March 29, 2026

Logs lost, trust taxed

Article URL →HN comments →

A Message from the Ruby Central Board

Audit inconclusive, missing logs spark side‑eye and sass

TLDR: Ruby Central says it acted fast over a suspected risk at RubyGems, but a security audit couldn’t conclude much because key logs are missing; a fuller report is coming. Commenters are split between calling out “missing logs” and “millions” hype, and pushing for better governance so power isn’t concentrated.

Ruby Central dropped a carefully worded update about months of RubyGems drama — the site that distributes Ruby add‑ons (think: an app store for Ruby code) and Bundler. They say a working relationship broke down with someone who had big‑time access, a serious risk was suspected, and they moved fast to protect RubyGems.org. Then came the kicker: an independent security audit was done… but it’s “inconclusive” because key logs are gone. An incident report is promised next week, plus vows for better governance and more community voices.

The comments? Absolutely on fire. One newcomer asked the room’s most honest question: “Who’s the good side here?” Skeptics zeroed in on the missing logs like a true‑crime cold case, quoting the audit line with raised eyebrows. Another thread dunked on the “millions of developers” claim — “hyperbole doesn’t serve anyone,” snapped one commenter. A bigger meta‑take argued Ruby’s slow growth let a few people and orgs hold too much power, leaving some feeling unwelcome.

Meanwhile, the meme brigade arrived: “logs vanished like socks in the dryer,” “gem install popcorn,” and “we’ll circle back… next week.” The vibe: a community split between wanting receipts now and wanting a calmer, more inclusive rebuild. Drama today, governance tomorrow — maybe.

Key Points

  • Ruby Central acted after a breakdown with an individual who had significant access, citing a perceived serious risk to RubyGems and related services.
  • An independent security audit was completed but was inconclusive due to missing key logs.
  • A detailed incident report will be published next week to explain what occurred, who was involved, and decision-making processes.
  • Ruby Central states it did not initiate litigation and aimed for an amicable resolution while acknowledging communication shortcomings.
  • The organization plans governance, transparency, and community participation reforms to prevent single points of failure in RubyGems stewardship.

Hottest takes

“I don’t think there are ‘millions’ of Ruby developers” — doug_durham
“The review was ultimately inconclusive because key logs… were no longer available” — mbStavola
“ruby’s lack of growth has caused certain people… to have an outsize influence” — dzonga

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.