Carol Smith

The community seems to be rife with conversations about our sustainability problems. Do we actually have one? We’ll lead a discussion and debate around how we as a community can think about these issues, while drawing out the nuanced aspects of each as well as their potential solutions.

When something like left-pad or event-stream happens, how much responsibility should be taken on by companies who deployed a dependency that was critical enough to their operations that removing it created immediate crisis, but not well supported or understood enough that there was any kind of mitigation strategy or backup plan?

And yet, when you look at OpenSSL, curl, and other pieces of open source infrastructure that live in our dependency chains, there are many examples of projects that are important enough to be critical, but are under-resourced to the point that maintainers are having to make quality-of-life tradeoffs to stay on top of the project. We are responsible for ensuring that our shared dependencies are sustainably developed. But who is holding us accountable?

If a maintainer is driving themselves to burnout because they are supporting too many of their open source projects, don’t they bear some responsibility for that choice?

But how are we supposed to untangle which of the thousands of dependencies that we use are in most need of support - and what kind of support they prefer?

Is there a sustainability problem in FOSS after all?

This presentation will be co-presented with Duane O'Brien, Head of Open Source at Indeed.com, the world’s #1 jobs site.

Other people: Duane O'Brien

Projects today often have thousands of FOSS dependencies. Since risk flows downstream in the supply chain; projects inherit and pass on the risks of all their dependencies. In response, licensing bill of materials tools often seek to push well-formed licensing inventory data upstream in an effort to ease downstream compliance challenges. At the same time, there has been a stark increase in license violations, especially, though not exclusively, on copyleft licenses. Is this approach to improving compliance working?

Affirmative position: Compliance at scale through tool-driven assembly of bills of materials is essential for FOSS

1. First Affirmative Constructive (1AC) = 7 minutes a. Cross-examination of First Affirmative by Second Negative = 3 minutes
2. First Negative Constructive (1NC) = 7 minutes a. Cross-examination of First Negative by First Affirmative = 3 minutes
3. Second Affirmative Constructive (2AC) = 7 minutes a. Cross-examination of Second Affirmative by First Negative = 3 minutes
4. Second Negative Constructive (2NC) = 7 minutes a. Cross-examination of Second Negative by Second Affirmative = 3 minutes
5. First Negative Rebuttal (1NR) = 3 minutes
6. First Affirmative Rebuttal (1AR) = 3 minutes
7. Second Negative Rebuttal (2NR) = 3 minutes
8. Second Affirmative Rebuttal (2AR) = 3 minutes

Other people: Bradley M. Kuhn Jeff McAffer

Companies who use and contribute to free and open source often have internal advocates who make policy decisions, help with tooling recommendations, and teach others about the importance of free and open source. Different offices and departments will often have differences in the ways they are managing using, contributing to, and releasing free and open source software.

The panel will explore the different approaches companies have to this work.

Other people: Richard Fontana Jilayne Lovejoy Max Sills

This presentation will open a discussion about how we are introducing new developers to programming. Most textbooks, tutorials, and trainings begin by introducing new developers to mathematics lessons within the language. Many courses on programming require math skills as prerequisites. However, math prowess is not usually an indicator of one's potential programming abilities. Those people who have been told from a young age that they aren't good at math or generally doubt their math skills often feel excluded from the world of programming unnecessarily.

I will pose questions about whether we can be using methods other than math skills to teach programming languages to adult beginners. I propose logic and reasoning skills are more important programming concepts to master to help new developers succeed. Let's change the way we're teaching programming and break down more artificial barriers to entry for becoming a developer.