This sounds like a fun project to be honest. Are there any risks involved by getting bad content through federation that’s out of your control?

Just a week or so ago I read an article about a guy running a tor exit node personally and being held responsible for the traffic

I guess maybe the thought with pip and npm is they’re very specialized and the others are much more general. Why bloat a package manager with repositories that many will never need when you can download a specialized one for a specific need. No reason to even have access to npm if you don’t code in js or same with pip and python.

That said a way to add those repositories to other package managers would be nice and maybe possible. I’ve never really researched it.

But it’s like anything else, get people into your ecosystem rather than someone else’s

That’s a great article thanks for linking it.

I’m curious how many other tools have been silently killed like that or destroyed that we’ll never know about.

I’m still shocked about the mastodon integration… “free” services make users the product so how does allowing anyone without an account to interact with your platform make sense monetarily if you don’t have some nefarious long game in mind.