Contextually it might be relevant that Ruby Central said they wanted to have a Zoom call today to explain everything,
then cancelled it. This was their message.
"Hello Ruby Community, We recognize that our originally scheduled Q&A session overlaps with the observance of Rosh Hashanah and may not have been the best timing for many in our community. We sincerely apologize for the short notice of this change, especially since the session was set to take place tomorrow. In response to the feedback we’ve received, we’ve made the decision to postpone the session. A new date and time will be shared with you in the coming days. In the meantime, we invite you to watch this statement from our Executive Director. This update is intended to ensure everyone receives the same information and can view it at a time that works best for them."
827a2 days ago
Wow. I've seen less corpowashed decision making out of Microsoft. They set their house on fire, its burning down, but spraying water on it would get the curtains wet so we can't do that.
moritonal1 day ago
It's more the "we have to move the meeting, but can't say when, please forget about this"
apercu2 days ago
That's hilarious. "Our business decisions are questionable but for religious reasons we can't talk about it right now now"
dismalaf1 day ago
It's literally a culture's New Year's Day and a holiday...
827a1 day ago
There's an old piece of advice: If a girl cancels on you without taking the initiative to reschedule, it doesn't matter what the reason is, she's not interested.
In other words: They aren't respecting the holiday. They're using it as an excuse.
snickerdoodle142 days ago
[flagged]
kace912 days ago
Soo let me see if I get the context.
Ruby central was short for cash, Shopify used that to pressure them into a takeover of several core community repos like bundler so that Shopify can control those indirectly? Is that it?
jaredcwhite2 days ago
In a word, yes.
kace912 days ago
What I don’t get is, what does Shopify get from this?
I’m assuming there’s a ton of reputational risk in this move, and my understanding as an outsider is that Shopify already has a ton of weight in the Ruby ecosystem - they seem to be the one case quoted by everyone as the “proof that Ruby scales”.
kimos2 days ago
It’s easy to point at politics or people and some sinister motive. Maybe that’s what it is.
But don’t underestimate what can be accomplished through incompetence.
Shopify is a multi-billion dollar company that has processed over a trillion dollars. They are a high value target for sophisticated attackers. It’s entirely possible they are trying to accomplish some security and supply chain goals to protect their Ruby pipeline, but completely messed up the execution and did not predict the community interpretation and backlash.
rmoriz2 days ago
They are a multi-billion company that is highly dependent of RubyGems and a breach could ruin their business. So they have intrinsic reasons to support anything that keeps Ruby and Rails floating.
bartread2 days ago
That makes sense but, to put it mildly, I am not whatsoever a fan of corporate controlled and directed OSS. I'm even less of a fan of it when it's effectively controlled by only one corporation. The temptation to play high-handed with the community, and with the future, is overwhelming and not one that corporations seem able to resist. One example: Chromium, which is now effectively worthless as a serious web browser with support for MV2 removed, thus meaning that uBlock Origin (and the like) no longer work, due to Google forcing the issue with MV3.
rmoriz2 days ago
I don't see the controlling aspect materializing, except forcing Ruby Central to build a reliable organizational structure. There are companies that are way more involved in controlling projects. Cloud providers or CDNs that start to sponsor, but after a while lose interest unless specific adjustments are being made.
I doubt there will ever be a run-time dependency of rubygems with Shopify. I would be more alarmed if, say, Microsoft GitHub™, Google, Cloudflare would "step up to safe the project".
bigiain2 days ago
... so they locked out the main security contributor, and didn't see a need to replace them?
plorkyeran2 days ago
We know very little about what happened between Shopify and Ruby Central. They said that they made no progress towards satisfying Shopify’s demands until they were 24 hours from the deadline, but not what those demands specifically were or why they failed to do anything. It’s possible that what they panickedly did at the last second wasn’t actually what Shopify had intended.
pityJuke2 days ago
From all I can observe, it does seem to have a sinister political undertone. In that, Ruby Central's collapse started because Sidekiq disagreed with them platforming dhh, and then Shopify (who has dhh as a board member, and whose CEO races with dhh) used the funding weakness to demand a purge of anyone they disagreed with.
As an aside, I imagine the discussion of this will be end up being... difficult, because people are tending not react to these sorts of things well.
lamontcg2 days ago
> who has dhh as a board member, and whose CEO races with dhh
Oh, so this is just dhh doing a hostile takeover of core ruby infrastructure where previously he had to try to work with people, now he can just tell people what he wants to be done, because they work for him.
ksec2 days ago
>Ruby Central's collapse started because Sidekiq disagreed with them platforming dhh
I remember Ruby Central denied they ever tried to deplatform DHH. But now when they are platforming DHH Sidekiq wants out.
I honestly think it is may be way simpler. Shopify is willing to sponsor and put money into it but they also want it done ASAP, preferably now. They give a deadline and Ruby Central didn't think, plan or act until too late.
And the moment it was badly done, politics creeps in.
kmacdough2 days ago
I suspect they underestimated the lashback. They wanted to make their changes whenever they wanted, to fit their specific needs. They didn't think twice about the community, so much so that they didn't consider the community might not stand for it.
And history ain't written. Who knows how this will hurt them.
flkiwi2 days ago
There are arguably larger reputational risk issues in a company with significant financial/payment activities not having adequate control of their technology. I'm not saying that justifies anything here as I don't know nearly enough about, but I'd wager that even a minor incident arising from them not adequately controlling their stack would create infinitely more issues than this move.
hiharryhere2 days ago
If supply chain integrity is the issue specifically for Shopify, couldn’t they run their own private, internally facing gem repository and whitelist everything that goes there? It’s not a requirement to use the public rubygems.
kenhwang2 days ago
They probably thought it would be easier to takeover rubygems than ensure every dev and every machine for every possible ruby tool could be and is pointed at the internal gem repository.
Let's be paranoid for a moment. What if there's a supply side attack on a gem used by Homebrew. That's basically installed on every dev machine, auto-updates automatically/silently, could have sudo, that no one would care or even know how to point at a private gem repository.
yakshaving_jgt2 days ago
It was my understanding that they wanted to use Nix to solve this problem.
3eb7988a16632 days ago
I too am scratching my head at this. If the problem is the outside community could be a risk, just do not drink from the firehose. Have processes in place to slowly vet and bring the outside world indoors.
Then again, that is not a very web scale suggestion.
hobs2 days ago
I dont understand how "well let's just manage the entire ecosystem" could help this problem.
flkiwi2 days ago
That's not what I said. I was responding to the parent comment's statement that "I’m assuming there’s a ton of reputational risk in this move" by noting that, in relative terms, this likely isn't something people are paying attention to outside a very, very narrow universe.
jcmfernandes2 days ago
Exactly. While it seems like the overarching goals were well-suited, the process was... WTF.
apercu2 days ago
Supply chain attacks are big shareholder news lately?
zorpner2 days ago
DHH joined their board in 2024 [0], and is using this opportunity to purge people he disagrees with politically from the Ruby ecosystem. It really is as simple as that.
Isn't most of the reputational risk going to Ruby Central?
th0ma52 days ago
Money. Some people seek to extend their claimed intellectual property into previously uncapitalized contexts.
teeray2 days ago
> Ruby central was short for cash, Shopify used that to pressure them into a takeover of several core community repos like bundler so that Shopify can control those indirectly
Sounds like a variant of the xz takeover, but using money this time and in public.
retrorubies2 days ago
I’ve always acted as a community-oriented person, so I feel it’s my duty to share what really happened, what the current state is, and why Ruby Central has failed in the eyes of the community. This is my perspective — and why I’m leaving Ruby Central by choice, but am being forced out of Bundler, RubyGems, and RubyGems.org.
bradly2 days ago
fwiw... rubygems.org was one of the only open source projects I contributed to on a regular basis (albeit once every year or two) and it was always a positive experience. Sorry its gone this way for you and others.
This all reminds me of the feelings after Merb was put down after pressure from Engine Yard so they could guard against their Ruby on Rails hosting business.
hosh2 days ago
Do you have a source for that? I always wondered why Merb disappeared, even after Katz refactored Rails to use ideas from Merb.
> But not everyone felt so good about it. I worked for Engine Yard, and we had made our mark selling Ruby on Rails deployment to large customers like Groupon, Kongregate and Github. I got hired at Engine Yard in part because the company's founders were worried that Rails wouldn't make it long-term. They wanted to hedge against this possibility.
> Unfortunately for me, waging an all-out war against Ruby on Rails from inside of a company that makes its money selling Ruby on Rails deployment is a pretty bad life strategy.
> I don't know everything that went on behind the scenes, but Engine Yard's management eventually asked me to consider merging with Rails. If I'm being honest, they pushed me to consider merging with Rails.
I'm sure there were other reasons for the merge as well, and I don't want to take anything away from Yehuda and the decision he made at the time, but I was a volunteer at the first MerbConf just a couple months before the "merge" and it all felt very sudden and at odds with the direction the project was headed. I had my cynical take that EY was behind the move, but those were just my personal feelings. Honestly it was refreshing to read Yehuda's story 12 years later as it helped put some of the pieces together as to why.
Not that he has any real power here, but has anyone asked Matz what he thinks about all this?
kimos2 days ago
He usually just stays out of this stuff.
The funny thing about inventing a language you love, is you spend your career writing C rather than actually writing code in the language you love.
em-bee1 day ago
pike devs put it this way: we are writing C so you don't have to.
dismalaf1 day ago
He's pretty tight lipped about his opinions. He does seem to get along with DHH and Tobi though, he shared a stage with them at one Rails World...
Also I doubt the culture warriors are going to get what they want from Matz, he's a devout Mormon, a religious group known for conservative beliefs.
thebrog16 hours ago
It's usually conservative religious groups that are culture warriors, so this would be getting what they want
dzdt2 days ago
This post jumps into the center of some controversy in a very unclear place. Is there a short (preferably neutral) summary of what this is all about somewhere?
LightBug12 days ago
See the link in the third paragraph of this fine article.
DHH created Rails, but he didn't write Rails - a large community did. This is an attempt to be factual. Linus created Linux, but he didn't write Linux. Etc.
Criticizing an *individual* for stopping to *donate* is pointless.
cortesoft2 days ago
You picked ONE of the controversial things DHH has written about, and you chose one of the least controversial ones.
IshKebab1 day ago
That was the only one I found! What's the worst then?
Analemma_2 days ago
[flagged]
istjohn2 days ago
See also the incident ca. 2021 when a third of 37signals employees left the company over heavy-handed policing of employee speech[0].
Supporting Canadian truckers was a straw? And that somehow broke the camels back because of misogyny in slides and booth ads (showing a pretty girl?).
Because of this they lost a 250,000 sponsorship from sideiq which then gave leverage to shopify to takeover the community because of a fear of this rv tool.
In the end their communities purity tests lost them everything.
jherdman2 days ago
You need only skim his blog to see why. He’s increasingly hostile to minorities of all sorts.
Beyond that, Mike (author of Sidekiq) is more than welcome to withdrawal his funding as he wishes. That’s how this works.
pmontra2 days ago
> My critique is directed at the process, not at people.
People are not logs floating helplessly in a river. People take decisions and make things happen. They create and run the process, not viceversa.
The critique must be directed at people.
Terr_2 days ago
Right, people build Unaccountability Machines [0] to shield themselves, which range from justified to malicious.
The solution is to design package managers around the uniform resource identifier: a way to locate online assets that is mostly (ignoring DNS) decentralised and better than having one org own all the packages.
Are there any reliable decentralized package distribution systems operating at within 2 orders of magnitude of that scale? How do they handle administrative issues such as malicious packages or name squatting? Standards updates? Enforcement of correct metadata? And all the other common things package indexes need to handle.
I'm clearly skeptical, but would be very interested in any real world success stories.
nextaccountic1 day ago
There is, the web. The web distributes code directly to end users at a much larger scale. To distribute the bandwidth costs, the web is federated: to depend on a script you refer to its url, and whoever hosts this url foots the bill.
Deno is a Javascript implementation for the backend that attempts to mimic this pattern (it later introduced a more npm-like centralized repository, but afaik it's optional). Deno is of course less popular than Python, but its url-centered model can really scale imo.
notatallshaw1 day ago
> There is, the web. The web distributes code directly to end users at a much larger scale. To distribute the bandwidth costs, the web is federated: to depend on a script you refer to its url, and whoever hosts this url foots the bill.
But the Web is notorious for the problems I listed, you end up with standards around not following standards. It leaves almost all the responsibility on the client tool (browser or whatever) to do validation to stop malicious sites, name squatting, accepting and "fixing" poorly constructed metadata etc.
> Deno is a Javascript implementation for the backend that attempts to mimic this pattern (it later introduced a more npm-like centralized repository, but afaik it's optional). Deno is of course less popular than Python, but its url-centered model can really scale imo.
I was not familiar with Deno, I've done some shallow reading on this now and it's certainly interesting. I don't know enough about the JavaScript world to make a comment on the pros or cons.
But I don't think can work for Python, as transitive dependencies would immediately conflict as soon as dependencies required a different version of the same transitive dependency. And the guarantee of Python packaging is you only have a single version of a library installed in an environment, while it can cause some dependency solver headache, it also solves a lot of problems as it makes it safe to pass around objects.
hellcow2 days ago
Go does this, and I’d say it’s been highly successful.
cortesoft2 days ago
You can absolutely use bundler and gem without touching the rubygems servers. You can point to an alternate rubygems host (including one you run yourself), point to a git repo, or a local gem file source
rmoriz2 days ago
This resembles the "monolith" vs "micro-services" discussion. If you spread the packages over thousands of domains, hosts, providers, reliability will be horrible. And it's uncontrollable. In theory, RubyGems could run code analyzers on all uploads to detected malware. Good look if you just haven an index of repositories/packages hosted elsewhere.
nenenejej2 days ago
Step 2: store a copy of the library in your repo.
Sounds nut? We used to do this with .dlls in sourcesafe and was fine. boring.
hosh2 days ago
That sounds like a neat idea. Do you have a proposal for that?
Would it be compatible with specifying urls (such as git repos)?
hiharryhere2 days ago
Bundler already does this.
# From a specific branch
gem 'my_gem', git: 'https://github.com/user/my_gem.git', branch: 'development'
# From a specific tag
gem 'my_gem', git: 'https://github.com/user/my_gem.git', tag: 'v1.2.3'
# From a specific commit (ref)
gem 'my_gem', git: 'https://github.com/user/my_gem.git', ref: 'a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0'
hosh2 days ago
Yes, I know bundler does that. But I thought we were talking about urn instead of uri. Seems I was mistaken.
the__alchemist2 days ago
Tangent: IMO this is why you keep your repos under your account, and don't give them over to a group acct. Unless you no longer want/care about control, or things like this happening. If that's the case and you've moved on or are OK with moving on, then do the group account.
viraptor2 days ago
I'm large enough environments, it's not really safe to use individual accounts. A hack/takeover while someone's on holidays could take days to resolve. People leaving the project, getting sick, dying would cause havoc on processes and ownership. Once thousands of people depend on your project, you really should move it into an org with others.
duxup2 days ago
Someone took over the supply chain … to save the supply chain from someone taking it over?
cyanydeez2 days ago
the best evidence of unilateral decision making is the basic fact that github provides a direct route to _open issues and discuss changes_.
Did they do that?
fencepost2 days ago
As a complete outsider I mostly find myself wondering if there's legal recourse for those who were forced out (noting the clear distinction that one person was commenting on between the service owned by Ruby Central and the code that Ruby Central likely has no legal claim to).
1a527dd52 days ago
Crazy to see that embrace, extend, and extinguish are still fundamental game plans.
I guess the only lesson here is trust no one and keep your repos under your account.
istjohn2 days ago
How does this fit the EEE pattern? For reference, here is Wikipedia's description of EEE:
> "Embrace, extend, and extinguish" ... is a phrase that the U.S. Department of Justice found was used internally by Microsoft to describe its strategy for entering product categories involving widely used open standards, extending those standards with proprietary capabilities, and using the differences to strongly disadvantage its competitors.
Not every instance of corporate bad behavior in open source is EEE. Shopify isn't in competition with open source or potentially threatened by open source. They are not extending open standards or technology.
Maybe I'm being pedantic, but I'd rather not muddy the water with unhelpful, sloppy metaphors.
charcircuit2 days ago
Also, that wikipedia quote is wrong as it wasn't used internally at Microsoft.
glimpse93482 days ago
Just a glimpse:
> London is no longer the city I was infatuated with in the late '90s and early 2000s. Chiefly because it's no longer full of native Brits [1]
I am so disappointed by this - thought he was a nice guy.
mr902102 days ago
For some reason I always had a feeling about him. Perhaps I couldn’t understand why a guy that did so well in life like him found so much time to pick fights on Twitter. With the kind of money he had, I’d pay to be anonymous.
rmoriz2 days ago
I've seen a lot of "formerly nice guys" falling. It's very hard to let people go and to deal with them if necessary (like using their project). To this date I can't understand why he went this route. He's successful, family guy, very rich. Why going after immigrants, poor, diverse people? Same with Musk. He's a prototype awkward guy yet he started a holy war against all DEI. WTF. Don't get it.
wahnfrieden2 days ago
dhh is fully mask-off maga
He also has a history of this kind of posting
> There was the post where he described an ad featuring a plus-sized Black women as “grotesque” and celebrated the ads being replaced with ones featuring “blond babies”
blackbell2 days ago
[flagged]
blackbell2 days ago
[flagged]
tpm1 day ago
One of the issues is that London in that time was very far from "full of native Brits". The 60% he mentions were mostly not seen in the streets when I visited first in 1997, mostly because they lived in the suburbs.
There is nothing at all brave or heterodox or anything positive at all in supporting violent criminal fascists like Robinson. Yes, it is wrong.
KevinMS1 day ago
I'm baffled this is considered wrongthink. A place is more than a place, its a native culture too.
nicce2 days ago
Imagine if someone did the same for Rust. I could not count all new crab languages.
pyridines2 days ago
[flagged]
marcellus232 days ago
I see nothing in the post that suggests it was written with AI.
viccis2 days ago
It's very clearly written with ChatGPT's authorial voice. The very prominent sprinkling of bold intensifiers, the frequent organization of things into lists to make arguments, the use of emojis in the full context pages, the overwhelming use of em dash to structure sentences, overuse of "it's <whatever> — not <whatever>" type cliches, etc.
It's likely because he's not a native English speaker, hence the perfect grammar and spelling in the contents of the gist, but the obvious grammatical error in the title ("Why I leave Ruby Central") that he likely typed himself.
Given his reason for doing it (non-native speaker), I don't think it's fair to really criticize him for it, but if you can't spot this as AI writing, then you might want to do some research on how to do so.
BolexNOLA2 days ago
It’s just a thing people casually throw out now to discredit pieces or indirectly say that the person who wrote the piece is a bad writer
runako2 days ago
> indirectly say that the person who wrote the piece is a bad writer
or a good writer. A lot of the so-called tells are things that are more likely to be done by professional writers under the care of a professional editor. For example, many people assume the presence of an em dash means text was written by an LLM, when obviously LLMs did not invent punctuation marks.
viccis2 days ago
Good writers who used em dashes before AI tend to use them the traditional way—with no space around them and to emphasize a parenthetical. AI uses it with spaces around it — as an all-purpose conjunction.
BolexNOLA2 days ago
Yeah I use em dashes probably every day. It’s only recently that people have started taking issue with it lol
viccis2 days ago
I used to think people here didn't really use them before AI, but I actually downloaded a dataset of all comments over like a decade or so and counted the number of comments with an em dash, and it didn't actually change much around 2022-2023 like I had expected.
It's the spacing that's usually the giveaway to me, as well as the fact that it's not as common for people to use them like semicolons. They use them for parenthetical clauses more often. Any time I see them used with spaces as a general purpose conjunction, THAT'S when I think AI.
BolexNOLA2 days ago
I have a very conversational way of writing partially because I do voice to text a lot, so the em dash just “feels” better to me than a semicolon typically.
__d2 days ago
Agreed: a semi-colon is a bit stop-start, while a en-dash just flows.
I’ve used them, with spaces, for decades. Minus-minus in plain text, and autocorrect reads that nicely.
I sometimes use an em-dash, but mostly in LaTeX: they’re too awkward in plain text.
I use ellipses too …
Supermancho2 days ago
Not sure why you think this is relevant. The issue is about Ruby Central's failure to make a coherent statement or mea culpa, which the Github post does. AI influence is incidental.
scottydelta2 days ago
It’s not relevant but that’s the only way wannabe writers can make themselves feel good about not contributing.
Imagine discovering the accounting fraud at Exxon back in 2000s and using calculator to prove it, only for people to discount you because you used calculator and didn’t calculate it yourself.
tuyosvawnt2 days ago
it was never clear what the niche of Ruby was other than being a modernish scripting language for non-critical web dev. I remember Ruby on Rails becoming trendy for web startups with inexperienced programmers (I was one of them) to prototype things in because Active Record was a simple ORM for its time, outside of that there wasn't much other justification for the stack and since the proliferation of similar easy-to-use frameworks in other languages it hasn't been necessary
hosh2 days ago
The proliferation of frameworks came about from the ideas and design of Ruby on Rails. MVC and ORM had been around before web apps, but it was not consistently used in a web framework until Rails. Convention-over-configuration, “nested doll pattern”, and Rack protocol were all ideas widely ported and copied into other language platforms and frameworks.
Also, ActiveRecord gained significant capabilities with named scopes, something that isn’t as widely copied.
Finally, Ruby itself lends itself well to writing DSLs, something that Javascript and TypeScript sucks at, but sometimes I still see people try and fail.
To be fair, it is my personal opinion that there has not been anything substantially innovative since Rails 5. The features I have seen since is better done with Elixir/Phoenix, mainly because the BEAM runtime makes better concurrency primitives available.
dcrazy2 days ago
> MVC and ORM had been around before web apps, but it was not consistently used in a web framework until Rails.
WebObjects and EOF were the MVC and ORM frameworks powering Disney (Go.com) almost a decade before Rails existed.
hosh2 days ago
Were those tech open source?
A decade before Rails puts it in 1995. Do you have some resources on this? I like looking into the history of tech.
WebObjects was rewritten from ObjC to Java in the 2000s. EOF, the ORM layer it shared with NeXTSTEP/OPENSTEP, was rewritten as Core Data and released in Mac OS X Tiger.
mandevil2 days ago
WebObjects was demo'd in 1995, and Version 1.0 was released in March 1996, by NeXT (Steve Jobs and crew). In 1997 when Apple bought NeXT and made Jobs its CEO again, it became part of Apple who open sourced it in 2006 and maintained it until 2009 (it powered iTunes, among other things).
cortesoft2 days ago
Ruby has been my favorite programming language by far for 20 years now. The design decisions just make sense to me, and it is always fun to write.
It really occupies the same niche that Python does, but personally I find ruby more pleasant to work with in every way.
paulddraper2 days ago
> it was never clear what the niche of Ruby
Ruby on Rails
Chef
---
Some of the largest websites in the world run on Ruby: GitHub and Shopify.
rmoriz2 days ago
Chef seems to be almost dead. I'm still using it personally but don't know a single company in Germany still using it.
paulddraper2 days ago
I was responding to “it was never clear”
Ruby was used, for example, as the DevOps language prior to Go
charcircuit2 days ago
>This is not how open source works.
Open source is about licensing and not about governance. There are plenty of open source projects where the owner is a dictator. In this case the owner of the github organization has control over who is a part of it and who has permissions within it.
shermantanktop2 days ago
Open Source as a licensing approach, sure, but that’s the narrow definition. The broader definition is inclusive of group culture, decision-making practices, tone of communication, and a lot more.
When someone says “open source,” that’s often shorthand for the broader definition.
dangus2 days ago
[flagged]
shadowgovt2 days ago
Oof. I'm sad to see this happen.
I got off the Ruby and Rails trains ages ago (around the time that Rails changed the package management solution it used; that convinced me the whole project was not in its "adults in the room" phase yet and I couldn't be bothered to keep up with a project that would require me to pay attention to it every quarter instead of putting a project down for a year and having it mostly work when I picked it up again). Sad to say this kerfluffle hasn't exactly shifted my opinion of the ecosystem.
rmoriz2 days ago
Ruby Central should have been more involved in the development of rubygems (software) in the past and establish a community and contribution guideline, to secure the project, secure funding, maybe separating concerns (infrastructure, conferences, etc.)
However, taking away funding as retaliation for a conference talk is offensive, too. In the end facts (money) made the decision. I don't think Shopify has bad intentions.
Clearly, it's about the racists tweets and blog posts one prominent member of Rails has made. And the community needs to address this in a clear way. Not with boycotting the wrong parties, especially an infrastructure provider of our community. Thank you Sidekiq for supporting RubyGems in the past, but pulling the plug was not the best move for the community.
ipaddr2 days ago
From my reading it was about rv the new tool that hopes to replace rubygems and the push to remove the competition.
The losing of sponsorships because of the talk is what gave shopify leverage. And they used it.. out of fear over the rv tool.
rmoriz2 days ago
The offensive statement from the 'rv' readme is clearly alarming. Shopify, as every other Ruby user, is highly dependent of a working rubygems infrastructure. I can fully understand their motivation, to clarify the situation and to implement rules and separation of concerns. However, it's clear, that the whole process was a disaster in communication, planning, execution by Ruby Central.
hosh2 days ago
Chances are, this will make rv into a bigger success. Assuming the rv developers delivers on their promises. (I tried using their first version on launch only to find that the features I wanted have not been written yet).
Where are you getting that Shopify fears rv?
ipaddr2 days ago
They want Andre gone and won't allow him back according to the gist and this started because of the August 26 release where shopify starts worrying about security.
The tool looks to replace gems and it's ecosystem.
pygy_2 days ago
And the best way to build trust in the new tool is naturally to sabotage the old one.
rv builds on André's reputation. The best way to squander it would be to attack the rubygem infrastructure.
jcmfernandes2 days ago
An individual decided to stop donating 250k to an organization because he felt strongly about actions taken by the organization. How is this offensive?
rmoriz2 days ago
To my knowledge: Sidekiq is the lead project of Contributed Systems LLC.
Ruby Central also announced to end the "RailsConf" series after this year.
I fully understand and support to be angry about and cut all ties to the 3-letter-guy, but I think this Ruby Central/Rubygems issue is a case of "friendly fire".
jcmfernandes1 day ago
It's widely known - there are podcasts focusing on this - that Contributed Systems LLC is a one-man show.
Contextually it might be relevant that Ruby Central said they wanted to have a Zoom call today to explain everything, then cancelled it. This was their message.
"Hello Ruby Community, We recognize that our originally scheduled Q&A session overlaps with the observance of Rosh Hashanah and may not have been the best timing for many in our community. We sincerely apologize for the short notice of this change, especially since the session was set to take place tomorrow. In response to the feedback we’ve received, we’ve made the decision to postpone the session. A new date and time will be shared with you in the coming days. In the meantime, we invite you to watch this statement from our Executive Director. This update is intended to ensure everyone receives the same information and can view it at a time that works best for them."
Wow. I've seen less corpowashed decision making out of Microsoft. They set their house on fire, its burning down, but spraying water on it would get the curtains wet so we can't do that.
It's more the "we have to move the meeting, but can't say when, please forget about this"
That's hilarious. "Our business decisions are questionable but for religious reasons we can't talk about it right now now"
It's literally a culture's New Year's Day and a holiday...
There's an old piece of advice: If a girl cancels on you without taking the initiative to reschedule, it doesn't matter what the reason is, she's not interested.
In other words: They aren't respecting the holiday. They're using it as an excuse.
[flagged]
Soo let me see if I get the context.
Ruby central was short for cash, Shopify used that to pressure them into a takeover of several core community repos like bundler so that Shopify can control those indirectly? Is that it?
In a word, yes.
What I don’t get is, what does Shopify get from this?
I’m assuming there’s a ton of reputational risk in this move, and my understanding as an outsider is that Shopify already has a ton of weight in the Ruby ecosystem - they seem to be the one case quoted by everyone as the “proof that Ruby scales”.
It’s easy to point at politics or people and some sinister motive. Maybe that’s what it is. But don’t underestimate what can be accomplished through incompetence.
Shopify is a multi-billion dollar company that has processed over a trillion dollars. They are a high value target for sophisticated attackers. It’s entirely possible they are trying to accomplish some security and supply chain goals to protect their Ruby pipeline, but completely messed up the execution and did not predict the community interpretation and backlash.
They are a multi-billion company that is highly dependent of RubyGems and a breach could ruin their business. So they have intrinsic reasons to support anything that keeps Ruby and Rails floating.
That makes sense but, to put it mildly, I am not whatsoever a fan of corporate controlled and directed OSS. I'm even less of a fan of it when it's effectively controlled by only one corporation. The temptation to play high-handed with the community, and with the future, is overwhelming and not one that corporations seem able to resist. One example: Chromium, which is now effectively worthless as a serious web browser with support for MV2 removed, thus meaning that uBlock Origin (and the like) no longer work, due to Google forcing the issue with MV3.
I don't see the controlling aspect materializing, except forcing Ruby Central to build a reliable organizational structure. There are companies that are way more involved in controlling projects. Cloud providers or CDNs that start to sponsor, but after a while lose interest unless specific adjustments are being made.
I doubt there will ever be a run-time dependency of rubygems with Shopify. I would be more alarmed if, say, Microsoft GitHub™, Google, Cloudflare would "step up to safe the project".
... so they locked out the main security contributor, and didn't see a need to replace them?
We know very little about what happened between Shopify and Ruby Central. They said that they made no progress towards satisfying Shopify’s demands until they were 24 hours from the deadline, but not what those demands specifically were or why they failed to do anything. It’s possible that what they panickedly did at the last second wasn’t actually what Shopify had intended.
From all I can observe, it does seem to have a sinister political undertone. In that, Ruby Central's collapse started because Sidekiq disagreed with them platforming dhh, and then Shopify (who has dhh as a board member, and whose CEO races with dhh) used the funding weakness to demand a purge of anyone they disagreed with.
As an aside, I imagine the discussion of this will be end up being... difficult, because people are tending not react to these sorts of things well.
> who has dhh as a board member, and whose CEO races with dhh
Oh, so this is just dhh doing a hostile takeover of core ruby infrastructure where previously he had to try to work with people, now he can just tell people what he wants to be done, because they work for him.
>Ruby Central's collapse started because Sidekiq disagreed with them platforming dhh
I remember Ruby Central denied they ever tried to deplatform DHH. But now when they are platforming DHH Sidekiq wants out.
I honestly think it is may be way simpler. Shopify is willing to sponsor and put money into it but they also want it done ASAP, preferably now. They give a deadline and Ruby Central didn't think, plan or act until too late.
And the moment it was badly done, politics creeps in.
I suspect they underestimated the lashback. They wanted to make their changes whenever they wanted, to fit their specific needs. They didn't think twice about the community, so much so that they didn't consider the community might not stand for it.
And history ain't written. Who knows how this will hurt them.
There are arguably larger reputational risk issues in a company with significant financial/payment activities not having adequate control of their technology. I'm not saying that justifies anything here as I don't know nearly enough about, but I'd wager that even a minor incident arising from them not adequately controlling their stack would create infinitely more issues than this move.
If supply chain integrity is the issue specifically for Shopify, couldn’t they run their own private, internally facing gem repository and whitelist everything that goes there? It’s not a requirement to use the public rubygems.
They probably thought it would be easier to takeover rubygems than ensure every dev and every machine for every possible ruby tool could be and is pointed at the internal gem repository.
Let's be paranoid for a moment. What if there's a supply side attack on a gem used by Homebrew. That's basically installed on every dev machine, auto-updates automatically/silently, could have sudo, that no one would care or even know how to point at a private gem repository.
It was my understanding that they wanted to use Nix to solve this problem.
I too am scratching my head at this. If the problem is the outside community could be a risk, just do not drink from the firehose. Have processes in place to slowly vet and bring the outside world indoors.
Then again, that is not a very web scale suggestion.
I dont understand how "well let's just manage the entire ecosystem" could help this problem.
That's not what I said. I was responding to the parent comment's statement that "I’m assuming there’s a ton of reputational risk in this move" by noting that, in relative terms, this likely isn't something people are paying attention to outside a very, very narrow universe.
Exactly. While it seems like the overarching goals were well-suited, the process was... WTF.
Supply chain attacks are big shareholder news lately?
DHH joined their board in 2024 [0], and is using this opportunity to purge people he disagrees with politically from the Ruby ecosystem. It really is as simple as that.
0: https://www.shopify.com/news/david-heinemeier-hansson-board
Isn't most of the reputational risk going to Ruby Central?
Money. Some people seek to extend their claimed intellectual property into previously uncapitalized contexts.
> Ruby central was short for cash, Shopify used that to pressure them into a takeover of several core community repos like bundler so that Shopify can control those indirectly
Sounds like a variant of the xz takeover, but using money this time and in public.
I’ve always acted as a community-oriented person, so I feel it’s my duty to share what really happened, what the current state is, and why Ruby Central has failed in the eyes of the community. This is my perspective — and why I’m leaving Ruby Central by choice, but am being forced out of Bundler, RubyGems, and RubyGems.org.
fwiw... rubygems.org was one of the only open source projects I contributed to on a regular basis (albeit once every year or two) and it was always a positive experience. Sorry its gone this way for you and others.
This all reminds me of the feelings after Merb was put down after pressure from Engine Yard so they could guard against their Ruby on Rails hosting business.
Do you have a source for that? I always wondered why Merb disappeared, even after Katz refactored Rails to use ideas from Merb.
Straight from the Katz mouth via https://yehudakatz.com/2020/02/19/together-the-merb-story/:
> But not everyone felt so good about it. I worked for Engine Yard, and we had made our mark selling Ruby on Rails deployment to large customers like Groupon, Kongregate and Github. I got hired at Engine Yard in part because the company's founders were worried that Rails wouldn't make it long-term. They wanted to hedge against this possibility.
> Unfortunately for me, waging an all-out war against Ruby on Rails from inside of a company that makes its money selling Ruby on Rails deployment is a pretty bad life strategy.
> I don't know everything that went on behind the scenes, but Engine Yard's management eventually asked me to consider merging with Rails. If I'm being honest, they pushed me to consider merging with Rails.
I'm sure there were other reasons for the merge as well, and I don't want to take anything away from Yehuda and the decision he made at the time, but I was a volunteer at the first MerbConf just a couple months before the "merge" and it all felt very sudden and at odds with the direction the project was headed. I had my cynical take that EY was behind the move, but those were just my personal feelings. Honestly it was refreshing to read Yehuda's story 12 years later as it helped put some of the pieces together as to why.
For those (like me) who didn't understand what MINASWAN means, it stands for Matz Is Nice And So We Are Nice: https://en.m.wiktionary.org/wiki/MINASWAN
Not that he has any real power here, but has anyone asked Matz what he thinks about all this?
He usually just stays out of this stuff.
The funny thing about inventing a language you love, is you spend your career writing C rather than actually writing code in the language you love.
pike devs put it this way: we are writing C so you don't have to.
He's pretty tight lipped about his opinions. He does seem to get along with DHH and Tobi though, he shared a stage with them at one Rails World...
Also I doubt the culture warriors are going to get what they want from Matz, he's a devout Mormon, a religious group known for conservative beliefs.
It's usually conservative religious groups that are culture warriors, so this would be getting what they want
This post jumps into the center of some controversy in a very unclear place. Is there a short (preferably neutral) summary of what this is all about somewhere?
See the link in the third paragraph of this fine article.
Discussed today: https://news.ycombinator.com/item?id=45348390
[flagged]
Where to start...
DHH created Rails, but he didn't write Rails - a large community did. This is an attempt to be factual. Linus created Linux, but he didn't write Linux. Etc.
Criticizing an *individual* for stopping to *donate* is pointless.
You picked ONE of the controversial things DHH has written about, and you chose one of the least controversial ones.
That was the only one I found! What's the worst then?
[flagged]
See also the incident ca. 2021 when a third of 37signals employees left the company over heavy-handed policing of employee speech[0].
0. https://www.platformer.news/-what-really-happened-at-basecam...
Sounds like the heavy hand was needed tbh. Who thinks that kind of behaviour is ok at work?
I came to Rails much later. Can you link me to some examples?
Someone shared this on this thread: https://world.hey.com/dhh/as-i-remember-london-e7d38e64
Supporting Canadian truckers was a straw? And that somehow broke the camels back because of misogyny in slides and booth ads (showing a pretty girl?).
Because of this they lost a 250,000 sponsorship from sideiq which then gave leverage to shopify to takeover the community because of a fear of this rv tool.
In the end their communities purity tests lost them everything.
You need only skim his blog to see why. He’s increasingly hostile to minorities of all sorts.
Beyond that, Mike (author of Sidekiq) is more than welcome to withdrawal his funding as he wishes. That’s how this works.
> My critique is directed at the process, not at people.
People are not logs floating helplessly in a river. People take decisions and make things happen. They create and run the process, not viceversa.
The critique must be directed at people.
Right, people build Unaccountability Machines [0] to shield themselves, which range from justified to malicious.
[0] https://press.uchicago.edu/ucp/books/book/chicago/U/bo252799...
Related:
Shopify, pulling strings at Ruby Central, forces Bundler and RubyGems takeover
https://news.ycombinator.com/item?id=45348390
Ruby Central's Attack on RubyGems
https://news.ycombinator.com/item?id=45299170
A board member's perspective of the RubyGems controversy
https://news.ycombinator.com/item?id=45325792
The solution is to design package managers around the uniform resource identifier: a way to locate online assets that is mostly (ignoring DNS) decentralised and better than having one org own all the packages.
Taking PyPI as a central place of packages, it is known that their bandwidth bill would be $1.8+M per month (https://dustingram.com/articles/2021/04/14/powering-the-pyth...) were it not for Fastly giving them a 100% discount.
Are there any reliable decentralized package distribution systems operating at within 2 orders of magnitude of that scale? How do they handle administrative issues such as malicious packages or name squatting? Standards updates? Enforcement of correct metadata? And all the other common things package indexes need to handle.
I'm clearly skeptical, but would be very interested in any real world success stories.
There is, the web. The web distributes code directly to end users at a much larger scale. To distribute the bandwidth costs, the web is federated: to depend on a script you refer to its url, and whoever hosts this url foots the bill.
Deno is a Javascript implementation for the backend that attempts to mimic this pattern (it later introduced a more npm-like centralized repository, but afaik it's optional). Deno is of course less popular than Python, but its url-centered model can really scale imo.
> There is, the web. The web distributes code directly to end users at a much larger scale. To distribute the bandwidth costs, the web is federated: to depend on a script you refer to its url, and whoever hosts this url foots the bill.
But the Web is notorious for the problems I listed, you end up with standards around not following standards. It leaves almost all the responsibility on the client tool (browser or whatever) to do validation to stop malicious sites, name squatting, accepting and "fixing" poorly constructed metadata etc.
> Deno is a Javascript implementation for the backend that attempts to mimic this pattern (it later introduced a more npm-like centralized repository, but afaik it's optional). Deno is of course less popular than Python, but its url-centered model can really scale imo.
I was not familiar with Deno, I've done some shallow reading on this now and it's certainly interesting. I don't know enough about the JavaScript world to make a comment on the pros or cons.
But I don't think can work for Python, as transitive dependencies would immediately conflict as soon as dependencies required a different version of the same transitive dependency. And the guarantee of Python packaging is you only have a single version of a library installed in an environment, while it can cause some dependency solver headache, it also solves a lot of problems as it makes it safe to pass around objects.
Go does this, and I’d say it’s been highly successful.
You can absolutely use bundler and gem without touching the rubygems servers. You can point to an alternate rubygems host (including one you run yourself), point to a git repo, or a local gem file source
This resembles the "monolith" vs "micro-services" discussion. If you spread the packages over thousands of domains, hosts, providers, reliability will be horrible. And it's uncontrollable. In theory, RubyGems could run code analyzers on all uploads to detected malware. Good look if you just haven an index of repositories/packages hosted elsewhere.
Step 2: store a copy of the library in your repo.
Sounds nut? We used to do this with .dlls in sourcesafe and was fine. boring.
That sounds like a neat idea. Do you have a proposal for that?
Would it be compatible with specifying urls (such as git repos)?
Bundler already does this.
Yes, I know bundler does that. But I thought we were talking about urn instead of uri. Seems I was mistaken.
Tangent: IMO this is why you keep your repos under your account, and don't give them over to a group acct. Unless you no longer want/care about control, or things like this happening. If that's the case and you've moved on or are OK with moving on, then do the group account.
I'm large enough environments, it's not really safe to use individual accounts. A hack/takeover while someone's on holidays could take days to resolve. People leaving the project, getting sick, dying would cause havoc on processes and ownership. Once thousands of people depend on your project, you really should move it into an org with others.
Someone took over the supply chain … to save the supply chain from someone taking it over?
the best evidence of unilateral decision making is the basic fact that github provides a direct route to _open issues and discuss changes_.
Did they do that?
As a complete outsider I mostly find myself wondering if there's legal recourse for those who were forced out (noting the clear distinction that one person was commenting on between the service owned by Ruby Central and the code that Ruby Central likely has no legal claim to).
Crazy to see that embrace, extend, and extinguish are still fundamental game plans.
I guess the only lesson here is trust no one and keep your repos under your account.
How does this fit the EEE pattern? For reference, here is Wikipedia's description of EEE:
> "Embrace, extend, and extinguish" ... is a phrase that the U.S. Department of Justice found was used internally by Microsoft to describe its strategy for entering product categories involving widely used open standards, extending those standards with proprietary capabilities, and using the differences to strongly disadvantage its competitors.
Not every instance of corporate bad behavior in open source is EEE. Shopify isn't in competition with open source or potentially threatened by open source. They are not extending open standards or technology.
Maybe I'm being pedantic, but I'd rather not muddy the water with unhelpful, sloppy metaphors.
Also, that wikipedia quote is wrong as it wasn't used internally at Microsoft.
Just a glimpse:
> London is no longer the city I was infatuated with in the late '90s and early 2000s. Chiefly because it's no longer full of native Brits [1]
[1] https://world.hey.com/dhh/as-i-remember-london-e7d38e64
Strange take for a Danish living in the US.
I am so disappointed by this - thought he was a nice guy.
For some reason I always had a feeling about him. Perhaps I couldn’t understand why a guy that did so well in life like him found so much time to pick fights on Twitter. With the kind of money he had, I’d pay to be anonymous.
I've seen a lot of "formerly nice guys" falling. It's very hard to let people go and to deal with them if necessary (like using their project). To this date I can't understand why he went this route. He's successful, family guy, very rich. Why going after immigrants, poor, diverse people? Same with Musk. He's a prototype awkward guy yet he started a holy war against all DEI. WTF. Don't get it.
dhh is fully mask-off maga
He also has a history of this kind of posting
> There was the post where he described an ad featuring a plus-sized Black women as “grotesque” and celebrated the ads being replaced with ones featuring “blond babies”
[flagged]
[flagged]
One of the issues is that London in that time was very far from "full of native Brits". The 60% he mentions were mostly not seen in the streets when I visited first in 1997, mostly because they lived in the suburbs.
There is nothing at all brave or heterodox or anything positive at all in supporting violent criminal fascists like Robinson. Yes, it is wrong.
I'm baffled this is considered wrongthink. A place is more than a place, its a native culture too.
Imagine if someone did the same for Rust. I could not count all new crab languages.
[flagged]
I see nothing in the post that suggests it was written with AI.
It's very clearly written with ChatGPT's authorial voice. The very prominent sprinkling of bold intensifiers, the frequent organization of things into lists to make arguments, the use of emojis in the full context pages, the overwhelming use of em dash to structure sentences, overuse of "it's <whatever> — not <whatever>" type cliches, etc.
It's likely because he's not a native English speaker, hence the perfect grammar and spelling in the contents of the gist, but the obvious grammatical error in the title ("Why I leave Ruby Central") that he likely typed himself.
Given his reason for doing it (non-native speaker), I don't think it's fair to really criticize him for it, but if you can't spot this as AI writing, then you might want to do some research on how to do so.
It’s just a thing people casually throw out now to discredit pieces or indirectly say that the person who wrote the piece is a bad writer
> indirectly say that the person who wrote the piece is a bad writer
or a good writer. A lot of the so-called tells are things that are more likely to be done by professional writers under the care of a professional editor. For example, many people assume the presence of an em dash means text was written by an LLM, when obviously LLMs did not invent punctuation marks.
Good writers who used em dashes before AI tend to use them the traditional way—with no space around them and to emphasize a parenthetical. AI uses it with spaces around it — as an all-purpose conjunction.
Yeah I use em dashes probably every day. It’s only recently that people have started taking issue with it lol
I used to think people here didn't really use them before AI, but I actually downloaded a dataset of all comments over like a decade or so and counted the number of comments with an em dash, and it didn't actually change much around 2022-2023 like I had expected.
It's the spacing that's usually the giveaway to me, as well as the fact that it's not as common for people to use them like semicolons. They use them for parenthetical clauses more often. Any time I see them used with spaces as a general purpose conjunction, THAT'S when I think AI.
I have a very conversational way of writing partially because I do voice to text a lot, so the em dash just “feels” better to me than a semicolon typically.
Agreed: a semi-colon is a bit stop-start, while a en-dash just flows.
I’ve used them, with spaces, for decades. Minus-minus in plain text, and autocorrect reads that nicely.
I sometimes use an em-dash, but mostly in LaTeX: they’re too awkward in plain text.
I use ellipses too …
Not sure why you think this is relevant. The issue is about Ruby Central's failure to make a coherent statement or mea culpa, which the Github post does. AI influence is incidental.
It’s not relevant but that’s the only way wannabe writers can make themselves feel good about not contributing. Imagine discovering the accounting fraud at Exxon back in 2000s and using calculator to prove it, only for people to discount you because you used calculator and didn’t calculate it yourself.
it was never clear what the niche of Ruby was other than being a modernish scripting language for non-critical web dev. I remember Ruby on Rails becoming trendy for web startups with inexperienced programmers (I was one of them) to prototype things in because Active Record was a simple ORM for its time, outside of that there wasn't much other justification for the stack and since the proliferation of similar easy-to-use frameworks in other languages it hasn't been necessary
The proliferation of frameworks came about from the ideas and design of Ruby on Rails. MVC and ORM had been around before web apps, but it was not consistently used in a web framework until Rails. Convention-over-configuration, “nested doll pattern”, and Rack protocol were all ideas widely ported and copied into other language platforms and frameworks.
Also, ActiveRecord gained significant capabilities with named scopes, something that isn’t as widely copied.
Finally, Ruby itself lends itself well to writing DSLs, something that Javascript and TypeScript sucks at, but sometimes I still see people try and fail.
To be fair, it is my personal opinion that there has not been anything substantially innovative since Rails 5. The features I have seen since is better done with Elixir/Phoenix, mainly because the BEAM runtime makes better concurrency primitives available.
> MVC and ORM had been around before web apps, but it was not consistently used in a web framework until Rails.
WebObjects and EOF were the MVC and ORM frameworks powering Disney (Go.com) almost a decade before Rails existed.
Were those tech open source?
A decade before Rails puts it in 1995. Do you have some resources on this? I like looking into the history of tech.
They were not open source. They were essentially NeXT’s only successful product. https://en.wikipedia.org/wiki/WebObjects
WebObjects was rewritten from ObjC to Java in the 2000s. EOF, the ORM layer it shared with NeXTSTEP/OPENSTEP, was rewritten as Core Data and released in Mac OS X Tiger.
WebObjects was demo'd in 1995, and Version 1.0 was released in March 1996, by NeXT (Steve Jobs and crew). In 1997 when Apple bought NeXT and made Jobs its CEO again, it became part of Apple who open sourced it in 2006 and maintained it until 2009 (it powered iTunes, among other things).
Ruby has been my favorite programming language by far for 20 years now. The design decisions just make sense to me, and it is always fun to write.
It really occupies the same niche that Python does, but personally I find ruby more pleasant to work with in every way.
> it was never clear what the niche of Ruby
Ruby on Rails
Chef
---
Some of the largest websites in the world run on Ruby: GitHub and Shopify.
Chef seems to be almost dead. I'm still using it personally but don't know a single company in Germany still using it.
I was responding to “it was never clear”
Ruby was used, for example, as the DevOps language prior to Go
>This is not how open source works.
Open source is about licensing and not about governance. There are plenty of open source projects where the owner is a dictator. In this case the owner of the github organization has control over who is a part of it and who has permissions within it.
Open Source as a licensing approach, sure, but that’s the narrow definition. The broader definition is inclusive of group culture, decision-making practices, tone of communication, and a lot more.
When someone says “open source,” that’s often shorthand for the broader definition.
[flagged]
Oof. I'm sad to see this happen.
I got off the Ruby and Rails trains ages ago (around the time that Rails changed the package management solution it used; that convinced me the whole project was not in its "adults in the room" phase yet and I couldn't be bothered to keep up with a project that would require me to pay attention to it every quarter instead of putting a project down for a year and having it mostly work when I picked it up again). Sad to say this kerfluffle hasn't exactly shifted my opinion of the ecosystem.
Ruby Central should have been more involved in the development of rubygems (software) in the past and establish a community and contribution guideline, to secure the project, secure funding, maybe separating concerns (infrastructure, conferences, etc.)
However, taking away funding as retaliation for a conference talk is offensive, too. In the end facts (money) made the decision. I don't think Shopify has bad intentions.
Clearly, it's about the racists tweets and blog posts one prominent member of Rails has made. And the community needs to address this in a clear way. Not with boycotting the wrong parties, especially an infrastructure provider of our community. Thank you Sidekiq for supporting RubyGems in the past, but pulling the plug was not the best move for the community.
From my reading it was about rv the new tool that hopes to replace rubygems and the push to remove the competition.
The losing of sponsorships because of the talk is what gave shopify leverage. And they used it.. out of fear over the rv tool.
The offensive statement from the 'rv' readme is clearly alarming. Shopify, as every other Ruby user, is highly dependent of a working rubygems infrastructure. I can fully understand their motivation, to clarify the situation and to implement rules and separation of concerns. However, it's clear, that the whole process was a disaster in communication, planning, execution by Ruby Central.
Chances are, this will make rv into a bigger success. Assuming the rv developers delivers on their promises. (I tried using their first version on launch only to find that the features I wanted have not been written yet).
Where are you getting that Shopify fears rv?
They want Andre gone and won't allow him back according to the gist and this started because of the August 26 release where shopify starts worrying about security.
The tool looks to replace gems and it's ecosystem.
And the best way to build trust in the new tool is naturally to sabotage the old one.
rv builds on André's reputation. The best way to squander it would be to attack the rubygem infrastructure.
An individual decided to stop donating 250k to an organization because he felt strongly about actions taken by the organization. How is this offensive?
To my knowledge: Sidekiq is the lead project of Contributed Systems LLC. Ruby Central also announced to end the "RailsConf" series after this year.
I fully understand and support to be angry about and cut all ties to the 3-letter-guy, but I think this Ruby Central/Rubygems issue is a case of "friendly fire".
It's widely known - there are podcasts focusing on this - that Contributed Systems LLC is a one-man show.