Description
The Linux ecosystem supports a diverse set of methods for assembling complete, bootable systems, ranging from binary distributions to source-based systems, embedded platforms, and container-native environments. Despite differences in tooling and architecture, all of these systems face shared challenges: managing build complexity, ensuring security and reproducibility, maintaining cross-platform compatibility, and responding to increasing regulatory and supply chain scrutiny.
Building on the success of last year’s microconference, we invite the community to continue the conversation with a broadened scope in 2025. This year, we aim to explore the intersection of build systems with CI/CD pipelines, supply chain security, critical infrastructure, and secure development practices. With legislation such as the Cyber Resilience Act, rising expectations for Software Bill of Materials (SBOMs), and mandates for reproducible and auditable builds, collaboration across the ecosystem has never been more essential.
This microconference provides a venue for architects, maintainers, and practitioners from all facets of the Linux build and distribution ecosystem to come together and share ideas, discuss pain points, and identify potential shared solutions.
Target communities and projects include (but are not limited to):
- General-purpose distributions: Debian, Fedora, Ubuntu, Arch Linux, openSUSE, Red Hat
- Source-based systems: Gentoo, NixOS, Guix, CRUX
- Embedded platforms: Yocto Project, OpenEmbedded, Buildroot, OpenWRT/LEDE, Android
- Container ecosystems: Docker, Podman, OCI, BuildKit, distrobuilders
- Immutable, image-based distributions: Flatcar, ParticleOS, Fedora Silverblue
- RTOS and hybrid build systems: Zephyr, RIOT, Mbed OS, FreeRTOS
- CI/CD and build orchestration: BuildStream, Buildbarn, Bazel, Jenkins, GitLab CI, GitHub Actions
- Compliance and supply chain security: SPDX, OSI, SBOM tooling, sigstore
- Broader open-source infrastructure efforts and standards bodies
Proposed discussion topics:
- Bootstrapping build systems and managing cross-compilation
- Integration of CI/CD pipelines into build workflows
- Securing the build lifecycle: from developer systems to package publication
- SBOM generation, license auditing, and legal/policy alignment
- Attestation, signing, and ensuring the software chain-of-trust
- Handling insecure or volatile upstream language-specific ecosystems (e.g., PyPI, npm, crates.io)
- Reproducible builds and deterministic output across toolchains
- Secure and scalable container build systems and image validation
- Immutable build pipelines for image-based systems and update strategies
- Resilience in build infrastructure for critical systems and edge deployments
- Patch sharing, lifecycle tracking, and cross-distro patch coordination
- Documentation, onboarding, and reducing the learning curve of complex build systems
- Long-term sustainability: mentoring, diversity, and community health of build toolchains
We welcome proposals beyond this list, particularly those that address emerging issues in the creation, validation, maintenance, and secure delivery of Linux-based software systems.
Improving coordination across build systems strengthens the foundations of the open-source ecosystem. Whether you’re maintaining a distro, building firmware, managing containers, or designing infrastructure for high-assurance or real-time systems, this microconference is your forum to advance the state of Linux software construction and security.