soup. But the majority doesn't, in fact, go to the soup.
It would be useful to have a concise term for this particular kind of deceitfulness.
I think you’d call it a type of ‘lie of omission’.
https://rationalwiki.org/wiki/Lying_by_omission
But also with some elements of ‘category error’
It may not be a perfect fit since per the tweet, the term does not entail that there is necessarily any deceit or confusion involved - under the hostage model, the soup kitchen may be quite open about pocketing 90% of the money, as long as the implication stands that there will be nobody to distribute the remaining 10% in soup if not for them.
As for the deception/confusion aspect of it, I am not aware of a perfectly-fitting term, but Scott Alexander has been blindly groping other parts of that particular elephant for a while, e.g. in https://www.lesswrong.com/posts/yCWPkLi8wJvewPbEp/the-noncen... and https://slatestarcodex.com/2014/11/04/ethnic-tension-and-mea.... There is a common thread in that you can effectively mess with people's reasoning by manipulating their category boundaries, and this is not something that we have worked out good defenses against. Is software piracy theft? Is a fund of which 10% go towards charitable causes being used for charity? Is a TV popsci presenter with a BA a scientist?, and so on.
https://theappalachianonline.com/problems-susan-g-komen/
> In the organization’s 2010-2011 financial report it was revealed that Susan G. Komen only devotes 20.9 percent of the donations it receives to researching breast cancer.
https://en.wikipedia.org/wiki/St._Jude_Children%27s_Research...
It's called "lying".
From a personal standpoint, I can easily take his words at face value. I’m also curious about the views of Aaron “tenderlove” Patterson, who has a similar reputation.
Now that Justin has spoken out, maybe Aaron will take the opportunity to. Both tend to stay out of drama.
> People whose livelihood depends on the health of the Ruby ecosystem deserve more information than they're getting, especially now that its operational stability has come under threat.
On this count, Searls' article has done the work. I didn't know that Andre Arko baselessly threatened Google with lawyers, or that Andre played fast-and-loose with people's donations. That information was excluded from "unbiased" analyses and fact-checks which seem to largely target Andre's enemies.
Why is Justin dredging up that one time eight years ago when Andre mistakenly called out a repo for infringing upon his employer's work (for which he publicly apologized five hours later)? Why is he harping on anecdotes from nine years ago in order to suggest Andre may have allegedly (gasp) expensed technology purchases and business meals to his employer? What does this all have to do with the current situation, other than unnecessarily stir the pot with a laundry list of old petty grievances fed to him by a bunch of anonymous contacts ('a lot of different people told me a lot of concerning stories')?
I think the author's close ties to Rails Core / Shopify employees is extremely important context for this post, especially since it's context that's been intentionally hidden by a neutral, unbiased framing.
Few dare state as much in public, hence the anonymity. The reason is straightforward: André has previously threatened legal action, and appears to be pursuing it once again. RubyCentral, for its part, has bungled the handling of the matter. But André has managed — with the exception of this one post — to cast himself not as a long-time beneficiary of his open source work, drawing maximum financial gain from it, but rather as an aggrieved victim of institutional mismanagement.
Also he shared it directly while saying it was good here: https://x.com/tenderlove/status/1972370330892321197
> We've been continuing to backport bugfixs to the 1.7.x series just for Heroku, but unless Heroku joins Ruby Together I don't have enough time available to make sure that continues to happen.
but OP claims it
> was interpreted as leveraging his control over Bundler as a pay-to-play scheme
I'm sorry but not supporting outdated versions of an open-source tool for a business is perfectly reasonable.
Similarly, [2] was again is described as "was interpreted at the time as indicating the feature would be withheld from Bundler because Heroku had failed to pay Ruby Together.". This is not at all how I read it — the comment just says that the open source project has priorities and not all of them can be implemented given the level of funding it has.
These are just two examples, but the article is riddled with wording like "blatant copying", "brazenly hypocritical", "was interpreted as [a bad thing]" etc.
I just feel like reading a clearly lopsided political piece intended to incite negative emotions towards something/someone. There are just enough facts to make it sound fact-based, but enough of author's own feelings and interpretation that I'm not at all convinced.
In fact, towards the end the author even states that there's been ~6 years where nothing of note happened, before the current drama. That seems like a relatively healthy situation?
[1] https://github.com/heroku/heroku-buildpack-ruby/pull/385/com... [2] https://github.com/rubygems/rubygems/issues/1811#issuecommen...
I started reading with an open mind, got a bit confused by the "dongle" joke, which the author doesn't remember but somehow it should be inappropriate. It's equivalent to saying "I think he said something bad 10 years ago but I'm bit really sure"
Then there's the part about "leverage control" to extort heroku, which was a blatant misrepresentation of events and shows a clear Agenda.
Not taking sides my ass. I can only conclude the author's reputation, as being ine of the nicest persons in the community, was earned through similar manipulation.
And since the entire article is a "take my word" type of story, the blatant bias already displayed casta a shadow of doubt over the veracity of any other claims it makes, leading me to conclude the opposite: André is actually a nice and likable person, and has good principles.
1. Being reimbursed for a new dongle (and/or meals) 2. Joking about how that is no big deal 3. Not being transparent about whether your nonprofit blithely funds stuff like a new dongle (and/or meals)
From my perspective #3 is definitely an issue, and I can see how #2 could be annoying, but #1 is not really an issue at all, and it's not clear to me whether it's an issue for the author of this article.
It's not much of a stretch from "programmers working on open source tools deserve to earn an income that's commensurate with what salaried engineers earn at the companies who benefit from those tools" to "programmers working on open source tools deserve a level of overall employment benefits commensurate with etc.". For-profit companies routinely pay for dongles like it ain't no thang, toss money around left and right on meals (even with questionable justification), and so on and so forth. And in fact the people who benefit from this reimbursement do joke about how it's "free" to them, etc. In this context, being reimbursed for dongles and meals seems only another form of leveling the playing field.
Now of course, if people think they're donating only to pay a salary, and it turns out they're paying for meals, that's a problem (#3 in my list above). But if a person is up-front about saying "you're paying to equalize the overall compensation situation between the people who write open-source software and the people who use it", I don't think anyone should be surprised that that person expects to be reimbursed for dongles and meals. I'm not sure whether that was the case here, but, well, it's just something that stood out to me in the article.
In addition to what others said about TFA, This part jumped out to me:
> Specifically, I was sent this commit replacing references to Homebrew from late July. As evidence of Homebrew's authorship was being erased and obscured, no additional acknowledgement was added to credit Homebrew for having created and maintained Portable Ruby since 2016.
A paragraph later the author writes
> In fairness to Andre, the rv-ruby repo continues to retain a copy of Homebrew's LICENSE.txt which names "Homebrew contributors" as the copyright holder. Andre also later added an explicit acknowledgement to the README, but that attribution came more than a month later, and (I'm told) only after he was directly asked to credit the original project.
"In fairness" my ass. How can the author leverage a claim of authorship being erased, when the license is sitting there, untouched, for over a year?
And when someone told Andre to credit the original project... He simply did? Seemingly without any issues. In what universe is this an example of "obscuring authorship"?
Of course, putting this section right after the section where Andre mistakingly accused google of copying code without perserving the original license, leads you to think Andre is a hypocrite, when in fact there were over 7 years between the two "events". The storytelling is doubly dishonest because as Andre kept the original license intact, rendering all implicit claims of hypocrisy void.
In short, this article is borderline defamation.
> In August 2025, and seemingly out of nowhere, someone pointed me to the project spinel-coop/rv-ruby, an apparent fork of homebrew/homebrew-portable-ruby. I say "apparent", because rather than using GitHub's fork button—which would have maintained clear attribution of who created the upstream project—it looks like it was instead cloned and re-pushed by Andre.
GitHub has long had problems with forked repos being half broken compared to the original repo. Used to be that you couldn't search within forked repos, at the very least.
I'd actually consider it best practice to push to a new repo if you were entirely taking over a project and weren't going to be pushing upstream.
I haven't extensively researched if GH has managed to eliminate all the reduced features of forks, but after something like 15 years of using it (proabably about the same amount of time Andre has), I would reflexively establish a fresh main repo if I was setting up a project and I wouldn't fork.
This isn't really evidence of anything other than the author of the blog post looking to spin a narrative.
As someone who has dealt with people maliciously stripping out copyright headers before, this example just smells of someone running out of examples while trying to construct a list of petty grievances. Yes, the README of the fork was updated to stop referencing the original project, what would you expect from a fork? Would it have been nice to add a note that it was forked from another project? Yes (and he did exactly that a month later), but it's really not required and I disagree not doing so it somehow hypocritical.
And yes, GitHub forks still have a lot of limitations. I wouldn't use them when creating new projects either.
Shopify, pulling strings at Ruby Central, forces Bundler and RubyGems takeover
https://news.ycombinator.com/item?id=45348390
Ruby Central's Attack on RubyGems
https://news.ycombinator.com/item?id=45299170
A board member's perspective of the RubyGems controversy
https://news.ycombinator.com/item?id=45325792
I'm leaving Ruby Central
https://news.ycombinator.com/item?id=45352432
Bundler Belongs to the Ruby Community
10/10 I thoroughly enjoyed that the author saw some confusion about the structure of Ruby and thought “Time to bust out The Many Crimes of Andre.xlsx”
My opinion on this might change if the timeline of what happened were challenged in some meaningful way, but allusions to "details that would contradict fact-checks and timelines others have pieced together and published" isn't that. The only way to steel-man an argument that isn't stated is to assume infallibility, and that's just not reasonable to ask people to do.
Granted that happens when folks take a form of "don't want to get into it". Maybe I missed something, but I don't think the whole blog entry means anything then.
65 more comments available on Hacker News
Not affiliated with Hacker News or Y Combinator. We simply enrich the public API with analytics.