Comment by Spivak
2 months ago
> Run postgres on a $5 VPS and have everybody accept it as single-point-of-failure
Oh how times have changed. Yes, maybe run two $5 VPSs behind a load balancer for HA so you can patch and then put a CDN in front of it to serve the repository content globally to everyone. Sign the packages cryptographically so you can invite people in your community to become mirrors.
How do people think PyPI, RubyGems, CPAN, Maven Central, or distro Packages work?
Sure let me put all that on my credit card because some guy doesn't like git.
The situation that PyPi is in is clearly worse: https://stackoverflow.com/questions/39537938/how-do-i-downlo...
You wouldn't be the one paying for it, like PyPi you would upload your package to them.
When you bootstrap your package ecosystem using git forges for hosting there's no index at all so I'm not really sure what the argument is.
The target audience for the article are people building these systems, so the people who would have to pay for the centralized infrastructure.
With git there's a sync protocol built-in that allows anybody who's interested to pull a copy of the index (this shouldn't be the default distribution model for the package clients, but anybody who truely wants it can pull it). PyPi is keeping their index private and you'd have to scrape all data through a heavily rate-limited API.