Ruby Central's RubyGems fracture report fails to heal community wounds

Ruby Central, the nonprofit organization supporting the Ruby programming language ecosystem, has published an incident report regarding the September 2025 RubyGems fracture that has reopened deep wounds within the community. The report, authored by Richard Schneeman, a principal engineer at Salesforce and newly appointed Ruby Central board member, attempts to explain the circumstances surrounding the controversial takeover of the RubyGems GitHub repository from its long-standing maintainers.

The incident report comes after months of tension and failed mediation attempts following what many in the community have characterized as a "hostile takeover." According to Schneeman's account, the key trigger was André Arko's launch of the rv Ruby management tool and the Spinel organization without consulting Ruby Central. Arko, a former RubyGems maintainer and Ruby Central advisor who had been paid for on-call engineering work, had previously created RubyTogether, which merged with Ruby Central in 2022.

Schneeman quotes a Slack message from Marty Haught, Ruby Central's director of open source, expressing the organization's desire to "accelerate removing André," suggesting he was now viewed as a competitor. The situation escalated when Samuel Giddins, Arko's partner and a security engineer at Ruby Central, left the organization in early September. What followed was a complex series of events that Schneeman describes as "a tangle of confusion and lack of communication."

On September 2025, the RubyGems GitHub organization was renamed to Ruby Central, Haught became the maintainer of RubyGems, and all other maintainers were removed. Hiroshi Shibata, a Ruby Core member with the necessary permissions, executed these changes on instructions from Ruby Central. The move was described by affected maintainer Ellen Dash as "inherently a hostile action" against those who had maintained RubyGems and Bundler for over a decade.

The fallout was immediate and severe. After considerable back-and-forth and ill feeling, Ruby Central retained control of the RubyGems GitHub repository, while several former maintainers forked the project to create Gem Cooperative. Ruby creator Yukihiro Matsumoto (Matz) later announced that RubyGems repository ownership would transition to the Ruby Core team while continuing to be managed by Ruby Central.

Schneeman's report, approved by the Ruby Central board, acknowledges the organization's shortcomings. "These are our mistakes, collectively," he writes, hoping to "provide some closure to the community" and promising further structural changes to strengthen governance, improve transparency, and expand community participation in RubyGems stewardship.

However, the report has done little to heal the rift. Josef Šimánek, one of the former RubyGems maintainers, responded critically on Reddit, arguing that Ruby Central should have trusted and communicated with all maintainers to resolve project issues. He emphasized that there was no need for Ruby Central to own the code repository to operate the RubyGems service, and expressed concern that the organization had "thrown overboard almost the whole original RubyGems/Bundler/RubyGems.org team," putting the service in real danger during a period without on-call rotation.

Schneeman responded that part of the problem was maintainers leaving, stating, "With the other side walking away... it leaves Ruby Central holding (and owning) the mess."

The incident has broader implications for open source governance and sustainability. Mike McQuaid, who leads the Homebrew project and attempted mediation during the crisis, spoke about the incident at FOSDEM in January. He emphasized that RubyGems is "not some niche tool... we're talking about critical infrastructure on the internet."

McQuaid noted that "both sides have talked about how they've engaged in legal action with the other," which he sees as fatal to reconciliation chances. Rather than focusing on who did what, he emphasizes lessons for open source projects: "If your project hasn't argued about governance or money yet, it probably will one day. Be prepared and try to do this stuff before it becomes a problem."

When asked about the incident report, McQuaid told The Register: "This retrospective is a net positive in that it shows Ruby Central learning lessons and publishing more specific information than was previously public. I still do not think Ruby Central got, or is getting, everything right, but I am glad to see more accountability and reflection than we had before."

The RubyGems fracture highlights the complex challenges facing open source projects as they scale and professionalize. Questions of governance, control, sustainability, and community trust remain unresolved, with the incident serving as a cautionary tale for other critical open source infrastructure projects navigating similar tensions between commercial interests and community stewardship.