| ▲ | rst 9 hours ago |
| On the flip side, I'm not sure I ever saw a revenue plan or exit strategy for Astral other than acquihire. And most plausible bidders are unfortunate in one way or another. |
|
| ▲ | japhyr 9 hours ago | parent | next [-] |
| Astral was building a private package hosting system for enterprise customers. That was their stated approach to becoming profitable, while continuing to fund their open source work. |
| |
| ▲ | organsnyder 8 hours ago | parent | next [-] | | Private package hosting sounds like a commodity that would be hard to differentiate. | | |
| ▲ | atomicnumber3 7 hours ago | parent | next [-] | | A commodity yes, but could be wrapped in to work very nicely with the latest and greatest in python tooling. Remember, the only 2 ways to make money are by bundling and unbundling. This seems like a pretty easy bundling story. | |
| ▲ | nunez 4 hours ago | parent | prev | next [-] | | It's also a crowded and super mature space space between JFrog (Artifactory) and Sonatype (Nexus). They already support private PyPI repositories and are super locked in at pretty much every enterprise-level company out there. | |
| ▲ | IshKebab 7 hours ago | parent | prev [-] | | Yeah you'd think so but somehow JFrog (makers of Artifactory) made half a billion dollars last year. I don't really understand that. Conda also makes an implausible amount of money. | | |
| ▲ | nunez 4 hours ago | parent | next [-] | | Makes sense to me. Most of the companies that spend $$$$ with them can't use public registries for production/production-adjacent workloads due to regulations and, secondarily a desire to mitigate supply chain risk. Artifactory is a drop-in replacement for every kind of repository they'll need to work with, and it has a nice UI. They also support "pass-through" repositories that mirror the public repositories with the customization options these customers like to have. It also has image/artifact scanning, which cybersecurity teams love to use in their remediation reporting. It's also relatively easy to spin up and scale. I don't work there, but I had to use Artifactory for a demo I built, and getting it up and running took very little time, even without AI assistance. | | |
| ▲ | IshKebab an hour ago | parent [-] | | Yeah I mean I understand the demand. My previous company used Artifactory. I just don't understand why nobody has made a free option. It's so simple it seems like it would be a no brainer open source project. Like, nobody really pays for web servers - there are too many good free options. They're far more complex than Artifactory. I guess it's just that it's a product that only really appeals to private companies? |
| |
| ▲ | japhyr 7 hours ago | parent | prev [-] | | From my understanding there are a lot of companies that need their own package repositories, for a variety of reasons. I listened to a couple podcasts where Charlie Marsh outlined their plans for pyx, and why they felt their entry into that market would be profitable. My guess is that OpenAI just dangled way more money in their faces than what they were likely to get from pyx. Having a private package index gives you a central place where all employees can install from, without having to screen what each person is installing. Also, if I remember right, there are some large AI and ML focused packages that benefit from an index that's tuned to your specific hardware and workflows. | | |
| ▲ | kickopotomus 6 hours ago | parent | next [-] | | Private artifact repositories also help to mitigate supply chain risk since you can host all of your screened packages and don't have to worry about something getting removed from mvn-central, PyPI, NPM, etc. Plus the obvious need for a place to host proprietary internal libraries. | |
| ▲ | y1n0 5 hours ago | parent | prev | next [-] | | We have some kind of simple pip repo that is private where I work. What would astral bring to the table? | | |
| ▲ | quadrifoliate 4 hours ago | parent [-] | | How many people use that simple pip repo daily? If the number is not in the high hundreds, or a few thousands; maybe nothing. But once you get up there, any kind of better coordination layer is useful enough to pay money to a third party for, unless maintaining a layer over pip is your core competency. |
| |
| ▲ | tempest_ 4 hours ago | parent | prev [-] | | I mean that was a thing at one point but I feel like it is baked into github/gitlab etc now |
|
|
| |
| ▲ | pjmlp 8 hours ago | parent | prev | next [-] | | What would be the added value against JFrog or Nexus, for example? | |
| ▲ | justcool393 4 hours ago | parent | prev | next [-] | | i mean ofc but like you can self-host pypi and the "Docker Hub" model isn't like VC-expected level returns especially as ECR and GHCR and the other repos exist | |
| ▲ | r_lee 8 hours ago | parent | prev [-] | | that was never going to work, let's be honest |
|
|
| ▲ | hijodelsol 9 hours ago | parent | prev [-] |
| They could have joined projects like the Linux Foundation which try to not depend on any single donor, even though complete independence from big tech is not possible. I don't know the motivation behind Astral's approach, but this acquisition does leave a weird taste behind about how serious they were about truly open source software. Time will tell, I guess. (Edit: typo) |
| |
