Ethical and legal boundaries? RubyGems Privacy Notice already tells you that they share information with a number of large firms and notably ClickHouse... for "Customer Data Processing."
All this proposal does is request from one of the maintainers/on-call providers? another entry in this Privacy Notice as a part of a payment deal.
This is a mess, but it also unnecessary smears both sides. It calls out that RubyCentral had poor cloud management in place, and it trashes an on-call provider.
This is a terrible postmortem and all it does is advertise to users that RubyCentral doesn't know what it's doing.
I think the point being that whatever was going on with access controls here was blatant gross negligence, because what is this guy doing with access who doesn't literally own the organization or the intellectual property?
Set that aside, which obviously stinks, but then why is said obviously incompetent organization sharing confidential corporate emails with the public, saying this guy proposing a corporate data access plan in exchange for consulting fees is crossing "ethical and legal boundaries?"
Are you serious? This reeks of someone or a number of people who have no idea what they're doing. Have these people never worked with a business before? Never spoken with a software firm? A marketing firm? Any consultancy whatsoever?
Who owns the registry? What is going on here? This is insane.
It makes the entire Ruby ecosystem look like it's run by children.
If only the Ruby ecosystem was really run by children, that sounds way more for than whatever this is. Joking aside though I think you are very right to question the professionalism behind this post. The narrative spin here is so toxic to good faith arguments around how we could change the 'supply chain' of Gems for the better. Wasn't that what this was all about Ruby Central? Can we get an update on that instead of this attack on your former admin?
Apparently the guy isn't even just a former admin, he actually seems to be a pivotal person around the whole formation of the RubyGems ecosystem, which is even weirder.
This isn't some random consultant who happened upon an admin position.
All this proposal does is request from one of the maintainers/on-call providers? another entry in this Privacy Notice as a part of a payment deal.
This is a mess, but it also unnecessary smears both sides. It calls out that RubyCentral had poor cloud management in place, and it trashes an on-call provider.
This is a terrible postmortem and all it does is advertise to users that RubyCentral doesn't know what it's doing.