top | item 45536038

(no title)

wgjordan | 4 months ago

I think the biggest missing piece in the opposing accounts of this incident is how exactly the production-access removal was communicated. There's a huge gap between how the two posts are framing the clarity of the communications that happened on Sept 18:

> September 18 2025 18:40 UTC: Ruby Central notifies Mr. Arko, via email, of the board’s decision to remove his RubyGems.org production access, and the termination of his on-call services.

> Marty Haught sent an email to the team within minutes, at 12:47pm PDT [19:47 UTC?], saying he was (direct quote) “terribly sorry” and “I messed up”. [...] the complete silence from Shan and the board, made it impossible to tell exactly who had been authorized to take what actions. As this situation occurred, I was the primary on-call.

André also mentioned that he disclosed further remaining production access a few days ago, on Oct 5. Looking forward to Ruby Central's followup post-incident review for this subsequent incident, which they failed to address or mention at all in their initial publication.

discuss

skywhopper|4 months ago

Yeah, given that RC was willing to publish an email from Arko about an unrelated topic in their “security incident review”, it’s unfortunate they aren’t publishing how the access suspension was actually communicated to folks. Sounds like it was sudden enough and weird enough that Arko’s actions in response of locking down the AWS account were totally justified.

emmelaich|4 months ago

So weird that Marty is using corporate speak to someone who I presume he's been working with for up to ten years.

All of them really, not just Marty H.