In this episode of Reality 2.0, Katherine Druckman talks with Lori Lorusso from the Rust Foundation about the critical importance of sustainable stewardship for open source infrastructure. They discuss a joint statement from the OpenSSF, the Rust Foundation, and other community organizations emphasizing the need for financial support of package managers used widely in both hobbyist and enterprise applications. The conversation touches on the complexities of open source dependency management, the influence of the EU's Cyber Resilience Act, and the interconnectedness of various open source initiatives including the Valkey project. Lori shares insights into the Rust Foundation's outreach efforts and encourages community engagement to ensure open source projects continue to thrive.

00:00 Welcome and Introduction

00:28 Meet Lori Lorusso from the Rust Foundation

01:58 Open Source Sustainability and the Joint Statement

04:34 Challenges in Open Source Contribution

06:36 The Importance of Supporting Open Source Projects

15:38 The Cyber Resilience Act and Its Implications

21:40 Engaging with the Rust Foundation

24:36 The Value of Open Source Communities

26:33 Conclusion and Upcoming Events

Site/Blog/Newsletter

FaceBook

Twitter

Mastodon

Special Guest: Lori Lorusso.

Support Reality 2.0

Links:

• Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship – Open Source Security Foundation — An Open Letter from the Stewards of Public Open Source Infrastructure
  Over the past two decades, open source has revolutionized the way software is developed. Every modern application, whether written in Java, JavaScript, Python, Rust, PHP, or beyond, depends on public package registries like Maven Central, PyPI, crates.io, Packagist and open-vsx to retrieve, share, and validate dependencies. These registries have become foundational digital infrastructure – not just for open source, but for the global software supply chain.
• The Rust Foundation - Official — THE RUST FOUNDATION is an independent nonprofit committed to a safe, secure, and sustainable future powered by the Rust programming language.
  
  We believe that investing in the global open-source community is essential to maintaining a healthy and performant technological ecosystem — for individuals and organizations alike.
• xkcd: Dependency