Hacker News new | ask | show | jobs
by busterarm 255 days ago
Props to Ruby Central for taking all of the smears and reputational damage on the chin silently while they mitigated an actual security incident, made absolutely sure and wrote up a proper post-mortem. All of that in line with their original statement that their actions taken were in the interest of security/integrity of their platform.

If there's any evidence that you need to know who the proper stewards of Ruby's gems are, it's this.
4 comments
software_writer 255 days ago
100%
link
Mystery-Machine 255 days ago
An entity that promised security had a security incident due of their incompetence to properly secure their production environment root access?
link
busterarm 255 days ago
If somebody is going to abuse their accidentally-retained access after being removed from my organization, than the incompetence was in having that person in my organization in the first place. It turns out they were perfectly justified in removing him!

First of all, it's criminal, and second of all, it absolutely lights a torch to any credibility they have. I expect people don't want to become unhireable.

I've had access/credentials to organizations that I've left and never abused them even once.

link
blibble 255 days ago
it's not that clear cut, because there is no "rubygems company" or clear ownership of any of this stuff

it would be quite easy to argue that ruby central had never had a right to remove these people at all

> I've had access/credentials to organizations that I've left and never abused them even once.

yes, likewise

and if I was Andre I wouldn't have even have ATTEMPTED to do this, as it looks terrible regardless of the eventual legal determination

link
xaxaxa123 255 days ago
odd timing for such an incident..
link
busterarm 255 days ago
Not really. Someone abusing their access after being removed is exactly when such events occur.

Your post suggests conspiratorial thinking when there shouldn't be.

link
xaxaxa123 255 days ago
my post suggests critical thinking when there should be..your post is just defamatory. all of this looks like a "problem, action, solution" scheme. what was the takeover then, a honest and transparent move by RC? you must be kidding. looked pretty much conspiratorial.
link
queenkjuul 255 days ago
I mean I'd much rather it be people who remember to rotate their passwords after firing high profile staff
link