[josteink]

> If we had instead simply mirrored everything into a registry at a big cloud provider

You would have had to authenticate to access that repo as well.

[rjst01]

Amazon ECR for instance provides the option to host a public registry.

[wiether]

> Data transferred out from public repositories is limited by source IP when an AWS account is not used.

https://aws.amazon.com/ecr/pricing/?nc1=h_ls

> For unauthenticated customers, Amazon ECR Public supports up to 500GB of data per month. https://docs.aws.amazon.com/AmazonECR/latest/public/public-s...

I don't see how it's better.

[a022311]

`mirror.gcr.io` works fine for many popular images on Docker Hub.

[lowercased]

Wouldn't they get a choice as to what type of authentication they want to use then? I'd assume they could limit access in multiple ways, vs just the dockerhub way.