Ruby Central Faces Backlash After Publishing Incident Timeline on RubyGems Access Dispute

Ruby Central's attempt to clarify the September AWS root-access lapse has ignited controversy within the Ruby community, as its incident report and subsequent updates were criticized for their framing, particularly by former maintainers like André Arko. The incident involved a former maintainer retaining root credentials after access revocation, with unauthorized password changes occurring from IPs in California and Japan, though no data compromise was found. Ruby Central attributes the lapse to a failure in credential management and has since rotated all credentials and expanded its on-call roster. The community's reaction has been divided, with some criticizing Ruby Central's handling as damaging to trust and others supporting their stance, viewing Arko's actions as retaliatory. The situation has spurred discussions on governance, with former maintainers advocating for decentralized stewardship and the formation of The Gem Cooperative as an alternative to RubyGems.org. Amidst this, Ruby Central has faced criticism for its response, while also receiving support from some prominent figures in the tech community, leading to a broader debate on trust, accountability, and governance in open-source projects.