|
|
|
|
|
|
by krab
2311 days ago
|
|
|
I think that's the issue of cost/reward. The cost is - N developers can't work for X hours - or the company can't release new versions due to CI dependency on the registry. - or the registry removes a package you were using - or the existing package contents changes to something malicious BUT you pay this price very occasionally and if you're a small shop, the cost is often negligible. On the other hand, maintaining your own mirror has very real costs even though they can be small. One time setup, hardware, sometimes license or hosted service fee, security upgrades. When there's a sponsor maintaining the central repository, having very good uptime and offering it for free, the marginal utility of a local mirror is quite small. |
|
|