# Marty Haught: Rethinking Technical Debt—Is It Really Just Drift? EP-199 | February 18, 2025 | 52:39 Is "technical debt" really the best metaphor for aging software? Marty Haught suggests a better one—drift. He joins Robby to discuss how software naturally diverges from its original intent, the challenge of sustaining open-source projects, and what companies can do to support critical infrastructure like RubyGems. ## Show Notes ## Episode Overview [Marty Haught](https://www.linkedin.com/in/martyhaught/) joins Robby to discuss the sustainability of [**open-source projects**](https://rubycentral.org/open-source/), the challenges of maintaining [**RubyGems**](https://rubygems.org/), and why the metaphor of **technical debt** may not fully capture how software ages. Instead, he suggests thinking of it as **drift** —the natural misalignment of software with its evolving purpose over time. They also dig into **security challenges** in package management, including how Ruby Central worked with [**Trail of Bits**](https://blog.trailofbits.com/2024/12/11/auditing-the-ruby-ecosystems-central-package-repository/) to audit RubyGems. Marty also shares insights on the [**EU Cyber Resilience Act**](https://github.blog/open-source/maintainers/what-the-eus-new-software-legislation-means-for-developers/) and how it might affect open-source maintainers worldwide. Finally, they explore how companies can support open-source sustainability through [**corporate sponsorships**](https://rubycentral.org/corporate-sponsorship/) and individual contributions. ## Topics Discussed - [00:01:00] **The two pillars of maintainable software:** [good tests](https://rubycentral.org/open-source/) and readability. - [00:02:40] **From Perl to Ruby:** How [readability](https://rubygems.org/) changed Marty's approach to programming. - [00:07:20] **Is technical debt the right metaphor?** Why ["drift"](https://github.blog/open-source/maintainers/what-the-eus-new-software-legislation-means-for-developers/) might be a better fit. - [00:11:00] **What does it take to maintain RubyGems?** Marty's role at [Ruby Central](https://rubycentral.org). - [00:14:00] **Security in package management:** How [RubyGems](https://rubygems.org/) handles vulnerabilities. - [00:16:40] **The role of external audits:** Partnering with [Trail of Bits](https://blog.trailofbits.com/2024/12/11/auditing-the-ruby-ecosystems-central-package-repository/) for security improvements. - [00:20:40] **EU Cyber Resilience Act:** How new regulations might affect [open-source projects](https://rubycentral.org/open-source/). - [00:34:00] **Funding open source:** Why [corporate sponsorships](https://rubycentral.org/corporate-sponsorship/) are becoming essential. - [00:38:20] **Processes in distributed teams:** Balancing structure with flexibility. - [00:44:45] **Advocating for technical debt work in teams:** How to make a compelling case. ## Key Takeaways - **Technical debt is often misunderstood.** The real issue may not be shortcuts taken in the past, but the way software naturally drifts from its original purpose. - **Security in package management is a growing concern.** Open-source ecosystems like [RubyGems](https://rubygems.org/) require continuous investment to remain secure. - **Open source needs sustainable funding.** Relying on volunteers is not a long-term solution—companies need to contribute via [corporate sponsorships](https://rubycentral.org/corporate-sponsorship/). - **Advocating for code improvements requires strategy.** Engineers should frame technical debt discussions around business impact, not just code quality. ## Resources Mentioned - [Marty Haught on LinkedIn](https://www.linkedin.com/in/martyhaught/) - [Marty Haught on Twitter](https://twitter.com/mghaught) - [Ruby Central](https://rubycentral.org) - [RubyGems](https://rubygems.org) - [Auditing the Ruby Ecosystem’s Central Package Repository – Trail of Bits](https://blog.trailofbits.com/2024/12/11/auditing-the-ruby-ecosystems-central-package-repository/) - [EU Cyber Resilience Act Overview](https://openuk.uk/the-eu-cyber-resilience-act/) - [What the EU's New Software Legislation Means for Developers (GitHub Blog)](https://github.blog/open-source/maintainers/what-the-eus-new-software-legislation-means-for-developers/) - [Ruby Central Open Source Program – Get Involved](https://rubycentral.org/open-source/) - [Corporate Sponsors Program](https://rubycentral.org/corporate-sponsorship/) - [Give and Take by Adam Grant](https://adamgrant.net/book/give-and-take/) ## Connect with Marty - [LinkedIn](https://www.linkedin.com/in/martyhaught/) - [Twitter](https://twitter.com/mghaught) - [BlueSky](https://bsky.app/profile/mghaught.bsky.social) ### Thanks to Our Sponsor! [**Jelly**](https://letsjelly.com/maintainable?jelly_ad=maintainable&utm_campaign=winter_podcasts_2025&utm_medium=podcast_ad&utm_source=maintainable_podcast) **is the simplest, most affordable way to deal with your “contact@...” emails.** Tired of sharing an email login, or CCing colleagues to loop them into conversations? Terrified by the dizzying total cost of big-name “customer support” tools? [Jelly](https://letsjelly.com/maintainable?jelly_ad=maintainable&utm_campaign=winter_podcasts_2025&utm_medium=podcast_ad&utm_source=maintainable_podcast) is the answer. Whether it's for customer support, community organizing, or even managing band emails, Jelly helps your team share an email inbox and manage your conversations in a simple, elegant way. Use the  **"I got this”** feature to communicate responsibility, and  **private comments** for internal discussions. Jelly is perfect for small teams — because it was built by a small team. And, Jelly is _actually affordable_ — **team-based pricing**  means everyone can pitch in with your team’s conversations with customers, clients and beyond. **Bonus for Maintainable listeners** Get **20% off your first year** at [letsjelly.com/maintainable](https://letsjelly.com/maintainable?jelly_ad=maintainable&utm_campaign=winter_podcasts_2025&utm_medium=podcast_ad&utm_source=maintainable_podcast). ## Transcript