 So now for our last panel, we've invited leaders of core open technology organizations to give us a little bit of a guide to the future. First, I'd like to introduce our session leader. Here's Guy Martin, who will be introduced soon as well. Dr. Ma Sheik, Dr. Sheik is an associate professor of digital innovation at King's College London and she holds a PhD in information systems from the LSE. So I don't see Ma here, but we'll give me one second. Let's see. Okay. Well, hello everyone. I'm very glad to see you here. I don't know, especially the ones that are state side. I appreciate that you, I wonder, have you stayed on for the entire summit since like early, early in the morning? Unfortunately, no. Doug Jim says yes. I was up at four, yeah. Well, you know, I really appreciate that. And then staying here till the end, that's very nice. And here is Ma. Yeah, I'm glad. Okay, Ma, the floor is yours. Thanks. Yeah, my computer, we're working. It's over here, you guys talking about me. I was talking back, but clearly nothing was going through. So it's a great panel. I'm so excited about actually getting to meet you guys. Most of you are well known to me by name at least. And it's really fantastic actually getting to see you as well. It would have been so much better, of course, if we were in person. I'm not sure how much of an introduction you actually require. Of course, it would be nice if I could at least give you a name, but I think Astor's sort of done that for us. And looking at the time and the fact that we're already 10 minutes into our session, I'm not sure if we're going to be stopped short at exactly 10 to the hour. I'm keen to move on in the conversation. I think the only thing I really wanted was some basic ground rules. I'm going to raise some of the questions just for the broader audience that you understand. These are questions that most of our panelists actually broach themselves. And then I've added a few. Let's see how many we can get through, but they're very interesting questions. So I think it's important that as many people on the panel that want to speak through and give a different answer to the same question, that's what I'd be looking for. It would just be more a matter of trying to get the tones right, but I'm sure we can navigate this in a nice way. Okay, so I'm going to start off with and then I'm just taking a stab right in the middle of a question. I'm not looking at any order, but what is the role of open source foundations that they play in enabling, protecting and sustaining open innovation? I think this is the key question, considering we've got two different foundation representatives here and we're all investors. Sorry, three, I think it's three. No, I'm really keen to see. Four actually, I view Calista too as well. It's four of us. So I'm not going to say who speaks first. I just like any one of you to sort of kick it off. If I find people are over speaking already, then I might step in and navigate a little bit. I mean, I think Mike raised this question right now. Do you want to take a first stab at it? Well, yeah, I will take a first stab at it, if you don't mind. And I just want to relate it back to something. For those who have been on this event from the beginning, the chat has been pretty darn interesting and probably the most animated chat I've ever seen in all the virtual events I've attended this year. So congrats to the organizers and the audience for that. But Simon Phipps raised the point that earlier that we say we focus too much on open and not enough on the collaboration network effect that we are using open to seek with the consequence that bad actors seek to adjust the definition of open in ways that invalidate the desired result. And I would argue that Simon is exactly right and that a huge role that open source foundations play in the broader ecosystem of whatever we want to call open is that it protects that collaboration. Ultimately, the four of us who are here from foundations, what do we do on a daily basis? We foster collaboration in an openly governed way that protects the assets that are created for all of the downstream consumers. And we are institutionally mandated to resist those who try to redefine what openness means in our communities. And so I really believe that open source foundations are an absolutely integral part to protecting the definition of open collaboration, enabling open innovation and making that sustainable for the long-term. And I suppose, the four of us could talk for hours on this topic, but I think at a nutshell, that is what the role that foundations play. And the other earlier point that was made a couple of times actually was that just throwing stuff on GitHub does not open source make. And again, about the protection, and we've seen this recently with the elastic search kerfuffle that happened just a couple of weeks ago, that those things don't happen where your open source project and community is hosted at a foundation. There's a whole level, a different level of protections for both the community on the producing side and the downstream consumers of your open technology that arise as benefits from working with an open source foundation. Yeah, Mike, the thing I look at too is that corporate investment in open source, a lot of people have decried corporate investment in open source, but the reality is we're all sitting here talking at conferences like this because of the investment that comes from corporations into open source. So I don't necessarily think that's a bad thing, but I think that part of the role of foundations as you kind of touched on is really to be the place that neutrality and fairness and standard governance reigns, right? I mean, if people are contributing to, corporations are contributing to open source and to foundations, there's sometimes an expectation of immediate ROI that in a lot of ways could be damaging long-term to the ecosystem. And I think the role of all of us in foundations is to be that neutral place that kind of threads the needle between too much over, too much corporate influence, while also allowing that investment but allowing all voices at the table, especially those who are doing all the technical work. So, providing safe, transparent, pro-competitive governance and IPR practices that really give assurances to, like you said, the downstream, the public sector folks give them assurances that the technology is actually being managed fairly. Yeah, we're actually explicit on, we have content on our website that says explicitly, what we aspire to do is enable collaboration between the largest corporations on the planet and any individual contributor that wants to spend time on our projects. And that entire, trying to enable the collaboration from all of those various parties and making the results freely available to all in a sustainable way, I think is what we do. You know, from software to the hardware world that I live in, it's really that's the genesis from which all open source and open collaboration and open standards have come from. You look at, you know, sort of the beginning, it's when the playing field has become overweighted by one of those corporate interests that an uprising of sorts starts to transpire. And that's when the collaboration starts to happen to take things into the open source to give us all an equal footing on that field through open building blocks, open base building blocks. And you've seen, you know, more recently that start to happen readily in open hardware, such as RISC-5. Yep. If I could just jump in quickly from a perspective of a policymaker, but looking at the role of foundations, I think it's very important for us, you know, when as you heard the commissioner say at the start in his speech that the open source is so important for the development of European economy and innovation. But from our perspective then, when we don't try to pick winners, but we try to pick those developments which are likely to go in the direction of where we see, for example, Europe's needs to develop and found help us to spot or to delineate the differences between the legitimate interests of the members of the community and the project itself. So we don't get in the business of picking winners, but we do like to see what others who are very knowledgeable in this area would pick. And that is why the role of the foundation from a policymaker's point of view is so important because it's a very healthy sign when nobody dominates the licensing in a particular sector, when there's no one dominating, when there's a group of robust and credible competitors, perhaps working with the same licensed code. That is a good indicator to us. So it's a very useful process. It was interesting in the last session that Ms. Proust from Aptos mentioned the work that they're doing, for example, on bare metal with regard to the development of cloud stacks. We are looking forward to some very exciting developments using a foundation for some open source that could become the basis of a combined effort to compete with some of the proprietary cloud operating systems in the future. So it's a very useful tool for us. Could I, I'm sorry, Jim, I'm sure you probably have something to say. I just wanted to jump in. So many questions have already come up which aren't on my list and I'd really like to sort of pursue them just gently and then you can push back on me as well whenever you want. But this is a question to pass, but probably broader, because you say you don't pick winners and I totally understand that. But at the same time, I'm wondering, having done research to look at how companies choose different open source communities and different projects and which ones to invest in, which ones to step away from. They have to make decisions based on certain criteria. So even if you're not picking a winner, but a lot of people are investing in a particular project for a different reason and foundations equally have to nurture and sustain some projects and stay away from others only because resources are fairly limited, right? So we have to work in a way that are within our means. So then how do you make this decision? And then can we really say that we're not picking winners when community members, volunteers, I'm only talking about volunteers, they choose a community to work in where they can build a reputation. We recognize that and we understand it's reasoning. Companies also pick those projects that have a vibrant community and lots of ideas coming in, but also very importantly, where other companies are investing a lot of money because that means you get quality software and so on. So I wonder what the role of foundations here are trying to nurture a community that seems really essential but isn't getting this kind of volunteer collaboration or company interest or not. And then how you, at a policy level, make these decisions. And I'm supposed, I'm looking, you don't have to talk about example projects, if not, but perhaps you could give us an example without naming if it helps you. But I'd like to know a little bit more about how you navigate this ecosystem. Sometimes honestly with great difficulty, that's why being asked by the OFE to participate, we learn a lot and some of my team over here on the call have been listening in all afternoon because it is a very complex environment for us. And I even saw in the chat that some people feel that as a result, as a large institutional user, that the commission tends to go for safe proprietary brands because we can't decide for ourselves. But in the world of innovation, it is clear that when we see a community that we have invested in, in terms of taxpayers' research funding. When we see the direction that they are going in and that also that the underlying business model and licensing approach to the product is one that does not create further customer lock-in that does allow innovation and it does allow some very successful proprietary business cases to develop for the good of the economy. Then that's clearly the direction we want to go in. But yes, there will be failures. But it's the benefits from a public policy point of view of looking at open source. It allows for public scrutiny. But it also more importantly, it allows for peer review, independent peer review, which is a very good marker for us because we can't pretend to have the expertise. And of course, through the long-term work and exposure that we have as a funder of research, a lot of that peer group are known to us, the bona fides of the community and the individuals who drive some of those communities are known to us. And therefore, we know that we can trust the judgment and not rely on an individual marker or on something which would end up being biased in itself. So we're not naive. We haven't always got depicted right. And, you know, there has been, as all research innovation, a certain amount of money that has been put into things that sounds like a good idea and they didn't pay out. But that's actually what the research innovation process is there for. I could pick a few examples, I'd go. My colleagues working on project management could pick a whole lot more. But it is the case that through the foundations, through, okay, I will pick a case because again, in the past session, I'm happy to hear fireware having been referred to so often in the course of the afternoon but including in the last session. Fireware is a great example where you still have a repository of open source code which anybody can access. And now you have series of slayers working on open stack which are becoming more and more branded. And that is common because anybody can come back and unwrap that and develop their own iteration, their own manifestation of it. But here we have a tool which is now a key part of what is our smart cities, our green deal policies with reverting mobility, energy use environment that I could go on and on. And that out of a relatively small amount of money which we invested in public private partnership paying from the future internet fireware. So that is an excellent example of the foundation approach. Thank you. Thanks very much. I was wondering if anybody, especially Jim, I haven't really allowed you to speak yet because I sort of stepped in. So yes, please, if you have something to say to this or we can move on to another question. The question about how to select open source different projects that we work on. Yeah. Yeah, we have a criteria. I mean, first of all, there are so many choices. There are 30 million open repositories on GitHub. So there's a Karnia Copia open source out there. You know, we have a criteria. One is forward-looking and one is a little bit more backward-looking. But with the backward-first, we have engaged with Harvard on research to understand what are the world's most widely deployed open source projects, the ones that we critically depend on as a society? You know, and then we asked, you know, who wrote them and are they secure? So we're looking to really understand a very finite set where, you know, not in the millions, but in the thousands of packages that we all collectively depend upon. And then the foundation is working through our open source security foundation, our core infrastructure initiative to go help provide resources to improve the stability and security of those particular open source projects, many of which are here at the foundation itself. Forward-looking, we've increasingly worked in vertical industries on projects that will move the needle on some particular technology initiative or be impactful to society that have meaningful resources behind them, both from individuals and from organizations that depend on those for either commercialization or use in society. A good example of that is our LF Energy Initiative, which was started in Europe. This was two European utilities, Allander and RTE, that wanted to build software to create a smarter way to distribute energy and get to a zero-emission society. That's something that we would definitely work on and can be a body that enables competitors across the utility industry worldwide to work collectively on that. We also work very hard to provide the resources commensurate with open source role in those important initiatives. We do, we spend millions of dollars on security audits. We have modern security tooling. We've advanced the intellectual property management infrastructure we've set up for these initiatives. We have, as someone noted earlier, the Joint Development Foundation which is a standards development organization that helps create standards and then subsequently submits them through their ISOPASS standard to have process to become international standards. So that's a rough idea of how we decide which projects we participate in. Thank you. Would anybody else like to step in or has anything different or I can move on to something else's question? I think one thing that I would add is it is the collective investment of so many stakeholders that make or break a foundation or an open source initiative success. It is not only the commercial interests but the academic interests, the private and the public sectors working together. And this is something that transcends borders as much as we all want to see local economies proliferate and grow, those are economies without borders as well. As much as you want to see local success, you want to have global opportunity and that comes on two sides. One, opportunity to innovate with anyone in the world, opportunity to build exactly what you want to solve the challenge you're facing. And on the other side, opportunity to take your products and your solutions globally and worldwide. And that is really where open source and open standards transcend those boundaries by ensuring that no one company, country, or other entity controls the technology. It cements that technology and that strategy for a long durable future. You know, I'd just like to bring up one thing. I was noticing in the chat the whole conversation around member driven foundations versus individual driven foundations, the 501C6 versus C3. I actually think there's room and a necessity for both. Obviously you have representatives on this call from 501C6 type organizations that are member driven. But you know, the work that the OSI does, the work that Apache does, the work that all these other foundations do is really important. And I think it's important to have both of those voices at the table, both the corporate interests who are making investment as well as the individuals and volunteers, and especially in Europe where you read that study, there's a ton of individual contributions and contributions from small and medium businesses that maybe aren't represented in some of our foundations but can be represented in some of these other foundations. So it's not an either or, which kind of in the chat, it seems like it may be an either or and I think there's actually room for both. Thank you. Okay, I only go to the next question then. This one does come from you. So how can the convergence of open source and open standards help bridge the gap and move things forward with government and our other high regulated procurement environments which have traditionally focused more on standards and less on open source. Right, and this question kind of came out of my previous experience working as a consultant for US Department of Defense. And what I found in these consulting engagements was that the rank and file technologies like myself appreciate and understand the value of open source. And sometimes apologies to our friends and policy and decision makers side, they maybe aren't as familiar with open source or they're becoming more familiar with events like this, but they tend to favor standards because of their governance rigor, because of the interoperability they provide and because of the pro competitive assurances that they have against the single vendor lock in problem. Now, open source can sometimes can't have good governance. And I know it's something that all of us work with on our foundations to help build better governance. And, but I think we can demystify open source in these procurement pipelines by modeling good governance in all of our foundations and explaining the path to standardization, right? The work that I know we're doing with our open projects effort to bring open source in and then explain the path to standardization and then use that when we're working with policy makers around what they procure. But as a community, I think we really need to educate both of the policy makers and more importantly, I think encourage open source projects to do a better job about thinking about these governance issues. Thank you. Would anybody else like to? Yeah. Yeah, I just want to add that, you know, open source and open standards, I think are absolutely synergistic. And I think it's pretty much considered best practice in all the circles that I travel in now that what you want to have is an open standard with a robust, at least one robust open source implementation. And it's the combination of those two that give you the interoperability, the developer momentum and the industry momentum to have that technology become truly successful. Now what I think policy makers really need to keep in mind is that if the standard setting organizations get in the way of enabling robust open source implementations, you're breaking the system that is working so well for us, right? So I think really one of the things that policy setters need to understand is that by allowing IP centric SDOs to continue to set barriers to open source implementations, they are defeating the policy objectives that they insist they need in other conversations. And I think we really need to focus on closing the loop between the standard setting organizations and the enablements of open source implementations under permissive licenses that really helps set that ramp for rapid technology adoption around the globe and across industries. I mean, Mike, the open standards definition, right? The OSIS put together, I think it's a fabulous example of making sure that we don't do exactly what you're talking about, right? That we allow open standards to thrive and open source implementations of those standards to thrive as well. Yeah, when we did the spec process at the Eclipse Foundation a couple of years ago, we actually printed that out and put it on the wall. The open sources, open specification requirements were absolutely key to the design point for what we are looking for when we drafted our spec process. You want to just step in? No, I agree with both Guy and Mike. At the foundation many years ago, we embarked on what we saw coming, which is the convergence of standards and open source. I would add we've been dated to that. Our view is we want to foster global innovation in a bottoms up sharing of free information and ideas. And open source standards, open data licenses, we created an open data license. These are all tools and a tool belt that we utilize in order to enable that sharing of ideas. So we've set up structures, whether it's a Dutch stick thing, a charity in the United States, a C6, a C3, a CSE, you know, Callista has a Geneva-based nonprofit. We have SDO capabilities. We have data license sharing arrangements. I just, I think that the way to think about this is we all believe in the global sharing of ideas that collectively and globally, we need to work together to do better forms of innovation. We've set up a structure that can help configure whichever ingredients, whichever jurisdictions, whichever local law you need to work within in order to enable that. And we completely believe in that and are committed to it for the long term. Quickly, because I'd like to say to what Guy said, I mean, I can own that. The public policy makers, the public administrations, well, we are trying to point in two directions at once from time to time. It is very difficult. Those who are paying, you know, as the Americans would say, the tax dollars, but as we would say, you know, with public money, have to be very prudent. And in fact, that prudence has perhaps been contradictory to what we already see ourselves as being a very positive and necessary direction for innovation to go. So that's where we need both communities to come together. We have tried in the European Standard Setting Organization to open up that discussion, but in the procurement sense, which I think is also where the question was asked, yes, it is a dilemma. And we have to get this right soon because increasingly in this domain, the security requirements, the security specs are going to be, are going to predominate even in sort of what would appear to be quite soft, civil applications of technology. So that is where if we do allow ourselves to be hemmed in by inflexible standards, then there will not be a place for innovation. And that is not in our interests. So I'm acknowledging that the issue is a really big one for us. If you saw the open source policy that Mario Kampelard was talking about earlier on, the results of the study today also pushes, pushes in that direction, but neither side can be doctrinaire. And we have to reach a situation in which we can have quickly adapted standards, but also an understanding that, you know, given that open source can be every bit as good as proprietary technology, where we have a duty to your communities to ensure that the standards are not actually derived from what is essentially proprietary technology. And unfortunately in some domains, we have seen that that is essentially the case, that standards are basically an unwrapping of proprietary technologies that a small or one company has dominated in. So that's a challenge for us as well. We need you to help us do it. And there is an issue there as Guy has said. You know, can I just add one quick thing, sort of seeing the chat go by a lot of great discussion. By the way, I agree with somebody who said the chat and the hallway track in this conference is epic. You know, there's a lot of discussion there about, hey, open, you know, you're saying open source and open standards should be tightly coupled. I'm actually not saying that. And I would advocate that is not the case, right? I think having an open standard and Simon fifth points out the open should also not only be who can participate, but who can use it. So royalty-free standards, right? A big thing. Both of those are important, right? Having an open source implementation is important, but having a standard that allows other implementations and those implementations may be closed or they may be other open implementations. So please, I guess my plea is understand that I'm not saying you have to couple open source and standards for this to be successful, right? It's not an ease and it's not an either or. I'm gonna stick to my guns. I still think open standards coupled with open source implementations is in fact at best practice. And I see, I think I've seen it time and time again where you, and the interesting thing is is I've seen dynamics where it goes in either direction where an open standard happens first and then an open source implementation comes along that really takes the adoption off like a rocket or where you have an open source implementation that attracts a sufficient interest. And I would say, you know, Kubernetes and the work of the Cloud Native Computing Foundation is an excellent example of this where you have something where the open source implementation is taking off like a rocket. All right, now let's settle down and create a spec for this, which theoretically could enable independent implementations. Why would you want to when there's a liberally licensed implementation that the ecosystem is rallied around? But I see this flowing in either direction and I'll stick to my guns that the combination is killer. Michael, we're not in disagreement, Mike. I've been saying you should be able to allow other implementations. I think the choice is what's important here. Okay, yes. I definitely agree that the enablement of an independent implementation is the very definition of a standard. I think, Mike, I would point out that you've illustrated the point about using multiple tools to achieve a goal in the case of Kubernetes, which is a project here at the Linux Foundation. We sought to create cloud portability. Having Kubernetes as the reference implementation and then having the OCI specification as a way to enforce portability requirements in exchange for licensing and trademark was a very good way to achieve that goal. We use, you know, sometimes we use one. We have efforts where they're standalone specifications that are utilized, but in the case of Kubernetes it's a very effective way to achieve that portability across the cloud providers. Yep, absolutely. I was just talking to you. Of course, again, from the public institution, the policymaker who's caught in this dilemma is what goes with it. And I don't have to tell you because you know that this is the... Oh, did he freeze? I think we lost Pierce. Yeah, I was wondering if it was just about the same video. The perils of virtual conference, unfortunately. No, no. Pierce, I'm not sure if you can hear us very clearly, but okay. No, okay. Well, forget it then. I'm going to switch device. You can... You can type it if you want. Oh, I lost two. No. Yeah, okay. I was just going to go to Jim's question, but maybe I'll come back to Jim's question when he's here. I was going to do that question because it was a continuation of the regulatory framework, but we'll catch up with it at some other point. But I could go to you a question, Kalista, because you're asking what are the nuances of hardware relative to software and open collaboration, relative to standards and open source, and the growing importance of open collaboration in a globally connected community, from innovation partners to supply chain. So a very nice question. Yeah, I spoke to this a little bit earlier. I'm reading to it. How essential it is really for... How essential it really is for us to be able to collaborate globally. And open collaboration needs to go very much next to open specifications, open source, open implementations. It's all hand in hand. And we even see some of the standards organizations getting closer to open collaboration to get to the end point of what they're going to issue at the end of the day. And when it comes to hardware and software, the nuances are even more clear, you might say. It's sort of necessary to have a frozen specification. You don't get to apply patches if you've gone into manufacturing. It's sort of like recalling an airbag. It's very painful. And now with the explosion in microprocessors, in everything from your toothbrush to your headlights, even more important, right? You want to make sure that there are safety protocols, that there are transparency for security, and all of these other elements that go in. And it's the inclusion of the many stakeholder points of view that make that possible. And as we're seeing with risk five, that community is exploding. We have seen tremendous growth across our community in engagement from the many different stakeholders in deriving those specifications and those extensions on the base ISA. And those are really important as we continue to move forward, that you're able to freeze something and continue to build upon it and take a very modular approach. It's something that's been done in software and is very essential in hardware, especially as you get into more custom implementations. At the end of the day, you want to see the commercial success built upon the specifications that you've already derived and that's what leads to overall community success and adoption. And that's where you no longer have vendor lock-in, you no longer have isolated cases where you can innovate, but that field remains broadly open for your next challenge, your next technology challenge. If I could just add a little bit. I mean, the part that we closely was just talking about that resonated the most with me is the global aspects of what we all do. And we've gone through a couple of interesting years on many dimensions. And I think that all of us on this panel are committed to doing everything that we can to make sure that the assets in our projects are shareable around the globe without any impediments. And that global aspect of open source and open hardware is a big part of why this movement has become so successful, that open in our world is open to all comers and all users wherever they may be, whatever they may be working on. And I'll sign in, likes to call it, permissionless innovation. And whether it's happening in open source, open standards or open hardware, that permissionless innovation that our various organizations enable is key to how innovation is happening today around the world. Yeah, the one thing I'd like to add around supply chain because when Kalista brought this up, I think the thing that struck me is the SolarWinds hack, right? We've all heard about the SolarWinds hack and we all, what we recognize is that we need the digital build materials, we need the software build materials, we need the hardware build materials. We are long past the point where we should be able to transparently tell what pieces of hardware and software are in all of our key critical infrastructure that we rely on, right? I mean, I think that to me is kind of some of the next frontier of getting a standard around software build materials, right? Getting a standard around hardware build materials, putting that all together is something that we can rely on, that public sector and even private companies can rely on to understand what's in the technology that they're purchasing. Is there anybody else? I'd like to come in on what Kalista was saying. I think it's very important that at some times there does have to be this sort of freezing of specifications, at least as one iteration of the technology is taken in the direction. Using at its core risk five, the European Union is investing very significant amount of money in the development of a supercomputer as you might call it, but it's the future extra scale of supercomputers where Europe hopes to continue to be competitive. And clearly for the level of investments and the level of industrial commitment required, you have to have things that are very clear. It is great that it is an open source development, but this is where the sort of the specifications for this work have to be chosen. So that was what I got a lot to say before the internet turned out and it was quite simply that there is room for both. But what is most important is that what open source has always brought to the discussion which is the transparency is that it is subject but also going back to the procurement for a small to the application for a massive multi-billion extra scale computing procurement, it can be audited by experts. And the example I wanted to give was a very quick one, like the unusual. But in the matter of weeks when we had a decision to move to tracing apps, working on people's smartphones and working with the two largest platform providers in Europe, we were able to deploy a group of open source experts in the next generation of internet initiative to give a peer review on the open source, on the source code that was being used for those two apps. The iterations on the two most common mobile platforms. And that is why whether it's a security or a health or any other sensitive public policy application, open source can work. The open source community can work and can work in real time. It's a very critical public sector, public service and public policy issues. Which is exactly why I think open source is at the very center of some of the most prominent European policy initiatives on thinking digital sovereignty, citizen privacy, ethical AI, right? By definition for those policies, initiatives to be successful, open source and to a certain degree open data and to a certain degree open hardware have to be part of the solution if you're gonna achieve the goals that you've set out for your societies. Absolutely. Jim, I was hoping perhaps to step in with your question because we were still, we were still and I think we still are talking a little bit about regulation, but let me know if you feel that it's, or if we've done enough justice already. But you asked, we need to discuss thoughts on the regulatory environment as it pertains to open source and open standards across the globe. So I was wondering if you'd like to sort of start that or... Sure, yeah, I mean, great conversation and then this whole morning has been or very early morning for me has been wonderful. I think that one of the challenges that we've been observing is that one, I think Mike alluded to this, we've had a bit of a setback on the global free exchange of ideas through various forms of isolationism, techno nationalism and those are worrisome trends and our organization is trying to do our best to set up structures we over a year ago established an entity in Europe. We have entities in Geneva, Asia, North America, various different structures, whether it's charities, associations or whatnot in order to stick to that mission of the seamless sharing of ideas and innovation. So that's sort of a macro issue. I think some of the things we've seen on the regulatory front are starting to come in around obviously data, but also cybersecurity. You know, we already mentioned the SolarWinds hack vulnerabilities in the global technology supply chain. I think one of the challenges for open source is to create structures that are commensurate with open source critical role in our collective technology world, whether it's projects like our Lex and Crip project which is the world's largest certificate authority that issued over a billion PLS certificates to help people protect their privacy or security initiatives that are coming like SPDX and the implementation of software bill of materials so people know what they're running in their infrastructure. I think we're gonna start seeing right now that there's asked about developer identity not only what are you running, who wrote it? And I think that's going to be a difficult issue. I've spent years trying to answer three simple questions. What is the world's most important shared software package version number, who wrote it, and is it secure? And the answer to those simple questions are incredibly difficult to answer because there is no unified global standard around the exchange of software package data across this global supply chain. Developer identity in some cases is good, nebulous in others. And I think there needs to be an examination of how those systems function and there's certainly always room for improvement. And so those are some of the things that I think are coming. And I think it's proven upon the collective open source community to get ahead of some of these issues. We certainly wanna provide some leadership there. I put a couple links into some initiatives that DLF is working on in the chat window, but these are definitely going to be critical issues that we'll all have to collectively face. So Jim, actually I have a question for you about developer identity. How do you deal with that in the context of privacy? Especially we're talking more in a European market about what if there's a question of, hey, I can verify that I wrote this but I don't necessarily want my identity to be associated with it. How do you balance those two things? It's a great question and I wish Brian Melendor from the Linux Foundation was on this call today because he would say, what's the question? The answer is blockchain. The answer is always blockchain, right? Hope to have some efforts at the foundation around distributed identity systems that I think could be very relevant for this particular question. Work that we've done on our Linux Foundation public health effort in order to enable a privacy respecting contact tracing application that's been implemented in Europe in places like Ireland and other countries. These are things that I think can inform and help us solve these difficult problems. There's no doubt that we need to build privacy respecting systems, but there's an equal concern and this is one where if we can get ahead of it, we won't see sort of hand-handed policy around understanding who is participating in these huge techno supply chains in a way that we can all trust and rely on. But if I could sort of loop this back to the policy topic, this privacy aspect that comes from GDPR and the perfectly valid interest in maintaining accurate developer records is a fine example of where policies which are intended to have a certain outcome, who wouldn't want to respect citizen privacy, also can have a collateral damage effect on the ability for individual contributors to participate in open source organizations and communities. And so I think one of the things I think the lessons for policymakers in Europe could come from this is make sure that you include open source communities as part of the stakeholders that you consult with when you're constructing these sorts of policies because I know that there was a Roberto de Cosmo from Software Heritage did a Hail Mary pass that saved certain aspects of the recent copyright directive from basically not, I probably wouldn't have killed open source but certainly made our lives collectively far more difficult than it would have otherwise. And we shouldn't need those Hail Mary passes if we were actually engaged as a respectable and repeatable stakeholder at the beginning of the policy making process rather than a, oh my God, we got to save this at the end of the policy making process. That's right, Mike. And that's why we need to start addressing these and coming up with a collective solutions now. And so I couldn't agree more with what he said. I think I have to come back on this. First, I'd love if Roberto was on the call because I'm not sure that he would recognize what you said is a Hail Mary pass, but I do know exactly what you're talking about having discussed with him at the time. Well, it took him two years, but it was a Hail Mary. So on the GDPR issue, we are facing a number of cases with what we would call either inflexible or overzealous implications or applications of the GDPR. I would take as a corollary something from a different area, but one which many of you are probably familiar in the DNS world, in the ICANN world where we have DNS registry, the application of the GDPR to what was called a who is database so that you can find out who actually is running a website, particularly if there's a legal content or even worse, terrorist or child pedo pornography or something that needs to be attacked immediately. The GDPR was being used as an excuse to no longer provide that data. And of course, it goes back to the GDPR, it does have the flexibility. You can identify a legitimate purpose in which personal data has to be processed. So if in certain sensitive cases you had individual developers who may have legitimate reasons not to be one to be identified to the outer world, they have to be identified to the developer community they're working with. But if not, this is where we can have others intermediaries who act on their behalf but who would have to take responsibility just as was said previously, that you need to know not only what am I running in my machine but who develop this. There are legitimate reasons to know that. So we have to look at this in a more balanced way not be overzealous in the GDPR but also not give in to the mantra that in no circumstances should a person's personal data be revealed. That is not what the GDPR says. That's right, Pearson. And we'd be happy and are working on a lot of efforts to understand how we can be both privacy respecting and create ways to be responsible and responsible and commensurate with the critical nature of the collective dependence we have on these great works of code. And so it's something that I think will take some time but it's something that we very much think about here. All right, Jim, can I have one thing? I mean, you brought up blockchain, right? So there are efforts underway baseline project, for example, at Oasis to do verifications of data into transactions on the blockchain where you don't store the data on the public main net, for example, right? Where you've got these ways of actually verifying these things without having data out there on the public main net. And that's something that came up in chat. So I just wanted to point out that there are ways of getting around that and everybody gives blockchain a bad name but I think we're working towards I think the industry is working towards ways of utilizing blockchain in a way that doesn't make it a privacy issue. Yeah, I'm not familiar with that project but I'll check it out. I'm feeling that Aster's kicked in for a reason. So I am going to let it go, but thank you so much. I had a whole bunch more questions of my own but also new ones that arose from the discussion which we haven't gotten around to. So I hope we have a chance in the future. That was really very enjoyable, not just informative, but very interesting. Thank you very much. Thanks for having us. Thanks for having us. Well, thank you, Maha. Thank you, Mike, Piers, Callista, Jim and Guy. Thank you very much for attending and speaking. And in fact, thank you to the session leaders who helped us make today happen. While we obviously covered a lot of topics here today and not just in the panels but perhaps actually especially in the chat, we at OVC this as a starting point of taking the discussions and debates to the next level. Now having discussed how far open sources come and how integral it is to society and how open collaboration started as an idea and has turned into a world-beating model for innovation. With these realizations from our view, there's a responsibility that comes with them and it is to engage with a bigger picture. So from our feed side, as mentioned by Sachiko, now many hours ago, we will during 2021 here at OVC launch a new research program focused on just this. And as always, it's not something we can do alone. So please do reach out with us and engage with us. And one opportunity to do so, obviously in the coming days you will get access to all of the recordings. If you happen to miss a session that you're interested in during the day, but we will also send you invites to our summit series of virtual events that will be a bit more of deep dives. One of these, they will run throughout the spring and the early summer. And we will also have a specific one on the study when it's published. I saw there were many questions about this in the chat where we can really get into the nitty gritty. And yeah, first of all, actually, starting already Thursday next week and my colleague Sivan posted it in the chat. Please register for the OVC launch series or at launch events on open sources standardization. It will be run every Thursday for the coming few weeks. And as for this summit, we look forward to seeing you on the Friday before FOSSTEM in 2022 and then hopefully in person in Brussels. It would be great to meet in person. And thanks for now. Have a lovely weekend. And I am really looking forward to continuing these discussions about open source and the big challenges going forward. So bye now. Thank you very much.