Towards an Amicable Resolution with Ruby Central

Last week, three members of Ruby Central’s board published a new statement about RubyGems and Bundler, and this week they published an incident report on the events last year. The first statement reports that Ruby Central has now completed a third audit of RubyGems.org’s infrastructure: first by the sole remaining RubyGems.org maintainer, the second by Cloud Security Partners, and the third by Hogan Lovells. In all three cases, Ruby Central found no evidence of compromised end user data, accounts, gems, or infrastructure availability. I hope this can conclusively put to rest the idea that I have any remaining access to the RubyGems.org production systems, or that I caused any harm to the RubyGems.org service at any time. I also appreciate that Ruby Central is taking its share of responsibility, recognizing that its lack of communication with the former maintainers (including me) created confusion and frustration that contributed, in part, to how we ended up where we are today.