Celebrating 10 Years as NetActuate! Read the Blog
Explore
Celebrating 10 Years as NetActuate! Read the Blog
By clicking "Accept all" you allow cookies that improve your experience on our site, help us analyze site performance and usage, and enable us to show relevant marketing content. You can manage cookie settings below. By clicking “Confirm selection” you agree with the current settings.
This was my first time at FOSDEM, but it won’t be my last. People describe FOSDEM as chaotic and packed (both in terms of people and the agendas). And it was. It was also inspiring, invigorating, and central. I’ve been involved in dozens of open source projects over the past 20 years, and normally I need to go to multiple conferences to interact with all these communities. But they were ALL here at FOSDEM.
FOSDEM took place Saturday and Sunday, January 31 and February 1. But the entire week preceding and even the Monday following there were a number of related events. I joined the Eclipse Foundation Code and Compliance workshop on Thursday and the OSS Licence and Compliance workshop on Friday.
Under the Open Regulatory Compliance (ORC) project, Eclipse Foundation has been doing a great job bringing all the various stakeholders together to collaborate on positive solutions to address The European Union’s goal of increasing software quality and security while honoring what makes Open Source unique. The Code and Compliance day was a platform for the many initiatives within ORC to provide updates and for participants to discuss work in progress. All the day’s session slides and recording can be found here.
My involvement with this effort, which predates my time at NetActuate, informs how I am shaping our company’s involvement with the numerous open source projects we support. Apropos, we announced increased IaaS and network service support during European Open Source Week for three internet-critical projects. And we also published our new and improved Open Source page on our site.
A few highlights included Michael Barbaro’s overview of the first draft of the Open Source Software Stewards and CRA Whitepaper. According to the document abstract: “The Cyber Resilience Act (CRA) defines a new category of legal persons: Open Source Stewards (hereafter "Stewards"). It also defines obligations for them that differ from those applicable to other actors, such as manufacturers. This whitepaper aims to elaborate on the obligations, restrictions, and penalties that will be imposed on Stewards.” If you are an open source maintainer and your project is used commercially, you should definitely read this!
TYPO3 Association Board Member Rachel Foucard gave an excellent talk titled “CRA vs Your Calendar: Making Time for Compliance in Open Source Projects”. Using her involvement in the CRA on behalf of TYPO3, Ms. Foucard’s presentation provides a general framework for open source volunteers to manage their limited time by categorizing involvement into three "time buckets": staying informed, influencing direction, and implementing changes. Ms. Foucard shared a practical decision checklist to help prioritize involvement. This topic is one that I and I bet everyone who has decided to get involved in open source has encountered, but I’ve never seen it organized and laid out so well (UX experts FTW!!). Highly recommend! Slides here and recording here.
On Friday, I joined the dynamic license and security compliance tools community for a day-long unconference. I was very grateful to get a spot, since my goal was to learn about this space, and I was not prepared to contribute very much. It was remarkable to see all the maintainers and entrepreneurs developing new license and security compliance tools. There had to be 30 or more tool creators who pitched their projects.
These tools play an essential role in manufacturer due diligence as part of the CRA. The workshop was extremely well organized and produced a number of concrete next steps to advance the maturity, capabilities, and interoperability of SBOMs and related tools.
FOSDEM kicked off with a welcome from Richard "RichiH" Hartmann, during which he set the tone for the event. The topic of European Digital Sovereignty, and the role of open source to enable it, was everywhere.
After the welcome sessions, I made a beeline for the Network DevRoom where I caught the session Modern Network Protocols — What’s Next for Firefox and the Web? It was a really well-prepared and delivered presentation. After it, I offered NetActuate Route BGP hats to attendees as they left the room - they went fast!
Next came some people networking. The FreeBSD stand was right outside the Network room so I took the opportunity to say hello to the crew and then I met up with Dario Tranchitella, the maintainer of Kamaji. We had a great time chatting, and I even previewed our new Kamaji-based Managed Kubernetes feature in our new portal. It’s exciting what Dario is working on and I’m really bullish about Kamaji.
Next up, I eventually found the BSD DevRoom for a handful of talks, including a great one from a couple of engineers on the Swift team at Apple that have ported Swift to FreeBSD. You know it’s a great developer presentation when even *I* can follow along the nuances of how they chased down a particularly nasty bug that they encountered along the way.
After closing down the BSD DevRoom, it was time for more FreeBSD hobnobbing, where I was gifted this hat from a German FreeBSD user - Danke! I made it an early evening in order to have plenty of energy for Sunday, including my panel session.
Sunday found me all day in the Open Source & EU Policy DevRoom. As I mentioned earlier, from FOSDEM's opening main stage sessions, it was clear that the European open source community takes the risk of over reliance on US (big) tech seriously.
If that's the meta "WHY?" of FOSDEM 2026, then the Open Source & EU Policy DevRoom was one of the places where speakers and attendees dove into the hairy, complicated question of "HOW?".
Sessions from leading maintainers, practitioners, and policy makers explored legal instruments like the Digital Commons EDIC, to technology stacks, to open source "procurement" approaches, to governance and autonomy reaching from Multi-State down to Municipal levels. I particularly enjoyed the panel session regarding the new EU Digital Commons EDIC, charged with channeling investment into building blocks for a sovereign public infrastructure.
Relative to the governance structure, an attendee asked a great question about how community members/projects can participate in decision-making. In my experience, this is a critical balance to get right, and I’m sure the people working on this effort will do so.
I also really loved André Rebentisch’s presentation of the EuroShack (a play on words to connote an MVP for the EuroStack). I appreciated Andre’s practical and iterative recommendations that leverage existing work to go to market fast.
Towards the end of the day, it was time for Æva Black to present an update on the Working Group they’re leading on Voluntary Security Attestations, and how they can play a role in open source sustainability. After the update, Æva welcomed Michael Schuster, me, and Tommaso Bernabo to join her for a panel discussion. I was very impressed with the expert understanding of open source and clear commitment to preserving what makes it special that both Tommaso and Michael demonstrated.
I have worked with a wide variety of open source projects, ranging from corporate-backed to independent. At NetActuate, I work with NTP Pool, CPAN, and FreeBSD, and I've previously worked with Node.js, Hyperledger, FreeBSD Foundation, and jQuery.
I am involved in Æva's Voluntary Security Attestations working group because I believe that open source and the communities that create and maintain it are one of the most beautiful and important expressions of human ingenuity in our lifetimes.
Open Source is us at our best.
These are spaces where meritocracy, fairness, collaboration, mentorship, transparency, and trust are not buzzwords but table stakes. If your community doesn't have these things, you don't have a sustainable community.
Today, open source sustainability is under pressure. So we need to develop sustainability mechanisms that are fair and respect maintainer agency. I believe that Voluntary Security Attestations that maintainers can offer to Manufacturers for a nominal fee is one such mechanism.
No trip to Europe is complete without a bit of sightseeing on the side. I flew into and out of Paris, and this gave me the chance to try out the EuroStar train, and to see a tiny bit of Paris. Going into FOSDEM, I knew the topic of digital sovereignty would be front and center, so I decided to do my part. I downloaded the Dutch navigation app HereWEGO, and used it almost exclusively to navigate from Paris to Brussels, and all around town during FOSDEM. It worked extremely well. It helped that the Brussels public transportation system is so good. I was able to get around almost entirely on the metro and tram.
Hope to see you at FOSDEM 2027!
Reach out to learn how our global platform can power your next deployment. Fast, secure, and built for scale.
.svg)
