Because it's tying you to an unreliable third-party service, and there's no way to mitigate it. Artifact dependencies really shouldn't be in the same place as source, they fulfil different roles.

What you want is a dedicated repository format. Libraries can still be hosted by whoever maintains them on their own repository (which can be their own piece of software as long as it follows the standards), or in the community central repository. But either way, if you depend on those libraries and want to lower your risks, it's trivial to set up a local mirror and make sure all your third party dependencies come in via this mirror. That way if their repository goes down temporarily or permanently it's no problem, and you ensure your builds remain reproducible.

The most infuriating part is, the software to do this already exists. If you want to start a new language, great. But please, use maven; otherwise you are doomed to re-invent it, poorly.

Yeah the question is, can you specify to grab rails from github with a fallback if it is not up? So the same system it seems to be using with multiple gem sources but on a gem by gem basis like you would do with a github repo.