"Davis posted [PDF] about a sequence of events beginning on September 9 when the RubyGems GitHub enterprise was renamed to Ruby Central, the company's director of open source Marty Haught added as maintainer of RubyGems, and every other maintainer removed. Six days later, the changes were mostly undone, which Haught described as a mistake, but he remained as owner of the GitHub enterprise. Then on September 18, Haught removed all admins on the RubyGems and Bundler teams from the GitHub organization, and revoked access to the bundler and rubygems-update packages."
""in consultation with legal counsel and following a recent security audit, we are strengthening our governance processes, formalizing operator agreements, and tightening access to production systems. Moving forward, only engineers employed or contracted by Ruby Central will hold administrative permissions to the RubyGems.org service.""
"Davis said that "the forceful removal of those who maintained RubyGems and Bundler for over a decade is inherently a hostile action," and resigned from her position at Ruby Central."
Davis described a September 9 sequence in which the RubyGems GitHub enterprise was renamed to Ruby Central, Marty Haught was added as maintainer, and other maintainers were removed. Most changes were partly reversed days later, but Haught remained owner of the GitHub enterprise. On September 18 Haught removed all admins from the RubyGems and Bundler teams and revoked package access to bundler and rubygems-update. Davis characterized the removals as hostile and resigned from Ruby Central. Ruby Central announced governance tightening, operator agreements, and that only employed or contracted engineers will hold administrative permissions while policies are finalized.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]