Hacker Neue

Preferences
joeldrapper parent
These projects were not Ruby Central’s in the first place. They were stolen for Ruby Central by a Ruby Core insider, HSBT. This is horrible news.

They were stolen from André Arko, Colby Swandale, David Rodríguez, Ellen, Josef Šimánek, Martin Emde and Samuel Giddins.

rich_kilmer
They did not WRITE RubyGems, they inherited it and evolved it. Chad, David, Jim (RIP), Paul and I wrote RubyGems. I hosted RubyGems from my home in Virginia for several years before we could cover the cost of colocation and stood up RubyForge. Its nice to look at the near history and think that this is all of history but it is not. Ruby Central has always been the stewards of RubyGems and then later, Bundler.
Mystery-Machine
First of all, thank you! It's unbelievable that you built the first version of `gem install` in a single night. It must have been an amazing feeling. I remember the drive when I was doing some hackathon with a few friends. It's the best feeling a software engineer can have.

When you left RubyGems and Bundler (let's call them "Projects") team, you handed over your authority to whoever was left and/or was added later. It doesn't matter in which order things happened. What matters is that Ruby Central _and the rest of the team_ were the stewards of Projects. The important part here being _and the rest of the team_. André had every right to keep being part of that team, and he was for a long time, together with many other team members, all of which were removed by "a representative from Ruby Central". What an inhuman way to remove someone from a Project. "Hire" someone to do the dirty job for you so you don't have to. The decisions in a team should be done by reaching a team consensus. Not by one actor. I believe it's for the better that André was removed from the team, but it shouldn't have been done like this. Ruby Central lost their trust in the eyes of many. They could've achieved the same goal in a much better way. How can I trust an organization with management of something if they failed to manage this whole situation? Claiming this is all in the name of security and then not even knowing how to properly remove access from someone. So much about security...

rich_kilmer
I totally understand and agree that it was handled very poorly.
ksec
Thank You, not only for RubyGems and hosting it, but for replying all the accusation and comments that to me are simply bending truth. Such as they wrote RubyGems and somehow Bundler belongs to them. And despite you correcting them multiple times, they still continue with the same narrative.

It may be best in the future direction to have Ruby Central's role on RubyGems and bundler completely eliminated and simply just hand them over to Ruby Core and Ruby Foundation in Japan. I will gladly donate just to avoid any more US politics and drama.

buffington
Get this: I've used what you guys built back then almost every day for the past 20 years. (also, long time no see - we should catch up).
tommica
You guys did an amazing job!
joeldrapper OP
I’m not talking about who wrote the code. Hundreds of people wrote the code, that’s not particularly relevant. I’m talking about who had maintainership of the code and how those maintainers had agreed to govern the project.

What was your maintainership status when this all kicked off? Were you one of the owners removed by HSBT?

raggi
i can confirm the above. sadly felt a confirmation might actually be helpful because there's some wild stuff around the threads today.
CaptainOfCoit
So what? NPM wasn't originally owned by Microsoft, nor GitHub, but reality moves forward?

As long as Matz is involved, I have a lot of faith things will get better, not worse, unless you have some strong indication of otherwise. If anything, because things will be nicer.

bhouston
> So what? NPM wasn't originally owned by Microsoft, nor GitHub, but reality moves forward?

NPM was a company and it was acquired and it was voluntary. I don't think you can compare it to this situation - this is more of a messy situation with everything open source collaborations, rather than having clear ownership in a single entity:

https://github.blog/news-insights/company-news/npm-is-joinin...

Or are you referring to the pre-2014 situation where NPM wasn't VC Funded, but in a more nebulous state? It didn't last that long.

joeldrapper OP
So it’s okay for Matz to get HSBT to steal people’s open source projects? What if Matz sponsors stole Ruby from him? WTF?
rich_kilmer
I was one of the originating authors of RubyGems along with Jim (RIP), Chad, David and Paul. I hosted RubyGems from my home for the entire community for many years. We never asked nor received anything for that. We wrote RubyGems for the Ruby community. Matz and the Ruby Core team is the right place for RubyGems. This is great news.
sebiw
Thanks for sharing. RIP Jim, I miss him being part of the community.
the_mitsuhiko
> So it’s okay for Matz to get HSBT to steal people’s open source projects?

Where is the theft? The projects were open source, they are still open source.

bmacho
The software is open source, not the project.

The name is not for the taking. You can download the code, modify and release it, but you can't just claim ownership over a product.

the_mitsuhiko
That is a question of trademark law and a much more complex topic. Many people contributed over the years.
baggy_trough
Andre Arko was not the original author, so how did he get the name? Did he take it from someone?
bmacho
I don't know, and I don't care. I wonder if you try to imply something ridiculously strong, general, and obviously false here?
mijoharas
Have we got any sources for Matz getting HSBT to steal it? I mean, I get that they're both members of ruby core, but that's a bit of a claim.
dluan
This is a question that I have, HSBT was the one who flipped switches, and it's been unclear to me how those decisions were made.
claudiug
jesus joel. you are really really upset person. I read your stuff on reddit/r/ruby. I understand your frustration but you are so biased. like really really biased.
jcmfernandes
What wasn't factual in Joel's comment?
claudiug
it paints all the stuff like is one person fault. omits to tell like stuff like

- gem.coop -> the person behind have a new tool rv that want to sell it

- they want to sell the rubygems logs to corporatins

- change the root pass at aws once they where remove from the project

small details like this.

jcmfernandes
Let's say all of that is true. Did or didn't RC perform a hostile takeover of the repos?
jaredcwhite
you're leaving out copious amounts of context here so sounds like you are obfuscating on purpose.
Mystery-Machine
Oh, I didn't know that André wants to sell gem.coop and/or rv. Can you please point me to more info about where this intention to sell gem.coop and/or rv was mentioned?

They want to sell some RubyGems logs about corporations (not individuals) using RubyGems API, to...Ruby Central?

As André explained on his site, he was on-call at the time when they were removing him. He acted to protect the service by limiting access. No harmful actions done by him were ever discovered by Ruby Central. It's two entities fighting to remove the other. You can say Ruby Central was right, I can say André was right. But we do know that Ruby Central fired the first shot when they (could've been an actual hacker) removed literally everyone from RubyGems and Bundler projects.

jaredcwhite
I'm sure you're not biased. I'm sure all the people applauding Ruby Central and Ruby Core right now aren't biased. /smh

This item has no comments currently.