@icedquinn it's only available to customers of Google Cloud. So, yes.
But I am going to bet that you will not find a single AGPLed project in there. Google is allergic to enforceable copyleft:
https://opensource.google/documentation/reference/using/agpl-policy
> WARNING: Code licensed under the GNU Affero General Public License (AGPL) MUST NOT be used at Google.
So, the strong-copyleft side of the code commons is not going to be colonized.
@rysiek Don't mind me, auditting XZ myself... Then I'll audit FontyFruity!
Certainly I welcome Google's auditting efforts, though I don't trust their package repo to line up with what interests me...
@rysiek Then again Google's package repo will almost certainly be better than the one Microsoft bought!
@rysiek Eh, Red Hat has been doing this for years, and it's really a pretty good business model. It provides as a paid service the part that nobody wants to do, but everybody wants to have.
Also, personally I'd like to keep big tech and money out of open source, they don't mix well.
Supply chain risk is fucking easy to solve.
Know your dependencies, yourself as much as possible and then with other people you trust to make software repositories.
That's what distros are for, which also means that if you do not trust a software repo you've picked: Leave it.
It's also why I've been avoiding entire software ecosystems where dependencies are managed by stuff like dependabot without any reviewing process going on.
Or ones where librairies can't be packaged by themselves.
@rysiek big tech, as it is now, shouldn't exist as far as I'm concerned.
@marauder oh, totally agreed.
@rysiek 🤦♂️ 
🤦♀️
if that's true they found a new way to colonize the commons