A detailed incident report by Richard Schneeman covering the 'RubyGems Fracture' event of September 10-18, 2025. Two engineers (André Arko and Samuel Giddens) were departing Ruby Central, prompting an attempt to revoke their GitHub and production access to RubyGems.org. Due to lack of documented offboarding procedures, unclear communication, and misunderstanding of GitHub Business/Enterprise permission hierarchies, access was accidentally removed entirely rather than partially downgraded. This triggered a walkout by six paid contributors who called themselves 'the maintainers.' The report details the full timeline, the structural conflict between Ruby Central's desire for organizational control and the maintainers' belief that admin access is earned through contribution, and lessons learned around access management policies, communication practices, and decoupling production access from open source identity.
Table of contents
PreambleSummaryIncident LessonsTimeline leading up to the IncidentGitHub Business/Enterprise explanationIncident timelineConclusionSort: