FOSDEM 2025, one of the largest open-source software conferences in the world, took place in Brussels, Belgium in February this year. The Good Penguin attended and in this blog post we will share some of our highlights.
Exploring Open Source Dual A/B Update Solutions for Embedded Linux – Leon Anavi
At The Good Penguin we do a lot of work involving reliable software updating for embedded platforms, this talk investigates some of the more popular open source options for achieving this. The speaker primarily focuses on the Mender, RAUC, and SWUpdate solutions, contrasting their various approaches as well as explaining some of the pros and cons of each solution – such as the differences between A/B and Delta updates and the major considerations of each. The speaker also gives an overview of how such systems are supported by various build systems for embedded linux, such as Yocto and Buildroot.
See the schedule for the slides and further information.
Vulnerability Management at a Scale for the Yocto Project – Marta Rybczynska and Samantha Jalabert
This talk focuses on the importance of vulnerability management within the Yocto project, and the inherent risks of relying on the NVD (National Vulnerability Database) as the primary source of CVE (Common Vulnerability Enumeration) data. The speakers discuss alternative approaches and databases that can be used for vulnerability detection and management within distributions built upon the Yocto Project.
See the schedule for the slides and further information.
14 Years of systemd – Lennart Poettering
An overview of the history of the systemd project by Lennart Poettering. The speaker providers insight into the early days of the projects development, as well as interesting counter points to some of the more common criticisms of the project, before finishing with a discussion of some the potential future directions for the systemd project.
See the schedule for the slides and further information.
Imposing memory security in C – Maria Matejka
Memory safety is an important subject within the wider software world, with languages that prioritise memory safety such as Rust and Go being widely discussed at FOSDEM. This talk provides an interesting perspective on policies and considerations that can be used to ensure memory safety in existing code bases that are built using C, a language that doesn’t enforce memory safety by default.
See the schedule for the slides and further information.
A tale of several distros joining forces for a common goal: reproducible builds – Jelle van der Waa, Holger Levsen and kpcyrd
A discussion about the importance of reproducible builds, how they can be used to validate and ensure the security of software distribution chains. The speaker breaks down the goals and successes of the project, as well as many of the hurdles they faced along the way, ending on an exploration of some of the future goals of the project.
See the schedule for the slides and further information.
Lessons learned Open Sourcing the UK’s Covid Tracing App – Terence Eden
This talk provides a very interesting and rarely seen insight into the pressures of developing critical government infrastructure whilst under intense time pressure and stress – and in the very critical and often cruel eye of the British tax paying public. A very unique project that took place in a very extraordinary set of circumstances, and a glowing example of how against the odds, open source can be successful in a government environment.
See the schedule for the slides and further information.
Ten Years as a Free, Open, and Automated Certificate Authority – Josh Aas
Today the vast majority of the World Wide Web is secured using HTTPS and TLS, although this wasn’t always the case. The Let’s Encrypt project was formed with the simple goal of providing a free and simple to use TLS Certificate Authority, and since 2015 has grown to the point where it now supports over 500 million websites.
In this talk the speaker gives some fascinating insight in to the work involved in hosting and maintaining an infrastructure as large and heavily utilised as the Let’s Encrypt project. They discusses some of the software solutions and hardware requirements of the project, as well as direction that Let’s Encrypt is planning for the future.
See the schedule for the slides and further information.
The full schedule for FOSDEM 2025 and details about all the talks that took place (along with the slides and videos) can be found here.