At this point, it's probable that any attempt to just list the pertinent events isn't going to end up being as neutral as one might hope because even the choice of what context to include or exclude is itself editorial. This is the same lesson people might learn in a high school history class, just applied to something much more recent.
Perfect neutrality is unachievable but that doesn't mean that every possible way of presenting the facts is equally valid, or even that it's impossible to distinguish presentations that are or aren't missing important context (see, e.g., the surprising success of Twitter's Community Notes).
You’re likely aware, though it’s worth mentioning, that the new owners ousted all existing maintainers without any explanation[1]. This follows a prior incident where access was revoked and later restored, with assurances that it was a mistake. This situation can only be viewed as a malicious attack, in which only the new owners had a full understanding of what transpired. Changing the password was a reasonable and appropriate response that any competent person in a similar position would've considered.
I’m shocked that we seem to be experiencing a Freenode 2.0 situation, but with some supporting the usurpers instead of the longstanding maintainers. It’s only been four years since the Freenode debacle, yet certain types of people seem to have grown bolder since then. A "win" for freedom of expression, huh?
> When they finally did reply, they seem to have developed some sort of theory that I was interested in “access to PII”, which is entirely false. I have no interest in any PII, commercially or otherwise. As my private email published by Ruby Central demonstrates, my entire proposal was based solely on company-level information, with no information about individuals included in any way. Here’s their response, over three days later.
https://andre.arko.net/2025/10/09/the-rubygems-security-inci...
I'm only going by the corporate narrative structure of the director's post, who clearly wants to throw someone under the bus and cover up organizational incompetence. "Open" source has become so despicable.
"As this situation occurred, I was the primary on-call. My contractual, paid responsibility to Ruby Central was to defend the RubyGems.org service against potential threats."
