Open source powers the modern software ecosystem, but its foundation is fragile. Package registries and their surrounding infrastructure are the backbone of the open source ecosystem, including Maven Central, PyPI, crates.io, Packagist, and Open VSX. Since our founding in 2022, Alpha-Omega has invested in strengthening registries by funding security staffing, development work, and security audits.
Alpha-Omega is proud to endorse the Joint Statement on Sustainable Stewardship. The Joint Statement highlights a simple truth: resilience requires sustainability. We recognize and support the need for these ecosystems to be secure AND financially self-sustaining. To paraphrase the Statement: the ecosystem cannot stand on foundations built of goodwill and unpaid weekends. We also recognize that there are multiple paths to achieving this goal, and we are committed to helping ecosystems build the capabilities, experiment with approaches, and find what works.
A Call To Action
- Read the Joint Statement on Sustainable Stewardship.
- Support the infrastructure you rely on. If you’re a large publisher or consumer of open source, you should be actively sponsoring the open source package registries or the foundations that operate them.
If you’re interested in discussing funding with the Alpha-Omega team, please connect with us at info@alpha-omega.dev.
