10 Trillion downloads are crushing open-source repositories
5 hours ago
- #software supply chain
- #open-source
- #sustainability
- Open-source repositories handle over 10 trillion downloads annually, straining infrastructure and risking collapse.
- Major repositories are forming a working group under the Linux Foundation to address sustainability issues like funding, governance, and security.
- A key problem is excessive automated traffic from companies using registries like CDNs, with 82% of demand from 1% of IPs.
- Registries are critical to software supply chains, and their failure could impact banks, hospitals, and governments globally.
- Sustainability efforts focus on economic models, collective defense against threats, governance frameworks, and educating stakeholders on costs.
- Current funding relies on donations, credits, and volunteer efforts, which don't scale with growing demands.
- The initiative involves collaboration among multiple foundations and registry leaders to create shared solutions and transparency.