Jared-
In light of the situation going on with NPM right now these are all good questions to ask.
I just looked through our help site for relevant issues. From what I can find, we try to contact the gem owner and get them to remove the gem if possible in discussion with the person who is trying to gain access over a gem namespace. I don't see any issues in our help site where we forcibly removed access to a gem. Usually we can find a resolution with the author of the gem + who published it to RubyGems.org. We have had one DMCA takedown notice, which we published here:
https://github.com/rubygems/dmca
We still don't have a Terms of Service, Privacy Policy, Ownership Policy, or a Trademark Policy in general. It's been years since we started to discuss about one but no one has really pushed it through. Some public discussion of this, including a big thread on this list:
We do have draft versions of these policies, based on NPM's policies from mid-2015 (they're CC-licensed). We haven't published them or had any legal review of them yet.
Since people aren't paid to work on RG.org full-time (only recently paid at all thanks to RubyTogether) - this kind of work has fallen by the wayside. That's a pretty awful excuse though - and one I'm not proud of. I'll email the board at Ruby Central (the non-profit organization helps finance + run the site) to see how we can proceed here and get those policies published, and a solid answer about what we would do in a similar situation.
Thanks,
Nick