In September 2021, we announced that we were transitioning the Flex infrastructure to a public Github repository.

In November 2021, we wrote a blog post explaining how to transition (short version: upgrade to the latest symfony/flex version).

Since then, I've been monitoring the number of downloads for the old Flex package versions on Packagist and the traffic on the private infrastructure. It took a while to see fewer downloads on Packagist, but the traffic was still massive without a decrease.

To help people using Flex via another project, we have made some pull requests like for Bolt.

I have also posted some tweets to warn users like Sept 23, Nov 1, Dec 22, and March 9 for instance.

Still, the traffic did not decrease.

We have used many techniques to try forcing people to upgrade like adding a warning whenever you require a new dependency, making the server way slower by adding a 10-second sleep for each request to the server, and some more.

Still, the traffic did not decrease.

A few weeks ago, I decided to go one step further by intentionally returning empty data for any request to break the Composer workflow. And some people noticed. They upgraded.

Still, the traffic did not decrease in any significant way.

Today, I am confident that all "real projects" have been migrated. The traffic must come from bots or broken CIs. In any case, from projects for which nobody cares. That's why it's time to shut down the old infrastructure.

For projects that did not upgrade yet, that does not change anything as the workflow is already broken anyway. And the fix is known and "easy".

Published in #Community