I have read many of the allegations against Andre, and find them to fall into:

1) Hyperbolic takes on a perceived 'communication problem' when Andre defends strong design decisions that have impacts on the Ruby ecosystem. Anyone doing what Andre does is going to have impacts on the ecosystem, that is the point. I think the ease of maintaining Ruby systems speaks to the overall good outcomes these discussions have had, and Andre's part in them.

2) Personal dislike of Andre due to disagreements over politics and/or worldviews, usually stemming from assertions of 'woke code' or something like that.

3) Distaste over Andre trying to make a living off doing what they love. This is usually couched in the 'shady' type language you have used a few times. I think that is a weird take on what are just common schemes to use data for monetization purposes, so that Andre can make a living doing design and maintenance. Nothing I have ever seen makes me worried for my data in Bundler or Rubygems.

If your main concern is that 'bad things could happen with Andre running Bundler' I have to question if it isn't just as likely, if not more likely, that bad things will happen with a Shopify run RC board running Bundler. Their motivations are much less clear other than being a corporation that is profit driven, so I can't say with confidence they won't put that motive above 'good software decisions' when push comes to shove. I don't see them as de-facto making the Ruby supply chain better by any means. Time will tell.