Ruby Central Faces Backlash Over Revocation of RubyGems and Bundler Maintainer Access

San Francisco, CA – Ruby Central, the non-profit organization overseeing critical Ruby ecosystem infrastructure, has sparked significant controversy after revoking administrative access for several long-standing maintainers of RubyGems.org, RubyGems, and Bundler. The move has led to accusations of a "hostile takeover" from former maintainers and prompted mediation efforts by Mike McQuaid, creator of Homebrew.

Ruby Central officially stated its actions were part of "strengthening the stewardship of RubyGems and Bundler," citing fiduciary duty, recent security audits, and the need to formalize operator agreements. The organization announced that, moving forward, only engineers directly employed or contracted by Ruby Central would hold administrative permissions to these vital services, temporarily holding access while new policies are finalized. A community Q&A session is scheduled for September 23 to address concerns.

However, former maintainers describe a different sequence of events. Ellen Dash, a RubyGems maintainer for a decade, detailed what she termed a "hostile takeover" in a public post. She claimed that on September 9, a maintainer unilaterally renamed the RubyGems GitHub enterprise, added Ruby Central's Marty Haught, and removed all other maintainers without warning. After a brief, partial restoration, Marty Haught reportedly revoked access again on September 18 for all admins on the RubyGems, Bundler, and RubyGems.org teams, consolidating control under Ruby Central employees. Dash stated, "This was a hostile takeover," and resigned from her position at Ruby Central in protest.

The incident has drawn widespread concern within the Ruby community. Mike McQuaid, a prominent figure in open-source and creator of Homebrew, has stepped in to mediate, acknowledging the complexity of the situation and expressing support for the maintainers. He noted, "I'm not involved beyond just caring a lot about Ruby," and has been in contact with parties on both sides.

The controversy also highlights broader discussions about open-source governance and the role of non-profits in maintaining critical infrastructure. Questions have arisen regarding Ruby Central's leadership, including its new Executive Director, Shan Cureton, whose background is noted as non-technical. Major sponsors, such as Shopify, are now facing calls to pressure Ruby Central for greater transparency and accountability, with one former Shopify employee expressing embarrassment over their past support.