Why I'm not rushing to take sides in the RubyGems fiasco
justin.searls.coContext: Justin Searls is a “high profile” person in the Ruby and Rails community. He has a reputation for being a nice person and behaving in good faith.
From a personal standpoint, I can easily take his words at face value. I’m also curious about the views of Aaron “tenderlove” Patterson, who has a similar reputation.
Now that Justin has spoken out, maybe Aaron will take the opportunity to. Both tend to stay out of drama.
Some additional context is that Justin Searls is close friends with people who are or have been on Rails Core and/or at Shopify. I've long been a fan of Justin's work, and I've spent time with him at conferences so I can attest to him being a nice person in my experience… But, given the alleged parties at play here, it's hard to take this piece as unbiased when it lacks that disclosure
It's an opinion piece by a trusted member of the community. He doesn't need to act unbiased but be credible and informative. As he wrote in his disclosure:
> People whose livelihood depends on the health of the Ruby ecosystem deserve more information than they're getting, especially now that its operational stability has come under threat.
On this count, Searls' article has done the work. I didn't know that Andre Arko baselessly threatened Google with lawyers, or that Andre played fast-and-loose with people's donations. That information was excluded from "unbiased" analyses and fact-checks which seem to largely target Andre's enemies.
The problem is not that Searls has opinions, it's that this petty hit piece against Andre was heavily wrapped in neutral, 'all I can do is offer a little bit of context', 'I'm not rushing to take sides' framing language, resulting in a disingenuous, passive-aggressive tone.
Why is Justin dredging up that one time eight years ago when Andre mistakenly called out a repo for infringing upon his employer's work (for which he publicly apologized five hours later)? Why is he harping on anecdotes from nine years ago in order to suggest Andre may have allegedly (gasp) expensed technology purchases and business meals to his employer? What does this all have to do with the current situation, other than unnecessarily stir the pot with a laundry list of old petty grievances fed to him by a bunch of anonymous contacts ('a lot of different people told me a lot of concerning stories')?
I think the author's close ties to Rails Core / Shopify employees is extremely important context for this post, especially since it's context that's been intentionally hidden by a neutral, unbiased framing.
Aaron is employed by Shopify. Also I *think* he was part of the shopify team that took over some responsibilities and/or on-call, see here for the sudden commits after a very long break: https://github.com/rubygems/rubygems/commits/master/?author=...
In open source software, it is what is whispered behind closed doors that often matters most. The whispers in this dispute concern André. His behaviour, many quietly say, is the principal cause of the dispute with RubyCentral. His practical contributions over the past year have been scant, yet other maintainers suggest that if he were removed from the GitHub organisation’s ownership, they would simply reappoint him.
Few dare state as much in public, hence the anonymity. The reason is straightforward: André has previously threatened legal action, and appears to be pursuing it once again. RubyCentral, for its part, has bungled the handling of the matter. But André has managed — with the exception of this one post — to cast himself not as a long-time beneficiary of his open source work, drawing maximum financial gain from it, but rather as an aggrieved victim of institutional mismanagement.
Aaron did RT the post here which likely indicates some agreement with the sentiment in it: https://x.com/searls/status/1972293469193351558
Also he shared it directly while saying it was good here: https://x.com/tenderlove/status/1972370330892321197
Aaron has shared this same article, on Bluesky - https://bsky.app/profile/tenderlove.dev/post/3lzw5byy7xc24
This seems to be mostly "I dislike Andre" and not really about the current events?
I think a total of half a paragraph is about current events in any form.
I got a similar feeling. The article’s title and closing paragraph reference not taking a side, but sandwiched between those are a lot of words that to me clearly indicate a “side” taken by the author.
Through all this I will say that Ruby Central hired a non-technical director whose responsibilities I would expect to include communication and operational expertise to not let these situations happen or at least contain the volatility. That was a failure by Ruby Central regardless of the actions of engineers.
Yeah, you can total up all the things he's said about Andre Arko, and even just accepting all of his spin and framing, I don't understand how it adds up to Shopify's actions being legitimate.
And I was part of the Ruby community for the period being addressed in the blog post, and I interacted with him back then, and he was certainly at a minimum difficult to deal with. None of it seems to be relevant at all to what just happened. Whatever Andre did or didn't do with Ruby Together funds, that organization no longer exists.
Also, in not into the faux shock at him paying himself $200-$250/hr as his rate for RT. He's presumably paying his own health care and living in SF so that actually seems pretty reasonable. If he was employed at a tech company earning that much, nobody would bat an eyelash.
> Also, in not into the faux shock at him paying himself $200-$250/hr as his rate for RT.
The article has been updated and the correct figure appears to have been $150/hr. That seems very cheap for a contracting rate -- another comment[1] went through RT's public disclosures and it seems that he was getting paid ~$30k/yr on average (with a maximum of $60k for one year) which paints a completely different picture to TFA.
He's explaining why he's not taking André Arko's side, which one can infer he's been asked to do.
No one is expecting him to speak out in favour of Ruby Central's side, and he several times mentions how poorly they've executed and communicated whatever they're trying to do. And the complaints about that are well-known to anyone reading this post, and don't need to be rehashed.
So no, I think he is indeed reserving judgment, but because of what he feels the need to emphasize given the narrative so far, it looks disproportionately critical of one side.
Huh. I just don’t read that post and think, this is an unbiased take by someone reserving judgment.
Well, let's say he's clearly not taking Arko's side but he's reserving judgment on whether Ruby Central did a reasonable thing or whether it's "a plague on both your houses".
I think what bumps me is the reserving judgment bit. Why? And until when? Is there an exception that some revelation from Ruby Central or Shopify is going to be released that will clarify all of this? We have actions that have happened and we can form opinions based on those right now.
Given Shopify's strong internal culture of "Strong Opinions, Weakly Held" I feel comfortable holding them accountable to that same standard.
If you read more closely, the article notes potential malfeasance and cites receipts https://github.com/GoogleCloudPlatform/google-cloud-gemserve...
> Later, in August 2017, Andre accused Google Cloud Platform of wholesale copying gemstash's codebase, going so far as to threaten legal action in his opening message. He juxtaposed the accusation with the complaint that Google had, "repeatedly declined to support Ruby Together." The incident appeared to fit a pattern of behavior to pair high-conflict messaging with an admonition of the target's failure to fund the organization that paid him. Ultimately, Andre's claim turned out to be factually baseless—Google hadn't copied gemstash's code, after all.
The history strongly suggests a pattern behind current events.
And he completely apologized when it turned out he was wrong and made a hasty judgement, 5 hours later.
And a single instance of something is hardly a pattern.
I think it's trying to say "here are shady things Andre did that might have led to the current events".
While I agree, I think that was where Justin’s experience could contribute some nuance to the overall narrative.
> not really about the current events?
It's exposing events that have been somewhat of an semi-open secret among Ruby maintainers for a very long time.
The link with the current events is that so far, neither Ruby Central nor Shopify have responded to Joel Drapper accusations, so the vast majority of people only have one side of the story.
Justin is just explaining why, based on what he knows of one of the main protagonists's character, he'd rather reserve judgment. Which also happens to be my stance ever since this thing started.
For multiple years now, I've heard more than one people involved in Ruby Central telling me they were very worried of the Ruby Central relationship with André. Whether they had reasons to be worried or whether they were blowing it out of proportion, I can't say for sure. All I can say is that there was massive trust issues.
Whether he actually did something that triggered the recent events, or whether RC or Shopify tried to act proactively I don't know either. But I can only suspect that RC and Shopify are not speaking out, or at least are slow at doing it, because of potential legal consequence.
NB: Until not long ago, I was employed by Shopify, if I still was today I wouldn't be writing this comment.
I can see how you're coming away from this article with that perception, but, this needs to be read in the context of everything said prior: its intent isn't to provide you a full narrative of the situation, just additional context.
This article is the missing piece explaining why:
1. Shopify, allegedly, "specifically demanded that at least one of the RubyGems maintainers, André Arko, be excluded from returning to the project."[0]
2. Rafael França, a member of Rails Core, publicly listed concerns[1] about "competitor tooling"/"admin trust" r.e. rv.
Both are components of Joel Drapper's post that gave me pause on my first read, as these statements aren't something said without basis. That basis being correct or not is another matter, but I wouldn't expect either Shopify or a member of Rails Core to have such concerns simply because they don't like someone.
Personally, I don't come away from this article with the sense the author dislikes André, just that there's perhaps more rationale coming from a camp that's largely not said much so far.
Looking into the crystal ball of future predictions, the battle lines we're going to see in the Ruby community will be based around the acceptance or rejection of some of the allegations here about Ruby Together's spending.
I recall Ruby Together advocating for personal sponsorships in addition to corporate. It's one thing to be treating Apple adapters as disposable HB pencils & buying dinners on the company card if companies are funding you, but it's a different matter of fiscal responsibility when you're potentially spending personal donations.
Coming out of this, I'll suspect everyone will align that open-source contributors should be paid, and companies should in some way support open-source, but we'll see fractures over if André's alleged behaviour is acceptable.
I'm looking forward to someone/something assembling an entity which is trustworthy & responsible. If Ruby Central can't be that entity, we'll need a replacement.
[0]: https://joel.drapper.me/p/rubygems-takeover/#:~:text=Shopify...
[1]: https://bsky.app/profile/rmfranca.bsky.social/post/3lz7alpob...
It isn't explaining why Shopify finds André to be a risk, its explaining why Justin Searls finds André to be a risk.
> but I wouldn't expect either Shopify or a member of Rails Core to have such concerns simply because they don't like someone.
Being given authority doesn't result in a person being given the ability to be reasonable. Of Rails, there is several years of controversy of how one notable member presents his concerns and who he targets with his concerns.
From the outside, I'd argue that the most neutral way to interpret all of this is to assume good faith and trust every statement that hasn't been explicitly disagreed with by another party. Between what I've read before this blog post and what the author says here, that would lead me to conclude that Andre had years of behaving unprofessionally to Ruby Central and at least on one occasion towards Shopify itself, and then recently when Shopify became the de facto only funding source of Ruby Central, they demanded that Ruby Central take over RubyGems and Bundler, and as part of that, Andre got removed. The lack of communication around it just makes it seem like they had every motivation to try to remove him specifically, and took quite drastic actions to do so, but for unstated reasons chose not to publicize this aspect of it. If this were actually what the stated intentions of the changes were, I might understand it, even if I felt that using financial pressure on a third-party organization to remove someone from a different organization was a bit heavy-handed. Without that, it's hard to feel like this new context changes things much; even if he deserved the outcome personally, making huge changes to infrastructure that a huge community relies on to remove him seems like something worthwhile to be transparent about, and it doesn't do much to raise the level of trust that their stewardship of the infrastructure will be handled responsibly.
My opinion on this might change if the timeline of what happened were challenged in some meaningful way, but allusions to "details that would contradict fact-checks and timelines others have pieced together and published" isn't that. The only way to steel-man an argument that isn't stated is to assume infallibility, and that's just not reasonable to ask people to do.
Various related context:
Shopify, pulling strings at Ruby Central, forces Bundler and RubyGems takeover
https://news.ycombinator.com/item?id=45348390
Ruby Central's Attack on RubyGems
https://news.ycombinator.com/item?id=45299170
A board member's perspective of the RubyGems controversy
https://news.ycombinator.com/item?id=45325792
I'm leaving Ruby Central
https://news.ycombinator.com/item?id=45352432
Bundler Belongs to the Ruby Community
I wonder if there's a term for this kind of thing where people use the word "including".
As an example, I might have a non-profit that serves soup at soup kitchens and also pays me to manage it. If someone gives $100k, suppose I pay myself $90k and use $10k to serve soup.
When someone threatens to cut the contribution, I say "This will affect the non-profit's mission since the $100k a year goes to critical things like all the soup served at kitchens".
The impression is to imply that the majority of it goes to the soup. But the majority doesn't, in fact, go to the soup.
It would be useful to have a concise term for this particular kind of deceitfulness.
I know what you’re getting at.
I think you’d call it a type of ‘lie of omission’.
https://rationalwiki.org/wiki/Lying_by_omission
But also with some elements of ‘category error’
I was thinking it's Lying by Omission but that seemed to not be specific enough to this specific style of omission. Ah well, it will have to suffice unless we can think of something sufficiently pithy.
Some languages, such as English, have a term for this -
It's called "lying".
Boy do I have something to tell you about a lot of non-profits...Take Susan G. Komen with breast cancer research...
https://theappalachianonline.com/problems-susan-g-komen/
> In the organization’s 2010-2011 financial report it was revealed that Susan G. Komen only devotes 20.9 percent of the donations it receives to researching breast cancer.
My favorite one is that St Jude has 80 beds. 50% of their funding goes to fundraising or reserves.
https://en.wikipedia.org/wiki/St._Jude_Children%27s_Research...
I've been seeing the term "hostage puppies" being used for this for a while now; apparently it is associated with esr, though he himself disclaims credit (https://x.com/esrtweet/status/1891528290676199513).
It may not be a perfect fit since per the tweet, the term does not entail that there is necessarily any deceit or confusion involved - under the hostage model, the soup kitchen may be quite open about pocketing 90% of the money, as long as the implication stands that there will be nobody to distribute the remaining 10% in soup if not for them.
As for the deception/confusion aspect of it, I am not aware of a perfectly-fitting term, but Scott Alexander has been blindly groping other parts of that particular elephant for a while, e.g. in https://www.lesswrong.com/posts/yCWPkLi8wJvewPbEp/the-noncen... and https://slatestarcodex.com/2014/11/04/ethnic-tension-and-mea.... There is a common thread in that you can effectively mess with people's reasoning by manipulating their category boundaries, and this is not something that we have worked out good defenses against. Is software piracy theft? Is a fund of which 10% go towards charitable causes being used for charity? Is a TV popsci presenter with a BA a scientist?, and so on.
The LW and SSC seem to hit very close to the idea, more the former than the latter, yes. I like those. Especially the eugenics position. Thank you for that.
Fraud
Seems like a few old scores are being settled during this drama. It wouldn't surprise me if a lot of people on the side of RubyGems are avoiding commenting in case any legal disputes play out.
This is tangential to the main point of the article, but the anecdote about the dongle is interesting to me. The author's point seems to be that it was disturbing that Andre joked that being reimbursed for a new dongle (and/or meals) was no big deal. It seems to me there are three potential aspects to this:
1. Being reimbursed for a new dongle (and/or meals) 2. Joking about how that is no big deal 3. Not being transparent about whether your nonprofit blithely funds stuff like a new dongle (and/or meals)
From my perspective #3 is definitely an issue, and I can see how #2 could be annoying, but #1 is not really an issue at all, and it's not clear to me whether it's an issue for the author of this article.
It's not much of a stretch from "programmers working on open source tools deserve to earn an income that's commensurate with what salaried engineers earn at the companies who benefit from those tools" to "programmers working on open source tools deserve a level of overall employment benefits commensurate with etc.". For-profit companies routinely pay for dongles like it ain't no thang, toss money around left and right on meals (even with questionable justification), and so on and so forth. And in fact the people who benefit from this reimbursement do joke about how it's "free" to them, etc. In this context, being reimbursed for dongles and meals seems only another form of leveling the playing field.
Now of course, if people think they're donating only to pay a salary, and it turns out they're paying for meals, that's a problem (#3 in my list above). But if a person is up-front about saying "you're paying to equalize the overall compensation situation between the people who write open-source software and the people who use it", I don't think anyone should be surprised that that person expects to be reimbursed for dongles and meals. I'm not sure whether that was the case here, but, well, it's just something that stood out to me in the article.
i don't think #3 should be an issue either. buying a new dongle is a business expense. which means it should be paid from an account that is not taxed for those expenses, which i think is easier if you don't pay it from your salary. that's what i do with my company too. the extend that he benefits from that is effectively an increase in compensation, and so the only remaining question is, is the compensation fair or not.
There's an awful lot of dongle-related drama in Ruby these days.
I love this article because “I am completely neutral on this topic, anyway totally unrelated I met a guy once and kind of thought he was a dick, here is a decade+ worth of stories and rumors about him that I’ve had catalogued and ready to go” is a genuinely hilarious format for a post. It is so catty, like the dude could’ve just wrote “fuck that Andre guy. Choke on deez nuts!” and it would have the same amount of information value about whatever is going on with Ruby.
10/10 I thoroughly enjoyed that the author saw some confusion about the structure of Ruby and thought “Time to bust out The Many Crimes of Andre.xlsx”
I'm sorry but the article seems pretty biased, and doesn't really give any argument for why what happened would be in any way justified. Author keeps adding their own interpretation to Github comments and events, which — just by looking at the contents — are needlessly negative. For example [1] where commit message states
> We've been continuing to backport bugfixs to the 1.7.x series just for Heroku, but unless Heroku joins Ruby Together I don't have enough time available to make sure that continues to happen.
but OP claims it
> was interpreted as leveraging his control over Bundler as a pay-to-play scheme
I'm sorry but not supporting outdated versions of an open-source tool for a business is perfectly reasonable.
Similarly, [2] was again is described as "was interpreted at the time as indicating the feature would be withheld from Bundler because Heroku had failed to pay Ruby Together.". This is not at all how I read it — the comment just says that the open source project has priorities and not all of them can be implemented given the level of funding it has.
These are just two examples, but the article is riddled with wording like "blatant copying", "brazenly hypocritical", "was interpreted as [a bad thing]" etc.
I just feel like reading a clearly lopsided political piece intended to incite negative emotions towards something/someone. There are just enough facts to make it sound fact-based, but enough of author's own feelings and interpretation that I'm not at all convinced.
In fact, towards the end the author even states that there's been ~6 years where nothing of note happened, before the current drama. That seems like a relatively healthy situation?
[1] https://github.com/heroku/heroku-buildpack-ruby/pull/385/com... [2] https://github.com/rubygems/rubygems/issues/1811#issuecommen...
I felt the exact same as you while reading the article.
I started reading with an open mind, got a bit confused by the "dongle" joke, which the author doesn't remember but somehow it should be inappropriate. It's equivalent to saying "I think he said something bad 10 years ago but I'm bit really sure"
Then there's the part about "leverage control" to extort heroku, which was a blatant misrepresentation of events and shows a clear Agenda.
Not taking sides my ass. I can only conclude the author's reputation, as being ine of the nicest persons in the community, was earned through similar manipulation.
And since the entire article is a "take my word" type of story, the blatant bias already displayed casta a shadow of doubt over the veracity of any other claims it makes, leading me to conclude the opposite: André is actually a nice and likable person, and has good principles.
Such a blatantly biased and dishonest article.
In addition to what others said about TFA, This part jumped out to me:
> Specifically, I was sent this commit replacing references to Homebrew from late July. As evidence of Homebrew's authorship was being erased and obscured, no additional acknowledgement was added to credit Homebrew for having created and maintained Portable Ruby since 2016.
A paragraph later the author writes
> In fairness to Andre, the rv-ruby repo continues to retain a copy of Homebrew's LICENSE.txt which names "Homebrew contributors" as the copyright holder. Andre also later added an explicit acknowledgement to the README, but that attribution came more than a month later, and (I'm told) only after he was directly asked to credit the original project.
"In fairness" my ass. How can the author leverage a claim of authorship being erased, when the license is sitting there, untouched, for over a year?
And when someone told Andre to credit the original project... He simply did? Seemingly without any issues. In what universe is this an example of "obscuring authorship"?
Of course, putting this section right after the section where Andre mistakingly accused google of copying code without perserving the original license, leads you to think Andre is a hypocrite, when in fact there were over 7 years between the two "events". The storytelling is doubly dishonest because as Andre kept the original license intact, rendering all implicit claims of hypocrisy void.
In short, this article is borderline defamation.
Also:
> In August 2025, and seemingly out of nowhere, someone pointed me to the project spinel-coop/rv-ruby, an apparent fork of homebrew/homebrew-portable-ruby. I say "apparent", because rather than using GitHub's fork button—which would have maintained clear attribution of who created the upstream project—it looks like it was instead cloned and re-pushed by Andre.
GitHub has long had problems with forked repos being half broken compared to the original repo. Used to be that you couldn't search within forked repos, at the very least.
I'd actually consider it best practice to push to a new repo if you were entirely taking over a project and weren't going to be pushing upstream.
I haven't extensively researched if GH has managed to eliminate all the reduced features of forks, but after something like 15 years of using it (proabably about the same amount of time Andre has), I would reflexively establish a fresh main repo if I was setting up a project and I wouldn't fork.
This isn't really evidence of anything other than the author of the blog post looking to spin a narrative.
The idea that not using the "fork" button on GitHub is somehow obscuring authorship is unhinged -- the actual license only requires you keep license headers intact (if your license headers don't convey authorship properly, you should fix that -- as an aside, this is why I don't like the "Copyright X project and contributors" thing). AFAICS, the fork even has the full commit history of the original project (which isn't even a GPL requirement) so I fail to see how anyone could reasonably see this as obscuring ownership.
As someone who has dealt with people maliciously stripping out copyright headers before, this example just smells of someone running out of examples while trying to construct a list of petty grievances. Yes, the README of the fork was updated to stop referencing the original project, what would you expect from a fork? Would it have been nice to add a note that it was forked from another project? Yes (and he did exactly that a month later), but it's really not required and I disagree not doing so it somehow hypocritical.
And yes, GitHub forks still have a lot of limitations. I wouldn't use them when creating new projects either.
I feel like very little of that post actually addresses what occurred.
Granted that happens when folks take a form of "don't want to get into it". Maybe I missed something, but I don't think the whole blog entry means anything then.
Can I donate somewhere to have the whole RubyGems going to Japan Ruby Core and Ruby Association rather than Ruby central? Makes things simpler. Less Drama.
First OpenAI, then WordPress and now this. I think we are learning there is a point where VCs using open source become allergic to it. My only suggested solution at this point is to be honest about it. Because only then can solutions emerge.