At Sonatype we’ve been the stewards of the Central Repository (Central), the world’s largest component repository of Java and other JVM related components since 2007. Based on this experience, I’ve learned first hand how challenging it can be to serve as the steward for a public repository. I know how hard it is to gain and keep the trust of millions of open source software developers. In my humble opinion, earning trust starts with “picking up a shovel” and solving a problem on behalf of a community to help it grow and flourish. Community trust is further amplified when you can muster enough resources to solve the same problem in a reliable and scalable manner over a period of many years.
But, here’s the thing; operating a public repository in support of millions (Read more...)
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Brian Fox. Read the original post at: https://blog.sonatype.com/microsoft-acquires-npm-a-healthy-move-for-critical-public-infrastructure