[saghm]

> My former coworkers also told me their side of the story, and it’s absolutely nothing like what has been alleged so far. I deeply trust these two people, and I can’t possibly imagine they’d be lying to me, but I’d understand if you don’t want to take my word for it.

> I don’t know when their side of the story will come out, nor if it will come out at all, but I do hope it comes out soon and with receipts. Seeing so many good-natured and well-intentioned people get demonized like they have been over the last few weeks is depressing.

I haven't written Ruby professionally since 2019 (and don't have any plans to return to it currently), so my perspective on this is mostly that of an outsider who happened to be involved in the community for a few years in the past but otherwise doesn't really have much opinion about any of the organizations or people involved in all of the recent controversy. All that being said, it's hard for me to understand what the mindset is of authors of blog posts like this that attempt to provide context by providing extremely detailed history of events that involve the various personalities party to the current events right up until the actual controversy, at which point the only claims made are fairly vague allusions to there being more to the story with even a hint at what that might be. I understand the instinct to want to defend people you have good relationships with (or at least, have only had friction with in the past due around unrelated things), but at least to me, it doesn't really come across as anything other than an implicit attempt at damage control.

The grievances against Shopify seem pretty legitimate based on the only knowledge we have as outsiders. As far as I'm aware, the only concrete explanation of what happened that has been shared publicly is that they told RubyCentral that they either needed to take over the Github organization that owns bundler and the offline CLI RubyGems tool (not to be confused with the RubyGems.org package repository that RubyCentral did already own) and remove at least some of the specific external maintainers or they'd pull their funding. There have been proposed explanations for this around supply-chain security, but as far as I've read, no one has publicly stated a different set of events for what led up to the change in ownership of the Github organization, and without that, I don't think any amount of references to there being another side to the story will sound particularly convincing.

[byroot]

Author here.

> at which point the only claims made are fairly vague allusions to there being more to the story with even a hint at what that might be.

The goal of my post was mostly to provide "character evidence".

It's not for me to relay accusations made by others that I can't substantiate myself. Some other people did that previously and that is what caused that massive controversy.

> The grievances against Shopify seem pretty legitimate based on the only knowledge we have as outsiders.

My whole post is about how these allegations are horseshit.

But since then, new information came out, you may want to read https://news.ycombinator.com/item?id=45530832, that may change your perspective.

[saghm]

Your post isn't about them being horseshit though; you say that you consider them to be, but pretty the only information in it is entirely unrelated. To me, it basically sounds like you're saying "those people are lying, and I think something different happened but I won't say what it is". Maybe I'm unusual, but that just doesn't convince me at all. I don't know how to decide whether something is believable if no one will tell me what exactly it is that I'm supposed to believe.

I did read that article before seeing your response here. I honestly don't feel like it does much to change my perception of the events that led up to it. My understanding of the claims that you are describing as horseshit are that someone who maintained gem and bundler for years got intentionally pushed out after Ruby Central was threatened to have their funding revoked from Shopify if they didn't take over those packages and remove him. I had never heard of this maintainer before, but I have used bundler and gem before, so my perspective is that even if he was a problem and there was an argument that he should be removed, having one third party threaten another into removing him by forcing the change in ownership of the tools used by the entire community is an extremely myopic way of doing it. Doing an improper job of it that gave him an opening to potentially exploit his continued access is exactly the sort of thing that explains why you shouldn't go about forcing changes like this without adequate transparency and community consensus; instead of improving the security for the community, now a bunch of people who had never heard of the parties involved with this conflict need to be worried about the collateral damage. If you think someone is dangerous, it would make sense to be prepared for this sort of thing after you escalate your conflict with them.

In the absence of any other explanation about what actually happened, the only accounting of the events paints the change in ownership as at best reckless and irresponsible. I'd love to be wrong, but without anything concrete to explain why I shouldn't trust this, I can't differentiate between the reality we're in and one where the accusations are correct and the responses to them are being made in bad faith, and the simplest explanation is that it's because they're the same.

[byroot]

> after Ruby Central was threatened to have their funding revoked from Shopify

So you take the original allegations at face value, even though they only rely on second hand reporting of anonymous testimonies, yet you don't want to consider my post even though the standard of proof is the same.

Got it.

[saghm]

You didn't include the actual context of the sentence you quoted, which is that I'm summarizing my understanding of the allegations. Do you not agree with me that those are what the allegations are, or do you think my ability to summarize them somehow implies that I must agree with them?

The problem with your post is that you're asking people to believe something without telling them what it is. I'd be more than willing to consider an alternate explanation of what happened but so far no one has been willing to share one. Regardless of your reasoning for withholding it (and the reasons of the others who apparently have knowledge of it), no one is going to be convinced of anything of anything by just asking people to trust blindly. At the end of the day, people are not going to believe there's some secret truth that explains everything about how Ruby Central and Shopify were acting if l in good faith; they'll need to be told what actually happened, or they'll quite understandably trust the people who don't seem to be trying to hide something.