this post was submitted on 25 Sep 2025
125 points (100.0% liked)

Opensource

4173 readers
59 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

CreditsIcon base by Lorc under CC BY 3.0 with modifications to add a gradient



founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] HK65@sopuli.xyz 6 points 4 weeks ago (2 children)

Okay, I'm a decision maker overseeing some of those CICD pipelines belonging to a small corp (thankfully not the AI scrapers tho).

I don't make financial decisions, so I can't support FOSS from the corp coffers directly.

Other than caching (that we already do for security purposes), how can I limit our footprint in this?

[–] patrick@lemmy.bestiver.se 1 points 4 weeks ago (2 children)

I don’t make financial decisions, so I can’t support FOSS from the corp coffers directly.

Have you asked?

[–] FizzyOrange@programming.dev 7 points 4 weeks ago

I have. It just goes nowhere. The number of people you need to sign off what is essentially a donation is just too high. You always hit someone who says "why do we need to do this?" and the answer is "we don't".

You need some actual benefit before most companies will actually pay money. It doesn't have to be huge though. Sometimes support is enough (as long as you don't also offer free support e.g. via GitHub issues). Phabricator did that and it seemed to work.

Open core also definitely works. My company pays for GitHub premium because we need the features - primarily merge trains.

They're very rarely going to donate out of the goodness of their hearts, and if you expect them to do that because you think they are morally obliged to then you're going to be disappointed.

[–] LeFantome@programming.dev 1 points 3 weeks ago

You need a price. If you say, we need this infrastructure or technology and it costs x dollars, that can be justified, approved, and budgeted.

In most places I have worked, “my department uses something we get for free but they really want us to contribute what we can” would go exactly nowhere. Pushing too hard may actually even lead up a directive to switch to something less problematic, maybe even something commercial (that has a definitive price).

[–] Kissaki@programming.dev 1 points 4 weeks ago* (last edited 4 weeks ago)

Assess and cache your package pulls. Make sure you're not pulling unchanging data on each build. Cache partial builds, or proxy dependency-pulled packages.

https://www.sonatype.com/blog/free-isnt-free-the-hidden-costs-of-tooling-decisions-in-open-source-infrastructure#%3A%7E%3Atext=We+Can+Do+Better