[ilghiro]

Yeh it's definitely preferable to have one of the two developers your small startup can probably afford spending a good portion of their time rolling out, securing and maintaining your own infrastructure

[bad_user]

GitHub is not meant for distributing dependencies. Maven Central on the other hand is, the difference being that it is mirrored and if repo1.maven.org goes down, it's not a big deal and your project can still be built and deployed.

[wereHamster]

.. until they become a target of a DDoS.

Also, if GitHub is down you can still fetch your dependencies from somewhere else.

[JumpJumpJump]

You have not understood the concept of 'mirrored'.

[chopman]

Well I guess all mirrors could get targeted. Also, what stops github from getting mirrors themselves?

[biggestbob]

Yeh cos those are two only two options available. Good thinking.

[satanrepents]

An internal GitLab install isn't that time consuming to maintain. Also: dat false dichotomy.

[modarts]

False dilemma much? Private versions of most dependency repos exist (npm, maven, etc)