Needless to say: everything herein is my opinion, not the opinion of my employer, the RSpec project, any open source project I am associated with, nor Ruby Central (with whom I am loosely associated).
The published goal of Ruby together is to build "Community funded developer infrastructure", along with the perhaps less clearly stated, but often communicated goal: to increase the diversity of the people participating in Ruby's core open source by providing funding is great. It's hard to disagree with that mission statement and the impact that some of that work has done. I, myself, have evangelised Ruby together to others in the community, both on stage, and off. The platonic ideal of what the organisation represents is very good. It's something that we've all gotten behind, and as a community generally love.
Here's the thing, Ruby Together falls far from that platonic ideal. The organisations leadership, particularly Andr Arko, have demonstrated that they are unwilling to communicate with wider members of the community to fix valid concerns. This post is pretty long, but I'd encourage everyone to look at:
This is important because Ruby Together holds an monopoly over the funding of open source in the Ruby community. By presenting itself as the de facto official mechanism for funding open source in Ruby, many well-intended companies hoping to support crucial Ruby infrastructure have given money to Ruby Together in lieu of other means of support. While some people are sponsored directly by their employers to work on open source, for those of us who contribute in our spare time, theres an overwhelming sense that Ruby Together is the only way to receive funding for our work. As a result, it is vital that Ruby Together be a well-run organization that distributes funds in a way that is fair, transparent, and free of conflicts of interest. Andr has considerable power within the core parts of our dependency ecosystem, claiming leadership of Bundler and RubyGems. Combined with the fact he has secured near total control of Ruby Together, its hard not to see Andrs acceptance of funds for his own contributions as self-dealing. In his position, Andr has effectively sucked all the oxygen out of the room, preventing others from finding their own ways to access open source funding.
To reiterate, Andr is simultaneously:
This causes a specifically dangerous incentivisation where if he can show more work and more progress on Bundler, the argument for funding Ruby Together becomes stronger. One could construe this to be a conflict of interest, wherein the financial incentives (showing progress on Bundler, specifically implementing an infinite backlog of work) are not aligned with the interests of the community as a whole (Bundler being stable and healthy). If it ever became the consensus that Bundler was largely complete, the ability to direct funds towards that project would dry up. Above Ive shown some examples of recent versions of Bundler lead under Andr/RT stewardship breaking both RSpec and Rails, and below we have a little more discussion of this point.
This all combines to make my personal position on Ruby Together that I cannot take their funding. As much as I respect Andr and some of the good work he's done for the community, I think that Ruby Together has gone down a path that does not represent the best of the Ruby Community. I think that my support of it would implicitly endorse a series of actions that I believe are opposite to what we stand for. I don't attribute any of this to malice on Andrs part. But action, and not intention, drives outcome, and ultimately the place Ruby Together is in today, is not one that I can respect, or encourage the funding of.
Ruby isn't the hot, bleeding edge, solo developer focused ecosystem that it was five years ago. Many Rails apps are very mature and many large businesses have grown materially dependent on the core of the Ruby ecosystem being very stable. This stability begins with our ability to manage our applications dependencies. Materially all Ruby developers depend on three projects to pull gems: RubyGems.org, RubyGems, and Bundler. As our core infrastructure, Rubys continued viability depends on these projects. They must be well maintained and led forward with careful, calm, and considered stewardship.
With funding from Ruby Together more engineering time has gone to Bundler. What the people who maintain Bundler are doing with that time is focusing on adding features to Bundler. That's fine, but it cannot come at the cost of stability. In particular, it shouldn't be a roll of the dice that RSpec or Rails will break because of a release of a new version of Bundler. Many of the new features Bundler have added: more warnings, multi-source issues, better command line tooling, and an assortment of nice-to-haves. They aren't essential.
When was the last time you noticed that there was a major difference in a bundler release? Was it when they added the
BUNDLED WITH line to your file, forcing you re-commit it every time?
Bundler should, at this point, be largely done. A stable, reliable piece of tooling that we depend on every day, and not a shiny new thing that's having big bang releases with significant enhancements.
When a foundation like Ruby Together exists, it has to be shown to be a pinnacle of the values of the community it serves. For Ruby, those are values of kindness, inclusion, and collaboration. We would, therefore, expect Ruby Together, and its leadership, to act in a way which clearly demonstrates those values. Now, this is where things get a little subjective, but I feel like there are a number of places where Andr Arko, as the leader of Ruby Together, has acted against those values. I believe a lot of this can be explained by conflicting incentives of both running the foundation and continuing to work on bundler, and not necessarily malice.
Andr is in a unique position, combining maintainership of Bundler, one of the core parts of our ecosystem, with running the foundation that pays open source developers in the ecosystem. This makes it doubly important that he not be biased in his interactions towards others, including those that do not pay Ruby Together. We've seen in public commentary where he demonstrates a strong bias against helping those companies out. The point of open source is not to carefully prevent work from being integrated because of potential future pain, but rather accept things that seem good now, and work out what to do with them when the burden becomes too large.
In order for Ruby Together to well represent our community, we need it to be well understood that its values are aligned with the community's. Demanding organisations pay you in order to get your help is well out of line with the values of our community.
I have heard from several people who are long time contributors to bundler and Rubygems, people who developed the cores of those systems, that their commit bits have been removed for long time inactivity. As a general rule, originating authors and people who have been around for a while do not have their commit bits removed in our community. It is not a general practice to remove access from major contributors whose activity has tapered off, because it rarely poses any kind of risk or confusion. However, in this case, it has had the side effect of consolidating power around Andr and his selected contributors. The net effect of this power has been demonstrated by several (unfortunately, not publicly citable) instances of useful improvements from being added to Bundler.
The removal of commit bits from large numbers of contributors has been combined with a straining of the lines of communication between Bundler and other open source projects. Andr has been actively antagonistic towards committers on Rails, RubyGems.org and other critical open source Ruby projects.
In particular, I have observed hostile interactions between Bundler team members and some of the most prominent figures in our ecosystem (some who are paid to work on open source by other companies, some who are not), and have seen Andr wholly shut down communication lines with similar groups of people. When issues like the ones discussed within this blog post are brought up, it's uncomfortable for everyone, and I'm in no way saying that anyone is obliged to listen to this discussion, but it is not reasonable to position oneself as a beacon of the Ruby Community while cutting lines of communication with some of our most well known members, as Ruby Together has.
At this stage, we need teams running all these projects who can engage in open dialog and negotiation around important topics like API changes, messaging changes, and funding. Major project teams should be working closely together to ensure that everyones roadmap and timeline is clear. Ruby, as a community, hasn't traditionally done a very good job of this, but the accelerated rate of feature development on Bundler has exacerbated this problem.
This is where I reveal some non-public knowledge that has been broadly discussed in back channels between well known Ruby open source maintainers. I won't name names, but I will explain what I think is a very reasonable position:
The call to Andr has been put again and again to stop misleading the community, and focusing heavily on the aggressive development of Bundler sacrificing stability. This call has been made because it is misaligned with our values as a community. I think that most of the contributors sponsored by Ruby Together aren't aware of all of this, and I don't see them as complicit in any way.
The top of this post contains the most important information and I won't go on much longer. I am explicitly declining funding from Ruby Together. When I do this, I am not representing my employer, the RSpec project, any other open source projects that I am associated with, or Ruby Central. If I got paid to work on RSpec, its Rails integration would get a lot better a lot faster. I don't believe that endorsing Ruby Together by taking its funding is worth trading off what I value about the Ruby Community. Regardless of intent, Andrs actions as the leader of Ruby Together present as jealous, as ruinous to the stability of Bundler, and as unwilling to communicate via respectful channels. I don't think that Ruby Together reflects my values, or what I believe the values of the Ruby communities to be.
Do I have a solution? Well, I'm not calling for the disbanding of Ruby Together. I'm not even calling for Andr to step down. I do think it would be quite reasonable for the person who's making decisions about getting paid to not also be one of the people getting paid to work on open source. I would be OK with Andr getting paid to administrate the foundation. But when that money also funds his maintainership of Bundler, it represents a clear and unacceptable conflict of interest.
We could go further. The biggest not-for-profit organisation in our community is Ruby Central. One could imagine that they could run some kind of foundation, similar to the Python Foundation that pays for work on core Python open source. That would be a material addition to their current work of organising conferences, though, so I wouldn't want to put that on them without their willing involvement.
Should your company stop sponsoring Ruby Together? I'm not here to tell you what to do. Ruby Together has led to marked improvements in some places, but at the tradeoff of some of the most important things we value in our ecosystem, primary the stability of our dependency tooling. That's not something I support, but I've never been a Ruby Together sponsor, so I don't have any funds to pull.