Better late than never I guess.

I still find it rather baffling that they just removed David Rodríguez outright without trying to work this out in advance. He did most of the work in recent times. Seems like max damage approach.

"Unlike open-source projects that are simply distributed “as-is” with no warranties, but similar to other infrastructure projects, these codebases underpin a service operated by Ruby Central, and its canonical clients, relied on by millions of developers every day to securely download and publish gems. "

Are they offering warranties?

What new privacy laws demand them signing some handcrafted legal document?

Is what they did legal?

Couldn't they fork to provide a secure version.

That one guy maintaining so many rubygems is the same guy who is offering a competing software solution that could reduce their profit stream is that the real reason?

I love how this isn’t even posted to their socials, cause they don’t want the dragging to link their official accounts. Like the last BlueSky post is still cancelling (“postponing” is only the right verb if you end up actually doing it) the Q&A 7 days ago…

Let’s not say anything about DHH actively agitating this particular community on the back of a regressive blog post supporting the far right in the UK.

Seems like a bunch of bureaucrats overplayed their hand and are now trying to prevent the people whose work they depend on from abandoning ship.

This is poor, even by corporatese standards.

Smoke, mirrors, and buzzwords.

Seems to boil down to "we don't trust Andre[0] and btw Shopify totally didn't make us do this[1]".

I still don't understand the mistrust of Andre though. Also, the second point seems a bit disingenuous when their own board member speaks about a specific deadline[2]. He says it's something they agreed to, so it's necessarily external. That and the teams of reports of other people saying they've heard it's Shopify putting pressure for this specific point makes me look for a higher standard of rebuttal than "dude trust me". Explain why it was urgent. Explain what the deadline was.

[0] A recent access review had revealed that many systems were under the control of a single individual, which we determined presented a risk to the security and operational sustainability of those systems.

[1] The Board acted independently, and financial support was NOT conditioned on taking these steps.

[2] https://apiguy.substack.com/p/a-board-members-perspective-of...