[majewsky]

Also, thanks to the stupid design decisions of most package managers, you will have trouble getting anything done anyway if github.com is down, even if you just get dependencies from there. If that problem affects you, then self-hosting your Git repo may just add a second point of failure.

[quickthrower2]

You want to be setup so you can do a build completely offline of head or any tag. GitHub being down shouldn't make a difference. If the PM is getting in the way of that then dump it.

[majewsky]

Rebuilding the entire toolchain of your language sounds like a colossal waste of time when you just wanted to avoid a few hours per year of developer downtime.

[quickthrower2]

No need to rebuild everything. Simply having the "DLLs" or equivalent checked in or in a maven/NuGet folder backed up would do the trick.

Your not just saving developer downtime. Remember that non incident a few months ago? Could be a security issue too.

[quickthrower2]

Edit: npm incident