Comment by passive
2 hours ago
This is my concern as well. If critical open source packages become dependent on these corporations for "secure" releases, does that enable them to force ID verification into packages, for example? Related, but most of the smart folk I know think Open Source AI means Anthropic and OpenAI are financially impossible. A lot of the companies signed onto this are heavily, heavily leveraged by those two, and have significant incentive to disrupt Open Source AI before all their customers get sticker shock. I've been waiting to see what their move would be, and this might be part of it.
USA is making deals with EU companies forcing them to guarantee no open source software included in their products comes from china or russia. Which makes me think that despite what the folks from pypi keep saying, identifying everyone on github and only allowing projects from github to upload to npm/pypi is one of the goals here.