Is Maven Central *Too* Central?
This week, Sonatype announced that, in the not-too-distant future, developers who publish a lot of files through Maven Central, or publish frequently, will need to start paying for that privilege. The thresholds for “a lot of files” trip up nearly 100% of Kotlin Multiplatform projects, and the threshold for “frequently” will trip up many active developers with 3+ libraries.
This epic Kotlinlang Slack thread suggests that Sonatype does not intend to drag open source developers into a paid tier. They are looking to revise their policies a bit to help Kotlin Multiplatform developers, and JetBrains is looking into ways to trim the bloat of published KMP libraries.
My take on this: it feels like we are considering the issue purely through Sonatype’s framing of that issue.
Presumably Maven Central is reasonably expensive for Sonatype to operate, and so doing something to increase their revenue makes sense from Sonatype’s perspective. Tactically, I have no qualms with that. Strategically, my question is: why is Maven Central special?
In the world of Android, we have been down this road before. In the very early days, I advocated for us having a wide range of Android app distribution channels. I got push-back from some experts, who argued that there must be One True Distribution Channel, in the form of the Android Market, now known as the Play Store. As a result of handing a monopolist a monopoly, we get wonderful things like monopolistic behavior and more monopolistic behavior, to cite just two examples out of many.
In a healthy ecosystem, Maven Central would be one player among many. At present, though, Maven Central dominates the artifact distribution space. For a long time, I maintained my own Maven repo for my own libraries, but that approach is uncommon. Once you get past Maven Central, Google’s own Maven repo, and jitpack.io, we are deep into the “long tail” of public artifact repositories.
As it stands, we are banking on Sonatype’s good graces. If Sonatype collapses, or gets bought by private equity, or maybe even just changes CEO, Maven Central is toast. We will be left trying to pick up the pieces of our development ecosystem.
While I am all for trying to improve Sonatype’s situation and for making KMP libraries more svelte, I hope that some attention gets paid to trying to make artifact distribution more federated, so that Maven Central’s theoretical demise might have less impact.
IOW, and IMHO, we centralized too much.
