RE: https://social.lfx.dev/@openssf/116527089393674087

Open infrastructure isn't free. 🌱

Packagist/Composer signed a joint
OpenSSF letter with PyPI, crates, Maven, CPAN, etc on real cost of running package registries.

Packagist needs to finance staff, not just hardware and bandwidth. Contact me if your company's interested in joining our sponsorship program for its launch this month while we work on long term solutions.

#php #phpc #composerphp #softwaresupplychain #PreserveOpenSource #FreeSoftwareIsntFree #OpenSource #Sustainability

Open Infrastructure Is Not Free. Part II is here.

10 trillion open source package downloads in 2026. More than 1 billion per hour. Still running on donations and volunteers.

AI is accelerating consumption and attacks. Registry leaders have formed the Sustaining Package Registries WG to change that.

Read Part II: https://openssf.org/blog/2026/05/06/open-infrastructure-is-not-free-part-ii-the-hidden-cost-of-running-package-registries/

#PreserveOpenSource #FreeSoftwareIsntFree

The future of digital innovation depends on sustainable #opensource infrastructure.

Learn how businesses can help ensure long-term sustainability in #EclipseFdn Executive Director Mike Milinkovich’s latest blog: hubs.la/Q03Kz6D50 #PreserveOpenSource #SoftwareSupplyChain #OpenSourceResponsibility

Registries like PyPI, Maven Central & crates.io power the ecosystem.

They can’t run on goodwill alone.

OpenSSF endorses the Joint Statement on Sustainable Stewardship.

👉 https://openssf.org/blog/2025/09/23/open-infrastructure-is-not-free-a-joint-statement-on-sustainable-stewardship/

#PreserveOpenSource