The Q&A Aftermath: A Board Member Confesses, A Maintainer Rebuts

UPDATE: This article is being updated as the situation develops. The Q&A occurred earlier today, followed by unexpected revelations from both sides.

The Q&A happened. But the real story isn’t what Ruby Central said in their scripted session—it’s what board member Freedom Dumlao confessed afterward, and how maintainer Martin Emde systematically destroyed every justification with facts.

Breaking: A Board Member Breaks Ranks¶

Hour after Ruby Central’s Q&A session, board member and treasurer Freedom Dumlao published “A board member’s perspective of the RubyGems controversy”, breaking the unified front to share his personal perspective.

His opening is telling:

“First - I want to apologize, genuinely, to people who have felt fear, confusion, outrage, and any of the other hundreds of possible emotions a person might feel after reading some of what others have shared.”

This isn’t the language of someone confident in their decisions. This is damage control from someone who realizes they may have made a terrible mistake.

The Board’s Version: “We Had No Choice”¶

Freedom’s key claims paint Ruby Central as victims of circumstance:

1. “Supply chains are under attack” - The security justification
2. “People with no active affiliation” had access - The risk narrative
3. “A deadline loomed” - They were forced to act
4. “Lose funding or take control” - The ultimatum defense
5. “Less than 24 hours” - No time for process

He frames the vote as purely operational:

“What I voted for, was to direct Marty, Ruby Central’s Director of Open Source, to temporarily remove access and lock down the systems, get operator agreements in place with maintainers, and then re-enable access to those folks who needed and wanted it.”

Sounds reasonable, right? Until Martin Emde enters the conversation.

The Maintainer’s Rebuttal: Every Claim Destroyed¶

Martin Emde, one of the removed maintainers, responded with a systematic dismantling of every board justification. His responses reveal either shocking incompetence or deliberate deception:

Claim 1: “Ruby Central has been responsible for RubyGems and Bundler for a long time”¶

Martin’s Response:

“This is incorrect. Ruby Central has been a gracious sponsor of PEOPLE who work on an OSS library. Other sponsors pay for features and support of the same OSS using company time or other non-RC foundations.”

Ruby Central sponsored maintainers, they didn’t own the projects. This fundamental misunderstanding drove everything that followed.

Claim 2: “People with no active affiliation had top level privileges”¶

Martin’s Response:

“The people you removed were actively paid for contractual on-call support through Ruby Central. Far from unaffiliated.”

The board removed people who were literally being paid by Ruby Central for on-call support. They didn’t even know who their own contractors were.

Claim 3: “We needed committer agreements in place”¶

Martin’s Response:

“How did you propose to control the repositories to which you had no access until Sep 9? You needed someone to add you first by breaking our existing OSS governance model.”

The devastating truth: Ruby Central had no legitimate access until someone broke protocol to give it to them on September 9.

Claim 4: Security concerns justified immediate action¶

Martin’s Response:

“Then you remove the people most prepared to respond. The attack surface was increased by changing the ownership from people who have owned and maintained these repositories independently for decades.”

They made security worse, not better, by removing experienced maintainers who actually knew how to handle threats.

Claim 5: “Re-welcoming them as committers”¶

Martin’s Response:

“Not what I was told. There was a certain prominent contributor who was specifically excluded from this welcome.”

The board was either lied to or is lying. Certain maintainers were never going to be welcomed back.

The Smoking Gun: “Breaking Our Shared Contract”¶

Martin reveals the critical detail Freedom omitted:

“Before Sept 9, when a trusted maintainer broke our shared contract and added an RC non-maintainer, you had no ability to enact your vote.”

Someone on the inside betrayed the maintainer team. Someone with access unilaterally added Ruby Central to the GitHub organization, enabling the entire takeover. Without this betrayal, Ruby Central had no power to execute their plan.

The Timeline That Wasn’t¶

Freedom claims they had “less than 24 hours” and were “out of time.” But the timeline from our previous reporting shows:

• January 2025: Alpha-Omega funding secured
• August 2025: Maintainers actively working on governance RFC
• September 9: Sudden takeover

This wasn’t a 24-hour crisis. This was months of planning culminating in manufactured urgency.

What Freedom Didn’t Know (Or Pretends Not To)¶

Freedom admits:

“I wasn’t a part of those conversations so I can only speculate”

Yet he voted to remove access based on information he now admits he didn’t fully understand. Martin’s response suggests the board was either:

1. Deliberately misled about maintainer affiliations and the governance work
2. Negligently uninformed when making critical decisions
3. Complicit in creating a false narrative

The Funding Ultimatum: Who Threatened Ruby Central?¶

Freedom claims they faced an ultimatum: “Either Ruby Central puts controls in place… or lose the funding.”

But who made this threat? Freedom doesn’t specify which sponsors or funders demanded these changes. The implication is clear: external pressure drove this decision, not internal security concerns.

(Note: Martin Emde, who worked closely with Alpha-Omega previously, confirms they advocate for genuine security with a hands-off approach, making them unlikely to be the source of this ultimatum.)

Martin’s Closing: Respect Despite Betrayal¶

Martin ends with remarkable grace:

“Freedom, I respect you and care about you. Thank you for serving on the board and for trying to do the best for ruby. I appreciate your write-up. My responses are meant to share information and perspectives I had, but given the same information, I’m sure I would have voted the same way.”

This isn’t anger—it’s worse. It’s pity for board members who were manipulated into destroying what they claimed to protect.

The Questions That Remain¶

After Freedom’s confession and Martin’s rebuttal, critical questions emerge:

1. Who was the maintainer who “broke the shared contract” on September 9?

   • This person enabled the entire takeover
   • Were they promised something in return?

2. Who threatened Ruby Central’s funding?

   • What were the actual terms of the ultimatum?
   • Was this coordinated with the September 9 betrayal?

3. What did the board really know?

   • Freedom admits ignorance of key conversations
   • Were other board members equally uninformed?

4. Why exclude specific maintainers permanently?

   • Martin reveals certain people were blacklisted
   • What criteria determined who could never return?

The Real Governance Crisis¶

This isn’t just about repository access anymore. It’s about:

• Board members voting on incomplete information
• External funders dictating internal governance
• Betrayal from within the maintainer ranks
• Lies about who was affiliated and who wasn’t
• Permanent exclusion of certain maintainers
• Security made worse in the name of security

The Community Deserves Better¶

Freedom Dumlao deserves credit for breaking ranks and sharing his perspective, even if it reveals troubling incompetence or deception. His confession shows:

1. The board didn’t understand what they were voting on
2. They were given false or incomplete information
3. External pressure drove the decision
4. They genuinely believed it was temporary

Martin Emde deserves recognition for his measured, factual response that exposed every lie while maintaining respect for the humans involved.

What Happens Next?¶

The Q&A is over, but the crisis deepens. We now know:

• The board was either deceived or complicit
• Someone inside betrayed the maintainers
• External funders forced the action
• Security got worse, not better
• Some maintainers are permanently banned
• The governance RFC was a smokescreen

Ruby Central has a choice: Come clean about who threatened their funding, who betrayed the maintainers, and who decided certain people could never return—or watch their credibility evaporate entirely.

The community has a choice too: Accept governance by ultimatum and betrayal, or demand transparency and accountability.

To Freedom Dumlao: Thank you for your honesty, even if it reveals uncomfortable truths. Your love for Ruby is clear, even if your vote was misguided.

To Martin Emde: Thank you for your grace under pressure and for systematically exposing the truth without descending into anger.

To the maintainer who betrayed your team on September 9: The community will eventually learn who you are. Consider coming forward on your own terms.

To Ruby Central: The truth is coming out. The question is whether you’ll be part of revealing it or buried by it.

Captain Seuros, Documenting the Collapse

“In the end, it wasn’t the external enemies that destroyed trust—it was the betrayal from within.”

DEVELOPING STORY¶

This article will be updated as more information emerges from the Q&A fallout and community responses.