[florkbork]

Imagine if you opened up your laptop to discover Microsoft windows has locked you out of a your entire machine, because you were writing a novel in RTF and it could be opened in Microsoft Word. Microsoft's executives started posting they "took control of the your machine/the novel to maintain security".

- Corporate entity doesn't have copyright over your creative output. Just because word can open and view ("run") your novel does not give them ownership.

- Locking your access completely on your resources would be akin to a ransomware attack or account compromise

Would you label those actions hostile? Or just accept it as right because "maintain security"?

If you would label the above hypothetical actions as hostile (if not outrageous overreach, something akin to theft?); what is fundamentally different to what Ruby Central did by taking over the source code of a GitHub repository?

[dismalaf]

This is a bad analogy. André Arko was a contractor employed by Ruby Central. His employer terminated his contract. He continued to access their server which is literally a crime.

The "maintainers" weren't volunteers. They were paid employees.

Also none of the ones complaining were the original authors of gem nor bundler.

[florkbork]

Alright, let's extend it.

You work for Microsoft as an independent contractor, as a night watchman/groundskeeper. So do a number of others. You were hired because you and your crew of weirdos were writing the story of advanced gardening and building maintenace; which people including those at many famous and powerful companies used and found useful. A number of years ago someone said "huh, maybe these guys should get funding", and a few others agree; and Microsoft ends up in charge of distributing that funding.

The above still happens. They have locked your computer with a ransomware message that says "we will give you back access if you get rid of one of you". To lock your computer, which is airgapped, it would require someone with admin privileges to your computer to walk in and manually do this. It turns out one of your has colleagues done this, added an account for the Director of Night Maintenance at Microsoft to your machine.

You and almost all of the "paid employees", again, a number of whom are independent contractors, resign in protest; leaving only the person who tampered with your computer.

https://bsky.app/profile/duckinator.bsky.social/post/3lz6exz...

> The behavior Ruby Central exhibited was so egregious that I sincerely thought someone's account had been compromised at one point

During this chaos; which all happened between September 9 and September 18;

- at midday LA time/2:40pm New York time; Microsoft terminates the contract with one specific individual; who was the one they demanded the group gets rid of if they wanted access back - 8 hours later, that person locks the doors; changes nothing else, etc.

Some basic analysis about the situation you need to do:

- Did the actions on September 19th, even if you believe it was a crime of the most serious nature, justify the actions on Sept 9-18 where Microsoft took access, said whoopsie, then did it again?

- Treating the Sept 19 actions as a crime; did the person who did it do so with a criminal intent? (Mens rea). Did they intend harm? Or were they indifferent to the harm caused? Should this be prosecuted, has that person provided justification or similar that could in any way be reasonable doubt?

- If the actions on September 19 are a crime in your viewpoint; would paying/influencing someone to lock the accounts of all of the maintainers also be a crime? Why or why not?

Note that you'll want to read https://www.law.cornell.edu/uscode/text/18/1030

First off, was anything involved a "protected computer"? No, probably not, not by the legal definition there; yes by what we as laypeople would assume.

But, let's roll with the assumption it's "literally a crime" and not a civil matter; but apply that standard equally.

> (4)knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;

* Is the draft novel/rubygems source code a thing of value? Yes. $5000 worth? Tricky to say with the open source licencing! But RC were distributing $ to maintain it; and that cost them more than $5000/year. Cost does not equal value; but I think we can argue yes, kinda here.

> (7)with intent to extort from any person any money or other thing of value, transmits in interstate or foreign commerce any communication containing any—

* Did anyone attempt to extort anyone else to remove a person? (Get rid of x if you want access back!) * Did that have value? (Gee, I hope the treasurer didn't post, it was about the funding deadlines/only to have that walked back!) Also a bit murky as the value isn't coming from the extortion directly, only indirectly.

> (b)Whoever conspires to commit or attempts to commit an offense under subsection (a) of this section shall be punished as provided in subsection (c) of this section.

* Did anyone conspire? (Two or more people agree to criminal act, followed by an overt act)

Can you plausibly see how if you try to apply US law to argue one individual on one side is a criminal; that same law would likely make the other side just as criminal; if not more so?

---

> none of the ones complaining were the original authors of gem nor bundler.

Doesn't hold water.

From the individual: https://andre.arko.net/2025/09/25/bundler-belongs-to-the-rub...

"I joined the team at a pivotal moment, in February 2010, as the 0.9 prototype was starting to be re-written yet another time into the shape that would finally be released as 1.0. By the time Carl, Yehuda, and I released version 1.0 together in August 2010, we had fully established the structure and commands that Bundler 2.7.2 still uses today."

IE: Claims to be a significant contributor, predating any "stewardship" by RubyCentral. I would argue this can be born out by contributions and the fact he proposed the darned merger with RC in the first place; and that merger assigns no intellectual property rights or similar.