Keynote: Rebuilding Trust: A FAIR Path Forward for WordPress and Open Source | Karim Marucchi & Joost de Valk

First of all, thank you for having us. Uh we're delighted to be here and delighted to be able to present to you all what we what we've been working on for quite a while now. Jim already mentioned WordPress is huge and WordPress has been growing for pretty much 20 out of the last 22 years. The last few years it has stabilized a bit but that is in part because it's reached a market share that is almost unfathomable for this kind of tool. We 40% of the web is powered by WordPress and competitors are like 10 times smaller or much smaller than that. So this ecosystem is tremendously important for the web and for everything that builds upon it. All those AIs are trained on content that was once published on a WordPress blog somewhere. There's a lot of stats here. I'm not going to go over all of them, but you see that this is a huge ecosystem and it's an ecosystem that unfortunately is a bit at risk at times. So what a lot of people don't realize is that the package that you install isn't the entire system. There's a giant ecosystem underneath it that supports from extending what WordPress can do to updating it to making it international. There is so much to be done around how that the there's so much that is around the project that helps that e that WordPress site work well and every single site depends on this infrastructure. So the problem is this infrastructure now is also 22 years old. This infrastructure has been working well. It served us to get where we are today. And it's been worked on in a way that's kept it stable up until the size that we have it now. And then for some of you, you might have heard of how last fall there was a little bit of drama. What ended up happening is WordPress.org decided to uh cut off a major host. In cutting off that major host, all of those end users ended up not having a way to update their websites. They couldn't get certain plugins. they couldn't get certain updates and infrastructure systems going. So the ecosystem all of a sudden was reminded of the one weakness that we have with this infrastructure and the trust needed to be verified. So then it got worse. All of a sudden WordPress.org or decided to s supplant one plugin, one module for another. What what would happen if it wasn't announced? The enterprise companies that we work with said, "This is a supply chain security issue. There's a problem here. What happens if it's not announced? What happens if there's no check and balance in this system?" So what we needed to do is we needed to understand how can we make sure that we can ensure that there is not one single entity making unilateral decisions on an open- source project that is this important and this global. So there have been other projects, other content management systems that have shrunk, that have died completely, that have gone commercial because they haven't been able to solve some of these problems. And WordPress honestly has an ecosystem, a community that depends on it to go forward and be tr a truly open- source CMS. So the distribution um ended up and the distribution hosts ended up saying all right we're going to solve this by doing mirrors. Let's all just put up our own mirrors. But there was a problem with that. Over time you're going to get architectural drift. Over time you're going to end up having inequities between one host and the other. And all of these companies are going to go in different directions. So there were different groups in the ecosystem at the end of the last year who were quietly trying to figure out how could they help, how could they do this, but really it was in the hand of the hosts to say we are going to try and mitigate for what's going to happen with WordPress.org. Well, it still creates a single point of failure because these were just mayors. So there were lots of other conversations to have around how do we ensure that this is a strong and independent system. So slowly these groups of groups started talking to each other and coming together and we're very proud to say that since December things started coming together and we created something together called fair federated and independent repositories. This is a lot of words that don't have to mean the same thing to everyone, but for us it means that we allow all these mirrors to actually become repositories and to talk to each other. And just like the internet, if someone decides to cut one of those lines, we will route around it. This allows for a lot more as well. Historically, in the admin of WordPress, only plugins that were available on WordPress.org were findable in the admin and WordPress.org only allowed free plugins. With fair, we can actually allow premium plugins and plugins that don't want to be hosted on WordPress.org for whatever reason to be found in the admin of all the sites connected to the fair network. This allows for a lot more commercial ecosystem to evolve around all of this which brings innovation that we really desperately need. The fair package manager is in principle a protocol. It's a protocol for how these repositories talk to each other. It's also an actual implementation, a client and a server of that protocol. and one node, a central node that everyone can use if they want to if you if hosts don't have their own node. It's actively being developed by this group of groups that Kareem talked about which is now over 200 people with a core group of 50 people working on this for free months at a time and it's the only way we think and actually one of the Linux Foundation members uh Oliver Sil the CEO of patch said this is probably the only way in which WordPress is going to be compatible with the European in CRA that Jim already mentioned before because there is so much to do on the WordPress.org side to make WordPress compatible with the CRA and we've actually also taken a lot of steps to make WordPress much more compatible with GDPR and the California Privacy Act. We're currently actively testing with a large group of hosts and we're actually very fortunate to say that a lot of them are giving us very good feedback. We're not done yet, which is to be expected because well, we started only a a fair bit ago, but this group is really stepping up and doing a lot of amazing work. When we announced just two weeks ago in Basil, um the reaction have been has been overwhelming. I think the clear thing that we've heard back is that this is what the WordPress community at large wanted in many ways. While they may not all get all the technology, what they were looking for was a path forward, a path away from the drama that we had been recently having and a path forward into an age where we can actually say, "Hey, we're going to make WordPress ready for the next 20 years." In doing all that building, we needed something more. We knew that we didn't just need code. We needed to actually also fix the thing that was the problem, which is that one person or company should never be able to do this again to our software project. And that's why we came to the Linux Foundation. Honestly, the WordPress ecosystem has historically been very isolated within the open source ecosystem. We have our own word camps and not a whole lot of y'all end up there or vice versa. There's a couple of exceptions which we're very thankful for. some sitting here up front um because they helped us get in touch and helped us make this possible because honestly we've been figuring out a whole lot of stuff within the WordPress ecosystem ourselves that we should have just been learning from the rest of the wider open source world. The Linux Foundation was a logical step for us to go to and say, "Okay, we need help in how we set this up with proper governance and with proper funding." Well, we've done that. We're here today. We're very thankful that we get to say that. We're also very thankful for all those contributors who are putting in a lot of hard work. There's a lot of names that I'm not going to name, but there are a couple of projects like Aspire Press that started before us that we really done a lot of great work together with. And today, we are announcing the establishment of a foundation to secure the future of a truly open-source CMS for the open web. Today, we're asking all of you, companies, individuals, contributors, please come help us because the future of a truly open-source CMS rests in the hands of the open source community. We need to futureproof this system to be able to truly be independent and have checks and balances for the next generation of an open web. This is the only true way that we can work as a community to make sure that the next generations have access to nonprivatized websites. With that, we thank you and we hope to see you there. Thanks, guys.