This is an issue caused by the fact we sold software as being FREE and now businesses have an expectation that software is free to make; thank you random guy in Nebraska.
I would love to have a paid curated package repository, but it would be really hard to sell.
I know a handful of companies who care that much about their security not to depend on OSS libraries.
Even FANG don't care.
If you can raise some money and get enough sales firepower to close big contracts with the few security conscious actors, this might become reality.
I would love to have a paid curated package repository, but it would be really hard to sell.
I know a handful of companies who care that much about their security not to depend on OSS libraries. Even FANG don't care.
If you can raise some money and get enough sales firepower to close big contracts with the few security conscious actors, this might become reality.