this post was submitted on 25 Sep 2025
        
      
      125 points (100.0% liked)
      Opensource
    4173 readers
  
      
      59 users here now
      A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!
⠀
        founded 2 years ago
      
      MODERATORS
      
    you are viewing a single comment's thread
view the rest of the comments
    view the rest of the comments
Okay, I'm a decision maker overseeing some of those CICD pipelines belonging to a small corp (thankfully not the AI scrapers tho).
I don't make financial decisions, so I can't support FOSS from the corp coffers directly.
Other than caching (that we already do for security purposes), how can I limit our footprint in this?
Have you asked?
I have. It just goes nowhere. The number of people you need to sign off what is essentially a donation is just too high. You always hit someone who says "why do we need to do this?" and the answer is "we don't".
You need some actual benefit before most companies will actually pay money. It doesn't have to be huge though. Sometimes support is enough (as long as you don't also offer free support e.g. via GitHub issues). Phabricator did that and it seemed to work.
Open core also definitely works. My company pays for GitHub premium because we need the features - primarily merge trains.
They're very rarely going to donate out of the goodness of their hearts, and if you expect them to do that because you think they are morally obliged to then you're going to be disappointed.
You need a price. If you say, we need this infrastructure or technology and it costs x dollars, that can be justified, approved, and budgeted.
In most places I have worked, “my department uses something we get for free but they really want us to contribute what we can” would go exactly nowhere. Pushing too hard may actually even lead up a directive to switch to something less problematic, maybe even something commercial (that has a definitive price).
Assess and cache your package pulls. Make sure you're not pulling unchanging data on each build. Cache partial builds, or proxy dependency-pulled packages.
https://www.sonatype.com/blog/free-isnt-free-the-hidden-costs-of-tooling-decisions-in-open-source-infrastructure#%3A%7E%3Atext=We+Can+Do+Better