Just caught up on this great talk at 
@fosdem #FOSDEM2026 from the people at 
@dangerzone about how to create reproducible containers images (with docker or podman) Definitely a few gotchas in there and stuff I wasn't aware with, but I have been wondering about this topic recently:
https://fosdem.org/2026/schedule/event/RYM8SF-repro-build/
Another great #FOSDEM talk from Michael Winser at 
@openssf / #AlphaOmega about the terrible economics of package registries like #NPM #maven #PyPi #RubyGems #crates
https://fosdem.org/2026/schedule/event/8WJKEH-package-registry-economics/
Some charts from different registries are at https://go.xwind.io/registry-research-report
The slide below is a take on some of the common "solutions" that people come up with for funding registries (also applicable to non-registry products with large numbers of downloads) and what might happen if you choose them
If you have a fediverse account, you can quote this note from your own instance. Search https://fosstodon.org/users/sxa/statuses/116051952529004523 on your instance and quote it. (Note that quoting is not supported in Mastodon.)