Workbrew’s FOSDEM highlights

FOSDEM is an annual gathering of the free and open source development community in Brussels, Belgium. It attracts developers and projects from around the world for two days of talks, loosely organised around themed “devrooms”. Content ranges from status updates from existing projects, announcement and releases of new ones, and perspectives from maintainers and users. Many of the talks get published online, but with so many, where do you even start? Allow us to offer our favourites from FOSDEM 2026.

Package management#

A FOSDEM devroom very close to our hearts is the Package Management room, a space for developers and maintainers of various package managers across ecosystems to share their progress and discuss the challenges of building this vital class of software infrastructure. Here’s our top picks from the Package Management room:

Package management learnings from Homebrew#

Homebrew project lead, Mike McQuaid, dives into his learnings from Homebrew. A large part of the presentation is about the surprising impact of performance, how sensitive end-users can be to any slow downs, and as a result, how powerful marketing around speed is for newer package managers. We found that last point especially interesting, as Mike explored a lot of the factors, such as backwards compatibility and legacy support, that tenured projects like Homebrew care about, which newer projects may not be grappling with yet.

The Terrible Economics of Package Registries#

Package managers are vital to a lot of ecosystems, between programming languages, scientific runtimes, and operating systems. But it’s easy for them to become “invisible infrastructure”: end users don’t often think of the actual cost of services rendered when hitting that brew install. Michael Winser delivers a fantastic talk on the economics of operating package registries, covering the costs of not just data and bandwidth, but also the cost of maintaining security, fighting abuse, etc. 

Package managers à la carte#

If you spend enough time around computer science academics, you’ll see a lot of things being served à la carte: it’s a popular title for papers dealing with modularity, particularly amongst the functional programming enthusiasts. So when I opened this talk and saw Ryan Gibbs presenting a calculus for packages, I was over the moon. Ryan’s Package Calculus is a formal model for dependency resolution with the goal of being able to model the real-world functionality of package managers. This allows the behaviour of existing package managers to be formally defined and communicated, but further than that, Ryan is working on projects that provide for cross-ecosystem dependency resolution.

Trusted by design#

A special mention is this talk from the Open Research room by Niko Sirmpilatze, which deals with how to set up a new software package for successful community adoption. Whilst presented from the lens of the scientific software community, as a company that deals with trust (or the lack thereof) in software packages, we thought that there was something in Niko’s guidance that every would-be package creator could learn from.

Open source#

Workbrew is a company and product built upon the incredible foundations of Homebrew, and so naturally we are very interested in models of collaboration and governance between FOSS projects and organisations. Here’s two talks on this theme that caught our eyes:

Downstream mindset vs upstream communities#

In this talk, Ildiko Vancsa addresses the tensions between downstream consumers of open source software, and the upstream communities that produce that software. In particular, she deals with how downstream players like companies may have opposing or competing contribution cultures to their upstream communities, and explores a variety of scenarios and how to navigate them. 

Companies vs. Foundations: Who Should Steer Your Open Source Project?#

Speakers Ray Paik and Fatih Degirmenci take a look at the behaviour of open source projects under corporate governance, issues such as license changes, and the resulting rise in the foundation governance model. Crucially, whilst foundations have become very popular, and it seems every open source project is forming one, they discuss how foundations don’t offer the solution to all problems of sustainability and longevity for open source projects.

Bonus: To sudo or not to sudo…#

Privilege management, how and when a device user gets elevated privileges, is an evergreen topic for us and our customers. This last talk gives a great overview of some recent work in the area:

Reduce attack surface or keep compatibility: lessons of sudo-rs and run0 transition plans#

We’re all used to hearing “rewrite it in Rust” at this point, but what happens when you do? Alexander Bokovoy and Alejandro Lopez explore recent efforts to reduce the attack surface of privilege management, through an effort to rewrite sudo in Rust, and a sudo alternative, run0. Whilst these two efforts are promising and have potential upsides, Alexander and Alejandro reveal that they’re not yet ready for system management at scale, lacking vital features for central management and auditability.

What were your favorite talks?#

Did you attend or watch any of FOSDEM? What talks did you find valuable? Let us know over in the #workbrew channel on the MacAdmins Slack.