If somebody is going to abuse their accidentally-retained access after being removed from my organization, than the incompetence was in having that person in my organization in the first place. It turns out they were perfectly justified in removing him!

First of all, it's criminal, and second of all, it absolutely lights a torch to any credibility they have. I expect people don't want to become unhireable.

I've had access/credentials to organizations that I've left and never abused them even once.

it's not that clear cut, because there is no "rubygems company" or clear ownership of any of this stuff

it would be quite easy to argue that ruby central had never had a right to remove these people at all

> I've had access/credentials to organizations that I've left and never abused them even once.

yes, likewise

and if I was Andre I wouldn't have even have ATTEMPTED to do this, as it looks terrible regardless of the eventual legal determination