[HN Gopher] Our stewardship: Where we are, what's changing and h...
___________________________________________________________________
Our stewardship: Where we are, what's changing and how we'll engage
Author : baggy_trough
Score : 38 points
Date : 2025-09-30 21:16 UTC (1 hours ago)
(HTM) web link (rubycentral.org)
(TXT) w3m dump (rubycentral.org)
| hungryhobbit wrote:
| Better late than never I guess.
| baggy_trough wrote:
| I still find it rather baffling that they just removed David
| Rodriguez outright without trying to work this out in advance. He
| did most of the work in recent times. Seems like max damage
| approach.
| mijoharas wrote:
| Has deivid spoken about any of this publicly yet? I was looking
| to see his take, but didn't find anything (other than some
| posts confirming that he'd had his access revoked too)
| byroot wrote:
| They didn't. They initially left him as owner of the bundler
| gem after they removed 3 other owners, indicating they wanted
| for him to continue to be a maintainer.
|
| He posted on the rubygems slack that he left and is
| conditioning his return on all other maintainers being
| reinstated.
| ipaddr wrote:
| "Unlike open-source projects that are simply distributed "as-is"
| with no warranties, but similar to other infrastructure projects,
| these codebases underpin a service operated by Ruby Central, and
| its canonical clients, relied on by millions of developers every
| day to securely download and publish gems. "
|
| Are they offering warranties?
|
| What new privacy laws demand them signing some handcrafted legal
| document?
|
| Is what they did legal?
|
| Couldn't they fork to provide a secure version.
|
| That one guy maintaining so many rubygems is the same guy who is
| offering a competing software solution that could reduce their
| profit stream is that the real reason?
| bilalq wrote:
| I did a double-take when I read that as well. I went and
| checked the license under rubygems, and sure enough, it's
| standard MIT with no warranties.
|
| https://github.com/rubygems/rubygems/blob/master/LICENSE.txt
| bpt3 wrote:
| I'm willing to bet the people who published that have no idea
| what they just said, and probably don't understand what the
| MIT license contains.
| knzai wrote:
| I love how this isn't even posted to their socials, cause they
| don't want the dragging to link their official accounts. Like the
| last BlueSky post is still cancelling ("postponing" is only the
| right verb if you end up actually doing it) the Q&A 7 days ago...
| ljm wrote:
| Let's not say anything about DHH actively agitating this
| particular community on the back of a regressive blog post
| supporting the far right in the UK.
| bpt3 wrote:
| Seems like a bunch of bureaucrats overplayed their hand and are
| now trying to prevent the people whose work they depend on from
| abandoning ship.
|
| This is poor, even by corporatese standards.
| Modified3019 wrote:
| Smoke, mirrors, and buzzwords.
| mijoharas wrote:
| Seems to boil down to "we don't trust Andre[0] and btw Shopify
| totally didn't make us do this[1]".
|
| I still don't understand the mistrust of Andre though. Also, the
| second point seems a bit disingenuous when their own board member
| speaks about a specific deadline[2]. He says it's something they
| agreed to, so it's necessarily external. That and the teams of
| reports of other people saying they've heard it's Shopify putting
| pressure for this specific point makes me look for a higher
| standard of rebuttal than "dude trust me". Explain why it was
| urgent. Explain what the deadline was.
|
| [0] A recent access review had revealed that many systems were
| under the control of a single individual, which we determined
| presented a risk to the security and operational sustainability
| of those systems.
|
| [1] The Board acted independently, and financial support was NOT
| conditioned on taking these steps.
|
| [2] https://apiguy.substack.com/p/a-board-members-perspective-
| of...
___________________________________________________________________
(page generated 2025-09-30 23:00 UTC)