This isn't true according to this article: https://www.404media.co/how-ruby-went-off-the-rails/. Joel has a terrible habit of not citing his sources so I'm not sure if the post in question is the same but this seems to nullify that argument. TBF I do think there was pressure from Shopify to get compliance and security in order but saying "Shopify demanded that Ruby Central take full control of the RubyGems" is just plain not true.
mijoharas|4 months ago
One interesting thing is that Ruby Central then said "Board decisions are independent and not contingent on funding."[2].
Doesn't inspire a lot of trust when there is a statement from a board member saying "we did this because of funding".
I'm more inclined to believe Joel's account.
[0] A deadline (which as far as I understand, we agreed to) loomed. Either Ruby Central puts controls in place to ensure the safety and stability of the infrastructure we are responsible for, or lose the funding that we use to keep those things online and going.
[1] https://apiguy.substack.com/p/a-board-members-perspective-of...
[2] https://rubycentral.org/news/our-stewardship-where-we-are-wh...
joeldrapper|4 months ago
I can tell you that two people with direct knowledge of the situation told me that Shopify demanded that Ruby Central take full control of the RubyGems GitHub organisation and packages.
You can believe that I am lying if you want. But I can’t directly cite my sources in this case.
drbragg|4 months ago