WingNews logo WingNews
top | item 45326382

(no title)

corytheboyd | 5 months ago

Very reasonable other side to this story, which doesn’t come as much of a surprise. Too bad it didn’t hit the front page.

People went WAY too far WAY too fast on this. There HAS to be urgency to this, the software supply chain is presently, undeniably, under attack.

Frankly, everyone blasting RubyCentral the last few days should feel shame and embarrassment. These aren’t evil suits at Microsoft, they’re normal people invested in maintaining a critical piece of infrastructure for the good of all who love and profit from Ruby.

discuss

order

jaredcwhite|5 months ago

What? This article is absolutely damning re: RC's leadership and the utter lack of proper transparency, strategic planning, marketing/PR, and solid OSS governance. Did we read the same article?!

corytheboyd|5 months ago

Honestly I don’t know how to feel about it anymore, but I found the rhetoric way too explosive at the time, when nothing was really known. Now that some time has passed, and more has been said… yeah I get your point too.

Ruby has been a HUGE part of building my career, I don’t want to see it slide away one questionable move at a time into full corporate control. It’s not TOO hard to see how this whole thing could just be step one of that :/

picadi|5 months ago

i read the article, but didn't see anything damning about it. how big of a staff do you think a tiny 501c3 like RubyCentral is? RC shepherds a pretty small community around a niche DSL with a shoestring non-profit budget that mostly goes towards running conferences.. you can see their financial reports here https://projects.propublica.org/nonprofits/organizations/300...

expectations around "strategic planning" and "marketing/PR" are not realistic. You should just be glad these randos don't have admin access to the Github org anymore. Any one of them were huge targets for adversaries who want to ship malware in Rubygems, supply chain attacks are very real and having commit access directly to rubygems/bundler is too powerful for a rando.

my main takeaway from reading all this is why were so many assorted people given such high levels of access..