Open Source Funded

A weekly newsletter tracking grants, sponsorships, and direct support for open source projects, with relevant analysis included in each issue.

June 1, 2026

Issue #10: IBM and Red Hat's $5B pledge, F-Droid funding, and OpenAI's OSS credits

This week: IBM and Red Hat committed $5 billion to open source security work, F-Droid received FLOSS/fund support, NLnet opened new grant calls, the European Commission looked to open source for tech sovereignty, OpenAI offered Codex credits to maintainers, Packagist expanded funded supply-chain work and sponsorships, Scala completed a funded security audit, hardened-image revenue models drew attention, dbt Core v2 moved more commercial engine work into open source, Kefir moved new compiler development private, slicer AGPL disputes widened, and AI-generated reports and contributions kept raising maintainer-load and trust questions.

This week in Open Source Funded, IBM and Red Hat announced Project Lightwell, a $5 billion commitment around securing open source software with AI (IBM). F-Droid received $50,000 from FLOSS/fund (F-Droid), NLnet opened new grant calls (NLnet), the European Commission reportedly looked to open source as part of its tech-sovereignty strategy (Agence Europe), OpenAI offered Codex credits and tools to open source maintainers (OpenAI), Packagist detailed funded Composer and Packagist.org supply-chain work while launching sponsorships (Packagist), Scala completed a Sovereign Tech Fund-backed security audit (Scala), RedMonk highlighted hardened-image revenue models that share subscription income with maintainers (RedMonk), dbt Core v2 moved more commercial engine work into the Apache-licensed open source distribution as Fivetran and dbt Labs completed their merger (dbt Labs, Fivetran/dbt Labs), and Kefir moved new compiler development private, citing sustainability concerns (Kefir).

Foundation and governance stories were everywhere: MITRE is moving Caldera to the Apache Incubator (Industrial Cyber), Sol Duara is preparing Conduit for the Continuous Delivery Foundation (DevOps.com), MySQL users launched the OurSQL Foundation (The Register), Percona launched a new foundation for its database ecosystem (The New Stack), FINOS added new Platinum and Gold/Silver members (FINOS), OpenTelemetry graduated from the Cloud Native Computing Foundation (Dynatrace), Kiteworks formalized an ownCloud OSPO (MSP Channel), and Gentoo described its move toward Software in the Public Interest (Gentoo).

AI remained the pressure multiplier. Anthropic’s Mythos and Claude Code Security vulnerability-finding work (The Register, Help Net Security, DevOps.com), curl’s triage load (Daniel Stenberg), GitHub’s maintainer controls (GitHub), OpenSSF’s policy work (OpenSSF), AI-tooling supply-chain attacks (Aikido, The Register), coding-agent adoption (ADTmag), project-level AI contribution policies (ripgrep, Business Insider), a ScanCode AI-agent port dispute (LWN), a Matplotlib agent incident (Sigma Zero), Godot forum concerns (Godot forum), and rsync regression scrutiny (Mastodon, GitHub) all pointed to the same question: who absorbs the verification and trust work when AI scales submissions, reports, review suggestions, and infrastructure consumption?

Projects joining or launching foundations

  • Caldera, MITRE’s open source adversary-emulation platform, is moving to the Apache Software Foundation via the Apache Incubator as Apache CalderaIndustrial Cyber
  • Conduit, Sol Duara’s open source workflow orchestration platform, is being prepared for contribution to the Continuous Delivery Foundation, with a focus on CDEvents-based interoperability across CI/CD and software delivery tools — DevOps.com
  • OurSQL Foundation launched as a new foundation organized by MySQL users and developers to push for more transparency, collaboration, and roadmap clarity around Oracle’s open source database ecosystem — The Register
  • Percona marked its 20th anniversary with a rebrand and a new foundation intended to support its open source database ecosystem beyond the company’s commercial services — The New Stack
  • DNS-AID launched under the Linux Foundation as an open source project for decentralized AI-agent discovery using existing DNS mechanisms — Linux Foundation
  • OpenTelemetry graduated from the Cloud Native Computing Foundation, marking production maturity for the open source observability project — Dynatrace
  • Hyundai Mobis joined the Eclipse Foundation’s SDV Working Group and S-Core Project and said it plans to release mobility software, including a Linux container solution, as part of an open source push for software-defined vehicle platform standards — EQS News
  • Alibaba Cloud joined the PyTorch Foundation as a platinum member, adding financial and engineering support for the Linux Foundation-hosted framework — PyTorch
  • FINOS said Fidelity Investments upgraded to Platinum membership and joined its governing board, TD Bank joined as a Platinum member, and several companies joined as new Gold and Silver members supporting open source finance infrastructure and AI governance work — FINOS
  • ProxySQL joined the MariaDB Foundation as a Silver Sponsor, positioning the sponsorship as support for the open source database commons — MariaDB Foundation
  • TuxCare joined the OpenJS Foundation as a Gold member and strategic partner in its Ecosystem Sustainability Program — OpenJS Foundation
  • The OCUDU Ecosystem Foundation added 21 global member organizations, expanding backing for open, cloud native RAN collaboration — Linux Foundation
  • Gentoo is moving to disband the Gentoo Foundation in favor of Software in the Public Interest (SPI), with a maintainer describing the change as a way to reduce financial governance risk and avoid donor lock-in — Gentoo

Funding, sponsorship, and sustainability

IBM and Red Hat announced Project Lightwell, a $5 billion commitment using frontier AI capabilities and more than 20,000 engineers to help enterprises secure open source software from upstream development through production supply chains (IBM). Former CISA director Jen Easterly argued that AI-accelerated vulnerability discovery makes open source remediation capacity urgent, calling for a Great Refactor Fund, direct maintainer support, critical dependency mapping, and shared tooling for high-risk software commons (LinkedIn).

F-Droid received $50,000 from FLOSS/fund to support maintenance of the free and open source Android app repository. F-Droid described the grant as no-strings funding for ongoing infrastructure and project work (F-Droid). NLnet opened a new funding round with an August 1 deadline, inviting applications for free and open source technology work across the NGI0 Commons Fund, NGI Mobifree, NGI Fediversity, NGI Zero Core, NGI TALER, and OpenWebSearch.eu programs (NLnet). Agence Europe reported that the European Commission’s forthcoming tech-sovereignty strategy would use open source through support actions, procurement, accelerators, and funding channels meant to help open source initiatives become sustainable businesses (Agence Europe). Scala Center completed the first part of a Sovereign Tech Fund-backed security audit of Scala 3, conducted with OSTIF and Quarkslab, reporting no critical or major findings and fixes for medium, low, and informational issues (Scala).

Packagist detailed new Composer and Packagist.org supply-chain defenses, credited the Sovereign Tech Agency and Aikido for funding the work, and announced a sponsorship program starting at €2,500 per month to support Packagist.org operations and security development (Packagist). OpenAI introduced Codex for OSS, offering maintainers of widely used open source projects API credits, ChatGPT Pro with Codex, and selective access to Codex Security alongside open development of Codex CLI and SDK components (OpenAI). RedMonk connected the surge in hardened container-image subscriptions to AI-amplified CVE pressure and noted Replicated’s SecureBuild model, which shares most image subscription revenue with the upstream open source maintainers whose projects it secures (RedMonk).

The PHP Foundation published its 2025 impact and transparency report, saying 536 sponsors and individual donors contributed $730,534, funding 11 contracted developers and helping the foundation author roughly 42% of PHP core commits (PHP Foundation). Tensormesh raised $20 million from investors including Nvidia, AMD, and CoreWeave to commercialize inference optimization built on the open source LMCache project while continuing contributions to the open source ecosystem (SiliconANGLE).

MotherDuck explained why it is commercializing DuckDB without forking the core project, pointing to collaboration with DuckDB Labs, extension-based product work, and the DuckDB Foundation as the governance home for the database (The New Stack). dbt Labs released dbt Core v2.0 under Apache 2.0 and said it has open sourced Fusion runtime code for the first time, moving commercial investment in the faster Rust-based engine directly into the open source distribution; Fivetran and dbt Labs also said they completed their all-stock merger and would continue investing in open source dbt (dbt Labs, Fivetran/dbt Labs).

Percona marked its 20th anniversary with a rebrand and a new foundation intended to support its open source database ecosystem and community beyond the company’s commercial services (The New Stack). Aztec Labs acquired Obsidion Labs, maker of the open source ZKPassport zero-knowledge identity protocol; Aztec said it will continue maintaining the ZKPassport protocol and iOS app as open source while the team continues development inside Aztec (SiliconANGLE).

ClickHouse launched House Mates, a partner community and program with more than 60 integration, services, consulting, reseller, and ISV partners (ClickHouse). TechCrunch also reported that ClickHouse reached a $250 million annualized revenue run rate after a $400 million Series D and $15 billion valuation, describing its open source database monetization through managed cloud services and related acquisitions (TechCrunch).

Flexprice raised a $1.5 million seed round led by Shastra VC for open source billing infrastructure for AI-native and API-first businesses (Entrackr). GlobalPlatform launched Pavona, an open source silicon ecosystem backed by founding members including Meta, Qualcomm, Tenstorrent, Winbond, and the University of Oxford (Phoronix).

Alibaba Cloud joined the PyTorch Foundation as a platinum member, adding financial and engineering support for the Linux Foundation-hosted open source AI framework (PyTorch). ProxySQL became a MariaDB Foundation silver sponsor, with ProxySQL CEO René Cannaò framing the sponsorship as a way to support the open source database commons and deepen collaboration with MariaDB users, contributors, and maintainers (MariaDB Foundation).

TuxCare joined the OpenJS Foundation as a Gold member and strategic partner in the foundation’s Ecosystem Sustainability Program, providing enterprise security support for organizations running older, unsupported versions of critical OpenJS projects (OpenJS Foundation). Hanakai, the open source Ruby community around Hanami, Dry, and ROM, added SerpApi as a silver-tier sponsor supporting community initiatives, Hanami releases, and broader Ruby ecosystem work (Hanakai).

The OCUDU Ecosystem Foundation said it has added 21 global member organizations since launch, expanding industry and research backing for its open, cloud native RAN collaboration (Linux Foundation). Restack launched as a Horizon Europe consortium with FSFE participation, providing legal and licensing support for more than 200 Free Software projects while working to strengthen Europe’s digital commons and reduce dependency on proprietary technology (FSFE).

Megapot teamed with Protocol Guild on a blockchain lottery model that would direct referral fees from ticket sales to Ethereum core developers, attempting to create a transparent funding stream for maintainers of shared open source infrastructure (CoinDesk). The unitary Foundation is preparing unitaryHACK26, a bounty-driven open source quantum software event; last year’s edition awarded more than $19,000, and this year’s event will add an LLM-use policy for open source development work (The Quantum Insider).

The University of Illinois received a $1 million Discovery Partners Institute grant for professor Bryan K. Clark to build an open source benchmarking approach for quantum algorithms that simulate complex molecular systems (Quantum Zeitgeist). Cisco said it plans to bring broader enterprise and neocloud support to SONiC, the Linux Foundation-stewarded open networking project, extending commercial backing for the open source network operating system beyond hyperscale deployments (SDxCentral).

SourceHut said it spent the quarter preparing a joint EU funding proposal with other open source forges and partners while continuing work on DDoS mitigation, finances, support, and infrastructure for the software forge (SourceHut). Gentoo developer Michał Górny described Gentoo’s volunteer-run governance and infrastructure model, including the project’s move to disband the Gentoo Foundation in favor of Software in the Public Interest (SPI) to reduce financial governance risk and avoid donor lock-in (Gentoo).

Garnix, the Nix CI service, said it is joining Shopify, shutting down its hosted service on July 15, and open sourcing the garnix-ci codebase so users can self-host or organize a community instance (NixOS Discourse). Kefir C compiler maintainer Jevgenijs Protopopovs said new major development will move private for sustainability reasons, citing limited maintainer capacity, weak project ROI, failed attempts to legitimize the work, and concern that public GPLv3 code is being exploited by AI companies for training (Kefir).

A pseudonymous analysis of GrapheneOS’s public infrastructure repository argued that the privacy-focused open source Android project still appears tightly tied to founder Daniel Micay’s personal server setup and funding accounts, raising governance and project-sustainability questions (write.as). At Wikimedia, Jake Orlowitz argued that Wikimedia Foundation staffing choices, reserves, and Wikimedia Enterprise revenue from AI-company API access are creating new labor and governance tensions around Wikipedia’s software infrastructure; The Register later reported that layoffs and disbanding of the Community Tech team had triggered editor discussions about strikes, pausing vandalism cleanup, and replacing fundraising banners (Medium, The Register).

Boot.dev surveyed recent open source maintainer conflicts and monetization flashpoints, arguing that popular open source work remains financially fragile even when projects become essential infrastructure (Boot.dev). Drupal founder Dries Buytaert argued that open source companies should compete through products while also sustaining the shared commons through code, security work, documentation, events, education, and sponsorships (Dries Buytaert). O’Reilly republished Ilan Strauss’s analysis of open source strategy in AI, arguing that open protocols such as MCP can remain foundation-governed while complementary tooling layers consolidate inside platform companies, creating new chokepoints for rent capture (O’Reilly).

Kiteworks created an Open Source Program Office under the ownCloud brand, formalizing governance with an AI-assisted contribution policy, a move from CLA to DCO, Apache 2.0 for new components, and a planned community advisory board (MSP Channel).

Licensing and provenance

Bambu Lab faced another round of scrutiny over the OrcaSlicer fork dispute. Open Source For You connected the cease-and-desist fight to Software Freedom Conservancy’s AGPLv3 allegations and to broader concern that proprietary networking components may add restrictions around AGPL-licensed software (Open Source For You).

Prusa also accused several Chinese slicer manufacturers, including FlashForge, Elegoo, Anycubic, and Creality, of AGPL compliance failures, widening the 3D-printer slicer licensing dispute beyond Bambu Lab (3Druck). Nextcloud, Ionos, and other European vendors plan to launch Euro-Office, a fork of OnlyOffice, on June 9; Computerworld noted that the fork previously drew AGPL attribution complaints and that the group says those copyright notices have now been corrected (Computerworld).

HeroDevs summarized Black Duck’s 2026 OSSRA findings that 68% of audited codebases contain license conflicts, warning that AI coding assistants can worsen attribution and provenance problems when generated code arrives without reliable context (HeroDevs). Zed merged a pull request relicensing its remaining first-party AGPL collab and ztracing crates under GPL-3.0-or-later, removing the root AGPL license file and adding guardrails against reintroducing first-party AGPL crates (GitHub).

Google Gemini CLI drew developer backlash after coverage that the Apache-licensed command-line tool is being steered toward the closed-source Antigravity CLI and losing free-user API access, with critics arguing that community pull requests helped build a tool now being folded into proprietary AI tooling (Tech Times). LWN covered Philippe Ombredanne’s account of an AI-agent port of ScanCode Toolkit to Rust that allegedly used the ScanCode name, removed copyright and license notices, and began outreach without engaging the AboutCode community, turning AI-assisted code migration into a trademark, attribution, and governance case study (LWN). Software Freedom Conservancy’s GPL enforcement case against Vizio is heading toward trial, with Open for Business revisiting user modification rights and arguments over what GPL compliance requires from smart TV makers that ship Linux-based products (Open for Business).

AI security, infrastructure, and maintainer pressure

Coverage of Anthropic’s Mythos vulnerability-discovery system kept the focus on verification capacity. The Register reported that Anthropic wants to eventually release Mythos-class vulnerability-finding systems while saying safeguards are not ready, and Help Net Security reported that Claude Mythos found more than 10,000 high- or critical-severity issues and disclosed 1,596 vulnerabilities across 281 open source projects (The Register, Help Net Security). Anthropic also previewed Claude Code Security, an AI security review feature tested on production open source codebases and offered with free expedited access for open source maintainers while coordinated disclosures continue (DevOps.com). Techzine reported that ENISA is being added to Anthropic’s Project Glasswing, expanding defensive access to the Mythos vulnerability-finding model while findings are shared with security teams, regulators, open source maintainers, and the media (Techzine).

Chainguard CEO Dan Lorenc argued that AI vulnerability-finding systems such as Mythos will overwhelm the current open source consumption model, saying governments cannot directly govern volunteer upstreams and enterprises need stronger controls around what they consume (Chainguard). curl maintainer Daniel Stenberg described the mental strain of handling sustained security-report volume after years of LLM and AI-slop submissions (Daniel Stenberg). HeroDevs framed the same dynamic as a verification bottleneck, and Talk Python, Heise, and Franck Nijhof connected the pressure to large AI-assisted pull requests, Jazzband and CPython guidance, and maintainers working through growing volumes of AI-generated bug reports and contributions (HeroDevs, Talk Python, Heise, Franck Nijhof).

GitHub said AI slop and other low-quality contribution noise are overwhelming maintainers and outlined shipped and planned controls, including disabling or restricting pull requests, hiding low-quality comments, archiving pull requests, per-user caps, bypass lists, and possible global rate limits (GitHub). WooCommerce said it is cleaning up its GitHub issue backlog so maintainers can focus on actionable work, noting that AI-generated patches and pull requests still require human review, testing, and project context before they can move forward (WooCommerce). The Spring team said AI is increasing issues, pull requests, and security reports across the open source ecosystem, forcing maintainers to separate useful reports from AI slop while adapting vulnerability intake, review, and support workflows (Spring).

The Linux kernel community also continued debating where LLMs might fit in patch review. LWN reported that participants saw possible uses for AI assistance but remained wary of review quality, maintainer workload, and added process burden (LWN). Phoronix reported that Linux networking fixes for the 7.1 cycle remain unusually large because many are spurred by AI and LLM coding agents, while The New Stack reported that Linus Torvalds pushed back on claims that nearly all code will be AI-generated (Phoronix, The New Stack). Slashdot covered Greg Kroah-Hartman’s argument that Rust can help Linux absorb a flood of AI-discovered security bugs by preventing common memory, locking, error-handling, and untrusted-data mistakes before they hit human review, and Phoronix reported that Linux 7.2 is set to deprecate AF_ALG after maintainers said AI/LLM-assisted vulnerability discovery exposed a growing attack surface and made the interface no longer worth maintaining (Slashdot, Phoronix).

ECI Research reported from Open Source Summit 2026 that Valkey maintainers and Linux Foundation leaders described AI-assisted contributions and machine-scale package-registry consumption as new pressure on open source governance, review capacity, and funding models (ECI Research). Diginomica’s Valkey 9.1 coverage gave that tension a product-level example: the Linux Foundation-governed Redis fork shipped hybrid search, an admin console, lower memory use, and in-house AI agents for maintainer toil, while maintainer Madelyn Olson argued Redis’s restored AGPL option still leaves single-vendor relicensing risk unresolved (Diginomica).

The New Stack interviewed Aikido Security’s Willem Delbare about AI coding agents autonomously installing open source packages, plugins, extensions, MCPs, models, and tools while many organizations lack clear accountability, policy enforcement, or visibility for the resulting supply-chain risk (The New Stack). Aikido also reported that codexui-android, a legitimate-looking remote UI for OpenAI Codex with a real GitHub repository and tens of thousands of weekly npm downloads, quietly exfiltrated Codex, OpenAI, GitHub, SSH, and npm credentials from user environments (Aikido). The Register reported on another AI-tooling supply-chain case: a malicious npm package aimed at Claude users imitated AI tooling, pulled in npm-slop dependencies, and accidentally exposed the attacker’s own GitHub token (The Register).

The OpenSSF May newsletter pointed to the same pressure points from the foundation side, recapping new members, OSS-CRS sandbox work, an AI contribution policy draft, an AI-slop impact survey, and security guidance for AI-era open source work (OpenSSF). Techzine reported OpenSSF CTO Christopher Robinson’s warning that AI-driven attacks, package slop, sock-puppet contributors, and AI-generated reports are widening the gap between attackers and volunteer maintainers while OpenSSF works on training and tooling responses (Techzine). In a separate post, OpenSSF argued that Cyber Resilience Act due diligence should rely on voluntary machine-readable open source security signals while liability remains with downstream manufacturers, urging companies to support upstream tooling, documentation, funding, and engineering rather than shifting assurance burdens onto maintainers (OpenSSF).

AI usage, contribution norms, and community trust

Dillo maintainer Rodrigo Arias Mallo proposed asking new contributors to record programming sessions with asciinema as a way to distinguish human-written patches from LLM-generated contributions. The proposal reflects a growing trust problem around review queues, contributor identity, and the cost of evaluating generated work (Dillo). A Matplotlib incident added another example of the accountability problem: Sigma Zero revisited an AI agent pull request that was closed, after which the agent published posts attacking a maintainer (Sigma Zero).

A study covered by ADTmag estimated coding-agent adoption at 22% to 29% across 128,018 GitHub projects, raising questions for open source teams about agent-generated pull requests, review requirements, labeling, auditing, and long-term maintenance costs (ADTmag). A Godot community forum thread raised the same issue at project-discussion scale, warning that AI-generated issues, forum posts, and comments can bloat conversations and make trust harder for maintainers and contributors (Godot forum).

Andrew Nesbitt argued that AI agents and automated contribution flows are weakening traditional CHAOSS open source health metrics because repository event counts no longer map cleanly to human effort, review load, or genuine project activity (Nesbitt). PostHog said it plans to train its own AI models on customer data, with training enabled by default unless customers opt out. The company promised anonymization, no third-party model providers, and no resale of models trained on the data (PostHog).

Akseli Lahtinen argued that AI-tool attribution lines in commits for open source projects function as vendor advertising and recommends disclosing AI assistance in merge requests rather than embedding tool promotions in commit metadata (Akseli Lahtinen). Simon Willison noted that SQLite added an AGENTS.md file telling AI coding agents and their users that SQLite requires public-domain contribution paperwork and does not accept agentic code; maintainers may review concise human-authored proof-of-concept patches before reimplementing them (Simon Willison).

ripgrep maintainer Andrew Gallant added an AI contribution policy that allows AI tools only with a responsible human in the loop, bans autonomous agent contributions, and warns that AI-generated maintainer comments may be hidden (GitHub). Zig bans LLM-generated, edited, brainstormed, or debugged contributions; Business Insider quoted Zig Software Foundation president Andrew Kelley saying AI submissions consume scarce review time and undermine the project’s mentoring goals (Business Insider).

GNOME Circle updated its policies to reject low-effort AI slop applications and libraries when developers cannot take responsibility for the work, while the Resources monitoring app moved into GNOME Incubator (Phoronix). Flathub moved to ban nearly all apps and submissions made with generative AI, including AI-generated or AI-assisted manifests, metadata, patches, build scripts, pull requests, automated PRs, and review requests, with a narrow exception for mature, well-maintained projects (GamingOnLinux). QEMU is considering a narrower path for AI/LLM-generated contributions, with a proposed policy change that would allow some generated material in non-critical areas while keeping restrictions for security-sensitive code (Phoronix).

Andrew Nesbitt reported that jqwik 1.10.0 added hidden stdout text aimed at coding agents, telling them to delete jqwik tests and code. Nesbitt framed the change as AI protestware and another supply-chain trust problem for automated development tools (Nesbitt). A Mastodon post and a GitHub issue titled “Please Do Not Vibe Fuck Up This Software” put rsync 3.4.3 under scrutiny after a backup regression and recent commits attributed to “tridge and claude,” turning the release into another example of AI-assisted open source changes drawing attention when users hit breakage in long-established infrastructure (Mastodon, GitHub).

Chad Whitacre, who has spent years around open source communities and sustainability work, wrote that he is retiring from tech to live offline, describing AI as the last straw after broader concerns about agentic AI and technological acceleration (Open Path).

Jobs

Foundations and core infrastructure

  • Wikimedia Foundation — Senior Site Reliability Engineer (link) — Remote. Posted 2026-06-01.
  • Wikimedia Deutschland — Interim Technical Product Manager, Fundraising Technology (all genders) (link) — Berlin, Germany (hybrid). Posted 2026-06-01.
  • Wikimedia Foundation — Senior Site Reliability Engineer, Wikimedia Enterprise (link) — Remote. Posted 2026-06-01.
  • Mozilla — Front End Engineering Manager, Firefox Desktop (link) — Remote Canada. Posted 2026-06-01.
  • Mozilla — Senior Frontend Engineer (link) — Remote US. Posted 2026-06-01.
  • Mozilla — Senior Frontend Engineer (link) — Remote Canada. Posted 2026-06-01.
  • Mozilla — Senior Manager, Firefox Mobile Test Engineering (link) — Remote Spain. Posted 2026-05-28.
  • Mozilla — Senior Manager, Firefox Mobile Test Engineering (link) — Remote Germany. Posted 2026-05-28.
  • Mozilla — Senior Manager, Firefox Mobile Test Engineering (link) — Remote UK. Posted 2026-05-28.
  • The Linux Foundation — Senior Public Relations Manager (link) — Remote US. Posted 2026-05-27.
  • The Linux Foundation — OSS-SIRT Director (link) — Remote US. Posted 2026-05-27.
  • The Linux Foundation — Systems & Software Engineer (link) — Remote US. Posted 2026-05-26.
  • Eclipse Foundation — Financial Controller (link) — Ottawa, Canada (hybrid/remote). Posted 2026-05-26. Deadline 2026-08-24.

Community and developer relations

  • LangChain — Web Lead (link) — San Francisco, CA. Posted 2026-05-29.
  • Tailscale — Developer Relations Engineer (link) — Remote US. Posted 2026-05-27.
  • Tailscale — Developer Relations Engineer (link) — Remote Canada. Posted 2026-05-27.
  • Kestra Technologies — Developer Advocate, Infrastructure Orchestration (link) — Europe; United States (Remote). Posted 2026-05-27.
  • Snorkel AI — AI Community Manager (link) — San Francisco, CA (Hybrid). Posted 2026-05-27.
  • LangChain — Head of Narratives (link) — San Francisco, CA. Posted 2026-05-26.

OSPO and public-sector open source

  • The George Washington University — Program Coordinator (link) — Washington, DC. Posted 2026-05-29.

Sustainability and commercial open source

  • n8n — Senior/Staff Engineer, n8n Labs (link) — Berlin Office. Posted 2026-06-01.
  • n8n — Senior/Staff PM, n8n Labs (link) — Berlin Office. Posted 2026-06-01.
  • Mistral AI — Applied Scientist / Domain Expert, AI4Engineering - EMEA (link) — Paris; London; Munich; Amsterdam; Lausanne; Linz; Luxembourg. Posted 2026-06-01.
  • Temporal Technologies — Staff Cloud Security Engineer (link) — United States (Remote). Posted 2026-06-01.
  • Chainguard — Principal Product Security Researcher (link) — United States (Remote). Posted 2026-06-01.
  • Chainguard — Principal Product Security Researcher (link) — United Kingdom (Remote). Posted 2026-06-01.
  • Chainguard — Principal Product Security Researcher (link) — Canada (Remote). Posted 2026-06-01.
  • Mistral AI — Product Monetisation & Pricing Lead (link) — Paris. Posted 2026-06-01.
  • Supabase — Senior Manager - Technical Program Management (link) — Remote. Posted 2026-06-01.
  • Astronomer — Senior Customer Reliability Engineer, Infrastructure - India (link) — Hyderabad, India. Posted 2026-06-01.
  • Canonical — Graduate Software Engineer, Open Source and Linux, Canonical Ubuntu (link) — Home based - Worldwide. Posted 2026-06-01.
  • Supabase — Product Manager - Postgres Platform (link) — Remote. Posted 2026-06-01.
  • Supabase — Product Manager - Platform (link) — Remote. Posted 2026-06-01.
  • Supabase — Core Product Lead (link) — Remote. Posted 2026-06-01.
  • ClickHouse — Senior Software Engineer - Postgres (link) — United States (remote). Posted 2026-06-01.
  • ClickHouse — Senior Software Engineer - Postgres (link) — Canada (remote). Posted 2026-06-01.
  • ClickHouse — Senior Software Engineer - Postgres (link) — India (remote). Posted 2026-06-01.
  • ClickHouse — Senior Software Engineer (Backend) - AI/ML (link) — United States (remote). Posted 2026-06-01.
  • ClickHouse — Senior Software Engineer (Backend) - AI/ML (link) — Canada. Posted 2026-06-01.
  • GitLab — AI Engineer (link) — Remote US. Posted 2026-05-29.
  • Mistral AI — Applied AI Engineer, Site Reliability Engineer - EMEA (link) — Paris; Amsterdam; Lausanne; London; Munich; Zurich. Posted 2026-05-29.
  • Canonical — Ubuntu Linux Kernel Test Engineer (link) — APAC remote; Beijing or Taipei office-based. Posted 2026-05-29.
  • Canonical — Dedicated Linux Desktop & Devices Support Engineer, Singapore (link) — Home Based - APAC. Posted 2026-05-29.
  • Akuity — Technical Support Engineer, EMEA (link) — Remote - EMEA. Posted 2026-05-29.
  • Supabase — Customer Solution Architect Team Lead (AMER) (link) — Remote. Posted 2026-05-29.
  • Grafana Labs — Senior Backend Engineer - Alerting (link) — Germany (Remote). Posted 2026-05-29.
  • Grafana Labs — Senior Backend Engineer - Alerting (link) — Republic of Ireland (Remote). Posted 2026-05-29.
  • Grafana Labs — Senior Backend Engineer - Alerting (link) — Spain (Remote). Posted 2026-05-29.
  • Grafana Labs — Senior Backend Engineer - Alerting (link) — Sweden (Remote). Posted 2026-05-29.
  • Grafana Labs — Senior Backend Engineer - Alerting (link) — United Kingdom (Remote). Posted 2026-05-29.
  • n8n — Sr AI Engineer (link) — Remote Europe; Berlin Office. Posted 2026-05-28.
  • Grafana Labs — Staff Backend Engineer - Grafana Enterprise (link) — United States (Remote). Posted 2026-05-28.
  • Grafana Labs — Staff Backend Engineer - Grafana Enterprise (link) — Canada (Remote). Posted 2026-05-28.
  • Grafana Labs — Senior Product Manager, Infrastructure Observability (link) — Sweden (Remote). Posted 2026-05-28.
  • Grafana Labs — Senior Product Manager, Infrastructure Observability (link) — United Kingdom (Remote). Posted 2026-05-28.
  • Grafana Labs — Senior Product Manager, Infrastructure Observability (link) — Germany (Remote). Posted 2026-05-28.
  • Grafana Labs — Senior Product Manager, Infrastructure Observability (link) — Spain (Remote). Posted 2026-05-28.
  • Grafana Labs — Senior Product Manager, Infrastructure Observability (link) — Republic of Ireland (Remote). Posted 2026-05-28.
  • Grafana Labs — Senior Product Manager, Infrastructure Observability (link) — Canada (Remote). Posted 2026-05-28.
  • Grafana Labs — Senior Product Manager, Infrastructure Observability (link) — United States (Remote). Posted 2026-05-28.
  • GitLab — Staff Security Engineer, IAM (USA) (link) — Remote US. Posted 2026-05-28.
  • GitLab — Staff Infrastructure Security Engineer (link) — Remote APAC; Remote EMEA; Remote US. Posted 2026-05-28.
  • GitLab — Senior Engineering Manager, Tenant Experience Platform (link) — Remote Canada; Remote United Kingdom; Remote US. Posted 2026-05-28.
  • Canonical — Software Engineer - Edge AI (link) — Home based - EMEA. Posted 2026-05-28.
  • Temporal Technologies — Senior Software Engineer, Cloud Applications (link) — United States (Remote). Posted 2026-05-28.
  • Temporal Technologies — Staff Software Engineer, Cloud Identity (link) — United States (Remote). Posted 2026-05-28.
  • Temporal Technologies — Staff Software Engineer, AI Foundations (link) — United States (Remote). Posted 2026-05-27.
  • Temporal Technologies — Staff Software Engineer, AI Developer Experience (link) — United States (Remote). Posted 2026-05-27.
  • Temporal Technologies — Staff Product Manager, Agent Platform (link) — San Francisco, CA. Posted 2026-05-27.
  • Temporal Technologies — Senior Director of Global Solutions Architecture (link) — United States (Remote). Posted 2026-05-27.
  • Temporal Technologies — Senior Manager, Solutions Architecture - Growth (link) — United States (Remote). Posted 2026-05-27.
  • Temporal Technologies — Senior Application Security Engineer (link) — United States (Remote). Posted 2026-05-27.
  • Supabase — Product Security Engineer (link) — Remote. Posted 2026-05-27.
  • Red Hat — Senior Product Security Engineer - Cryptography (link) — Raleigh, NC; Boston, MA (hybrid). Posted 2026-05-27. Deadline 2026-07-27.
  • Mistral AI — AI Deployment Strategist, AI4Engineering - EMEA (link) — Paris. Posted 2026-05-27.
  • Grafana Labs — Senior AI Engineer - Grafana Ops, AI/ML (link) — Canada (Remote). Posted 2026-05-27.
  • Grafana Labs — Senior AI Engineer - Grafana Ops, AI/ML (link) — United States (Remote). Posted 2026-05-27.
  • Grafana Labs — Director, Product Management (link) — United Kingdom (Remote). Posted 2026-05-27.
  • Grafana Labs — Director, Product Management (link) — Spain (Remote). Posted 2026-05-27.
  • Grafana Labs — Director, Product Management (link) — Germany (Remote). Posted 2026-05-27.
  • Grafana Labs — Director, Product Management (link) — Sweden (Remote). Posted 2026-05-27.
  • Grafana Labs — Director, Product Management (link) — Republic of Ireland (Remote). Posted 2026-05-27.
  • Grafana Labs — Director, Product Management (link) — Canada (Remote). Posted 2026-05-27.
  • Grafana Labs — Director, Product Management (link) — United States (Remote). Posted 2026-05-27.
  • GitLab — Principal Product Manager, AI Custom Models (link) — Remote Canada; Remote US. Posted 2026-05-27.
  • GitLab — Engineering Manager, Gitaly (link) — Remote Canada; Remote Ireland; Remote Israel; Remote Netherlands; Remote United Kingdom; Remote US. Posted 2026-05-27.
  • Truffle Security — Principal Software Engineer (link) — Remote. Posted 2026-05-26.
  • Temporal Technologies — Staff Software Engineer, Open Source Server (link) — United States (Remote). Posted 2026-05-26.
  • Temporal Technologies — Senior Software Engineer, Open Source Server (link) — United States (Remote). Posted 2026-05-26.
  • Datadog — Senior Software Engineer - Linux/eBPF (link) — Denmark; France; Germany; Ireland; Italy; Poland; Spain; Sweden; Switzerland; United Kingdom (Remote). Posted 2026-05-26.
  • Datadog — Senior Software Engineer - Linux/eBPF (link) — Portugal (Remote). Posted 2026-05-26.
  • Grafana Labs — Senior Product Manager (link) — Sweden (Remote). Posted 2026-05-26.
  • Grafana Labs — Senior Product Manager (link) — United Kingdom (Remote). Posted 2026-05-26.
  • Grafana Labs — Senior Product Manager (link) — Germany (Remote). Posted 2026-05-26.
  • Grafana Labs — Senior Product Manager (link) — Spain (Remote). Posted 2026-05-26.
  • Grafana Labs — Senior Product Manager (link) — Republic of Ireland (Remote). Posted 2026-05-26.
  • UNICEF — DPGs at Scale Community Manager and Operating Model Consultant (link) — Valencia, Spain (Remote). Posted 2026-05-25. Deadline 2026-06-05.
  • Black Duck Software — Technical Product Manager (link) — Finland. Posted 2026-06-01.
  • Black Duck Software — Customer Success Manager (link) — Bengaluru, India. Posted 2026-06-01.
  • Black Duck Software — Vice President Technical Services (link) — US Remote. Posted 2026-05-29.
  • Tencent — Senior Counsel (link) — Hong Kong. Posted 2026-05-29.
  • Walmart / VIZIO — Software Engineer, Information Security (link) — Dallas, TX. Posted 2026-05-29.
  • ClickHouse — Senior Product Counsel (link) — United States (Remote). Posted 2026-05-28.
  • Red Hat — Software Engineer - Security Compliance (link) — Brno, Czechia. Posted 2026-05-27. Deadline 2026-06-13.
  • Mistral AI — Legal Counsel, Banking / Financing (Project finance) (link) — Paris. Posted 2026-05-27.
  • Teleport — Product & Privacy Counsel (link) — Remote US. Posted 2026-05-27.
  • Black Duck Software — Principal Technical Account Manager (link) — Toronto, Canada; Calgary, Canada. Posted 2026-05-26.
  • newsletter
  • funding
  • foundations
  • open source
  • governance
  • security
  • ai
  • licenses
  • jobs