#Tag · bonfire.cafe

Another great #FOSDEM talk from Michael Winser at @openssf / #AlphaOmega about the terrible economics of package registries like #NPM #maven #PyPi #RubyGems #crates

https://fosdem.org/2026/schedule/event/8WJKEH-package-registry-economics/

Some charts from different registries are at https://go.xwind.io/registry-research-report

The slide below is a take on some of the common "solutions" that people come up with for funding registries (also applicable to non-registry products with large numbers of downloads) and what might happen if you choose them

Can we price per download? Bandwidth? Charge publishers? Offter chargeable enterprise features?

Open Source Package Ecosystem Dashboard

FOSDEM 2026 - The terrible economics of package registries and how to fix them

Stewart X Addison

@sxa@fosstodon.org · 2 weeks ago

Just caught up on this great talk at @fosdem #FOSDEM2026 from the people at @dangerzone about how to create reproducible containers images (with docker or podman) Definitely a few gotchas in there and stuff I wasn't aware with, but I have been wondering about this topic recently:
https://fosdem.org/2026/schedule/event/RYM8SF-repro-build/

FOSDEM 2026 - Who’s reproducing the reproducible images?

Stewart X Addison

@sxa@fosstodon.org · 2 weeks ago

Another great #FOSDEM talk from Michael Winser at @openssf / #AlphaOmega about the terrible economics of package registries like #NPM #maven #PyPi #RubyGems #crates

https://fosdem.org/2026/schedule/event/8WJKEH-package-registry-economics/

Some charts from different registries are at https://go.xwind.io/registry-research-report

Open Source Package Ecosystem Dashboard

FOSDEM 2026 - The terrible economics of package registries and how to fix them

Alton Barrett

@barrettaltonh@mastodon.social · 5 months ago

@vruz @QasimRashid aye

#Hopeful* / #Hopeless

#Ego #Desire
#Peace

#REDSECTORA

#Americas
{ #South #Central #North #America ( ¿| #Grace )
“.A complete break with the past and a fresh start in each now moment: grace #WhatIsLightbody #Tachiren

#HumanOutcry
¿\ON TYRANNY – LESSONS 1 - 20, 7: Be Reflective If You Must Be Armed |

Timothy Snyder
https://youtube.com/watch?v=-jNOevQIboY&list=PLhZxrogyToZsllfRqQllyuFNbT-ER7TAu&index=7 #Om #Shalom
#ExodusAlliance

#music
*¿| #MANHATTENPROJECT
#SongBy #RUSH
#GRACEUNDERPRESSURE

#AlphaOmega
#OmegaPlusOne #Victory

Stefano Marinelli boosted

FreeBSD Foundation

@FreeBSDFoundation@mastodon.social · 6 months ago

How do you secure thousands of open-source projects?

At the June 2025 FreeBSD Developer Summit, Michael Winser shared three years of lessons from the Alpha-Omega project—covering supply chain risk, rapid audits, and sustainable funding.

📺 Watch here: Lessons From Funding Open Source Security Over the Past 3 Years, What’s Ahead
https://youtu.be/6DoT-eFH6tY?si=M_zlAfXFrCrvj36_

#BSDCan2025 #OpenSourceSecurity #AlphaOmega #FreeBSD