Updates
9:59AM ET
Will update with more info as I learn more. But here’s everything I could find so far.
10:15AM ET
Added a link to the open letter from RubyCentral. They are hosting an open Q&A Zoom on 23 September🔀.
12:46PM ET
Still not a whole lot of clarity about the situation, but additional links added below.
The people I’ve spoken with that know many of the technical folks involved (Marty et al.) have vouched for the character of those technical people. Rhiannon Payne’s commentary suggests this is a leadership issue. Based on the rather tonedeaf and apparent doublespeak of the official word of Ruby Central, that seems to track pretty well.
There is an ongoing discussion about governance initiated by Martin Emde that is being actively mediated by Mike McQuaid (from Homebrew). However,
The arms-length appearance of this is that it was a perhaps well-intentioned but horribly-executed maneuver. The security / safety of RubyGems as a service seems presently intact. Since the last update by Marty Haught, Emde appears to be dissatisfied with the state of things and is, perhaps, also withdrawing in solidarity with Ellen Dash? This is unclear as there has not been a formal statement outside of that update.
Officially / Openly Stated withdrawal from RubyGems / RubyCentral
- Ellen Dash (RubyGems)
- André Arko (RubyGems)
- Martin Emde(?) (RubyCentral)
- Rhiannon Payne (RubyCentral)
- Sam Giddins (RubyCentral)
- Josef Šimánek (RubyCentral)
Discussion and relevant links happening presently
- @duckinator’s open letter of resignation
- @duckinator (as @puppy)’s thread on Mastodon
- @duckinator’s PR self-removing from maintainers list
- André Arko’s letter of resignation
- Discussion thread on /r/ruby
- Discussion thread on YCombinator
- Martin Emde (another Rubygems maintainer)
- Martin Emde’s Governance Model proposal
- Letter re: the takeover from RubyCentral
- Article about the RubyGems supply-chain attack referenced in the RubyCentral open letter
- Rhiannon Payne (former Ruby Central employee) commentary (previous statements deleted)
- Joel Drapper writing about Shopify’s influence on RubyCentral
- Board member Freedom Dumlao’s “(…) perspective of the RubyGems controversy”
- Jared White’s summary editorial
Ellen Dash (@puppy / @duckinator)’s initial open letter
## Ruby Central’s Attack on RubyGems
Hi! I’m Ellen, but you probably know me as duckinator or puppy.
I really wish I didn’t have to write this, but I feel the Ruby community needs to know it.
I have been part of the Ruby community since I was 13, and one of the RubyGems maintainers for the last decade.
This community has helped me through very hard times, and you mean the world to me.
One of the most important lessons I learned from y’all is this:
> A person’s character is determined not only by their actions,
> but also the actions they stay silent while witnessing.
## This Month Has Been A Fuck Of A Year
This is what unfolded between September 9 2025 and September 19 2025, as I understand it.
On September 9th, with no warning or communication, a RubyGems maintainer unilaterally:
renamed the “RubyGems” GitHub enterprise to “Ruby Central”, added non-maintainer Marty Haught of Ruby Central, and removed every other maintainer of the RubyGems project.
He refused to revert these changes, saying he would need permission from Marty to do so.
On September 15th, this maintainer said he restored the previous permissions after talking with Marty. Marty stated the deletion was a “mistake” and “should never have happened”.
The “restoration” kept a notable change: Marty was now an owner of the GitHub enterprise.
The RubyGems team responded by immediately began putting in place an overdue official governance policy, inspired by Homebrew’s.
On September 18th, with no explanation, Marty Haught revoked GitHub organization membership for all admins on the RubyGems, Bundler, and RubyGems.org maintainer teams.
By doing this, he took control for himself and other full-time employees of Ruby Central.
Later that day, after refusing to restore GitHub permissions, Ruby Central further revoked access to the bundler and rubygems-update gems on RubyGems.org
I will not mince words here: This was a hostile takeover.
## My Stance On This
I consider Ruby Central’s behavior a threat to the Ruby community as a whole.
The forceful removal of those who maintained RubyGems and Bundler for over a decade is inherently a hostile action. Ruby Central crossed a line by doing this.
When called out, these changes were mostly reverted. Then, it was done again.
By crossing that line a second time after being called out for it, Ruby Central has made it extremely clear to me that they are not engaging in good faith.
Ruby Central’s behavior has forced my hand. I refuse to watch this without speaking up.
I am resigning from my position at Ruby Central, effective immediately.
To remove any doubt: Ruby Central unilaterally, with no explanation, revoked all access to RubyGems against both my wishes and the wishes of the entire RubyGems team.
Ellen Dash (@duckinator)