Something irks me about volunteers spending real money to support all the OSS freeloading businesses. I'm talking about companies with a market cap in the $Billions. Almost none of them can be bothered to kick back even a modicum of financial support to the authors of the software that runs their business, and to add insult to injury, they in fact soak the members of community who distribute the binaries for their bandwidth.
I think Digitalocean has their own package mirror for their image.<p>AWS is just being ignorant. If I were in charge of Fedora infrastructure I'd block them and send them instructions on how to setup a mirror.
I wish apt, dnf/rpm, flatpak, etc utilized a decentralized distribution option, like IPFS or BEP46 Mutable Torrents. It would be neat if the project leads seeded new package update hashes, volunteers ran seedboxes instead of http mirrors, and clients had (default-on?) seeding of package binaries in addition to only downloading. It would be neat to see the open source community contributing to support each other's experience.
Suppose you have an Artifactory server that mirrors/caches a lot of public stuff so one is (hopefully) a good citizen and don’t spam public mirrors with constant requests for the same thing.<p>But every tool has its own config to set to use the Artifactory. One setting for the OS package manager (which is different for different Linux distributions), another for PyPI, another for NPM (or Yarn or whatever), another for Maven/Gradle, something else for Go, then I need to download this Postgres extension and build it from source - the list goes on. So almost inevitably something gets missed and one ends up not being as good a citizen as one ought, and then one day some random Jenkins job is failing because some external dependency could not be downloaded.<p>I wish there was an easier way. Like some standard mechanism for saying “for this URL use this proxy”.<p>I guess one could just use a proxy server (http_proxy environment variable) but with most things on HTTPS it needs to MITM the TLS which then means you need that certificate installed in the build process - which is another one of those “everything can do it but everything does it differently” problems. And in any event, MITM is a bad smell.
> Amazon Cloud Traffic Is Suffocating Fedora's Mirrors<p>An astounding milestone for the English language.<p>Imagine what this sentence possibly could have meant in 1990.
It always surprised me that no one complained about the current trend of having automated process or build quasi systematically retrieving packages from public repositories like pypi, debian, GitHub, ... Each time a debian image or something is build, or an automated test or GitHub action is run. Without personal cache.<p>A decade ago, each company used to have its own cache of all public packages for CI/CD, but it looks like that bo one cares anymore.
It might be more appropriate to link to the original blog post: <a href="http://smoogespace.blogspot.com/2024/05/where-did-5-million-epel-7-systems-come.html" rel="nofollow">http://smoogespace.blogspot.com/2024/05/where-did-5-million-...</a>
Checks out. The normal stuff is mirrored but not EPEL <a href="https://repost.aws/knowledge-center/ec2-enable-epel" rel="nofollow">https://repost.aws/knowledge-center/ec2-enable-epel</a>
Start putting ever harsher rate limits on their IP ranges in place until AWS has an actual human reaches out bypassing their so-called "support" channels by making their problem?
So I know this is only kind of relevant, but... why is EPEL on Fedora mirrors at all? AFAIK EPEL is specifically for RHEL et al. and its packages don't even target Fedora.