The impact of AI on open source software development

05 June 2026

Five experienced open source practitioners cut through the hype to ask what AI is actually doing to the communities, projects, and humans that keep open source alive.

Panel at SOOCon26 Edinburgh.

Show transcript

0:00 so I don't know if any of you actually read Amazon blog last week it was all
0:08 talking about AI driven development lifecycle for financial services I'm
0:12 trying to get the title right they basically talked last week about six
0:16 engineers rebuilding the entire bedrock inference engine in 76 days using their
0:21 Kiro Amazon agentic coding service proprietary the original estimate for
0:27 that was over 40 engineers and a full year that wasn't a proof of concept right
0:32 that's one of the biggest production infrastructures currently powering the
0:37 world's largest proprietary AI service we're seeing lots of vendors touting the
0:43 benefits of AI we're seeing lots of consultancies talking about the AI
0:47 bandwagon team structures target operating models what your day is going to look
0:52 like in the agentic space talking all those benefits but at the same time I
0:57 we're hearing different things in the community lots of maybe horror stories
1:01 even so we're going to jump into that in this panel as Amanda said I'm Chris Plank
1:06 thanks for coming to our site I hope you're enjoying our campus and the the day
1:12 thanks to my leadership for actually making this happen for open UK and for us
1:16 really appreciate you know the investment that they made in doing this I'm going to
1:21 talk moderator today for this lovely group of humans I'm a open UK ambassador I'm a CNCF
1:31 technical community group leader I talk a lot about platform engineering I work at the
1:36 bank yeah with that I'm just going to introduce yourselves but I'm going to start at the far end
1:41 Paula thanks Chris hi my name is Paula Kennedy I'm the co-founder of a company called Syntasso we make a
1:50 framework for building internal developer platforms the core of which is open source and then we have
1:55 enterprise versions as well hi I'm Mike McQuaid I guess my open source life as I've worked on various
2:05 open source projects for 20 years homebrew is my main one kind of Mac Linux a little bit Windows package
2:12 manager which I worked on for 17 18 years and I'm the project leader for that I run something called
2:19 open invention Network which is a 21 year old activity designed to neutralize patent risk associated
2:26 with the adoption of open source and we have over 4,000 companies in our community and we continue to
2:33 grow and support creating opportunities for open source to to be in every space possible and to be used
2:41 without fear of litigation I'm Justin Cormack I was a docker for 10 years I was the CTO involved with CNCF
2:49 worked with OAN because people were suing our customers about some ridiculous pattern trolling
2:56 activities and being involved in open source for a long time cool okay so let's start off nice and easy
3:06 and we'll start talking as I said in the intro about tools and productivity you know we've we've seen
3:12 things people talking about like team topologies how that's all going to change in the agenda here
3:16 what your day is going to look like maybe start with you Paula first really talking about kind of what
3:21 you're seeing in the use of tools productivity all that area sure so I think Finton's talk just before
3:28 set us up really nicely because he talked about the tools that we're using for software and code
3:34 development and there's lots of different models out there but what we're seeing the impact which I
3:39 think Finton presented really nicely was we're producing more code we're producing it faster we're having more
3:45 commits more pull requests like the the explosion that GitHub has seen in just like number of commits is
3:52 incredible the thing that I really liked how Finton ended his talk with the tale of two AIs because
3:59 what's interesting is I don't know if you folks have read the most recent DORA report which is I think
4:04 it's called the state of the ROI of AI assisted software development because the interesting thing that
4:10 DORA is flagging is that we're seeing huge amounts of more code but not necessarily better kind of
4:18 outcomes for business in fact code is actually seen as a liability and now that the cost to create more
4:24 code is basically zero the cost to maintain and run that code is where we're seeing like more increase in
4:32 fact because it's harder now to kind of keep up with the amount of code that's being generated and so it's
4:38 interesting for us when I when I read the DORA report recently I was like it's quite interesting that
4:43 actually people are seeing supposed increases in productivity but actually more of a negative impact
4:49 on throughput was one of the things they flagged because the amount of like issues that are coming
4:55 up and the time it takes now to kind of keep code accurate and current is actually slowing teams down
5:01 somewhat so Mike when we were having a chat just at lunchtime very briefly we started having a
5:07 conversation about kind of these consultancies that are coming in McKinsey and others talking about
5:12 like the team structure and how you know you might have three people in a team you may have like an
5:18 architect a product owner and a coder of some sort and then they're doing using the genetics and doing
5:25 like development during the day and so the whole lifecycle is all changed and I start to talk to you
5:30 about what does that mean for people who you know they normally contribute to open source at
5:35 night and they might you know they might not do it during the day because that might not be their main job you
5:39 know like me and I work in a bank right and we have people who banking is our day to day and stuff we've got to
5:45 do but we contribute to open source as well you had a view a very strong view on that so I thought we'd let's get some airtime to that thought and share that with the audience
5:53 yeah so I think that the thing is interesting I guess as Paul was speaking is I come over who it was that said
6:00 this but this idea with AI in the with software if you were doing things well five years ago and you throw AI and
6:08 increase velocity into the mix then a lot of things are going better and better whereas if things were
6:14 all a bit of a mess then you throw the AI velocity into the mix everything is getting worse and worse and I
6:19 think this goes a lot of areas and I think open sources is one of them right where like something
6:24 I've been kind of bang on about for years is that what I think is the most important thing in open source
6:29 sustainability is actually sustainability for like the humans and their lifestyle and not just the money
6:36 right and part of what that has mean for me and a lot of the other maintainers I know
6:41 some of which will say so publicly a lot of which are not is that a lot of us do do our open source work
6:48 during the daytime at our jobs you know and some of us have when I was at GitHub they had a lovely liberal
6:55 employment contract that meant I could do that whenever I want and that said it was fine I had
6:59 liberal management and working structures which meant I could do that and I know other people who don't
7:04 have that and either ask for exemptions in their contracts their co-workers don't have or they just decide to do the
7:10 driving 32 miles an hour in a 30 limit approach of just like well I'll do it and see how it goes but
7:16 I think in a funny way AI has okay it's made it may be difficult because the work is more strenuous
7:21 during the day but if you're someone you know the current rave thing with AI and agents is like
7:28 having work trees so you can have 20 different agents doing different things at different times and
7:32 with that approach if I'm paying for my own agent I'm using my open source project and a bug comes in
7:39 during the day and I click assign to agent and then I spend 15 seconds in you know 15 30 minutes when
7:45 it's done reviewing it and then pushing it to GitHub which takes me another 15 seconds I mean for me
7:50 okay you could say well you've stolen that 34 seconds we were employer but it's like my employer
7:55 doesn't care right so I actually think in some ways we're even better set up than we were five years
8:01 so if you have those boundaries and kind of personal sustainability to do this and use these AI tools
8:07 to make open source projects easier to maintain including easier to maintain during your working
8:12 day but again if you have a punitive employer or you can't use AI on your project for whatever
8:18 reason or whatever then maybe not punitive but like some of the some of the ways they're describing
8:23 the the working day you're going to come in and you're going to review what the your AI squad has
8:29 done overnight you're almost AI babysitting right especially if that's broken during the night you
8:33 haven't unpick it and figure out what you're going to do and they seem to be coming up with a kind of
8:37 work cycle that's going to involve you coming in doing that in the morning then you have your lunch
8:41 then you're setting things up in the afternoon I don't particularly want to work like that just to
8:46 me doesn't sound great I mean just I think a lot of how we think about working how we learn to work
8:53 together in software has come from open source if you look at github and the you know git was invented
8:58 by an open source project to to work how they want to work github the the pull request was something
9:05 that came really from how open source communities were working and the last big software productivity
9:12 revolution we had was incorporating open source software in every belief software we build and so
9:17 everything really about how we work in software has come from watching people do it in the open source
9:23 community so I think that it's part of our responsibilities to show people how to work with
9:27 AI I think it's all very new and everyone's very confused and people are kind of inventing how they
9:33 think it's going to work rather than finding out what really works and finding out what really works
9:38 is something that is best done in public yeah and from the slides were brilliant because the one
9:42 thing that we saw there was like the exponential growth almost and everything you know whether it's
9:47 commits or the usage everything is completely changed there is no maturity at the moment that was another
9:54 thing really to pick out your slides right there's that you know when openclaw came out at the start of
9:59 the year we had microsoft making an announcement this week that was talking about that's now going to be part
10:04 of windows that's changed in the course of like a week so there is no maturity everyone's making this stuff
10:10 up is pretty much what you're saying right i think mike's point is is spot on about the if you've got good
10:17 systems in place so one of the things the door report called out was AI is really an amplifier and if
10:22 you've got good systems in place already good practices good team boundaries good kind of ownership models
10:29 then bringing in AI bringing in agents your fundamentals are already in place and AI amplifies
10:35 and makes as an organization go faster and your teams can go faster if you've got a bit of a shambles
10:41 i was going to swear i'm not going to swear if you've got a bit of a shambles going on in your organization
10:45 AI is going to amplify that i think yeah but what about people getting overwhelmed by that AI shambles
10:54 yeah i mean i think there's a big problem with that i mean again we've got to work we've got to learn
10:57 how to work together again and how to work as teams again and right now a lot of people are kind of
11:03 giving up temporarily because they're finding it really hard and people are like well we just have
11:06 one person per project and we won't work we won't collaborate on our projects anymore because we
11:12 can't work out how to do it because one person with AI it seems more manageable right now than teams but
11:19 we're going to want to actually you know work in teams again to build bigger even bigger more complex
11:23 things the way we always have and we've got to work out how to do that again so i think it's you know
11:28 there's this weird sort of transitional period and i think part of it's about trust i mean working
11:34 with other people with AI you have to really trust because you're not going to read the code you've got
11:38 to trust that they have done the right thing and they're they and you trust the code that they're
11:45 bringing with them and right now people you know are quite validly not in that trust situation because
11:52 people are bringing them code that's terrible and they and they're either sort of you know they they
11:57 don't know how to have those discussions about like how do we you know how do we how do we keep the
12:02 quality up how do we work together how do we what are we going to do when this goes wrong and those
12:07 conversations are often not happening and people are getting really unhappy they're not talking to
12:12 each other they're not communicating effectively people are leaving like good people are leaving you know
12:17 all sorts of things are happening and it's a it's a real mess right now yeah i'm going to come back to trust because i mean if you know
12:21 if you know it's about trust that's where we're talking now i do want to bring keith into the
12:25 conversation and start talking about things like the linux foundation guide uh to use an AI because
12:30 you were talking about contribution right so um what um what else could projects need to consider in this
12:37 AI world i think they're you know the normal set of things that when you work in AI that everybody's
12:43 learned over the last 40 plus years in terms of the license under which the code has contributed
12:49 understanding how it can be used and what the requirements are in terms of compliance and
12:53 governance that's usually managed by legal department inside the organization the OSPO kind of takes
13:00 control of that for the on the front end and then works with maybe two or three in some cases
13:06 ByteDance has uh six of the of the best legal minds i've seen working in open source that are dedicated
13:12 purely to legal issues and open source that's not an unusual thing because they emulated what what
13:18 Huawei does and they actually have some people from Huawei that helped them organize this and Huawei got
13:24 those ideas from IBM everybody's learning from each other in the open source legal world as they emulate
13:31 what's going on actually in collaborative collaborative development on the technology front and so what
13:36 we're doing is actually looking at models like OAN has just been borrowed from by sale which is something
13:44 that Meta is primarily responsible for but a number of like 15 or 20 companies came together they took two
13:53 years the better part of two years to be able to launch something that focuses on allowing people to feel
14:00 comfortable utilizing foundation models so it basically insulates you from patent risk associated with your
14:07 your adoption of foundation models so that was like a lot of collaboration yeah and so these kinds of
14:12 of collaborative kind of activities and to Anastasia's point Anastasia's point before
14:18 you know I was approached by this is not you know I'm not telling tales out of school but it's a very
14:23 interesting development is that and while we doesn't do these things without approval from a higher power
14:29 but while we approached me and said you know you're involved in doing all kinds of things and supporting
14:34 freedom and and helping and there they've been a member of our organization for a number of years
14:39 and they said let's get the data issues right help us get the data issues the right because we have
14:44 approval to be able to contribute data to be able to kind of deal with the issue of provenance
14:50 because they see it as an as a significant issue uh that if we can basically just create a data commons
14:57 and collect data from we'll start out with 20 companies we create a data commons and we create
15:02 clean data what's acceptable clean data and then we understand what we're each using and drawing from
15:08 and irrespective of what our training what our what the training sets look like we're actually
15:14 drawing from clean data so we can there's a providence to what we're producing in terms of the
15:19 models that we're producing and it's not just huawei that will do that it's baidu ali tencent
15:25 it's the companies that own the most in fact one third of the most important patents in ai
15:31 are owned by chinese companies one third one third you need to let that sink in a little bit it's very
15:37 significant and and unlike american companies or european companies or even japanese companies
15:44 chinese companies file their patents in every major jurisdiction irrespective of cost they don't care
15:51 because they want to have the coverage and so they not only have the coverage in china but they have
15:56 the coverage in every other jurisdiction of the important jurisdictions of major in major countries and
16:02 that means there's much more value to their patents as it as they spread out into these environments
16:08 there's a lot there a lot there and some of the things that anastasia said as well you know talking
16:13 about that open license model just look at my notes uh copyright i started to think about the
16:19 hyperscalers and we've seen this before the hyperscalers are really good at using open source
16:24 software and making a lot of money out of that but that money doesn't necessarily trickle down to the open source
16:30 companies that have been developing that and the developers who've been doing it maybe you know
16:34 it's it's a community event they don't they they're contributing that they're not making any money from
16:39 it at all right so in this new world what kind of model could we have where we could change that
16:46 and try and get i think you said where she's went uh shift left um is there something we could do to
16:54 actually in this new uh open source ai era to shift the balance and get some of that money that's going
17:02 to the hyperscalers instead coming back to the projects i don't know who wants to pick that one up
17:08 the some of the work that open uk is doing actually i think is really important around that um and i'm
17:15 not just saying that because amanda's there but uh it's always been a question it's not even just an ai
17:22 question there's always been a question of how does open source make money how do we make it sustainable
17:27 for the humans who are doing all of the work and you know the classic cartoon of like one person's
17:32 of holding up a whole massive economy and the big companies profiting from the people doing it in
17:37 their spare time right there's always been a always been a question i think one of the things open uk
17:42 has been trying to do is talk to uk government about sort of setting up a fund setting up a foundations we've
17:50 talked already this morning a lot about sovereignty and autonomy and where your data sits and who
17:55 controls access and who controls like who has control actually um and so it's not like
18:03 i have the answer but i think the work amanda and open uk are doing is trying to lobby uk government
18:08 to say can we invest money in the uk to have a fund that can pay open source maintainers and and sort of
18:15 support uh a foundation in the uk where we can have sort of a creative commons or we can have data that
18:21 we can put together and we can work together and i i know amanda's been like tirelessly campaigning uk
18:28 government for that type of activity but it's it's an uphill battle i think we could end up with a
18:33 situation where people realize that maybe they should actually open source more software than they had
18:38 before because software isn't if software becomes cheaper to produce um then and it's easy to copy
18:45 proprietary software and we've seen a few cases so far but of people sometimes copying open source
18:51 projects but you can also copy proprietary software very easily now and i've seen um quite um you know
18:57 people who've copied cloned google docs and things like that and like there's a lot of the software that's
19:03 now potentially cheaper but potentially people will realize that actually makes more sense to open
19:07 source more of your software there's actually like yes sure we can just generate lots and lots of
19:12 software but actually having community around software having resilience there's also the whole security
19:18 aspect and there's the maintainability aspect and things like that and so i think we could end up
19:22 with a situation where ai means that we get more open source software as people realize that keeping it
19:28 secret is no longer going to preserve it from from copying and reproduction and things like that and
19:34 and so we could actually end up in a world where where people understand the benefits of open source
19:39 and produce more of it and there's more of it but what also about the the opposite effect projects
19:44 closing down yeah i mean i think that you know we we're we're we're seeing a very weird kind of
19:54 transitional state at the moment where you know ai is new a lot of projects uh whenever you know we're
20:00 in a bad situation before you know as paula said like the people who were people who were happy and
20:05 productive and had things you know you know financially stable up front are doing okay but the people who
20:12 um are suddenly seeing lots of security issues they're not getting this any support and they're even
20:18 less happy than they were before are kind of in a worse position we're seeing this you know everywhere
20:22 we're seeing this kind of thing if you were in a good position before it's it's better and you can
20:27 it's sustainable if you were in a bad position everything's getting worse and we're seeing that
20:31 everywhere so ai is an amplifier of everything whether it's traffic whether it's problems there's a lot of
20:38 amplification of everything because of ai yeah we probably expand you know you think of how many
20:43 thousands of projects exist and just within you know if you look at the three major project management
20:49 organizations in the world they have thousands of projects and they're just the the simple fact is
20:56 there aren't enough talented people to manage those projects and give give them the attention that they
21:01 need and and why are we using project management organizations if we if they're not providing talent
21:07 to help manage well which is my concern about amanda's comment if we nationalize or develop national
21:14 project management organizations we can't we don't have enough people that are involved in it now if we
21:20 create we create a potential problem of divisiveness of regionalism or nationalism around project
21:27 management activities and contribution and we what we're trying to do is break all the barriers down
21:33 so embrace the the the chinese embrace good countries around the world where there may be geopolitical
21:40 issues that are that get in the way but the beauty of open source is that we're collaborating under the
21:44 radar yeah irrespective of the form of government uh we are creating this seditionist approach to to
21:52 information management sharing and it's it's truly powerful and and that's there's kind of a dichotomy there
21:59 because we've also got a rise of sovereignty if you look at like sap and what they're doing neon office
22:04 over in germany quite a lot of the germans they're starting up their own almost like foundation yep
22:09 they're making it very uh i don't want to say insular because i've got friends who work there
22:13 um but it's you know it's very uh it was extremely europe focused it is for europe brand new projects
22:19 rather than using things that are kind of maybe the the lead contributors are based in the states yeah and
22:26 you i mean look at the kubernetes is was a seven-year incubated project and then it was it was homegrown
22:34 incubated and then it pushed out and maybe docker's participation in open source projects kind of
22:40 drove it and then there was a whole period where both were kind of coexisting and now they coexist in
22:45 a different way inside cncf but cncf is the biggest target for patent trolls and operating companies that
22:52 want to attack uh that maybe aren't with the open source program so we've got lots of risks that
22:58 come from this space one thing that i just want to mention before we lose time and i or i forget is
23:03 that we are also being asked to focus on associated areas you can't discuss if you're going to have
23:12 indiscriminate use and uncontrolled use of ai with the burden that it imposes in terms of uh on the
23:19 costs of power consumption associated with data centers that have to do all this processing we need
23:25 to move to risk five and we need to move quickly and not have a have a a mellow hockey stick that we've
23:32 had over the last 12 years and we've got now an opportunity to accelerate the adoption of ai to be able to
23:39 support more data center chips that are designed for the purpose rather than having all this this
23:45 unused capacity in the background uh on these chips very very topical because just last night uh over
23:52 in fife not far from here and just a tiny little village the village hall was packed out with people
23:58 who didn't want a multi-story i think it's like 16 story data center built behind their village you know
24:04 green fields lovely rural scotland but some ai company wants to come and it wants to build a big
24:10 data center yeah i think part of kind of what the governance the government the governance everything
24:16 that's put in place really needs to start thinking about we shouldn't be building on green land like
24:21 that we should be using old industrial space there's lots of it in the world right we should really
24:26 be putting it there instead in fact for a lot of these places why are we not even burying it underground
24:31 right yeah there's no real reason for it to actually be built it's just it's cheapness follow the money
24:37 yeah okay um probably went that was a that was a local topic so i thought i would give that some air
24:43 time just um i kind of want to come back to like projects closing down with with you if i can justin i
24:52 think there was some like projects like the nhs were again becoming quite insular and saying
24:58 actually we don't want to use open source we want to close these things down we want to stop all of
25:01 that yeah that was a a weird one that was around the security issues because they were worried that
25:08 being open would let people find security issues despite the fact that um most of the code that they
25:15 have is not anything that would be security relevant anyway um and in general they're more likely to
25:22 find people who are going to help them fix security issues and things are open and um you know i think
25:27 that um you know i think that people are you know people have always you know a lot of people have
25:34 been very confused about what the role of open source software is when they're not part of you know open
25:40 source communities and they don't work with them every day and understand that that's just how you
25:44 know how we develop software nowadays um and that the security for open projects is almost always
25:50 better than for closed projects and they should see some of the stuff that uh goes behind closed doors
25:55 that p that doesn't have any security visibility um so i think there's a lot of you know kind of um
26:03 you know people in that sort of confused situation and again like as i was saying like i think it's
26:09 likely you know i think people should realize that they should do more in the open now with ai but
26:15 they might you know there's definitely a kind of um well we don't need dependencies we we don't have
26:21 to depend on other things we can just write rewrite all this code ourselves from scratch but then
26:26 um you you won't you know you don't have to take on the the responsibility of keeping it secure
26:31 yourself you don't have any help and there's a huge amount of effort that things like the learners foundation
26:36 does to help projects be more secure that's really incredibly valuable um you know i spent a lot of
26:42 time involved in in in the security group with the yeah and and the way and with cncf and helping
26:49 projects you know paying for security audits for projects and those and really valuable stuff and
26:55 helping them work out threat models and understand how they should be thinking about security and all
26:59 those things that like the big open source projects do really well and you and your old company you know
27:05 docker gave an awful lot of tools to the projects in the cncf via that relationship that they've got to
27:12 actually help with the security stuff right yeah they give them access to actually like tighten up their
27:17 container images push those through the pipeline have kind of more cve free or certainly reduced cvs in a lot
27:23 quicker time there's um have we seen anything else like that coming out of kind of the foundations
27:29 and those partnerships i mean i think that um i mean those foundations generally has been very good at
27:35 working with companies who want to you know help or give give their tooling to open source developers
27:41 they're they've been involved in the mythos preview so um those foundation projects have had access to
27:46 mythos and uh to find vulnerabilities and things like that so there's there's already work going on to
27:52 you know particularly in the security side of things at the moment because that's obviously very high
27:55 priority but to help projects mike i'm going to come back to you as a as a developer right and and
28:01 and a contributor maintainer um i was listening to stephan podran who's the lead developer for the flux
28:08 project talk about the kind of the benefits of ai for his project and what he was doing but i'm going
28:13 to come back to that trust thing as well he said the human still has to be in the in the loop do you
28:18 think all developers are going to actually act like that with ai uh no probably not uh but i think
28:25 this goes back to what justin was saying way earlier so i think we in the i guess open source is part of
28:32 the wider tech industry something we love doing is making people problems into tech problems and we say oh
28:39 this person's doing this really problematic behavior that keeps messing up our systems or our customers
28:45 or whatever how can i write some code to stop that well you can have a conversation with that human
28:51 right so again like back to your example from earlier actually when you said like oh well you know what
28:56 it's like to wake up in the morning and have all these agents who've generated all that code and then
29:01 i have to go and review it and isn't that exhausting it's like well welcome to being an open source
29:05 maintainer right like that's that's the job right and a lot of us it's like well that's what we signed
29:11 up for and it's it's good and i enjoy doing that and if i don't enjoy doing that i'll quit and that's
29:16 also good because that's people enforcing their boundaries so some of the projects that quit and
29:21 people that shut down what they're doing i actually think that can be a positive thing rather than a
29:25 negative one but yeah but i think back on that like it all we need to do as individuals as projects as
29:34 companies as groups of people as technologists is just again like what we're saying the things that
29:40 were going well versus the things that were not going well before we had ai right so on homebrew
29:44 something we've always done is we've been i i have a bit of a reputation of being assertive with how we
29:52 deal with some community members with this stuff and if someone opens a pull request and it's 30 000
29:57 lines of code and it's obviously ai generated they haven't looked at it they've got an ai generated
30:02 message we just have a bot that automatically closes that even before ai we would just close
30:07 that and we wouldn't even comment on it and then if they said well why have you closed my pr without
30:11 comment and it'd be like well look you know why right and if if that doesn't work for people or it's
30:18 not enough then you can have a longer conversation but i mean again the nice thing about the difference
30:23 between open source and why i think boundaries are how we solve our way out of this problem in open
30:29 source is at work i have to then sit down and have a call and explain to that person who might not
30:34 have been told before that 30 000 line change is essentially impossible to review so you're gonna have
30:39 to split that into 30 smaller ones please if not more but in open source i can just be like no lock
30:44 thread i don't have to teach you what to do because this is my spare time and i'm not being paid to do
30:50 this right and i think and you could actually write ai with those guard trails to stop it in the first
30:58 place right you could i mean somewhat some of the time at least but i think this is this is what i worry
31:04 about when we go too far down the lens of being like well we need to pay all the maintainers we need
31:10 all these open source companies whatever is we forget like what we're doing it for in the first
31:15 place like the beauty of open source software in my mind is like the original like licenses which say
31:21 in them we disclaim all warranties we'd say this may not be fit for use and we've we've got to this
31:27 world where we think that being a responsible open source maintainer means being monitoring your supply
31:32 chain doing this doing that responding to reviews and this time the chaos report says that i need to do
31:37 this the door report no you don't have to do anything you don't want to do you literally do not like if
31:43 you are a company in this space it's the company's job to make sure that you are doing what they want
31:49 them to do and if you're not doing it then that's when they can pay you they can ask it they can fork
31:53 it whatever right but if you are doing stuff in your evenings and weekends like you have absolutely no
31:59 business bending over backwards for individuals or corporations who are not supporting you in doing that
32:05 right it needs to be fun for you and that in my mind is that all of the parts of open source that i have
32:11 seen that were healthy 20 years ago and are healthy today are groups of people working together throughout
32:17 the globe as keith said again there's a beautiful like cross boundary like most of us don't care what
32:22 country anyone is in what nationality is anyone is in but we're friends and we're working on something
32:26 that we find fun together and we enjoy that right and that's what it has to be and that's what it has to
32:33 remain and that is the thing that will kill open source is if we kill that right but everything
32:39 else we can figure out as long as we're having fun we'll be okay paula talking of having fun
32:48 talking of having fun uh you and your team are heavily involved in the kind of platform engineering
32:54 community the cncf kubecon we have a lot of fun every time we meet up and we go there right we do
33:00 a lot of serious conversations we never have fun it's all work we never have fun it's serious okay
33:03 what you're talking about yeah this is recorded isn't it all work but you know what have you seen
33:08 change because of ai in in like the community space and the things that we do you know in the last
33:14 sort of six to 12 months i mean there's so many impacts i think in the community one of the things
33:20 i do a lot is conferences so um speaking at them but also reviewing cfps so i think one one slight
33:27 negative impact i've seen and i'm sure everybody's seen it is the amount of proposals that now get
33:32 submitted to conferences that are entirely generated by ai and you you you can tell obviously i mean not even
33:41 just with m dashes but like the the style the the flow the kind of the sentence structure and it means
33:48 where you might have had for a cfp i don't know let's say 100 submissions and maybe now you get 300
33:53 submissions which takes twice because that right now is still humans reviewing that type of content so i
33:58 think in that part of the community space ai is having a slight negative impact but then on the other
34:04 hand maybe it's leveling the playing field for people who wouldn't have submitted because they
34:08 wouldn't have known how to frame their thoughts and they can put in a few prompts and they can submit
34:12 so um and we've seen benefits there i mean i've been involved as you have in other organizations
34:18 reviewing cfps and things like a scoring rubik that actually give some guidance to people when they're
34:22 writing examples people talking about it is really helping them to stop doing that ai slop because we
34:29 did for maybe 12 months so an awful lot of horrible things coming through it's just like ben not even
34:35 going to read it i don't want to see exclamation marks and light bulbs and all sorts of things
34:40 but then i think on the you mentioned also about the kind of the platform engineering space i think
34:45 going into that just a tiny little bit one thing we've been talking about
34:48 just now all of us is kind of the boundaries the communication the talking to the humans
34:54 um and i think in the platform engineering space we're seeing a lot of like uh thinking about apis
35:01 boundaries between teams and how the platform uh works with kind of the agents as well as the humans
35:07 and talk about ai being the amplifier it's a similar practice with agents and and controls in your
35:14 organization one thing we're we're thinking about a lot of in our team at the moment is building the
35:18 internal platform that serves humans and agents and it's it's not necessarily even different if you think
35:25 about your agents like humans you need to have like clear documentation clear boundaries kind of uh clear
35:31 review processes guardrails etc everything that you have to have for humans you just need the same in
35:35 your platform to serve your agents yeah okay we've got a few minutes left we're going to open it up to
35:41 the audience if they want to ask this panel uh any questions at all i've got a mic i'm not going to do
35:46 what one of my friends victor doesn't jump off the stage but i will i will walk oh you got one ah i'll
35:54 stay up here perfect thanks ian um thanks um open source maintainers have limited resources to invest in
36:04 and mentoring the next generation of maintainers for their projects ai kind of breaks the link between
36:09 code contributions and a sign of effort and thus a signal of where to invest that effort in the next
36:12 generation of maintainers how do you think projects should respond to sort of those changes in the
36:17 community around the code yeah i think it's really it's really hard at the moment because people are
36:20 trying to work this out the zig project's taken a really strong stance on that which is interesting
36:25 and very different for everyone else there's like we're not going to use ai because the primary role
36:30 of us is to uh mentor the next generation of long-term committers and the only way we can do that is by
36:35 not using ai at all in the entire project and that's a really extreme stance and i don't i don't see many
36:41 projects taking that but they've they're doing it for that very reason and i think because i think a
36:45 lot of the time you look at contributions and like well someone's just prompted their ai agent with this
36:52 issue i could have done that i don't like that kind of contribution has less value than it used to
36:57 have because the you know it's it's it's not the kind of thing we used to need but i think that you
37:04 know we have to come up with a new way of thinking about like what what's a valuable contribution in the
37:10 age of ai to a project and it's you know new ideas and new new ways of using the project new new kind
37:16 of in a innovation pieces to the project or projects that are complementary to the project and work well
37:22 with it that were didn't exist before and things like that so i think um we need to think of new ways
37:28 in which we can work together on projects i'm particularly interested in like we can build really
37:34 large scale things that were just really hard before um and would have taken you know it used
37:39 to take a decade to build a database it doesn't take a decade anymore that means we can build more
37:44 databases and databases are kind of cool things like that so there's lots of new software we can
37:48 build but we have to you know we have to work out what the forms of collaboration are that work really
37:54 well for the kinds of new things we want to build too and coding isn't the only form of contribution
37:59 i also like throwing that in all the time right there's lots of people who do contribute to open
38:02 source who don't do any code stuff at all there's lots of people who shadow other projects and you
38:08 know shadow people who are doing things so they can then step into the next role so there's there's
38:12 many ways of learning shadowing is probably one of the good ways things like you know the kubernetes
38:16 project is probably a good example of that where you can actually be on the release team
38:19 you can shadow you can work on documentation you can do all sorts of kind of uh chop wood carry
38:25 water i think is what people call that right there's lots of different ways of contributing to
38:28 open source not just code quite passionate about that because i don't write code anymore
38:32 it's decades since i wrote code but i need to try all right anyone got another question
38:41 yeah
38:44 hi uh james from microsoft also linux distribution maintainer
38:50 we've talked a lot about the direct impact of ai but i'm also thinking about the indirect impact so
38:57 picking up on mike's point about keeping it fun uh spare afford for the linux distribution maintainers
39:05 a lot of the popular distribution is commercial but they often have community
39:09 underpinnings people doing this in their spare time and with the advent of ai they're now facing
39:15 massively increased workloads bumping packages ensuring everything works together as a whole
39:21 um checking for changes to make sure there's no malicious code there you don't want another exe utils
39:26 uh fiasco and they you know they may have their own misgivings about ai the users may even if they
39:35 wanted to use ai to solve this problem they might not have the resources to do it so and they can't just
39:40 reject the changes because they need these dependencies to keep the distribution working and
39:46 some we've had to make some difficult choices so so how do we deal with that yeah i guess like that's
39:52 been somewhat my world for a while like so i i feel your pain there very much i i think as i said before i
40:00 actually don't think ai has changed much beyond just the velocity right so in my mind the the best thing
40:10 we're fit to do now is just lean even harder into automation have more automation more tooling
40:16 more lints more checking like all this type of stuff like everything you can get a computer to do
40:22 instead of a human to do and one of the nice things is that i hate writing yaml files and bash scripts
40:29 and various other things that the ai's can often be quite good at so i think even if you can't use ai
40:36 to directly almost like do the work for you like if you have a bunch of tedious workflows or scripts
40:42 or whatever or a document that needs to turn into a script like ai can be quite good at you know making
40:48 your life a little bit easier and go faster even if those never even leave your machine right but ideally
40:53 within a project within a distro with an open source community we build these things we share these
40:57 things we can benefit from them with each other and that all of the stuff that helps each other scale
41:02 we can all share with each other and grow and have fun yeah i think we when it was hard writing software
41:08 we under invested in tooling and we should we there was always stuff that you wanted that you didn't
41:12 have and you're like well i i would love to automate this stuff but it's it would take me too long i mean
41:19 you know software we still did a lot of automation but there there's there was much more we could have
41:23 done and i think increased testing increased automation and things are really really powerful things you
41:29 can point at your ai at and you know i think that um you know i think those distributions have become
41:36 a lot more automated than they used to be back in the day and i mean things like nix have been very
41:41 successful and large scale you know huge made huge loads distributions through massive automation
41:47 earlier on and things like that so i think there's a lot you know i think there's a lot we can learn from that
41:52 and with that that's just out of time i'd like to thank the panel thank you all for the questions as well

Mike McQuaid

The impact of AI on open source software development