[ctoth]

Let's say that they are 100% correct, we parse the subtext as text, it was totally him.

We still do not know the critical details of how (and when) he stored the root password he copied out of their password manager (encrypted in his own password manager? on his pwned laptop? in dropbox? we'll never know!) therefore the whole chain of custody is still broken.

[tptacek]

The leading contender to replace RubyGems has Andre Arko as a charter member, so this all seems very salient.

[busterarm]

Right but that speaks more to Andre's character, IMO.

Why are you copying a password out of a shared vault that should only be used in break-glass type scenarios? It's that's not planning for possible malicious action in the future, I don't know what is.

You can try and excuse it as having your own break-glass for the break-glass, but that's on the spectrum between irresponsible and incompetent.

Again, if the accusation is true, removing him was justifiable from any possible perspective you might have.