FOSS Backstage

Why do promising open source projects struggle to attract and keep contributors? After training 2,000+ developers across Africa and Europe and leading community engagement for 10,000+ API users at Paga, I’ve seen the answer firsthand: contributors vanish when documentation is dense, demos are missing, or mentorship is nonexistent.This talk transforms those gaps into growth engines. I’ll break down three pillars to turn your project into a self-sustaining contributor magnet:A. Docs as Onboarding Enginesi - Transform static guides into interactive pathways that welcome newcomers and accelerate their first PR.B. Demos as Trust Buildersi - Use lightweight, reproducible examples (e.g., GitHub Codespaces) to prove your project’s value in seconds—not hours.C. Mentors as Multipliersi - Design scalable mentorship models that pair newcomers with experienced contributors without burning out maintainers.You’ll walk away with:1 - A playbook to make docs actionable, demos irresistible, and mentorship sustainable.2 - Metrics that matter: time-to-first-PR, repeat contribution rates, and retention benchmarks.3 -Anti-burnout strategies to operationalize growth while protecting maintainer energy.Drawing from global projects (like Kubernetes) and local communities I’ve supported), this session answers the questions every maintainer asks:"Why aren’t more people contributing?""How do we scale without adding more maintainers?"If you’re tired of answering the same beginner questions or watching contributors slip away—this is your roadmap to resilient growth.

The more insight we gain into our software supply chains, the more we face the challenge of acting on it. OSPOs must turn vast data into focused, meaningful decisions. This talk shares a risk-based framework we apply at Deutsche Bahn, designed to be broadly adoptable. It helps prioritize what truly matters: balancing compliance, governance, and sustainability.We’ll discuss how we:* manage regulatory obligations like CRA and NIS2 without overburdening teams* set internal rules and automation that keep compliance practical* identify real risks instead of chasing theoretical ones* facilitate open source culture across the organization to understand and participate in communities* include ecosystem health in our decisionsAs a small virtual OSPO in a large non-IT company, we focus on pragmatic, incremental steps rather than perfect coverage. The session offers hands-on insights for anyone trying to make sense of large-scale SBOM data and turn transparency into responsible action.

Open source licenses like GPL or MIT matter, but aren't the whole story. An open project is often rather defined by its ecosystem: transparency, contribution access, buildability, and governance. In this talk, we’ll explore how projects often lean on their license as a proxy for openness, even while locking in features, obscuring build processes, or limiting community agency. I'd like to introduce the “Is It Really FOSS?” initiative, and have a look at how legal license choices intersect with reality. Let's look at lock-in tactics beyond licensing and how to build and steward genuinely open projects that can still be sustainable.Why it’s relevant: • Legal professionals and OSPOs will gain insight into how licensing interacts with project structure and governance. • Entrepreneurs and contributors will learn how to evaluate and encourage true openness—not just in words, but in processes. • It helps you look beyond pure licensing to ecosystem trust and sustainability.

The Open Collective Platform has been a big advocate for open-source since it's inception in 2015. Not only have we helped the open source ecosystem but it has supported our growth in return. The largest Fiscal Host on our platform is Open Source Collective. The true open-source back office star. Ensuring the legal and accounting compliance of over 3000 open-source projects. Our platform enables these projects to transparently showcase their financials. Highlighting the critical gaps in funding and encouraging collaborative ownership. https://discover.opencollective.com/opensourceOpen Source Collective has been a key instigator in freeing the platform from it's venture capital history and pursing true community ownership. We would love to celebrate this and dive into how this was negotiated. It's one thing to take the step and become community owned, it's an entirely different reality to shape the shared governance and put our words into action. While we are still grappling to find our footing and achieve financial sustainability. We would love to share the governance processes we have implemented and the key challenges we have faced. What was sacrificed and lost in the process and what challenges do we still need to navigate.

When I joined the Prometheus project through the [Linux Foundation Mentorship](https://mentorship.lfx.linuxfoundation.org/project/36e3f336-ce78-4074-b833-012015eb59be) program, UX research wasn’t something the community had ever done before. Prometheus is a mature, developer-focused open source project, so introducing UX research meant stepping into new territory—for both me and the community.This talk shares what that experience looked like: the messy but rewarding process of doing UX in the open, learning to align design with a developer culture, and building trust in a space where design wasn’t yet a familiar practice. It also looks at what happened after the research: the impact on the project, the momentum it created for future design work, and how Prometheus continues to nurture design contributions today.Key takeaways:- Candid lessons from integrating design into technical open source communities- What helps design efforts become part of the community, not just a one-time experiment- Practical insights for projects considering design contributions and for designers exploring open source.

Open source software transformed computing through collaborative infrastructure. Why hasn't open hardware followed? Despite decades of advocacy and similar technical collaboration potential, we still face expensive tool licenses, foundry barriers, and fragmented volunteer projects. This isn't an accident, it's the result of the biggest industrial policy failure of the last century. **Three Critical Divergences**Capital intensity: Software tools scale to reasonable costs, once built, they can distributed generally at low-cost. Hardware requires unavoidable physical capital: €100K-€1M annual EDA licenses, €500K-€2M foundry access minimums, substantial prototyping costs. This creates fundamentally different economic dynamics that can't be overcome through better licensing or community organizing.Institutional vacuum: Open software largely succeeded because new organizational forms emerged to employ maintainers, coordinate development, and provide infrastructure at scale. Open hardware has no equivalent institutional layer. Universities produce research, not production tools. Companies optimize for proprietary capture. Traditional foundations lack capacity to employ hundreds of engineers or deploy patient capital. Governments fund research grants, not operational infrastructure. The missing piece is the organizational capacity to build and maintain technology commons.Revenue generation: Software can monetize through services, support, and usage, value extracted without controlling physical production. Hardware value concentrates in intellectual property, manufacturing and supply chains, making service-based sustainability far harder. This determines which organizations can viably build hardware commons long-term.**Why the FOSS Community Should Care:**Hardware is becoming the constraint on software freedom. European tech companies pay billions annually in proprietary tool licensing. Supply chain concentration creates strategic vulnerabilities, and geopolitical tensions could cut access to critical design tools or fabrication. Digital sovereignty requires open hardware foundations, not just open software. Without addressing this, FOSS gains remain dependent on proprietary infrastructure.What You'll Learn:Why replication fails: Software's organizational models don't transfer to hardware due to structural economic barriers. You can't create "Apache Foundation but for chip design" because the capital requirements, employment scale, and revenue dynamics are categorically different.The missing institution: What would an "Open Hardware Infrastructure Works", a public institution maintaining open hardware infrastrucutre, might look like? What would an institution like that be able to do to level the playing field and open up hardware development? How would an institution like that be financed? What can we learn from precedents: adapting models from highway authorities, utility companies, and transnational consortia for big infrastructure projects?This isn't about better funding models or governance reforms. It's recognizing that hardware commons require institutional forms that don't yet exist. Just as societies created new organizational types for railroads, electrification, and telecommunications, we need purpose-built institutions for 21st-century technology infrastructure. The question isn't whether open hardware is desirable, that is clear, it's whether we can design and build organizations capable of developing it at competitive scale.This talk is relevant for anyone working on digital sovereignty, FOSS sustainability, supply chain resilience, institutional design, or infrastructure commons, and anyone frustrated that hardware seems perpetually behind software in open development despite equivalent technical collaboration potential.

Every open community runs on more than code, it runs on story. In this talk, I’ll explore how storytelling can be used as narrative infrastructure to build stronger, more inclusive open-source communities. Drawing from my experience leading WriteTech Hub and contributing to open documentation initiatives, I’ll show how narrative can align diverse contributors, spark engagement, and sustain collaboration over time.We’ll unpack practical ways storytelling can humanize onboarding, strengthen contributor identity, and create trust in open ecosystems. Attendees will leave with simple frameworks to use story as a tool for communication, governance, and culture-building.At a time when contributor burnout and disengagement are rising, this talk offers a fresh, human-centered approach, helping communities reconnect with why they build, not just what they build

Accessibility is as complex as human nature. Making a user experience that is genuinely accessible requires going beyond the letter of the law to address less obvious issues. For instance, it’s trivial to check if two colours have enough contrast; ensuring the language used in an app is easy to understand for everyone, not so much.How can we create incredible accessible products? External agencies may help with audits, but accessibility should be an ongoing effort, not just a one-off project to address existing issues. New features should be accessible from the get-go, ideally validated with real-world users: easier said than done.In this talk, we will share how creating a community of interest and tapping into our team’s diversity helped us come up with a more robust experience. We will also discuss the role of collaboration across disciplines including design, engineering, content and documentation, and how to facilitate community contributions to these efforts. Coming up with a better accessibility practice is not always a straight path, but is definitely a one worth taking.

Africa has a talented pool of tech enthusiasts. In recent years, there has been a meteoric rise in the number of young people in Africa actively learning tech skills and aspiring to be part of the future. Despite Africa’s growing developer population, African contributors remain underrepresented in open source. In this talk, I’ll share my journey into open source as an Outreachy intern working on the Git project and highlight the problems that many African developers face, from limited access to resources to a lack of awareness and socio-economic hurdles. I’ll explore practical ways we as a community can bridge these gaps through mentorship, outreach, and inclusive programs.

The Hare programming language started in December 2019 with a small, secret prototype and gradually built out a community of curious adventure-seekers who stumbled into its open, but well-hidden, borders. Once unveiled to the public, this community's governance, policy-making, and day-to-day conduct of its affairs grew and evolved with careful deliberation into its present-day form, with 11 co-maintainers of various disciplines and over 100 contributors.This talk will take the audience through each stage of this journey and highlight each of the changes made to its governance over time, explaining how each decision was weighed against our values and practices and helped us grow into a thriving community.

Perfect security works like a transparent umbrella — it shields you from the storm, often without you realizing there’s one. That invisibility, however, is why open source security is too often seen as a cost rather than a strategic investment.Most organizations only start paying attention to security after a crisis — think Log4j — when it’s already too late. In the open source world, many projects depend on volunteers to respond to security incidents. Their contributions are invaluable, but what happens when projects have dedicated, full-time security engineers instead?In this session, we’ll explore that question through the stories of Mike, Seth, and Samuel, who once volunteered their time supporting security in the Python and Ruby ecosystems. With funding from AWS and Alpha-Omega, they later became full-time security engineers employed by the Python Software Foundation and Ruby Central.By comparing their impact as volunteers versus full-time professionals, we’ll quantify the value of dedicated security investment and measure its return on investment.Open source is everywhere — securing it benefits everyone. Through this talk, we’ll challenge you to rethink security not as an afterthought or a cost center, but as a core strategy worth proactive investment.

Open source runs on community, and communities run on stories. A good story gives people a reason to join, stay, and care. In this session, we’ll explore how storytelling can strengthen open-source communities and help build trust and excitement. We’ll look at practical examples of how to tell a story with visual design and what role motion, iconography, tone and voice, or color play. I’ll also share practical tools to help teams maintain their story over time that help align contributors around a common message. By the end, you’ll leave with an actionable framework that connects people and builds trust, and keeps the open-source flame burning bright.

The typical software supply chain has many participants: open source communities, maintainers, companies, and others. There is a rising number of regulations, policies, and processes around that, for example, the Cyber Resilience Act or other security requirements. Expectations of companies sometimes do not match what the community can or wants to offer, and vice versa. The misalignment creates stress on both sides. How can this stress be resolved, so that all participants can benefit from one another and reap the advantages of open source, which has become ubiquitous wherever software is?In the panel, we bring together representatives of different perspectives to discuss these questions. It will cover open source maintainers, companies using open source for internal services and for basing products on, and people working on processes.List of participants:* Moderator: Melanie Wollnik (OpenRail Association and DB Systel)* Sven Erik Jeroschewski (Bosch Digital)* Cornelius Schumacher (DB Systel)* Dr. Lina Böcker (Osborne Clarke)* TBATogether we’ll ask:* What drives users vs maintainers in the open source supply chain?* Where do expectations clash?* How can process, governance and community shape better alignment?* How can organizations and projects adapt to serve each other, not just co-exist?

Open source is the foundation of modern software, yet many projects struggle with sustainability, not just in attracting contributors, but in ensuring they stay, grow, and thrive. The landscape of open source contribution has evolved dramatically, demanding a fresh approach to educating potential contributors as part of broader community building and contributor engagement strategies.Every educational program depends on participant support for projects and mentors towards the programs’ outcomes, and we need industry participation to make these programs successful. The only way for these programs to scale to the growing and various needs of program organizers is for more people to understand how these programs work and how to engage with these programs to support their own diverse needs to grow the broad open source contributor pool. By getting a wide variety of industry support from companies and the maintainers who are employed by these companies, we can create educational programs where students learn the skills that they need to participate in open source projects and become our next generation of contributors.In this panel, we’ll talk about education programs for our youth and university students. We’ll discuss the landscape of open source contributors in the different regions along with the motivations for participation in open source and how those differ across regions. Because we want contributors who will continue contributing, we’ll also talk about some challenges that prevent sustainable contributions over the long term.Our panelists have experience teaching open source to university students, creating and sustaining open source education and contribution programs, and building new open source communities in Africa. In this panel, we’ll talk about what we’ve learned, what’s worked, and provide tips for you to grow the next generation of contributors from within your local communities. This talk presents attendees with a breadth of perspectives on educational programs, how they work, and how we can all work together to make them successful.

For open source to reach new audiences and grow sustainably, it must welcome and recognize more than code. Skills like event organizing, technical writing, design, and accessibility advocacy are vital to promoting adoption and building inclusive communities. Yet many projects still lack structures that value these contributions.This 60-minute workshop reframes diversity and inclusion in open source by demonstrating how non-code contributions are powerful tools for outreach and growth. Participants will reflect on their own skills, map them to real project needs, and collaboratively create a No-Code Contribution Map, a framework that connects diverse abilities to concrete ways of promoting and sustaining open source.We will also explore practices that support inclusivity: onboarding pathways for non-technical contributors and recognition systems that ensure everyone feels they belong.Learning Outcomes:Understand how non-code contributions promote adoption and inclusion.Build a practical No-Code Contribution Map for open source projects.Gain strategies for designing contributor journeys that welcome everyone.Learn inclusive practices that strengthen open source outreach and growth.

The goal of this talk is to spark reflection and conversation about the tools we use to build open source projects, not just the code we write. It is meant to encourage both new and experienced maintainers to think critically about how proprietary tools may, unintentionally, be limiting their communities and values. We'll explore how can we strengthen our open source ecosystem by reducing our dependency on tech giants and supporting community-owned infrastructure. The audience will leave with a better understanding of the trade-offs involved, where to take action, and the motivation to make small changes that lead to more open, inclusive, and resilient projects. Whether you're starting a new project or maintaining a mature one, this talk will challenge you to think critically about the tools you use and advocate for open, community-controlled alternatives that align with the spirit of FOSS.

In an increasingly digitalized Europe, legislation such as the Digital Markets Act, AI Act, and Cyber Resilience Act, depend on technology-neutral, interoperable frameworks to achieve their goals. Free and open standards, together with transparent and inclusive standardization processes, are emerging as essential tools for effective and accountable regulation.Drawing on the Linux Foundation’s report, The State of Open Standards, Standardization and Patents in Organizations, this session explores how open standards are becoming a pillar of digital policy implementation. The research shows that nearly 80% of organizations view standardization as vital for compliance and strongly favor openly developed standards over proprietary or closed models.We will examine three interconnected policy dimensions:Why open standards matter for Europe and how they reduce dependency, enhance interoperability, improve quality, and advance strategic autonomy while supporting legislative aims such as transparency, data portability, and resilience.What attributes drive trust and adoption: how openly published, consensus-based, and extensible standards strengthen compliance, innovation, and public confidence.How policy can embed openness and the practical approaches for European institutions, standardization bodies, and industry to align around “free and open” standards as enabling infrastructure. This includes integrating open standards into procurement frameworks, certification schemes, and public-private partnerships.The discussion will also consider the evolving role of standard-essential patents (SEPs) and the balance between openness, innovation, and fair intellectual property practice.Attendees will leave with actionable insights on how to integrate open-standards thinking into policy design, regulatory compliance, and procurement strategy, turning evolving EU mandates into an opportunity for digital resilience and sustainable competitiveness.

Open source often thrives on engineering-driven processes, where feedback loops, tools, and contributions are tailored to developers. But where does design fit in? This panel brings designers and engineers together to discuss how UX practices can be embedded in engineering workflows, from using GitHub as a design collaboration tool to framing design contributions in ways developers can get value from. Our panelists will share success stories and lessons from bridging design and engineering in open source. Their experiences as designers and engineers will bring different perspectives to uncover strategies and patterns for making design more visible and impactful in developer-focused environments. They will highlight what worked, what didn’t, and how their approaches evolved across projects and communities. Attendees will take away ideas for embedding design into engineering-focused environments, and inspiration from projects where cross-disciplinary collaboration has led to better user experiences and stronger collaboration.Interested in embedding design thinking into the engineering world? Join us!

The benefits of building software on top of open source solutions are well understood, such as avoiding reinventing the wheel, leveraging global expertise, and enabling interoperability. Another benefit is the ability to customise open source software for your use case, but in practice this will often be done by making a fork of the project, which can result in a significant maintenance overhead.This talk is a case study of the BBC's fork of dash.js, a JavaScript library for media playback that is a key dependency for BBC web and connected TV apps. We will explore the reasons why a fork is being maintained, what the costs and benefits have been, and what is being done to reduce the maintenance overhead going forwards, including contributing to the mainline and engaging with the community. Attendees will come away with a better understanding of why and why not to fork, and how to reduce the burden of maintaining a fork.

"It's free as in speech, not free as in beer." How many times have you heard people define free software this way? But free speech, as important as it is, is only one kind of liberty. When we think of freedom only in terms of freedom from restraint—the restraint of government censors, or the restraints of proprietary licenses—we miss out on whole other categories of freedom."Positive liberties" are those we enjoy through the support of others. They are "freedom to", not "freedom from". Positive liberties tend to be harder to define and harder to realize than negative freedoms. For example, if a piece of FOSS is difficult to modify, the user may have "freedom from" prosecution for modifying the software, but no real "freedom to" modify it. And not because the maintainers don't want to give them that freedom! But "freedom to" is often complicated, messy and contextual.This talk charts a way forward through the complications and the mess: friendship. The words "freedom" and "friend" come from the same root, the Proto-Indo-European "prī-", meaning "to love". It is love and friendship that allows us to navigate the complex ways that we depend on each other, without turning dependency into coercion—in other words, without turning our efforts to achieve positive liberties into violations of negative liberty.This talk focuses on a particular conceptualization of friendship from relational psychology, called "intersubjectivity". We will discuss what intersubjectivity is, how it helps protect us from coercion and enables us to flourish, and how we can practice intersubjectivity within FOSS projects and within all our communities.

OpenStreetMap creates, collects and delivers Open Data about our world. But it is more: It is a worldwide community and a human cultural endeavour. The OSM community, that is millions of volunteers, but also companies large and small, and organisations from the UN down to the local hiking club. How do we organize all of this with an extremely slim (and maybe too slim?) governance structure that is still mostly based on volunteer work? Where does this work and where are the problems? What makes it similar to other digital commons projects and what makes it different? What can we learn from other communities like ours?

From the perspective of a global humanitarian organization, this session examines the constraints and trade offs of building open source products for government customers. It covers restricted user access, slow procurement and feedback cycles, legal and compliance limits, political turnover, language barriers and uneven infrastructure. The talk presents governance patterns, procurement-ready artifacts, and design rules that keep projects usable, useful, and maintainable in government contexts.

Openwashing has become a growing challenge for users, developers, and public administrations, and for the entire Free Software ecosystem. Using various methods, some companies advertise their products as “free” or “open”, while in reality distributing proprietary software. The supposed creativity of these openwashers is remarkable: whether by using free/open wording, by introducing new licences that falsely appear to be free, or by imposing additional barriers that make it more difficult to use the freedoms offered by Free Software.This misleading behaviour undermines efforts to achieve digital sovereignty through Free Software. It weakens strategic procurement aimed at ensuring that public money funds Free Software, as promoted by the Free Software Foundation Europe’s "Public Money? Public Code!" initiative. It also distorts competition, misleads customers, and erodes trust in the Free Software ecosystem.The FSFE has been analysing openwashing and other questionable market practices over the past years. In this talk, we will look at concrete examples and examine how they harm Free Software manufacturers and maintainers. Finally, we will discuss what administrations, regulators, and the Free Software community can do to curb openwashing.

If your product or service relies on an open source project, ensuring the sustainability of that project is just good business sense. Forking that source project should be a last resort, to be considered only after all other options have been exhausted. But writing a detailed plan to fork has two benefits. First, it ensures that should the worst happen, you’ve already considered how you’ll deal with it. But perhaps more importantly, thinking proactively about forking will help you take actions that will ensure that it never gets to that.

Most open source software is not maintained by a large community but by a single person in limited time. Hobbyist maintainer projects have previously been discussed from the perspective of security risks and reliance of complex ecosystems on single actors (cue XKCD 2347 "Dependency"), but this talk will focus the tools and work methods at the hand for these developers in regards to community building, usability and documentation. A lot of practices that might be helpful to improve software imply the availiability of resources, most importantly team with diverse, complementary skills. But most maintainers do not have access to these resources. I suggest that we need an awareness and appreciation of small project and a critical review of tools and work methods for their fit for the situation of small projects. I will use examples from usability to show the problems of many commonly recommended methods as well as alternatives that are better suited.

In 2015, the Open Source Hardware Association (OSHWA) kicked off the process of creating an open source hardware certification.[1] In the decade since, OSHWA has certified thousands of pieces of hardware from over 60 countries on 6 continents [2] as compliant with the community definition of open source hardware.[3]This presentation will discuss why the certification program was created in the first place, how it is being used today, and what lessons other communities might be able to learn from its success. [1] https://certification.oshwa.org/ [2] https://certification.oshwa.org/list.html [3] https://www.oshwa.org/definition/