In September 2019, a developer of (at least) four popular packages tied to the Chef ecosystem yanked them from RubyGems. Seth Vargo, the developer and a former employee of Chef, did so because the company's contract with United States' Immigration and Customs Enforcement (ICE). Users who already had the packages in question were not impacted, while chef-client runs for others were impacted.
The company republished the packages while also reaching out to RubyGems to have ownership of the gems restored to them. They also removed author attribution to Seth Vargo when doing so, which they claimed was a mistake and fixed. The act of republishing the packages (with the authorship attibution) is within the bounds of the open source license, in this instance the Apache license.
- Chef post about the incident: https://www.chef.io/blog/an-update-to-the-chef-community-regarding-current-events, archived at https://archive.md/uzFdw
- RubyGems statement about the incident: https://blog.rubygems.org/images/rubygems-chef-statement.pdf, archived at https://archive.md/TBxua
- GitHub thread about chef-api being unavailable: chef-boneyard/chef-api#69, archived at https://archive.md/k1sQy
- The Register article about the incident: https://www.theregister.com/2019/09/20/chef_roasted_for_ice_dealings/
- Wired article about the incident: https://www.wired.com/story/developer-deletes-code-protest-ice/
- Tweet from Seth Vargo: https://twitter.com/sethvargo/status/1174863676513366016, archived at https://archive.md/Hd49t