"Earlier today, a former Chef employee removed several Ruby Gems, impacting production systems for a number of our customers."<p>So the developer already had left the company but one of his own Open Source code hosted on his personal github was used in production by Chef Customers ? Really ? That is just Wow. I don't have any strong opinions on whether he did the right thing but this absolutely surprises me. Running a small company, I am very strict against any of us using any personal accounts for anything that impacts our company work especially production. This has to be a no no by default I would assume.
Not completely related, but the tone of the two tweets linked in the article doesn’t make sense to me. The first is a reasonable request for a comment about an issue that Shanley cares about, but it’s immediately followed by a comment a minute later screaming at Chef to take a certain action while hurling epithets at them in all-caps. How can you possibly assume good faith from the first comment after reading the second? Why didn’t she just go straight to attacking them if that was clearly her intention?
The technicals of the story are interesting around the software supply chain.<p>I’m put off by the statement: “I want to be clear that this decision is not about contract value—it is about maintaining a consistent and fair business approach in these volatile times,” he wrote. “I do not believe that it is appropriate, practical, or within our mission to examine specific government projects with the purpose of selecting which U.S. agencies we should or should not do business.”<p>I hear about practicality all the time at my office and sometimes it’s real and sometimes it’s laziness. This sounds like a little of both but also profit motivated (not saying that’s wrong for a for-profit company).<p>Interested in your options on code of ethics and the above.
"<i>Another user pointed out that Chef isn’t the only company to profit from working with ICE. Microsoft has raked in $4.6 million, IBM has received $1.6 million, and CISCO has received about $500,000 through their work with ICE.</i>"<p>Those numbers seem very low. Is this just for one year or one contract?
Seth, as a person that has learned a lot from you over the years and benefited from your work while at Chef, Hashicorp, and Google Cloud, this act has only increased my respect for you. Thank you for taking a stand against oppression and injustice.
I expect that, to be ethically consistent, this developer will also return all salary or payments he received while creating this now-deleted code.<p>I think leaving a job is a better protest than doing damage to your employer. And perhaps for his next contract, he might insert a clause limiting what his code can be used for. In limiting the utility of the code he sells, I expect he'd be taking a lesser pay rate for it.