Imagine if someone came into your house and changed all of the locks on you/your family, because "security".
You had built that house from your original designs but the other party claims they own it now because they happen to manage a series of rental listings for houses built to your design.
You had even made it so the plans could be copied and modified in private; if "security" were a real concern with about 10 minutes effort to do so.
Would you agree that it is right, do nothing? Or would you rebuild something new, given how little time it takes to copy the plans.
Swap "house design" for "software project" and "rental listings" for "running an instance of your software project" and you have the current situation.
Developers are free to choose the party they trust more.
Yeah and now we have a fragmented ecosystem. If the projects were placed under RubyCentral's management and active contributors' access is restored I don't see a big deal.
Yes the manner in which it was handled was really bad but given the supply-chain attacks we're seeing against the Python and JS worlds, I think auditing contributor access and consolidating certain privileges is prudent.
Again, handled poorly. But a lot of money rides on stuff like Bundler. We need a strict security posture.
edit- I am an artist; I get the concern and distaste. But at a certain point your art grows bigger than you. If you as a private individual build a bridge used from a public roadway and you don't do the necessary maintenance or management your shit gets shut down. Not sure how this is much different.
