Do users need private registries or are feeds of existing integrations enough

Problem Statement

For each package manager integration we have added (npm, Maven, Conan), we have gone the route of supporting a private registry hosted on GitLab. These integrations take time and assume that customers need privately hosted registries.

Based on a conversation in the NuGet issue, we suspect that many users' needs can be met with a feed that displays packages hosted outside of GitLab, but that can easily be viewed and pulled into a project.

We need to validate if that's true and if it is true, if it is indeed a faster path to development.

Reach

• This will impact all current users of the Package Registry as well as all of the users and customers that have requested support for additional package managers.
• This impacts the Package group, by potentially creating a fast track to an MVC for each format.
• This impacts the Gitlab community by creating a path to easily add new package manager formats.
• This impacts Core users, as this could be a way to introduce Package Registry features to free users and allow us to better evaluate and market the premium feature of a private hosted registry.

3.0 = Significant reach (~25% to ~50%).

Impact

• The impact would be massive for GitLab. At our current pace of 2-3 milestones per integration, it will take us a long time to add enough integrations to convince customers to consolidate all of their package management workflows on GitLab.

2.0 = High impact 1.0 = Medium impact

Confidence

We need to validate that this is a problem and is a feasible solution.

50% = Low confidence

Effort

• The immediate effort will be to validate the problem and that a 'feed' is feasible from an engineering perspective. We are evaluating the latter as part of the NuGet implementation.