RubyGems' GitHub Enterprise was renamed to Ruby Central, expelling existing maintainers
The name of
Ruby Central's Attack on RubyGems - goodbye-rubygems.pdf
(PDF file) https://pup-e.com/goodbye-rubygems.pdf
Ruby Central's Attack on RubyGems [pdf] | Hacker News
https://news.ycombinator.com/item?id=45299170
Below is a copy and paste of a PDF written by a maintainer named Ellen Dash about the RubyGems controversy, written by a Hacker News user.
Ellen, who has been a member of the Ruby community since she was 13 and has been a RubyGems maintainer for the past 10 years, said that on September 9, 2025, without prior warning, a maintainer changed the name of GitHub Enterprise to 'Ruby Central' and added Marty Haught, a non-maintainer of Ruby Central, as an administrator, and removed all other maintainers of the RubyGems project.
Naturally, the RubyGems community requested that the change be reverted, but the maintainer refused, stating that it could only be restored with Hort's permission. After discussions with Hort, the maintainer restored his maintainer privileges on September 15, and Hort acknowledged that the deletion was a mistake. However, Hort remains designated as the owner of GitHub Enterprise, and the RubyGems team has responded by introducing an official governance policy.
On September 18, without explanation, Haught revoked the GitHub Enterprise memberships of all administrators of RubyGems,
'I'll be clear: this was a hostile takeover,' Ellen said. 'I believe Ruby Central's actions are a threat to the entire Ruby community. Forcibly removing the people who have maintained RubyGems and Bundler for over a decade is inherently hostile. Ruby Central has crossed the line with this action.' Some have also commented that Ruby Central's actions 'go against the principles of the Ruby ecosystem.'
In response, RubyCentral released a statement on its official website.
Strengthening the Stewardship of RubyGems and Bundler
https://rubycentral.org/news/strengthening-the-stewardship-of-rubygems-and-bundler/
In a statement, Ruby Central said, 'Core to Ruby Central's mission is our responsibility as stewards of the open source tools that power the Ruby ecosystem. This commitment is only as strong as the people and processes that support it. Over the past few months, we have carefully reviewed our governance structures for RubyGems.org, RubyGems, and Bundler and have made changes to ensure these important services are supported in a sustainable, transparent, and secure manner.'
Ruby Central claims that the recent increase in software supply chain attacks made securing administrator access necessary as a proactive measure to secure the RubyGems ecosystem end-to-end.
Andre Arco, who was the open source lead at Ruby Central and the coordinator of the RubyGems project, announced his departure from the RubyGems project in a blog post, saying, 'As my teammate Ellen has noted, the RubyGems team is no more. I wish everyone the best of luck in the tremendous task of keeping package management functional and contributing to the entire Ruby community. In the meantime, I'm looking forward to using my new free time to focus on some truly exciting projects.'
Goodbye, RubyGems
https://andre.arko.net/2025/09/19/goodbye-rubygems/
Related Posts:
in Software, Web Service, Posted by log1h_ik