Chef Software was stuck in justification mode on Friday, after the revelation it had supplied software to the US immigration authorities (ICE) prompted a software developer to pull code that is key to the automation vendor’s platform.
The existence of the $95,000 contract emerged early last week, and as our sister site The Register reported, prompted DevOps guru Seth Vargo, to yank some of his Ruby Gems offline. Modern software being what it is, this brought some Chef deployments to a shuddering halt.
Vargo told The Register on Thursday. “When I learned that my code was being used for purposes that I perceive as evil, I had to act.”
Chef swiftly forked the code in question, removing credit to Vargo in the process, while CEO Barry Crist issued a company wide email, arguing that it was not business’ role to “examine specific government projects with the purpose of selecting which US agencies we should or should not do business.”
On Friday, it was CTO Corey Scobie’s turn to bare his soul to the Chef community after “one of the most trying days of my career”.
“As an immigrant myself, and a father of two daughters, I too am disgusted with the actions that we see in the headlines on a seemingly regular basis today in this country. And I look forward to taking to the polls as an expression of my views on these subjects,” he continued.
He then went on to say that, “Chef’s software deal with ICE is not structured or intended by any means to enable any of the abhorrent behavior this community has been concerned about, such as separating children. What it is intended to do is arm IT professionals with the tools they need to insight [sic] change through knowledge”.
“What if the IT professionals tasked with their role inside ICE could actually help reduce the number of separated families by having visibility and the information they need to stop raids before they happened?” he asked. “I want so badly to believe that to be true.”
Scobie pledged to be more open and transparent in future. And within hours, he was, taking to the Chef blog again to give more context to Chef’s reaction to Vargo’s gem pulling.
He said that the author of the gems in question had been employed by Chef when they authored them. “In order to remove the gems, they first removed the other owners and took unilateral action to yank the gems, violating established processes for making OSS changes and improperly removing property which Chef owned.
He insisted, “This ownership has been established through the GitHub history of commits, licenses, etc. The individual did not have Chef’s permission to remove these items from the RubyGems site.”
He admitted that during the “remediation” steps the name of the author of the gems had been changed to Chef, but this had since been reversed. However, he continued, Chef’s ownership had also been “determined” by the RubyGems organisation, which had restored the gems and namespace.
If Chef had hope Scobie’s statements would dampen the outrage over its position over the weekend, a quick glance at Twitter this morning w would have left it sorely disappointed.
If there’s a crumb of comfort for Chef, it’s that this is hardly a new issue. Tech companies have been getting themselves into trouble over “government work” as long as there have been tech companies – or at least since IBM maintained a German subsidiary in the 1930s.
Two big differences today are, firstly, that old school tech companies didn’t make great play of their “community” involvement, greater social missions, or urge to not be evil, and, secondly, didn’t have to worry much about dependencies.