I'm still struggling to understand the "why."
(That's not an implicit criticism of the article, which is extremely appreciated because it's neutral and factual)
I've been away from Ruby for a few years but Shopify always seemed like a huge net positive, sponsoring lots of valuable work on both Ruby and Rails. I never followed Ruby community happenings very closely but I'm not aware of negative feelings towards their community role in the past.
Reading through this, I’m not sure what the fear is of Shopify taking a larger role. They’ve been strong contributors to Ruby for a really long time. Not that I agree with the actions, but I can’t parse what nefarious motives they might have from this article.
Usually when this kind of stuff is rolled out, it’s agreed upon in some form and documented. Then when people are surprised, it’s a matter of pointing to the section in the doc that’s relevant and everybody goes on their way.
From the outside it appears this had none of that, so people are understandably surprised, sad, or angry. Since there’s a lack of transparency, people are filling in the blanks.
I can totally see someone seizing the opportunity there. (And if you think it is a good idea, you are a terrible person)
I work for a small company who helps financially for ruby community, and they strongly advocate for other same size companies to do the same so there is balance.
It would be terrible for pypi, rubygems, brew and other repos to be used as political or economical tools.
Large companies can fork and keep living for a while or pay the cost. But for everyone else, including people developing ideas at home, it would be a shot through the heart.
So if you have a company that can help those orgs, press them to do so. If you have 5 USD to help, also do it. It makes the difference.
I'm not necessarily saying that's a bad thing. But it inevitably means they will not always be aligned.
In other words, "When you play the game of thrones, you win or you die."
One person who was a major funder of RubyCentral pulled funding because they were upset at RubyCentral platforming DHH. Neither that person, nor RubyCentral, had control over or ownership of the RubyGems software at that time, though RubyCentral operated the rubygems.org service, which uses the RubyGems software.
The corporation that is the other major funder of RubyCentral (Shopify) responded to this (taking advantage of the fact that this left them the sole significant funder of RubyCentral whom RubyCentral could not afford to alienate) to direct RubyCentral to, without any plausible claim of right, seize control of the RubyGems software repos, and kick out anyone who wasn’t a full-time RubyCentral employee from them.
It’s not about DHH except that that indirectly provided the opportunity, it’s about Shopify seeking to consolidate control of core Ruby infrastructure.
If this is the reason, I am behind this takeover. It’s weeding out bad actors that have a shortsighted mentality.
I do not want RubyGems and Bundler to become yet another pair of ideological playgrounds for people that spend more time protesting unrelated causes than actually _writing and developing software_.
Ok there it is. That would explain why they’re being so cagey. I thought there had to more to this.
Apparently, the reason is having an incorrect opinion.
Everyone, you included, has opinions that they find unpalatable. Pretty much all of human history has been "cancelling" people for "incorrect opinions". I mean, what were the crusades? Or world war II?
There's no, like, gun to your head saying you have to respect things you don't respect. Some things are just not respectable. You're allowed to be like "no" and then decide to get as far away from the person as possible.
And, relatedly - you don't have to run away. You can push them away.
Its not really fair that crazy people are allowed to say crazy things then we, normal people, have to take the high ground and walk away. What if I don't want to walk away? Why do I have to leave a project like it's the plague because you said something insane?
Anyway, just my two cents.
Also, just to be clear: I don't think DHH is crazy or evil. I'm addressed the broader concept, not this specific case.
Oh, I should read the actual tweet? Funny the actual tweet is so much worse than I imagined.
If a trans-women is in a space that she is legally entitled to be in, according to him one should:
> Make, a scene, call the cops and if all else fails, punch him[he means the trans-women] in the balls
He is literally telling people to be violent against trans people. And then cries when actions have consequences.
These people are like the school yard bully who will start a fight with you then cry "timeout, timeout" when you punch back. And go to the teacher to convince you they are the real victim.
Ruby Central hosts DHH at RailsConf in July --> Sidekiq withdraws funding from Ruby Central --> Ruby Central is essentially entirely dependent on Shopify.
The "what" seems to be purely a reaction to this article DHH posted:
It's certainly possible that Shopify's actions had nothing to do with either side's politics in particular, and they decided it was simply safer for them to control Ruby Cental and RubyGems rather than rely on an independent organization with unstable funding (that they were basically solely funding anyway according to the article)
I don't love that outcome. As a Ruby fan, I don't want Ruby or bits of its infrastructure controlled by a particular organization.
DHH stopped trying to cultivate an inclusive community some time ago. The ruby community can ill afford to drive away more prominent maintainers, yet that is what is happening here, as the corporate interests are aligned with DHH even if the rest of the community is not.
What he’s saying is that he only considers white British to be legitimately British. He would look at former Prime Minister Rishi Sunak and current Mayor Sadiq Khan and dismiss them as insufficiently British. Too much melanin I guess.
He’s even excluded white people from elsewhere who were born in Britain if they have a non-British ancestor. So according to DHH and his ilk Nigel Farage’s children wouldn’t be counted as white British despite having white mothers (Irish and German), being born to a British father in Britain and living all their lives in Britain.
What the fuck is the point of dividing people like this? “Just an opinion” my ass. DHH and people like him are dehumanising my fellow Londoners.
Shopify wanted to put in place better goverance and access control, to reduce the risk of a supply chain attack and put a deadline on that.
Part time maintenaners left it to the last minute, didn't consult or communicate well and then over exerted their influence by taking over things without consensus to do so.
Existing maintainers then rightfully alarmed, when it all could probably have been handled better.
Doesn't help that the rift over a competing tool being created probably played a part in some of the heavy handedness. DHH's drift to white supremacy probably hasn't helped either, but likely neither are the cause here.
To preempt any potential objections on the basis of the removed funding from Sidekiq based similarly on a relationship with a single person, there are two pretty crucial differences: the funding was withdrawn because of the relationship the organization had itself with someone, rather than someone involved with something that literally had to be stolen to terminate their involvement, and the funding withdrawn by Sidekiq was done openly with umambiguously communicated intentions. Deciding to not give money to an organization because of an actual choice that they made and tell everyone that is just being transparent about your morals; secretively pressuring an organization to exploit their existing connections to force someone out of a project they don't own and then having them represent it publicly as something they chose to do on their own for the greater good might as well be out of the playbook of organized crime or foreign intelligence services.
Honest question: What's the issue with DHH here? What did he do that caused them to pull support because he was platformed at RailsConf?
It's not just about his politics. DHH is reactionary, mean, dismissive of others' opinions. He acts more like a high school bully than a leader.
Since then, DHH has gone off the deep end with xenophobic, racist, and transphobic comments. I was drawn to the Ruby community because of its kindness and creativity, with people like why the lucky stiff and Jim Weirich. It is a lot less welcoming when DHH repeatedly uses his platform to say that I shouldn't exist or have equal rights.
I aspired to be like Jim. We all should.
He made time for anyone who wanted to engage him in a sincere discussion. He helped a lot of newer people. He wrote beautiful tools that we still use.
He embodied MINASWAN. That has been the core of Ruby's community.
DHH has been pretty damn far from that.
Did many of us find Ruby through Rails? Sure. Does that mean that Ruby should be stewarded by someone who is intolerant and therefore exclusionary? No.
That's the opposite of MINASWAN.
Can you point to any of his blog posts that says this ?
I guess I’m so old that I remember not paying much attention to personal lives and looking at code contributions and collaboration behavior. I think that being a sensitive collaborator who builds changes was more relevant than swearing at people or saying rude things.
I once worked for a company where one developer hit another in the face with a keyboard. Was it wrong, yes of course. But we still delivered a pretty decent product.
I don’t really care if you, or others feel I should exist or not. Or whether they think I should or shouldn’t have rights, unless you mean permissions to change and maintain code.
https://tekin.co.uk/2025/09/the-ruby-community-has-a-dhh-pro...
https://world.hey.com/dhh/the-waning-days-of-dei-s-dominance...
I missed all this drama, it does seem like there is an echo chamber forming over on Bluesky…
https://tekin.co.uk/2025/09/the-ruby-community-has-a-dhh-pro...
I don't think he's a white supremacist, but it is understandable that some people don't like his ideas.
DHH has been going off the deep end with his rhetoric for years, the current political environment has made it so that he can't be ignored anymore.
But Shopify is also right wing in its executive team, and via these move they appear to be support DHH:
https://pressprogress.ca/shopify-executives-right-wing-media...
https://disconnect.blog/the-conservative-tech-alliance-is-co...
And yeah, Shopify is going to protect DHH because DHH is on Shopify's board:
Also, people opposing it (Sidekiq, the guys starting "rv", etc...) have a vested financial interest in opposing Rails and rubygems...
Update: To be fair, I haven't followed DHH/Rails/Ruby community for the past decade (was very involved ~15 yrs ago), so my views may be outdated. Still I think pulling the funding doesn't help Ruby.
The Ruby community has been eating itself alive since almost the beginning, but it is sad to see the short-sighted destruction of trust and connection that this has had.
Yes there is drama, recently especially, but there have been some fantastic people involved for decades
The former is mature, robust, fit for purpose.
The latter is... messy.
DHH's prominent role in the ecosystem and full throated endorsement of reactionary politics has alienated a lot of people who might otherwise have been invested in that community, and this latest maneuvering seems downstream of all that.
At this point the tension between corporate interests (and by extension DHH, who is a central player in that group) and open source / community interests has become frustratingly high, and it all seems like it could have been avoided.
It doesn't mean ruby is dead or even dying, but you can't blame anybody for looking at this and just noping right out over to a community without such drama.
Predating the current hostile takeover: •••the vitriol directed at early critics like Zed Shaw •••mysterious departure of _why the lucky stiff •••the contentious Code of Conduct •••DHH •••uneasy truce after the toxic tribalism of the Rails vs. Merb
There's more, but the linked article can send you down more interesting rabbit holes than more bullets on my list
And wouldn't that constitute a violation of ownership? Or did the authors wave that away by joining the respective GitHub org in the first place?
It is murkier as the involvement of some of the original creators in Ruby Central is there, so there are claims to being the original copyright holder applicable to some areas by a very small number of individuals, none of which who are the newly added maintainers, or Ruby Central as a whole entity.
that's an unfair take; the Ruby community was excellent at the beginning
The project promised a lot in the beginning and some folks new to a language like Ruby were so enthused by what they could do that they didn't pay much attention to the admin drama at the beginning.
It's true Ruby Central was a fiasco and the maintainers should have been treated better. But the author's investigation misses important elements like the "culture war" on both sides. That seems to be prime motivation for everyone involved, given the flames raging in the comments below.
> It's true Ruby Central was a fiasco and the maintainers should have been treated better.
Treated better as in ... not removed from their own projects? Treated better as in... not kicked out of things they built by someone else who has something to gain?
Treated better is not the phrase to describe what should have happened here.
This was likely a reaction to a mix of NPM + culture war/deplatforming, where power player got nervous and decided to clamp down on rubygems security to insulate it from hypothetical bad actors.
I distinctly remember a specific Twitter comment, maybe 7ish years ago, that solidified my view on DHH as a person. It was a thread about remote work. Someone from South America commented trying to be nice to David, saying something like "you should work remotely from Chile, it has a great Ruby community" etc, to which his response was "I've no interest in living in a 3rd world country".
Notch-esque politics aside, that was mean-spirited, inconsiderate behavior which should not be applauded. From that day I strongly sensed that was who he truly was.
https://www.shopify.com/news/david-heinemeier-hansson-board
Shopify's support for DHH's world view makes sense. Shopify's executive team has been right-wing for a while now:
https://pressprogress.ca/shopify-executives-right-wing-media...
https://disconnect.blog/the-conservative-tech-alliance-is-co...
But...it makes it a little difficult to build an inclusive open source community with that at your head.
Whoa! I'm blown away that Sidekiq has enough money in the bank that one of their sponsorships is $250k/yr!
Sidekiq the company (actually ContribSys) is just one guy: Mike Perham.[0]
I listened to an interview with Mike a few years ago, and he seemed like he had an amazing setup. He was making about $1M/yr with no employees, just him selling code and contributing to open-source. I don't think he even has servers to keep online.
According to this podcast from 2023, he's now making close to $10M/yr in revenue and is still just running the whole thing by himself.[0] Great life for a solo dev founder!
[0] https://ruby.social/@getajobmike
[1] https://www.startupsfortherestofus.com/episodes/episode-661-...
I also of course did not know the size of his donation, but it’s not that surprising. Especially since he didn’t advertise his reason for donating, or his reason for stopping (both of which are principled).
Shopify however is a deeply evil company that is literally run by Nazis. Not a metaphor, like, actual Nazis.
I don’t quite get how this happened? Ruby Central can’t just reach into my GitHub and declare they own something. Was it under the Ruby central account? Or an org account that decided they “own” the repo?
I guess I find it a bit strange that it's so fuzzy who owned the GitHub repo.
So it was owned by a GitHub organization, and someone should have owned that organization no? Maybe the person that created it initially?
You can have more than one person with a role that allows to change ownership of repos owned by an organization, was that the situation here? Did multiple people had that permission and one of them re-owned the repo to themselves without any other knowing?
I say that because, I don't normally consider every code contributor to a repo, or even admin the owner of a repo.
If I create an open source lib, and then create a GitHub repo for it, and contributors come in, to help commit code, do PRs and even manage the repo, and later I decide to revoke everyone else's access, as the owner, like it's fine. Sure maybe some of the admins might wonder what's up, why I don't trust them administering the repo anymore, but it's my repo.
Here I'm struggling to identify whose repo is it? And was the repo owner kicked out of their own repo, so this is a takeover? Or did the owner just kick out others ?
now there's a name I haven't heard in a while! he was definitely one of the prominent people keeping the ruby mailing list fun and friendly back in the day; I miss that early ruby era where everyone was enthusiastic about how nice the language felt to use.
Instead it’s people abusing the trust and power they have to try and cancel DHH because they don’t agree with him about some things. Absolutely sickens me to see the cancellation in motion. Completely bigoted and self righteous behaviour.
Ridiculously bold to say when what happened here was literally a malicious supply chain attack.
> In his blog post, André says, “For the last ten years or so of working on Bundler, I’ve had a wish rattling around: I want a better dependency manager. It doesn’t just manage your gems, it manages your ruby versions, too. It doesn’t just manage your ruby versions, it installs pre-compiled rubies so you don’t have to wait for ruby to compile from source every time. And more than all of that, it makes it completely trivial to run any script or tool written in ruby, even if that script or tool needs a different ruby than your application does.”
> Bluesky threads reveal that Rafael França (Shopify / Rails Core) saw this tool as a threat, saying “some of the “admins” even announced publicly many days ago they were launching a competitor tool [rv] and were funding raising for it. I’d not trust the system to such “admin”.”
So a dev was innovating to make better tool to meet their needs (which is what most open source maintainers are generally doing all day), and then some guys immediately jumped to the possibility that they would then actively sabotage RubyGems? Whoa, that is insane.
Trying to kill innovation and a start-up out of fear doesn't sound like Shopify's branding in the media.
I just wish we could get to the part where the community can know and trust that our supply chain is safe and can be trusted.
Meanwhile the Ruby core team is in Japan, would you like them to report in for work orders to shopify too?
I'd actually think stuff like that recent npm worm would be a bigger danger than whatever this mess is?
A two-key-rule system would be neat. A repo can be in an org, but some big changes (removing/adding a maintainer, moving a repo, renaming an org, etc) need to have x of total maintainer accounts click an approve button within a few days of each other. Making big changes slow and tedious feels ideal when we're talking about the countless lifehours sunk into a project by maintainers, that's funded and supported by a company. Both of those parties benefit from cooling off periods and being a bit obstinant to eachother... without being able to slit eachothers throats.
1. Ruby Central hosts, maintains, and sponsors Rubygems and Bundler
2. Based on recent events, it was possible that credentials were stolen (https://www.bleepingcomputer.com/news/security/60-malicious-...)
3. They decided to lock everyone out until security issues could be resolved
It makes sense to me from a security standpoint, but their communication has been terrible which has led to a lot of speculation.
Ruby Central hosts the RubyGems service, not the RubyGems repository. Ruby Central employs some RubyGems maintainers but does not own the repository. Ruby Central decided to make their employees who are maintainers take over the repository against the wishes of the other maintainers so they could remove some of the maintainers from the project.
An Update from Ruby Central - https://news.ycombinator.com/item?id=45344448 - Sept 2025 (1 comment)
A board member's perspective of the RubyGems controversy - https://news.ycombinator.com/item?id=45325792 - Sept 2025 (148 comments)
Goodbye, RubyGems - https://news.ycombinator.com/item?id=45306135 - Sept 2025 (1 comment)
Ruby Central's response to the RubyGems situation - https://news.ycombinator.com/item?id=45301949 - Sept 2025 (1 comment)
Ruby Central's Attack on RubyGems [pdf] - https://news.ycombinator.com/item?id=45299170 - Sept 2025 (244 comments)
But if there is only few funding it might come back to bite me. So maybe such cases are bad technology choices. Even if one is not malicious now, it does not tell about future or any decisions they might force through.
Ruby Central's Attack on RubyGems
https://news.ycombinator.com/item?id=45299170
A board member's perspective of the RubyGems controversy