[jzb]

FTA: "Ultimately, package registries need to align their incentives with those of maintainers."

Putting it all on the registries to come up with a viable business model and provide this to maintainers without any responsibility[1] on the part of the maintainer seems really one-sided.

It costs quite a bit of money to run something like Docker Hub or NPM. If you want something aligned software maintainers first and foremost, you want a non-profit / foundation that's got priorities aligned with the larger community and not a for-profit entity that has to justify keeping the lights on.

Kinda silly headline, too. There are many package registries, but we only see two here that have business models interfering with distribution of software. Only one that's really impeding the ability to host software elsewhere if you don't like their business model.

Docker Hub's rate limits seem unlikely to impact most usage of Docker, and people who're pulling 200 images every six hours should either seek to set up their own registry to take the load off Docker Hub or throw some money to help shoulder the costs. Even if the user's only grabbing Alpine images at 5MB per image, 200 in six hours starts to add up!

[1] Granted maintainers may do a lot of work in actually maintaining the software.

[emilsedgh]

It costs quite a bit of money to run something like Docker Hub or NPM. If you want something aligned software maintainers first and foremost, you want a non-profit / foundation that's got priorities aligned with the larger community and not a for-profit entity that has to justify keeping the lights on.

This is an interesting thought. Linux Foundation has a good corporate backing. FSF traditionally provided the backbone in terms of compilers and userland basics. Maybe their 21st century task (and what keeps the relevant in this age) should be such infrastructure.

Apache Foundation is also an interesting candidate for this. I think they also had a good corporate backing.

[realquadrant]

What do you see as pros and cons of having the Linux Foundation running it and what are the core features?

[mcguire]

"Docker Hub's rate limits seem unlikely to impact most usage of Docker, and people who're pulling 200 images every six hours should either seek to set up their own registry to take the load off Docker Hub or throw some money to help shoulder the costs. Even if the user's only grabbing Alpine images at 5MB per image, 200 in six hours starts to add up!"

Maybe there's something technically wrong with the Docker model?

[sp332]

I was amazed anyone tried to make a free Docker registry. It's like making a CDN, except instead of individual files, it's for a whole app and all of its dependencies. It's a crazy amount of data for storage and bandwidth.

[twunde]

It's more akin to making and then running a CDN but only charging 10% of customers. I'm sure Docker the company was writing it off as a marketing expense, but if they were running this in one of the public clouds that charge for egress, they were paying out a boatload of money just in egress charges (plus more in storage costs)

[wmf]

making and then running a CDN but only charging 10% of customers

Like CloudFlare? Freemium can be a very successful business model.

[edoceo]

can - which leaves lots of room for doesn't

[ris]

Well of course you've got to do that in the first place to get people to sign up to the docker model and become dependent on registries in the first place.

[jrochkind1]

Yeah. What if someone had said "Wait, is this sustainable?" before building up a docker-based solution that. (I wonder if we can find any archived discussions wondering that, or if we're just so used to thinking "things can scale for free indefinitely on the internet" that nobody wondered?)

Now that they have it, the cost they are willing to pay is based in part on cost-of-switching. Which is pretty enormous, directly and indirectly, when entire ecosystems based on docker have been iterated.

[tshaddox]

I wouldn’t call the need for caching to ensure good performance “something technically wrong.”

[stubish]

A properly designed registry doesn't have to cost much to run. The costs are incurred when people use the registry for distribution, or for all the infrastructure needed to monetize the registry and track users. All a registry needs to provide is an index of URLs, signing keys, and some useful metadata to enable discovery. Trivial in its purest form, with more cost if you want advanced features like ratings or curation or your own authentication service.