DEV Community

Cover image for What Just Happened to RubyGems?
christine
christine

Posted on

What Just Happened to RubyGems?

#ruby #rubygems #opensource

Bychristine September 23, 2025

And Why We Should Care

Based on some solid reporting by Joel Drapper and Ellen’s breaking details

So, the Ruby community just went through something wild, and I think we need to talk about it. On September 9th, Ruby Central basically took over the RubyGems GitHub repos and gem ownership without asking the people who’ve been maintaining them for years. It’s… not great.

The Story (As Best I Can Tell)

Joel Drapper did some really impressive investigative work here, and here’s what seems to have happened:

  • The Money Problem: Ruby Central lost $250k a year from Sidekiq after they had DHH speak at RailsConf 2025. That left them pretty much dependent on Shopify for funding.
  • The Pressure: Shopify apparently said “take control of RubyGems or we’re pulling our funding.” That’s… a pretty clear ultimatum.
  • The Messy Execution: HSBT went ahead and added Marty Haught as an owner and changed permissions before anyone really talked about it. When people complained, Marty said it was a mistake and some changes got reverted, but Marty stayed as owner.
  • The Board Vote: Even though Marty warned them about the consequences and suggested alternatives (like forking), the Ruby Central board voted to do the takeover anyway. And Marty went ahead and did it.

Here’s What Really Bugs Me

The whole thing comes down to this: Ruby Central is confusing two completely different things:

  • RubyGems (the open source code): This belongs to the community. People have been working on this for decades, unpaid, because they care about Ruby.
  • RubyGems Service (the website and servers): This is Ruby Central’s thing. They run the actual rubygems.org site.

Just because Ruby Central pays some people to work on the service doesn’t mean they own the open source code. That’s like saying you own Rails because you sponsored someone who made a PR to Rails. It doesn’t work that way.

The Communication Has Been Terrible

Honestly, this is what’s been most disappointing. Ruby Central’s response felt like corporate speak with no one willing to put their name on it. Board members keep saying things like “Ruby Central has been responsible for RubyGems for a long time” when that’s just not true—they’ve been responsible for running the service, not owning the code.

So… What Now?

How do we protect community projects?

When corporate money is involved, how do we make sure the community still owns what it built?

What about transparency?

How do we prevent stuff like this from happening again? And when hard decisions need to be made, how do we make sure everyone’s actually talking to each other?

Corporate influence is tricky.

We need corporate support to keep things running, but how do we draw the line between “helping” and “taking over”?

Trust is broken.

Can we still trust Ruby Central to look after our infrastructure when they’ve shown they’ll take over community projects if a big company tells them to?

Look, I get that running infrastructure is hard and expensive. But this wasn’t about infrastructure—this was about taking control of open source code that belongs to the community. And doing it under the guise of “supply chain security” when it was really about corporate pressure just makes it worse. The Ruby community deserves better than this.

Sources: Joel Drapper’s deep dive, Ellen’s initial report

Top comments (0)