[JeremyNT]

What a truly wild situation.

In a certain sense this post justifies why RC wanted so badly to take ownership - I mean, here you have a maintainer who clearly has a desire to sell user data to make a buck - but the way it all played out with terrible communication and rookie mistakes on revoking access undermines faith in RC's ability to secure the service going forward.

Not to mention no explanation here of who legally "owned" the rubygems repo (not just the infra) and why they thought they had the right to claim it, which is something disputed by the "other" side.

Just a mess all around, nobody comes off looking very good here!

[anon84873628]

I can give benefit of the doubt that making a proposal to monetize user data is a poorly-considered, bottom-scraping effort to find a replacement funding source for the on call work. Most of us would not consider it, but I think it should be ok to occasionally pitch some bad ideas, all else being equal and lacking full context.

But messing with the credentials crosses an ethical line that isn't excused no matter how much you disagree with the other party's actions.

[JeremyNT]

I totally agree, assuming all this is accurate he immediately proved that RC was right all along to be concerned about him!

[fouc]

I can only assume it is silly revenge seeking behavior. Look at how symmetrical it is:

  1. RC takes over GitHub Repository and locks everyone out
  2. Arko takes over RubyGems server and locks everyone out.

He was an authorized actor right up until they tried to remove him, but they forgot to revoke his access credentials. I wonder if legally-speaking he was even considered unauthorized.

EDIT: Missed their email notification revoking his production access. Yeah looks like they could have a legal basis.

[heartbreak]

This is not legal advice, but if you get fired and then break into the office later, the police won’t care that you used your spare key.

Seems someone took it a step further and changed the locks too.