The Rust Foundation is proud to join the Sustaining Package Registries Working Group as a founding member. As open source consumption approaches 10 trillion downloads annually, the gap between what registries like crates.io demand and the resources to sustain them has become a supply chain risk. It's time to treat registry sustainability as a shared responsibility.

https://rustfoundation.org/media/rust-foundation-and-package-registry-leaders-unite-to-address-open-source-sustainability-crisis/

#rustlang #opensource #FreeSoftwareIsntFree

RE: https://social.lfx.dev/@openssf/116527089393674087

Open infrastructure isn't free. 🌱

Packagist/Composer signed a joint
OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.

Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.

#php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability

Open Infrastructure Is Not Free. Part II is here.

10 trillion open source package downloads in 2026. More than 1 billion per hour. Still running on donations and volunteers.

AI is accelerating consumption and attacks. Registry leaders have formed the Sustaining Package Registries WG to change that.

Read Part II: https://openssf.org/blog/2026/05/06/open-infrastructure-is-not-free-part-ii-the-hidden-cost-of-running-package-registries/

#PreserveOpenSource #FreeSoftwareIsntFree