Shopify, pulling strings at Ruby Central, forces Bundler and RubyGems takeover
128 comments
·September 23, 2025leakycap
bdcravens
If the current state of Ruby is "eating itself alive" then I hope it stays hungry.
remix2000
What'd Ruby do to you?
bradgessler
How has it been “eating itself alive”?
leakycap
Ruby promised programmer happiness and delivered programmer warfare.
Predating the current hostile takeover: •••the vitriol directed at early critics like Zed Shaw •••mysterious departure of _why the lucky stiff •••the contentious Code of Conduct •••DHH •••uneasy truce after the toxic tribalism of the Rails vs. Merb
There's more, but the linked article can send you down more interesting rabbit holes than more bullets on my list
bradgessler
There’s been a ton of that, yes, but for most people who are building applications and websites with Ruby, it’s been stable, productive, and prosperous.
jamesgeck0
[delayed]
insane_dreamer
_why's departure had nothing to do with the Ruby community, as far as we know (unless some new info has come to light recently)
Zed Shaw, sure, but that's a single person (though a very vocal one; I always liked his work, but he was pretty outspoken and that got under people's skin)
DHH - yes, opinionated to a fault and outspoken like ZS, prone to create division, but that was always more about Rails than Ruby (this is not a comment on DHH recently, which I know nothing about; I stopped being active in Ruby/Rails community over a dozen years ago).
Rails vs Merb - again I think you're conflating the Rails community with the Ruby community
insane_dreamer
> The Ruby community has been eating itself alive since almost the beginning,
that's an unfair take; the Ruby community was excellent at the beginning
leakycap
Having been there, I don't know what you missed but it sounds like a lot.
The project promised a lot in the beginning and some folks new to a language like Ruby were so enthused by what they could do that they didn't pay much attention to the admin drama at the beginning.
hitekker
Eh, it's a messy write-up. The article's stream of consciousness is hard to follow. Too much detail in some areas, not enough in others.
It's true Ruby Central was a fiasco and the maintainers should have been treated better. But the author's investigation misses important element like the "culture war" on both sides. That seems to be prime motivation for everyone involved, given the flames raging in the comments below.
dmix
It also skipped over the elephant in the room which is NPM's security issues.
This was likely a reaction to a mix of NPM + culture war/deplatforming, where power player got nervous and decided to clamp down on rubygems security to insulate it from hypothetical bad actors.
leakycap
> Eh, it's a messy write-up. The article's stream of consciousness is hard to follow. Too much detail in some areas, not enough in others.
I looked for your publication or helpful comments on this topic, but didn't find them. I'm sure you wrote up something with great detail but no extra detail, and I bet it's very simple for everyone to read. You made it perfect and spared no editing costs before you put it on the web. I just couldn't find it?
> It's true Ruby Central was a fiasco and the maintainers should have been treated better.
Treated better as in ... not removed from their own projects, ownership of the things they built and set up, and ostracized? That is a far stretch of "treated better"
bhouston
Why were Samuel Giddins and André Arko singled out to be removed? What was their transgressions and to whom? From the write-up it sounds like Shopify wanted them out, but why?
janpio
The article has a section about something that might be related: https://joel.drapper.me/p/rubygems-takeover/#rv
bhouston
Quote:
> In his blog post, André says, “For the last ten years or so of working on Bundler, I’ve had a wish rattling around: I want a better dependency manager. It doesn’t just manage your gems, it manages your ruby versions, too. It doesn’t just manage your ruby versions, it installs pre-compiled rubies so you don’t have to wait for ruby to compile from source every time. And more than all of that, it makes it completely trivial to run any script or tool written in ruby, even if that script or tool needs a different ruby than your application does.”
> Bluesky threads reveal that Rafael França (Shopify / Rails Core) saw this tool as a threat, saying “some of the “admins” even announced publicly many days ago they were launching a competitor tool [rv] and were funding raising for it. I’d not trust the system to such “admin”.”
So a dev was innovating to make better tool to meet their needs (which is what most open source maintainers are generally doing all day), and then some guys immediately jumped to the possibility that they would then actively sabotage RubyGems? Whoa, that is insane.
Trying to kill innovation and a start-up out of fear doesn't sound like Shopify's branding in the media.
ZhadruOmjar
At some point the majority will learn that no matter the public messaging most large companies will do what benefits their incumbency over what is best for the industry or customers.
softwaredoug
> they had a problem with Ruby Central taking control of the RubyGems open source code repositories and gems, which Ruby Central never owned.
I don’t quite get how this happened? Ruby Central can’t just reach into my GitHub and declare they own something. Was it under the Ruby central account? Or an org account that decided they “own” the repo?
joeldrapper
I said in the post that HSBT who was a maintainer invited Marty as an owner of the GitHub account. This was against the wishes of the other maintainers who had established practices for adding new maintainers.
didibus
So HSBT was the owner? And transfered ownership?
joeldrapper
HSBT was a maintainer who had "owner" permissions on GitHub.
janpio
That is explained in the "On 9 September, HSBT ..." paragraph, which describes how an existing RubyGems maintainer did - and then undid (most) - changes. A new user remained as an owner of the RubyGems GitHub organization - which allowed Ruby Central to do things later.
null
doctorpangloss
It sounds like RubyGems was renamed to Ruby Central.
TechIsCool
At the GitHub Enterprise level, you can see that reflected if you look at any of the users profiles https://github.com/mghaught
watwut
I dont understand why did Shopify wanted to take control and kick maintenners out?
didibus
I understand Ruby Central doesn't own the source code, it's open source, and that they own the service, but who owned the GitHub account/repo ? Who created it originally?
richardlblair
I get that when drama unfolds like this there is going to be a shake out. It's always valuable, to some degree, to know what happened and why.
I just wish we could get to the part where the community can know and trust that our supply chain is safe and can be trusted.
dang
Related. Others? (most recent first:)
An Update from Ruby Central - https://news.ycombinator.com/item?id=45344448 - Sept 2025 (1 comment)
A board member's perspective of the RubyGems controversy - https://news.ycombinator.com/item?id=45325792 - Sept 2025 (148 comments)
Goodbye, RubyGems - https://news.ycombinator.com/item?id=45306135 - Sept 2025 (1 comment)
Ruby Central's response to the RubyGems situation - https://news.ycombinator.com/item?id=45301949 - Sept 2025 (1 comment)
Ruby Central's Attack on RubyGems [pdf] - https://news.ycombinator.com/item?id=45299170 - Sept 2025 (244 comments)
_fat_santa
> Sidekiq withdrew its $250,000/year sponsorship for Ruby Central because they platformed DHH at RailsConf 2025.
Honest question: What's the issue with DHH here? What did he do that caused them to pull support because he was platformed at RailsConf?
jmcgough
Tom Stuart gave a really good lightning talk about this a decade ago, which is very respectful and has aged well https://tomstu.art/the-dhh-problem
It's not just about his politics. DHH is reactionary, mean, dismissive of others' opinions. He acts more like a high school bully than a leader.
Since then, DHH has gone off the deep end with xenophobic, racist, and transphobic comments. I was drawn to the Ruby community because of its kindness and creativity, with people like why the lucky stiff and Jim Weirich. It is a lot less welcoming when DHH repeatedly uses his platform to say that I shouldn't exist or have equal rights.
leosanchez
> It is a lot less welcoming when DHH repeatedly uses his platform to say that I shouldn't exist or have equal rights.
Can you point to any of his blog posts that says this ?
disiplus
He is not stupid enough to say that directly bit it's one google away to find stuff like.
I follow him on Twitter and guy is a bully and has opinions about stuff he has 0 knowledge about.
https://world.hey.com/dhh/the-social-media-censorship-era-is...
prepend
How is his code?
I guess I’m so old that I remember not paying much attention to personal lives and looking at code contributions and collaboration behavior. I think that being a sensitive collaborator who builds changes was more relevant than swearing at people or saying rude things.
I once worked for a company where one developer hit another in the face with a keyboard. Was it wrong, yes of course. But we still delivered a pretty decent product.
I don’t really care if you, or others feel I should exist or not. Or whether they think I should or shouldn’t have rights, unless you mean permissions to change and maintain code.
amanaplanacanal
Unfortunately, in the current political climate the stakes are much higher.
lavela
"The Ruby community has a DHH problem":
https://tekin.co.uk/2025/09/the-ruby-community-has-a-dhh-pro...
vinceguidry
The Ruby community has long had a rift between two types of members, the really nice folks that take after Matz, and techbro assholes like DHH. The former have mostly tolerated the latter creating an ugly toxicity that the community has become known for, and is why I use Ruby, but have not involved myself with it. Zed Shaw, a well-known asshole himself, described it in this piece: https://harmful.cat-v.org/software/ruby/rails/is-a-ghetto
DHH has been going off the deep end with his rhetoric for years, the current political environment has made it so that he can't be ignored anymore.
bhouston
> HH has been going off the deep end with his rhetoric for years, the current political environment has made it so that he can't be ignored anymore.
But Shopify is also right wing in its executive team, and via these move they appear to be support DHH:
https://pressprogress.ca/shopify-executives-right-wing-media...
https://disconnect.blog/the-conservative-tech-alliance-is-co...
And yeah, Shopify is going to protect DHH because DHH is on Shopify's board:
bradly
Just to add a bit of context here... DHH was added to the Shopify board last year. Shopify also brought in a CTO with very questionable actions and statements during multiple company townhalls and all-hands. He would be making wild statements on stream while VPs would be in the Slack channel trying to defuse and reframe. This was a big reason why I left Shopify last spring.
vinceguidry
Right wing protects their own.
null
null
dismalaf
Except Matz is aligned with DHH, Tobi and others. I think lots of people confuse "nice" with "supporting every weird American left-wing cause pushed by certain corporations". Keep in mind most of the people who actually run the Ruby ecosystem and drive it forward aren't American, and it's mostly Americans whining about it.
Also, people opposing it (Sidekiq, the guys starting "rv", etc...) have a vested financial interest in opposing Rails and rubygems...
prmoustache
Can someone be nice and a nazi at the same time. I guess only with other nazis.
baggy_trough
[flagged]
null
draw_down
[dead]
aduty
[flagged]
dismalaf
Probably the fact that DHH introduced Solid Queue to Rails which can replace Sidekiq. Of course they're not going to say that, it'll be some excuse about his lukewarm European politics...
danudey
Also the fact that DHH complained about not wanting to live in London because of how many non-whites there are, praising violent far-right agitators, and repeating debunked racist claims.
ZhadruOmjar
They don't like his refusal of support for any and every cause. DHH focuses on software and it's capabilities instead of whatever the cause of the day is no matter how irrelevant.
tennis_80
He used to, but is now stepping into politics, in a conservative / reactionary way.
See: https://world.hey.com/dhh/as-i-remember-london-e7d38e64
leosanchez
> That was then. Now, I wouldn't dream of it. London is no longer the city I was infatuated with in the late '90s and early 2000s. Chiefly because it's no longer full of native Brits.
I couldn't understand this bit. Why does a Dane care about the ethnic makeup of London ? Is London worse off than the 90s and early 2000s ? He doesn't leave much to charitable interpretation…
tootie
That post is just plain racism.
kkaske
I don't follow this kind of thing so forgive my ignorance. Why was "platforming" DHH bad? Honest question.
alphager
He posted a personal blog post a few days ago decrying that London is not white enough. He has a history of very right-leaning positions.
thevillagechief
These kind of statements frustrate me. They are kind of manufactured consent statements. I likely don't agree with DHH positions as shared here, but when did we decide platforming very left-leaning positions is good, and platforming very right-leaning ones is bad? I wouldn't even mind if the position was that platforming either is good/bad. The framing here begs the question.
sussmannbaka
He’s been posting increasingly inflammatory articles, for the most recent round refer to https://tekin.co.uk/2025/09/the-ruby-community-has-a-dhh-pro...
DrProtic
I'm sorry but if DHH posted some inflammatory articles maybe it's better to post those articles for people to judge themselves, than to post what someone else thinks.
sebastianz
It's the third link on that page, in the first sentence.
jjgreen
Judge for yourself: https://world.hey.com/dhh/as-i-remember-london-e7d38e64 (a web search on "Tommy Robinson" would help with context).
lbrito
Having read stuff from DHH for a long time, this does not surprise me in the least. It just feels like he picked the right time, zeitgeist-wise, to fully come out of the closet.
I distinctly remember a specific Twitter comment, maybe 7ish years ago, that solidified my view on DHH as a person. It was a thread about remote work. Someone from South America commented trying to be nice to David, saying something like "you should work remotely from Chile, it has a great Ruby community" etc, to which his response was "I've no interest in living in a 3rd world country".
Notch-esque politics aside, that was mean-spirited, inconsiderate behavior which should not be applauded. From that day I strongly sensed that was who he truly was.
bhouston
DHH is on Shopify's board now:
https://www.shopify.com/news/david-heinemeier-hansson-board
Shopify's support for DHH's world view makes sense. Shopify's executive team has been right-wing for a while now:
https://pressprogress.ca/shopify-executives-right-wing-media...
https://disconnect.blog/the-conservative-tech-alliance-is-co...
basisword
He's really gone off the deep end and evidently knows fuck all about London or the patriotic march he's discussing.
msie
He's made comments supporting the Trucker protest in Canada and he knew fuck all about it too.
rs_rs_rs_rs_rs
Are you sure you posted the right article? There's nothing about Ruby or RubyGems in it.
vidarh
There is, however, a whole lot that says a lot about the character of DHH in it, such as by repeating rhetoric of the UK's racist far-right.
notwhereyouare
[flagged]
madeofpalk
The question was "Why was "platforming" DHH bad?". Some people disagree with the views represented in that linked blog post, and do not wish to sponsor events that showcase him.
Personally, I think DHH is a troll and would never be interested in sponsoring, or attending, an event that involved him.
ecshafer
What is the issue? He liked the nationalistic display of a march in England?
aduty
That is the gist of it.
doublerabbit
> He liked the nationalistic display of a march in England?
Replace "nationalistic" with "fascist". That's the issue.
hamandcheese
I too am wondering this.
icelancer
[flagged]
bakugo
He held the wrong political opinions.
4ndrewl
He's regurgitating racist tropes. Whether he knows that or not I don't know. He might be racist, it might just be Dunning-Kruger around whether he can speak authoritatively on social issues (in his post there's no attempt at original thought, just copy-paste).
But...it makes it a little difficult to build an inclusive open source community with that at your head.
msie
‘very fine people on both sides’ - DJT
AlexandrB
https://www.snopes.com/fact-check/trump-very-fine-people/
This is kind of the problem. People parrot this stuff with no further investigation.
ChrisArchitect
Related:
Ruby Central's Attack on RubyGems
https://news.ycombinator.com/item?id=45299170
A board member's perspective of the RubyGems controversy
dismalaf
Y'all know that Ruby Central has run rubygems and rubygems.org for years now, right? This isn't a coup, takeover, whatever. The author of the first article criticizing this was formerly employed by Ruby Central. They're just tightening up their own ship...
joeldrapper
I don’t think you read the post. Ruby Central has never owned the source code. They operated a service that had the same name.
dismalaf
Read an open source license for once.
If you have the source code, you own the source code. Other people own it as well. This is literally the defining feature of open source. If I have Ruby source code and Rails source code on my machine, I own it, no one can take it away or tell me what to do with it.
Anyhow, Ruby Central managed the GitHub repo, the website, the gem, bundler, etc... before this.
If some disgruntled former employee/contractor wants to hard fork they can, they also own the code. But I heard they've started a competitor and are looking for funding (probably part of the reason Shopify and others wanted to consolidate control; a maintainer with admin privileges starting a literal competitor is a liability).
shkkmo
> Anyhow, Ruby Central managed the GitHub repo
This is incorrect. The GitHub repository was managed by the maintainers, only some of whom were Ruby Central employees. RubyCentral decided to break the agreement under which those maintainers worked and take control of the repository.
sussmannbaka
this article isn’t about rubygems the service and it repeatedly states so
dismalaf
If you know anything about the ecosystem you'd know that Ruby Central runs the website/servuce AND maintains the gems, bundler included. Which is why I mentioned both.
I wasn't expecting such a nice writeup. Worth a read.
The Ruby community has been eating itself alive since almost the beginning, but it is sad to see the short-sighted destruction of trust and connection that this has had.