I've seen enough to confidently say of the Ruby Central issue:
What the fuck?
A FOSS foundation is meant to be a steward for an ecosystem and all the players in it. It's a vehicle used to convene, make decisions, and allocate resources. And they're only as effective as they are trusted.
It is absurd to unilaterally revoke access of maintainers & wrap it in supply chain security/open gov lingo, while those same maintainers already sought those improvements.