Open Source Summit North America 2025

U-Boot provides a fairly new feature called Standard Boot, which replaces the scripts and masses of environment variables previously used. Standard boot can boot your device automatically and quickly.

This session dives into how embedded devices boot, how Standard Boot works under the hood, the benefits of adopting Standard Boot and how to write your own bootmeth and bootdev drivers. By way of example, some existing drivers are covered, including UEFI, extlinux, Android and ChromeOS.

It also provides a general update on U-Boot and what the future might hold.

Edge AI today relies on centralizing data from edge devices to the cloud, but this is impractical due to costs and privacy constraints. Federated Learning (FL) is a viable alternative: edge nodes collaboratively train a ML model without transferring or exposing proprietary data. Instead, only model weights are shared, allowing each entity to develop a model that outperforms what it could train independently. Despite its potential, FL is largely academic due to the complexity of integrating expertise across the technology stack. Additionally, decentralized data can be heterogeneous, requiring non-generalizable, application-specific solutions. EdgeLake-FL is a hardware-agnostic framework leveraging EdgeLake, an LF Edge project, to automate the continuous learning FL workflow. With EdgeLake as the data management layer, decentralized data appears centralized and data heterogeneity is resolved. Using EdgeLake-FL, an ML engineer publishes a training application, and Edge nodes with relevant data autonomously train, share, and aggregate models. Each node can then leverage the aggregated models for inference directly at the Edge. In this talk, I will demo EdgeLake-FL in a real use case.

Open source software powers our world, but many of the maintainers keeping it alive are overburdened and aging out. Balancing technical, community, and financial responsibilities has become overwhelming, leading to burnout and project stagnation. This “graying” of open source raises urgent questions: Who will maintain the future?

Drawing from my experience supporting hundreds of maintainers through programs like GitHub Maintainer Programs, Mozilla Open Leaders, and SustainOSS, I’ll share real-world examples of the challenges maintainers face and the systemic barriers preventing new leadership. While emerging tools help reduce workload, sustainable projects need human stewardship. We'll explore practical solutions: lowering barriers to maintainership, strengthening leadership pipelines, and ensuring projects remain healthy for generations.

Maintaining open source isn’t just about code—it’s about people. Whether you’re a contributor, project lead, or company investing in open source, you’ll leave with concrete actions to help sustain the ecosystem. Let’s build a future where maintainers are supported, projects thrive, and open source continues to grow.

It’s product release time. The code is stable. You’ve got everything EXCEPT the docs.

How do you create meaningful, prioritized content in a short time frame?

Your writer needs to collaborate with a Subject Matter Expert (SME) who understands the technical and user content. At Grafana, this synergy happens between Field Engineers (FE) and Technical Writers (TW). FEs are a three-in-one SME with the understanding of a developer, sales engineer, and technical support.

How does this collaboration benefit both writers and SMEs?
* TW has a single SME for user needs and cross-product technical expertise.
* FEs get accurate, up-to-date content that helps them and Grafana’s OSS community members get up to speed on products.
* OSS Community members get accurate, up-to-date docs.

In this session, you’ll learn how to:
* Identify the right SME
* Establish a collaborative workflow
* Prioritize work that best addresses the user’s needs

We’ll detail how this collaboration started through a shared love of RPGs, the traps we encountered and lessons learnt, and how a bi-weekly session between two colleagues became the foundation for a model now used across Grafana’s telemetry products.

In the rapidly evolving landscape of Generative AI, it is becoming clearer every day that open strategies are key drivers of innovation and widespread adoption. This session will present the Generative AI Commons, its activities, and deliverables to date, including the Model Openness Framework (MOF) and the Responsible Generative AI Framework,

LF AI & Data initiative dedicated to fostering the democratization, advancement and adoption of efficient, secure, reliable, and ethical Generative AI open source innovations through neutral governance, open and transparent collaboration and education.

Today it’s nearly impossible to build software without open source. Some projects are massively popular, and quite often used in multiple products within the same organization. But are we all collaborating on these projects in ways that are aligned across the company? Here your OSPO can help your organization work towards the same goals.
Which open source projects are built into your product portfolio? Who in your organization is contributing to these projects? How do you know your contributions are not impeding each other?
Broader involvement should occur in a coordinated and thoughtful manner across the key projects. Having a united front within open source communities will help your organization drive consistent and effective contributions.
The talk will cover:
● How can your OSPO help coordinate contributions across the organization?
● How can you identify your company’s strategic open source projects?
● How can we ensure these projects will continue to be viable and sustainable?
The audience will learn how an OSPO can enable more efficient and effective contributions to open source projects in ways that are aligned with both their business and community goals.

Documentation thrives on contributions, but many potential contributors hesitate to edit docs because of uncertainty about style, structure, and quality standards. This talk demonstrates how modern tooling can create a supportive environment that empowers non-writers to confidently contribute to documentation. We'll explore a practical toolkit combining templates for clear structure, AI-powered drafting assistance, automated style checking, format linting, content validation, and quality reviews to guide contributors through the docs process. Through these tools and a streamlined editing workflow, teams can create an environment where developers, product managers, support staff, and other non-writers feel confident contributing while maintaining documentation standards. We'll examine real examples of successful implementations and provide practical steps for adding these capabilities to your own docs.

Package managers are essential to modern software development, simplifying dependency management but often hiding transitive changes. This has led to large, shifting dependency trees with little oversight.

Despite evolving independently, most package managers follow a similar model: fetching software and metadata. However, the format, quantity, and quality of this metadata vary significantly.

With heterogeneous language stacks on the rise, OSPOs struggle to manage these differences, making compliance an ongoing challenge.

This talk explores different package managers, the compliance data they provide, and highlights good practices from each. Finally, it proposes how the OSPO community can break silos between ecosystems, encouraging convergence on non-language-specific metadata and practices. This, in turn, will streamline compliance work and strengthen the open source ecosystem as a whole.

In the original Matrix movie, Neo learned Kung Fu through an upload. Imagine if your ML could learn the same way. That's what a pickle file does for ML - "I KNOW KUNG FU" or whatever was in the file that was supposed to be "learned" by your ML model.

What if there was a plot twist where Agent Smith tampered with the Kung Fu module so that it included a fun "bonus" lesson that "taught" Neo to call Agent Smith every time he was trying to find an exit?

That's what's happening in Pickle Files, and that's the setup for ML and AI.

This talk will explain the threat, provide some examples, and discuss emerging detection capabilities. When it's over, you will know kung fu.

As part of a broader effort to document the architecture and design of the Linux Kernel, we propose a method to formally describe low level developer intent in the form of testable expectations (i.e. requirements). This will provide a fact based foundation for pass/fail test development, test validation via code coverage tools, support optional traceability to higher level design, and enable tool development for process automation.

This talk is a continuation of the proposal for Linux Kernel Requirements that formally originated at the 2024 Linux Plumbers Safe Systems with Linux Mini-conference, and further updated at the December 2024 ELISA Workshop at Goddard Space Center.

This edition will present the current state of the requirement template design, provide examples of Linux kernel source code instrumented with low level requirements, present technical explanations for template design decisions, and provide an opportunity for feedback from the developer community.

AI Agents have become a buzzword in the world of generative AI—but what exactly are agents, and how are they advancing open source AI? Agents are autonomous systems that extend the capabilities of Large Language Models (LLMs) by leveraging external tools and real-time data to perform dynamic actions for solving complex, multi-step tasks. They are at the forefront of transforming open source AI by enabling adaptability, automation and more intelligent decision-making.
In this talk, we’ll explore popular open source agent frameworks like LangChain and Haystack, which are driving rapid development and community-powered innovation in AI agents. Using real-world examples and a live demo, we’ll demonstrate how these frameworks can be leveraged to build a variety of generative AI applications, including RAG, IT operations automation and dynamic, context-aware chatbots.
Attendees will gain a clear insight into why AI agents are at the forefront of innovation and how open source collaboration is driving its evolution. Whether you’re an AI developer, OSPO leader or open source enthusiast, this session will highlight the potential of agents to power the next wave of open source AI missions.

Okay, besties, real talk. Your code's dependencies? They're giving… chaotic energy. Like, are you even SBOMing? 💅
We've all seen the drama. log4j? xz utils? Straight-up trauma. But like, where do you land on the security spectrum? Are you accidentally downloading typosquatted packages because you're living your best, most chaotic life? Or are you a security queen, catching backdoors before they even exist? ✨
This talk is basically a giant vibe check for your security habits. We're gonna do a quick, brutal quiz – think 'are you the drama?' but for your code – and find out which iconic supply chain meltdown matches your energy.
We'll spill the tea on real-world attacks, from the 'oops, that’s a backdoor’ to the 'someone’s running Doom on Minecraft servers again' level. And we’ll give some practical advice on how to have good security posture. Stretch, queen!
If your security is giving 'main character energy' (and not in a good way), you need to be here. Let's level up our security game, avoid becoming the next trending security disaster, and maybe even get some clout for actually knowing when lockfiles actually help. 😉

TL;DR: Quiz, memes, securi-tea. 🫖 Don't be a vulnerability.

When software first entered the car, it was all closed source, but at the turn of the twenty-first century the complexity of software in cars exploded. Even so, OEMs and Tier Ones continued to keep their software proprietary, so much so that most Tier Ones only reluctantly gave source code to their OEM customers. With consumers now demanding the same app based experience their car that they have on their mobile phones and tablets OEMs have turned to open source software to close the gap. How did the ultra-competitive world of car manufacturers come to together to embrace Automotive Grade Linux and grow a community where Tier One suppliers, OEMs, and hobbyists can come together and build software for your next car? Walt reviews the challenges that were overcome, where we stand today, and what needs to be done to continue to grow the open source automotive community.