Main Track
How to keep Open Source open without leaving our communities open to threats
<p>The state of the internet, c 1990:</p>
<ul>
<li>Limited, opt-in connectivity: people had to both have access to a computer and that computer had to have access to the internet.</li>
<li>Tooling required some in-industry knowledge to be able to run and use, not only for development but also for communication. </li>
<li>Open source was a young movement. The "common source" was proprietary.</li>
</ul>
<p>The state of the internet, c 2025:</p>
<ul>
<li>Always online, might-not-even-be-to-opt-out connectivity: devices are almost always collecting and transmitting data, including audio/visual, in some cases even if "turned off".</li>
<li>Easy to use tooling has made it easier for everyone to come together. The pervasiveness of technology also means that most people, of any background, can easily access other people in the thousands or even millions.</li>
<li>Open source is common, accessible, and matured. A $9 <strong><em>trillion</em></strong> resource. Yes, <strong><em>trillion</em></strong>.</li>
</ul>
<p>These three significant changes drastically change the threat model for OSS communities. In the beginning, someone had to have both knowledge and resources to harm or otherwise compromise a community of developers. Now, anyone with a grudge can make a bot army with seamless integrations and gracious freemium tiers for AI/LLMs. Likewise, when open source was small, the "who" who would be motivated to harm and otherwise disrupt those communities was limited. Now there is both massive social and economic benefit to harm and disrupt. This means that risks and threats now still include the motivated and resourced <strong><em>with the addition of</em></strong> those who are scarce in both.</p>
<p>We need to come together to build new organizational threat models that account for how this consequence has posed new risks to our communities. With care and attention to detail, we can introduce responsible friction that will protect our communication infrastructure, the lifeblood of what allows open source to grow.</p>
<p>There will also be a workshop with this presentation, with the outcome of creating an ongoing working group dedicated to helping OSS Foundations of all sizes protect their communities.</p>
Additional information
| Live Stream | https://live.fosdem.org/watch/janson |
|---|---|
| Type | maintrack |
| Language | English |
More sessions
| 1/31/26 |
<p>FOSDEM welcome and opening talk.</p>
|
| 1/31/26 |
<p>We need to talk about war. And we need to talk about companies building bots that propose to rewrite our source code. And about the people behind both, and how we preserve what is great about FOSS while avoiding disruption. How do geopolitical conflicts on the one hand and the risk of bot-generated (adversarial) code on the other influence the global community working together on Free and Open Source software?</p> <hr /> <p>The immense corpus of free and open source software created by a ...
|
| 1/31/26 |
<p>In 2025, the Git project has turned 20 years old, and in these 20 years it has taken over the world of version control systems by storm: nowadays, almost every developer uses Git. But that doesn't mean that Git is perfect and "done", or even close to it. It still has many warts: user experience, arbitrary limitations, performance issues and no good support for large binary files are just some of the issues that users commonly complain about.</p> <p>In this talk you'll learn what is happening ...
|
| 1/31/26 |
<p><a href="https://www.mercurial-scm.org/">Mercurial</a> is a Distributed Version Control System created in 2005.</p> <p>The project has been constantly active since then, fostering <a href="https://heptapod.net/">modern tooling</a>, introducing <a href="https://octobus.net/blog/2020-11-26-modern-mercurial">new</a> <a href="https://archive.fosdem.org/2025/schedule/event/fosdem-2025-5989-a-glimpse-into-a-smoother-version-control-experience/">ideas</a>, spawning multiple <a ...
|
| 1/31/26 |
<p>Git is a tool most programmers rely on, whether for work or personal projects. It’s far more than just a method for syncing local and remote changes. Git embodies a way of thinking that serves as the foundation for development workflows and steers project evolution.</p> <p>At its core, Git has essential concepts such as commits, change history, branching, rebasing, and merging. While Git offers many features, these are its heart. Misusing them can lead to significant opportunity costs, ...
|
| 1/31/26 |
<p>Does your project get pull requests that you dread reviewing? Have you ever submitted a pull request that got ignored by project maintainers?</p> <p>Putting together a pull request that presents proposed changes in a clear, well-organized way is nearly impossible for newer contributors to do on their own. Maintainers must take the lead in providing specific guidelines for pull requests for their project.</p> <p>This talk will give maintainers a toolkit for teaching contributors how to produce ...
|
| 1/31/26 |
<p>In this talk, we'll explore the hot debated terminology and meaning around "sovereign AI". We'll look at what the major AI vendors say, what open source communities are producing and how EU stakeholders, politicians and activists are navigating the debate. At the end, we'll address significant open questions and calls for action as to how to better create and support open-source, private and secure AI systems.</p>
|
