This Week in Open Source #8

This Week in Open Source for 08/15/2025

A look around the world of open source
by Daryl Ducharme & amanda casari, Google Open Source

Upcoming Events

• August 14-16: Open Source Festival 2025 (OSCAFest'25) is happening in Lagos, Nigeria. It uses community to help integrate the act of open source contribution to African developers whilst strongly advocating the movement of free and open source software.
• August 25-27: Open Source Summit Europe (OSSEU) is happening in Amsterdam, Netherlands. It is the premier event for the open source community to collaborate, share information, solve problems, and gain knowledge, furthering open source innovation and ensuring a sustainable open source ecosystem. Many Googlers will be there giving talks along with so many others.
• September 5-7: NixCon 2025 is happening in Switzerland. It is the annual conference for the Nix and NixOS community where Nix enthusiasts learn, share, and connect with others.
• September 9: Kubernetes Community Day 2025 SF Bay Area event, the ultimate gathering for cloud native enthusiasts! This full-day event, sponsored by the Cloud Native Computing Foundation (CNCF), is packed with insightful cloud native talks and unparalleled opportunities for community networking.
• September 12 - 16: PyCon AU 2025 is happening in Narrm/Melbourne. It is the national conference for the Python programming community, bringing together professional, student and enthusiast developers, sysadmins and operations folk, students, educators, scientists, statisticians, and many others besides, all with a love for working with Python.

Open Source Reads and Links

• [Article] Google Brings the A2A Protocol to More of Its Cloud - Last month, Google transferred the A2A protocol to the Linux Foundation and we are still continuing to improve it. Be it updating the spec, integrating it into Cloud Run and GKE we are still happy to see excitement about the future of this protocol.
• [Book] OSPO Book - Open Source Programs Offices are an important part of connecting open source communities to your company (if we do say so ourselves). If you are an open source enthusiast who thinks they can start one in their company, here is a good guide from CNCF. There's also a github repo for it.
• [Analysis] The RedMonk Programming Language Rankings: January 2025 - Redmonk's regular analysis of programming languages. Trends are remaining mostly steady across languages, which is an interesting trend of itself!
• [Blog] One Event at a Time: Funding Your Community the Realistic Way - Great writeup, from a PSF Board member, advising event organizers in the Python community on developing responsible and sustainable funding plans for their community events.
• Python Software Foundation News: The PSF has paused our Grants Program - The PSF is temporarily pausing their Grants Program after reaching their 2025 grant budget cap earlier than expected. While they know how important this program is to many in the community, this is a necessary step to protect both the future of the program and the short- and long-term sustainability of the PSF. (If this moves you immediately to donate to the PSF, we welcome your contributions via our donations page).

What exciting open source events and news are you hearing about? Let us know on our @GoogleOSS X account.

Google Summer of Code 2025: Contributor Statistics

The Numbers Are In: A Deep Dive into GSoC 2025 Stats

Google Summer of Code (GSoC) is an online global program that introduces students and beginner developers to open source software development. For our 21st year of the program we welcomed 1280 Contributors from 68 countries who are coding for 185 Mentoring Organizations.

With the coding period starting June 2nd, GSoC contributors are focused on their 2025 projects alongside their Mentors and the thriving open source communities they are working with. We are excited to share some statistics about the accepted contributors in this year's program.

Accepted GSoC Contributors

• 92.32% are participating in their first GSoC
• 43.04% had not contributed to open source before GSoC 2025
• 89.02% are enrolled in an academic program

Projects

• 53.68% of projects were large (~350 hours), 41.54% medium (~175 hours), 4% (~90 hour) projects
• Currently, 77.9% of projects are the standard 12 weeks in length, with 18.3% extending their projects between 14-22 weeks.

Proposals

We got a whopping 15,240 applicants submitting proposals (an increase of 130% of our previous high - a new record!) from 130 countries. These folks submitted 23,559 proposals, a 159% increase over last year!

96.55% applied to GSoC for the first time in 2025

Registrations

We had a record 98,698 people registering from 172 countries for the 2025 program, an increase of 124.4% over the previous high.

Mentors

This summer, 185 open-source organizations are participating in GSoC. Their projects are supported by over 2,100 mentors from 75 countries. These dedicated volunteers guide new contributors, helping them hone their skills.

Many of these mentors are highly experienced. Almost two-thirds have mentored GSoC contributors for four or more years.

A big thank you for being part of this wonderful community and for helping to spread the word about GSoC, which offers an invaluable opportunity for all the individuals beginning their journey in Open Source. We'll keep you updated with future entries about GSoC 2025, stay tuned!

–by Stephanie Taylor, Mary Radomile & Lucila Ortiz, Google Open Source Team

This Week in Open Source #7

This Week in Open Source for 08/08/2025

A look around the world of open source
by Daryl Ducharme, Google Open Source

Upcoming Events

• August 14-16: Open Source Festival 2025 (OSCAFest'25) is happening in Lagos, Nigeria. It uses community to help integrate the act of open source contribution to African developers whilst strongly advocating the movement of free and open source software.
• August 25-27: Open Source Summit Europe (OSSEU) is happening in Amsterdam, Netherlands. It is the premier event for the open source community to collaborate, share information, solve problems, and gain knowledge, furthering open source innovation and ensuring a sustainable open source ecosystem. Many Googlers will be there giving talks along with so many others.
• September 5-7: NixCon 2025 is happening in Switzerland. It is the annual conference for the Nix and NixOS community where Nix enthusiasts learn, share, and connect with others.

Open Source Reads and Links

• The Asymmetry of Open Source - Open source software projects need funding, but users are not obligated to pay for them. Companies should invest in open source to maintain quality and avoid issues, while hobbyists can contribute without financial pressure. Proper boundaries and mutual responsibility between companies and developers are essential for a healthy open source ecosystem. How do we find and set those boundaries?
• Linux Foundation Announces Intent to Form Developer Relations Foundation - The Linux Foundation has created the Developer Relations Foundation which aims to unify best practices and enhance the role of developer relations in technology. The DRF will focus on collaboration and shared knowledge. Having an open source organization behind this, helps to make sure DevRel is always of service to developers along with whoever is employing them.
• 5 tips to get started on accessibility - Not exactly open source and yet super important. So important to the open source community that All Things Open posted it on their site. Accessibility (A11y) is always useful. The more it gets used properly, the more useful it is for everyone.
• Bringing open source development to Trust and Safety - Ever open source champion, former Googler and now COO at Roost, Anne Bertucio discusses how some teams still have a difficult time understanding open source. The standards that they are used to don't always occur within the transparent world of open source. This means, bringing open source to those teams requires understanding where they are coming from and discussing its limitations as well as its benefits.
• How we made JSON.stringify more than twice as fast - One of the beautiful things about open source is the transparency in projects. Google's Chromium V8 engine is no exception. This walk through of the technical structuring that led to a faster JSON.stringify is a great way to learn some approaches to solving software bottlenecks that you may not have thought of. With it being open source, you can also visit the repository and follow along with the history of these code changes.

What exciting open source events and news are you hearing about? Let us know on our @GoogleOSS X account.

This Week in Open Source #6

This Week in Open Source for 08/01/2025

A look around the world of open source

by Daryl Ducharme & amanda casari, Google Open Source Programs Office

Diving into the open source world this week, we'll cover upcoming events that foster collaboration and innovation, alongside new reads and links that highlight significant advancements and discussions within the open source community. From new Google projects enhancing package ecosystem confidence to thought-provoking articles on open source funding, we hope this keeps you aware of new areas of the ecosystem.

Upcoming Events

• August 14-16: Open Source Festival 2025 (OSCAFest'25) is happening in Lagos, Nigeria. It uses community to help integrate the act of open source contribution to African developers whilst strongly advocating the movement of free and open source software.
• August 25-27: Open Source Summit Europe (OSSEU) is happening in Amsterdam, Netherlands. It is the premier event for the open source community to collaborate, share information, solve problems, and gain knowledge, furthering open source innovation and ensuring a sustainable open source ecosystem. Many Googlers will be there giving talks along with so many others.
• September 5-7: NixCon 2025 is happening in Switzerland. It is the annual conference for the Nix and NixOS community where Nix enthusiasts learn, share, and connect with others.

Open Source Reads and Links

• [Blog] Google introduced OSS Rebuild, a new project designed to enhance confidence in open source package ecosystems through the reproduction of upstream artifacts.
  • [Article] Hacker news posted Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages which also discusses the usefulness and importance of this tool
• [Story] SF-Based Internet Archive Is Now a Federal Depository Library. What Does That Mean? - The Internet Archive is a foundational reference and repository for open-access information and digital archives.The San Francisco-based digital library now has federal depository status, joining a network of over 1,100 libraries that archive government documents and make them accessible to the public — even as ongoing legal challenges pose an existential threat to the organization.
• [Video] Keynote: Building community through collaborative datasets - Mago Torres' keynote from csv,conf 8, on her work building collaborative datasets for award-winning data journalism, captures the spirit and focus on where open technology enables communities to accomplish more together.
• [Paper] Anubis Pilot Project Report - June 2025 - In May and June 2025, Duke University Libraries (DUL) successfully implemented Anubis, a configurable open source web application firewall (WAF), to combat persistent AI-related bot scraping. During this pilot (May 1 - June 10, 2025), aggressive bot scraping caused outages for three critical library platforms (Duke Digital Repository, Archives & Manuscripts, and the Books & Media Catalog); Anubis mitigated the problem in each instance.
• [Article] Microsoft-owned GitHub says open source needs to be funded - The Register published this editorial which asks whether open source software has reached the point that it should be managed as infrastructure and funded by governments that rely on it? Some studies show impressive numbers in how much it contributes to many economies.
• [Blog] Open Source Explained Like You're Five (But Smarter) - Explaining open source to people outside the tech world is tough. This article uses some good metaphors along with some details you may not have known to better explain it and spread the word. Or, you could just send them this article and hope they read it. 😜

What exciting open source events and news are you hearing about? Let us know on our @GoogleOSS X account.

This Week in Open Source #5

This Week in Open Source for July 25, 2025

A look around the world of open source

by Daryl Ducharme & amanda casari, Google Open Source Programs Office

We hope everyone is having a good summer. The world of open source is, with more events and news that caught our attention.

Upcoming Events

• July 31-August 3: FOSSY (Free and Open Source Software Yearly) will be held in Portland, Oregon and is focused on the creation and impact of free and open source software, uplifting contributors of all experience.
• August 14-16: Open Source Festival 2025 (OSCAFest'25) is happening in Lagos, Nigeria. It uses community to help integrate the act of open source contribution to African developers whilst strongly advocating the movement of free and open source software.
• August 25-27: Open Source Summit Europe (OSSEU) is happening in Amsterdam, Netherlands. It is the premier event for the open source community to collaborate, share information, solve problems, and gain knowledge, furthering open source innovation and ensuring a sustainable open source ecosystem. Many Googlers will be there giving talks along with so many others.

Open Source Reads and Links

• [Press Release] Tech Veterans Anne Bertucio and Vinay Rao Join ROOST - A bit of a bittersweet post as our recent, now former Head of Open Source Programs Office, Anne Bertucio, joins ROOST as COO and the previous Head of Safeguards at Anthropic, Vinay Rao, joins as CTO.
• [Article] An open-source SDK for finding dead code - Maintaining dead code is a waste of resources. So, having good tools for finding dead code in your applications is important. The open sourcing of Reaper for iOS and Android applications might be a worthwhile part of your toolbelt.
• [Blog] Why I used to prefer permissive licenses and now favor copyleft - Choosing the right license for your open source projects is a very personal choice. A choice that is worth revisiting once in a while to see if your values have shifted and if there are new ideas for what might constitute free software that better align with those new values.
• [Blog] Announcing FOKS: The Federated Open Key Service - Security and authentication are key to the tech world and open source is a good way to get many eyes on the problems to find solutions. A new federated open key service, FOKS, built from the ground up and based on concepts while working with Keybase is available now.
• [Article] Kubernetes Surges in Enterprise, But What Can Take It Mainstream? - Different teams in the development work streams have their own ideas about the tech stack. Many teams using Kubernetes have made it quite popular for use in enterprise work, but some are still using systems that have been tried and tested in their own domains. What work needs to be done to get all teams on-board with using Kubernetes?
• [Blog] Death by a thousand slops - The lead maintainer for the open source project, curl, continues to blog on where low-quality recommendations to curl's Bug Bounty program are increasing the work for the security team.
• [Article] From A2A to MCP, a look at the protocols that might one day help AI automate you out of a job - Click-bait headline aside, a good overview of where these protocols are at, what they do, and a certain view on whether that's useful or not. We have our opinions, but we are probably biased ;)
• [Article] How the Free Software Foundation battles the LLM bots - There are many bots out there crawling the web. In the early days of search, the solution was the robots.txt files and bots crawling the web slow enough for the systems to continue to run smoothly. However, many LLM bots are ignoring robots.txt, being greedy with site resources, and that's on top of other bot traffic to deal with. Looking at how a large organization approaches this current trend has some great shared knowledge.

What exciting open source events and news are you hearing about? Let us know on our @GoogleOSS X account.

This Week in Open Source #4

This Week in Open Source for July 18, 2025

A look around the world of open source
by Daryl Ducharme & amanda casari, Google Open Source Programs Office

Getting into the middle of July, we've been reading lots of various articles. Here's the upcoming events and some of our favorites.

Upcoming Events

• July 24-29: GUADEC 2025, the Gnome community's largest conference is in Brescia, Italy.
• July 31-August 3: FOSSY (Free and Open Source Software Yearly) will be held in Portland, Oregon and is focused on the creation and impact of free and open source software, uplifting contributors of all experience.
• August 14-16: Open Source Festival 2025 (OSCAFest'25) is happening in Lagos, Nigeria. It uses community to help integrate the act of open source contribution to African developers whilst strongly advocating the movement of free and open source software.

Open Source Reads and Links

• [Article] Open Source at the Crossroads of AI Opportunity and Cybersecurity Necessity - A follow up to many of the events from Open Source Summit North America with much discussion around AI's impact on labor and cybersecurity.
• [Paper] A Toolkit For Measuring The Impacts Of Public Funding On Open Source Software Development - Funding in the open source world is complex. This toolkit seeks to inform discussions about the value of public funding for OSS.
• [Release Notes] Mastodon 4.4 - The open source microblogging platform has had another release milestone. Check out enhancements like: Featured posts & tags, improved list management, media control improvements (run a podcast from a mastodon account!), quote posts are coming, and more.
• [Articles] Digital sovereignty leads to multiple governments, from local to national, choosing to move from proprietary software to open source options. For examples Denmark Set to Replace Microsoft Office with Open Source Alternative and the French City of Lyon Kicks Out Microsoft and Data Sovereignty in Uncertain Times discussing how you should look at all your cloud provider options.

What exciting open source events and news are you hearing about? Let us know on our @GoogleOSS X account.

This Week in Open Source #3

This Week in Open Source for July 11, 2025

A look around the world of open source
by Daryl Ducharme, Erin McKean & amanda casari, Google Open Source Programs Office

We took a break as there was a holiday in the US that shortened our work week, but we are back to share what our open source world has to offer.

Upcoming Events

• July 14-19: The 26th annual Debian Conference (DebConf) for Debian contributors and users interested in improving Debian is in Brest, France.
• July 24-29: GUADEC 2025, the Gnome community's largest conference is in Brescia, Italy.
• July 31-August 3: FOSSY (Free and Open Source Software Yearly) will be held in Portland, Oregon and is focused on the creation and impact of free and open source software, uplifting contributors of all experience.

Open Source Reads and Links

• [Article] libxml2 Maintainer Ends Embargoed Vulnerability Reports, Citing Unsustainable Burden - Solo maintainer of small project won't embargo security vulnerabilities any more; will just treat them like regular bugs. This might bring up security concerns for those that use it but it highlights the need for more contributions required for important work.
• [Podcast] Managing community contributors with Alya Abbott - In this episode of The Business of Open Source podcast the COO of Zulip discusses the management of community contributions, including their downsides.
• [Blog] Towards Digital Sovereignty: Decisions About Control We Make Every Day - Digital sovereignty. What is it? Where did it come from? And how might we best think about it based on our personal or company needs?
• [Report] The Python Software Foundation 2024 Annual Impact Report - PSF has released their annual organization report for community accountability, transparency, and discussion.
• [Mailing List message] What's Next? - This mailing list message shows new life in the development of the copyleft-next license.
• [Blog] Command line magic: Extracting links with awk, grep, and tr - Sometimes it's nice to be reminded of the tools we have at our disposal and how we can use them to make everyday tasks easier. This article from an ATO contributor shows some tips and tricks for a little command line magic that we may have forgotten about (or never thought of).

What exciting open source events and news are you hearing about? Let us know on our @GoogleOSS X account.

This Week in Open Source #2

This Week in Open Source for June 27, 2025

A look around the world of open source
By Daryl Ducharme & amanda casari - Google Open Source Programs Office

With Open Source Summit North America (OSSNA) this week, it has been an exciting week.

OSSNA Keynote Announcements and more you may have missed

• Google transfers Agent 2 Agent (A2A) protocol to the Linux Foundation.
• Model Signing v1.0 was released by OpenSSF in April.
• Nvidia shipped over 1 Billion RISC-V cores in 2024.
• Overture Maps Foundation now has over 1 billion points of interest.
• Tazama - Open source software to provide realtime prevention of financial fraud. Especially useful in developing areas.
• Cloudflare now supports C2PA - With our current technology, content provenance assurances are more important than ever.
• CNCF launched GitJobs.
• Fair Package Manager Project for Wordpress provides open source content management system stability.

Upcoming Events

• July 7-13: The 24th annual SciPy conference will be held in Tacoma, Washington. It brings together attendees from industry, academia, and government to showcase their latest Python projects, learn from skilled users and developers, and collaborate on code development.
• July 8-9: The Beam Summit is happening in New York City. It is the leading conference for Apache Beam, the unified programming model for batch and stream data processing.
• July 14-19: The 26th annual Debian Conference (DebConf) for Debian contributors and users interested in improving Debian is in Brest, France.
• July 24-29: GUADEC 2025, the Gnome community's largest conference is in Brescia, Italy.

Open Source Reads and Links

• Everything Open Source - Open Source Events - Everything Open Source does many things in and for open source - maintaining a community list of events for the past three years is just one of them.
• Keeping the Web Up Under the Weight of AI Crawlers - Interesting explanation of robots.txt open protocol and how the open web is being challenged by needed updates/changes from AI crawlers.
• A Family of Forks - Daniel Stenberg, lead maintainer of curl, describes the work required to keep curl getting built with 11 modern Transport Layer Security (TLS) libraries
• Introducing the new API for OSI approved licenses - OSI has a new API for checking against approved open source licenses.
• What's new in Apache Iceberg 3.0 - The open data lakehouse keeps getting better with Iceberg v3. This article goes into the details and also takes a peak at what should be coming in v4.
• What would Kubernetes 2.0 look like? - Kubernetes is all over the tech world. So, what change to the defaults in K8s would keep it moving in that forward direction?
• Ubuntu 25.10 replaces sudo with a Rust based equivalent - While not quite at release yet, sudo-rs, a Rust based sudo replacement will soon be the norm on Ubuntu. Will other distros follow suit?

What exciting open source events and news are you hearing about? Let us know on our @GoogleOSS X account.

This Week in Open Source - Inaugural Post

This Week in Open Source for June 20, 2025

A look around the world of open source
By Daryl Ducharme - Google Open Source Programs Office

We're starting a new series here at the Google Open Source Programs Office. In an effort to spread the word of open source, we'll be writing a weekly series discussing announcements, events, and interesting articles about many different FOSS related topics from around the ecosystem.

Upcoming Events:

• June 23-25: The Open Source Summit North America (OSSNA) is next week in Denver, Colorado. A SWE from the Google Agent 2 Agent team will be delivering an exciting keynote on the future of the protocol.
• July 7-13: The 24th annual SciPy conference will be held in Tacoma, Washington. It brings together attendees from industry, academia, and government to showcase their latest Python projects, learn from skilled users and developers, and collaborate on code development.
• July 8-9: The Beam Summit is happening in New York City. It is the leading conference for Apache Beam, the unified programming model for batch and stream data processing.
• July 14-19: The 26th annual Debian Conference (DebConf) for Debian contributors and users interested in improving Debian is in Brest, France.

Open Source Reads

• [Article] New compiler faster than LLVM - A new compiler that is faster than the standard? Color me interested. Three researchers from the Technical University of Munich have developed TPDE, a new compiler backend framework. It combines multiple background tasks into a single pass.
• [List Article] 14 Open Source Tools To Become The Ultimate Developer - Yes, these types of articles come out all the time. But a curated list of new tools to look at is always a great way to get motivated and learn new things.
• [Announcement] GUAC 1.0 is now available - With current regulations (and pragmatically, just good software development practices) keeping up with your software bill of materials is important. However, the dependencies can be complex! GUAC helps you tame this complexity by applying graph logic to it.
• [Blog] Cloud Native and Open Source Help Scale Agentic AI Workflows - Why use a Large Language Model when a Smaller Language Model will work? You can with a few open source tools that happen to be Google grown - Kubernetes, KNative, and Istio.

What exciting open source events and news are you hearing about? Let us know on our @GoogleOSS X account.

Introducing New Open Source Documentation Resources

Today we're introducing two new open source documentation resources for open source software maintainers, a Docs Advisor guide and a set of Documentation Project Archetypes. These tools are intended to help maintainers make effective use of limited resources when it comes to planning and executing open source documentation work.

The Docs Advisor is a guide intended to demystify documentation work, including help picking a documentation approach, understanding your audience and available resources, and how to write, revise, evaluate, and maintain your documentation.

Documentation Project Archetypes are a set of thirteen project field guides. Each archetype represents a different type of documentation project, the problems it can solve, and how to bring the right collaborators together on the project to create great docs.

Origin story

More than 130 open source projects wrote 200+ case studies and project reports as a part of their participation in the Google Season of Docs program from 2019 to 2024. These case studies and project reports represent a variety of documentation projects from a wide range of open source groups. In these wrap-ups, project maintainers and technical writers describe how they approached their documentation projects, capturing many successes and more than a few challenges.

These reports are a treasure trove of lessons learned–but it's unrealistic to expect time-crunched open source maintainers to read through them all. So we got in touch with Daniel Beck and Erin Kissane to chat about ways to help organize and summarize some of these lessons learned.

These conversations turned into the Docs Advisor guide (‘like having an experienced technical writer hanging over your shoulder') and the thirteen Documentation Project Archetypes.

Our goal with these resources was to turn all of the hard-won experience of the Google Season of Docs participants into explicit documentation advice and guidance for open source maintainers.

More about the Docs Advisor

The Docs Advisor guide is intended to demystify the work of good documentation. It collects practices and processes from within technical writing and docs communities and from user experience, information architecture, and content strategy.

• In Part 1, you'll pick an overall approach that suits the needs of your project.
• In Part 2, you'll learn enough about your community and their needs to ensure that your hard work will be helping real people.
• In Part 3, you'll assess your existing resources and pull together everything you need to move quickly and confidently through the work of creating and revising your docs.
• In Part 4, you'll get to work writing and revising your docs and set yourself to successfully evaluate your work and maintain it.

The Docs Advisor guide also includes a docs plan template to help you accomplish your docs plan work, including:

• What approach will you take to your documentation work, as a whole?
• What risks do you need to mitigate?
• Are there any documents to make or steps to perform to increase your chances of success?

The Docs Advisor incorporates guidance from interviews with open source maintainers and technical writers as well as from the Google Season of Docs case studies, and integrates the Documentation Project Archetypes into the recommendations for maintainers planning docs work.

More about the Archetypes

Documentation Project Archetypes are meant to help you recognize common types of documentation work (whether you're writing a new user guide or replatforming your docs site), the situations in which they apply, and organize yourself to bring the work to completion.

The archetypes cover the following areas:

• Planning and evaluating your docs: Experiment and analysis archetypes support future docs work, by learning more about your existing docs, your audience, and your capacity to deliver meaningful change.
• Producing new docs: Creation archetypes make new docs that directly help your audience complete tasks and achieve their goals.
• Revising and transforming existing docs: Revision archetypes modify existing docs, to improve quality, reduce maintenance costs, and reach wider audiences.
• Equipping yourself with docs tools and process: Tool and process archetypes adopt new tools or practices that help you make more, better, or higher quality docs.

All of the archetypes are available on GitHub.

Doc tools in the wild

We are excited to share these tools and are looking forward to seeing how they are used and evolve.

Daniel demoed the concept and first completed archetype, The Migration, at FOSDEM 2025 in his talk Patterns for maintainer and tech writer collaboration. He also talked about the work on the API Resilience Podcast episode "Patterns in Documentation."

We hope to get valuable feedback during a proposed Doc Archetypes session at Open Source Summit Europe 2025 (acceptance pending).

We are also excited to be developing some Doc Archetype illustration cards with Heather Cummings — a few previews are already live on The Edit, The Audit, and The Factory.

If you have questions or suggestions, please raise an issue in the Open Docs repo.

By Elena Spitzer & Erin McKean, Google Open Source Programs Office

Transforming Kubernetes and GKE into the leading platform for AI/ML

The world is rapidly embracing the power of AI/ML, from training cutting-edge foundation models to deploying intelligent applications at scale. As these workloads become more sophisticated and demanding, the infrastructure required to support them must evolve. Kubernetes has emerged as the standard for container orchestration, but AI/ML introduces unique challenges that push traditional infrastructure to its limits.

AI training jobs often require massive scale, needing to coordinate thousands of specialized hardware like GPUs and TPUs. Reliability is critical, as failures can be costly for long running, large-scale training jobs. Efficient resource sharing across teams and workloads is essential given the expense of accelerators. Furthermore, deploying and scaling AI models for inference demands low latency and faster startup times for large container images and models.

At Google, we are deeply invested in the AI/ML revolution. This is why we are doubling down on our commitment to advancing Kubernetes as the foundational open standard for these workloads. Our strategy centers on evolving the core Kubernetes platform to meet the needs of the "next trillion core hours," specifically focusing on batch and AI/ML. We then bring these advancements, alongside enterprise-grade management and optimizations, to users through Google Kubernetes Engine (GKE).

Here's how we are transforming Kubernetes and GKE:

Redefining Kubernetes' relationship with specialized hardware

Kubernetes was initially designed for more uniform CPU compute. The surge of AI/ML brought new requirements for seamless integration and efficient management of expensive, sparse, and diverse accelerators. To support these new demands, Google has been a key investor in upstream Kubernetes to offer robust support for a diverse portfolio of the latest accelerators, including multiple generations of TPUs and a wide range of NVIDIA GPUs.

A core Kubernetes enhancement driven by Google and the community to better support AI/ML workloads is Dynamic Resource Allocation (DRA). This framework, developed in the heart of Kubernetes, provides a more flexible and extensible way for workloads to request and consume specialized hardware resources beyond traditional CPU and memory, which is crucial for efficiently managing accelerators. Building on such foundational open-source capabilities, GKE can then offer features like Custom Compute Classes, which improve the obtainability of these resources through intelligent fallback priorities across different capacity types like reservations, on-demand, and Spot instances. Google's active contributions to advanced resource management and scheduling capabilities within the Kubernetes community ensure that the platform evolves to meet the sophisticated demands of AI/ML, making efficient use of these specialized hardware resources more broadly accessible.

Unlocking scale and reliability

AI/ML workloads demand unprecedented scale and have new failure modes compared to traditional applications. GKE is built to handle this, supporting up to 65,000 nodes in a single cluster. We've demonstrated the ability to run the largest publicly announced training jobs, coordinating 50,000 TPU chips with near-ideal scaling efficiency.

Critically, we are enhancing core Kubernetes capabilities to support the scale and reliability needed for AI/ML. For instance, to better manage distributed AI workloads like serving large models split across multiple hosts, Google has been instrumental in developing features like JobSet (emerging from earlier concepts like LeaderWorkerSet) within the Kubernetes community (SIG Apps). This provides robust orchestration for co-scheduled, interdependent groups of Pods. We are also actively working upstream to improve Kubernetes reliability and stability through initiatives like Production Readiness Reviews, promoting safer upgrade paths, and enhancing etcd stability for the benefit of all Kubernetes users.

Optimizing Kubernetes performance for efficient inference

Low-latency and cost-efficient inference is critical for AI applications. For serving, the GKE Inference Gateway routes requests based on model server metrics like KVCache utilization and pending queue length, reducing serving costs by up to 30% and tail latency by 60% compared to traditional load balancing. We've even achieved vLLM fungibility across TPUs and GPUs, allowing users to serve the same model on either accelerator without incremental effort.

To address slow startup times for large AI/ML container images (often 20GB+), GKE offers rapid scale-out features. Secondary boot disks allow preloading container images and data, resulting in up to 29x faster container mounting time. GCS FUSE enables streaming data directly from Cloud Storage, leading to faster model load times. Furthermore, GKE Inference Quickstart provides data-driven, optimized Kubernetes deployment configurations, saving extensive benchmarking effort and enabling up to 30% lower cost, 60% lower tail latency, and 40% higher throughput.

Simplifying the Kubernetes experience and enhancing observability for AI/ML

We understand that data scientists and ML researchers may not be Kubernetes experts. Google aims to simplify the setup and management of AI-optimized Kubernetes clusters. This includes contributions to Kubernetes usability efforts and SIG-Usability. Managed offerings like GKE provide multiple paths to set up AI-optimized environments, from default configurations to customizable blueprints. Offerings like GKE Autopilot further abstract away infrastructure management, aiming for the ease of use that benefits all users.
Ensuring visibility into AI/ML workloads is paramount. Google actively supports and contributes to the integration of standard open-source observability tools within the Kubernetes ecosystem, such as Prometheus, Grafana, and OpenTelemetry. Building on this open foundation, GKE then provides enhanced, out-of-the-box observability integrated with popular AI frameworks & tools, including specific insights into workload startup latency and end-to-end tracing.

Looking ahead: continued investment in Open Source Kubernetes for AI/ML

The transformation continues. Our roadmap includes exciting developments in upstream Kubernetes for easily deploying and managing large-scale clusters, support for new GPU & TPU generations integrated through open-source mechanisms, and continued community-driven innovations in fast startup, reliability, and ease of use for AI/ML workloads.

Google is committed to making Kubernetes the premier open-source platform for AI/ML, pushing the boundaries of scale, performance, and efficiency while maintaining stability and ease of use. By driving innovation in core Kubernetes and building powerful, deeply integrated capabilities in our managed offering, GKE, we are empowering organizations to accelerate their AI/ML initiatives and unlock the next generation of intelligent applications built on an open foundation.

Come explore the possibilities with Kubernetes and GKE for your AI/ML workloads!

By Francisco Cabrera & Federico Bongiovanni, GCP Google Kubernetes Engine

Kubernetes 1.33 is available on GKE!

Kubernetes 1.33 is now available in the Google Kubernetes Engine (GKE) Rapid Channel! For more information about the content of Kubernetes 1.33, read the official Kubernetes 1.33 Release Notes and the specific GKE 1.33 Release Notes.

Enhancements in 1.33:

In-place Pod Resizing

Workloads can be scaled horizontally by updating the Pod replica count, or vertically by updating the resources required in the Pods container(s). Before this enhancement, container resources defined in a Pod's spec were immutable, and updating any of these details within a Pod template would trigger Pod replacement impacting service's reliability.

In-place Pod Resizing (IPPR, Public Preview) allows you to change the CPU and memory requests and limits assigned to containers within a running Pod through the new /resize pod subresource, often without requiring a container restart decreasing service's disruptions.

This opens up various possibilities for vertical scale-up of stateful processes without any downtime, seamless scale-down when the traffic is low, and even allocating larger resources during startup, which can then be reduced once the initial setup is complete.

Review Resize CPU and Memory Resources assigned to Containers for detailed guidance on using the new API.

DRA

Kubernetes Dynamic Resource Allocation (DRA), currently in beta as of v1.33, offers a more flexible API for requesting devices than Device Plugin. (Instructions for opt-in beta features in GKE)

Recent updates include the promotion of driver-owned resource claim status to beta. New alpha features introduced are partitionable devices, device taints and tolerations for managing device availability, prioritized device lists for versatile workload allocation, and enhanced admin access controls. Preparations for general availability include a new v1beta2 API to improve user experience and simplify future feature integration, alongside improved RBAC rules and support for seamless driver upgrades. DRA is anticipated to reach general availability in Kubernetes v1.34.

containerd 2.0

With GKE 1.33, we are excited to introduce support for containerd 2.0. This marks the first major version update for the underlying container runtime used by GKE. Adopting this version ensures that GKE continues to leverage the latest advancements and security enhancements from the upstream containerd community.

It's important to note that as a major version update, containerd 2.0 introduces many new features and enhancements while also deprecating others. To ensure a smooth transition and maintain compatibility for your workloads, we strongly encourage you to review your Cloud Recommendations. These recommendations will help identify any workloads that may be affected by these changes. Please see "Migrate nodes to containerd 2" for detailed guidance on making your workloads forward-compatible.

Multiple Service CIDRs

This enhancement introduced a new implementation of allocation logic for Service IPs. The updated IP address allocator logic uses two newly stable API objects: ServiceCIDR and IPAddress. Now generally available, these APIs allow cluster administrators to dynamically increase the number of IP addresses available for Services by creating new ServiceCIDR objects.

Highlight of Googlers' contributions in 1.33 cycle:

Coordinated Leader Election

The Coordinated Leader Election feature progressed to beta, introducing significant enhancements in how a lease-candidate's availability is determined for an election. Specifically, the ping-acknowledgement checking process has been optimized to be fully concurrent instead of the previous sequential approach ensuring faster and more efficient detection of unresponsive candidates, which is essential for promptly identifying truly available lease candidates and maintaining the reliability of the leader election process.

Compatibility Versions

New CLI flags were added to apiserver as options for adjusting API enablement wrt an apiserver's emulated version. --emulation-forward-compatible is an option to implicitly enable all APIs which are introduced after the emulation version and have higher priority than APIs of the same group resource enabled at the emulation version.
--runtime-config-emulation-forward-compatible is an option to explicit enable specific APIs introduced after the emulation version through the runtime-config

zPages

ComponentStatusz and ComponentFlagz alpha features are now available to be turned on for all control plane components.
Components now expose two new HTTP endpoints, /statusz and /flagz, providing enhanced visibility into their internal state. /statusz details the component's uptime, golang, binary and emulation versions info, while /flagz reveals the command-line arguments used at startup.

Streaming List Responses

To improve cluster stability when handling large datasets, streaming encoding for List responses was introduced as a new Beta feature. Previously, serializing entire List responses into a single memory block could strain kube-apiserver memory. The new streaming encoder processes and transmits each item in a list individually, preventing large memory allocations. This significantly reduces memory spikes, improves API server reliability, and enhances overall cluster performance, especially for clusters with large resources, all while maintaining backward compatibility and requiring no client-side changes.

Snapshottable API server cache

Further enhancing API server performance and stability, a new Alpha feature introduces snapshotting to the watchcache. This allows serving LIST requests for historical or paginated data directly from its in-memory cache. Previously, these types of requests would query etcd directly, requiring to pipe the data through multiple encoding, decoding, and validation stages. This process often led to increased memory pressure, unpredictable performance, and potential stability issues, especially with large resources. By leveraging efficient B-tree based snapshotting within the watchcache, this enhancement significantly reduces direct etcd load and minimizes memory allocations on the API server. This results in more predictable performance, increased API server reliability, and better overall resource utilization, while incorporating mechanisms to ensure data consistency between the cache and etcd.

Declarative Validation

Kubernetes thrives on its large, vibrant community of contributors. We're constantly looking for ways to help make it easier to maintain and contribute to this project. For years, one area that posed challenges was how the Kubernetes API itself was validated: using hand-written Go code. This traditional method has proven to be difficult to authors, challenging to review and cumbersome to document, impacting overall maintainability and the contributor experience. To address these pain points, the declarative validation project was initiated.
In 1.33, the foundational infrastructure was established to transition Kubernetes API validation from handwritten Go code to a declarative model using IDL tags. This release introduced the validation-gen code generator, designed to parse these IDL tags and produce Go validation functions.

Ordered Namespace Deletion

The current namespace deletion process is semi-random, which may lead to security gaps or unintended behavior, such as Pods persisting after the deletion of their associated NetworkPolicies. By implementing an opinionated deletion mechanism, the Pods will be deleted before other resources with respect to logical and security dependencies. This design enhances the security and reliability of Kubernetes by mitigating risks arising from the non-deterministic deletion order.

Acknowledgements

As always, we want to thank all the Googlers that provide their time, passion, talent and leadership to keep making Kubernetes the best container orchestration platform. We would like to mention especially Googlers who helped drive the contributions mentioned in this blog: Tim Allclair, Natasha Sarkar, Vivek Bansal, Anish Shah, Dawn Chen, Tim Hockin, John Belamaric, Morten Torkildsen, Yu Liao,Cici Huang, Samuel Karp, Chris Henzie, Luiz Oliveira, Piotr Betkier, Alex Curtis, Jonah Peretz, Brad Hoekstra, Yuhan Yao, Ray Wainman, Richa Banker, Marek Siarkowicz, Siyuan Zhang, Jeffrey Ying, Henry Wu, Yuchen Zhou, Jordan Liggitt, Benjamin Elder, Antonio Ojea, Yongrui Lin, Joe Betz, Aaron Prindle and the Googlers who helped bring 1.33 to GKE!

- Benjamin Elder & Sen Lu, Google Kubernetes Engine

GSoC 2025: We have our Contributors!

Congratulations to the 1272 Contributors from 68 countries accepted for GSoC 2025! Our 185 Mentoring Orgs have been very busy this past month - reviewing 23,559 proposals, having countless discussions with applicants, and finally, completing the rigorous selection process to find the right Contributors for their community.

Here are some highlights of the 2025 GSoC applicants:

• 15,240 applicants from 130 countries submitting 23,559 proposals
• Over 2,350 mentors and organization administrators
• 66.3% of applicants have no prior open source experience

Now that the 2025 GSoC Contributors have been announced, the Organizations and Contributors will be spending 3 weeks together in the Community Bonding period. This time is a very important part of the GSoC program. Designed to get new contributors quickly up to speed, Mentors will use the next three weeks to introduce GSoC Contributors to their community, helping them understand the codebase and norms of their project, adjusting deliverables for the project and understanding the impact and reach of their summer project.

Contributors will begin writing code for Organizations on June 2nd - the official beginning of a totally new adventure! We're absolutely delighted to kick off another year alongside our amazing community.

A huge thanks to all the enthusiastic applicants who participated and, of course, to our phenomenal volunteer Mentors and Organization Administrators. Your weeks of thoughtful proposal reviews and proactive engagement with participants have been invaluable in introducing them to the world of open source.

And congratulations once again to our 2025 GSoC Contributors! Our goal is that GSoC serves as the catalyst for Contributors to become long term participants (and maybe even maintainers!) of open source communities of every shape and size. Now is their chance to dive in and learn more about open source and connect with these amazing communities.

– Stephanie Taylor, Mary Radomile and Lucila Ortiz, Google Open Source

Google Summer of Code 2025 Contributor Applications Now Open!

Join Google Summer of Code (GSoC) and contribute to the world of open source! Applications for GSoC are open from March 24 to April 8, 2025.

Since 2005, GSoC has successfully brought over 21,000 new contributors from 123 countries into the open source community. This is an exciting opportunity for students and beginners to open source (18+) to gain real-world experience this summer. You will spend 12+ weeks coding, learning about open source development, and earn a competitive stipend under the guidance of experienced mentors.

Learn More and Apply

• Read the Contributor Guide and Advice for people applying for GSoC to learn more about application basics.

• Make your proposal stand out! Read the Writing a proposal doc written by former contributors.

• Watch our Intro to GSoC video, as well as the GSoC Org Highlight videos and Community Talks Series to get inspired about projects that contributors have worked on in the past.

• Read the Google Summer of Code Program Rules, FAQ, and join us in our Discord Channel to connect with the community.

• Explore the 185 mentoring organizations and use filters to sort by your interests including programming language and category.

• Reach out now to your preferred organizations via their contact methods listed on the GSoC site

Interested contributors may register and submit project proposals on the GSoC site from now until Tuesday, April 8th at 18:00 UTC.

Best of luck to all our applicants!

By Stephanie Taylor, Mary Radomile and Lucila Ortíz – GSoC Program Admins

Meet the Mentoring organizations of GSoC 2025!

We are thrilled to share that we have selected 185 open source projects for the 21st year of Google Summer of Code (GSoC)

Get to know more about each organization via their individual GSoC program page. There you will find the best way to engage with each community, view project ideas, and read their contributor guidance for applying to their organization.

Applications for the GSoC Contributors are open March 24 - April 8, 2025

The 2025 GSoC program is open to students and to beginners in open source software development. If you are eager to enhance your chances of becoming a GSoC contributor this year, we highly recommend following these steps:

• Get inspired by watching the 'Introduction to GSoC' video for a quick overview and the Community Talks to learn more about past projects that contributors completed.
• Review the Contributor Guide and Advice for Applying to GSoC.
• Review the list of accepted organizations.
• We recommend finding two to three Orgs that interest you and reading through their project ideas. Use the filters on the site to help you narrow down based on the programming languages you are familiar with or categories that interest you.
• Once you find an idea that excites you, reach out to the organization right away via their preferred communication methods. Communicating early and often will increase your chances of being accepted.
• Introduce yourself to the mentors and community and ask questions to determine if this project idea is a good fit for your skill set and interests.
• Use the information you received to write up your proposal.

Join us in our upcoming Info session!

• Contributor Talk #3 on Thursday, March 6, 16:00 UTC
Join the talk here: meet.google.com/gyq-mcuz-wey

Finally, you can find more information about the program on our website which includes the full 2025 timeline. You’ll also find the FAQ, Program Rules and some videos with more details about GSoC for both contributors and mentors.

Welcome aboard 2025 Mentoring Organizations! We are looking forward to an amazing year!

By Stephanie Taylor, Mary Radomile & Lucila Ortíz – GSoC Program Admins

Fabrication begins for production OpenTitan silicon

With malicious software on the rise, how can you be certain that a computer, server, or mobile device is running the code (and provisioning data) that was intended? You can't just ask the code itself, so where do you start? The answer is deceptively simple – start where you have certainty and build up a chain of trust. For communication on the web, we rely on Certificate Authorities (CAs) to ensure the security of web content before it reaches the user. In products composed of an interconnected jungle of hardware and software, like Chromebooks and our Cloud infrastructure, we rely on a small dedicated secure microcontroller called a Root of Trust (RoT). And, some devices even have several RoTs for specialized needs.

Over the past six years, Google has been working with the open source community to build OpenTitan, the first open source silicon RoT. Today, we are excited to announce that we have started fabrication of the first production-ready OpenTitan silicon by Nuvoton. This silicon will be the first broadly used RoT chip at Google with a fully transparent design and origin. We have production OpenTitan chips available for lab testing and evaluation with larger volumes available from Nuvoton starting in Spring 2025.

History of RoTs and OpenTitan at Google

In 2009, Google began shipping devices with dedicated off-the-shelf RoTs. By 2014, it became clear that higher levels of assurance would only be attainable by investing in a first party RoT solution. A first party solution enabled Google to have full visibility and control over the security of its products throughout their life cycles. Previous off-the-shelf parts were black- or gray-box solutions where vendors are responsible for designing their own hardware and software – all with limited or no access to the source. Without full transparency, it is impossible to completely understand the security assurances for products using these proprietary parts. In addition, it was becoming harder to meet product needs with off-the-shelf RoT solutions, from footprint to function to cost – we needed a better solution for Chromebooks, Cloud, and later, Pixel.

Today, open source software powers nearly every consumer experience, from open source operating systems like Linux, to web browsers like Chromium. Open source is often the most economically efficient solution for developing foundational technology: it enables companies to work together and pool resources to build common, compatible products. Until now, this development approach has not been demonstrated in a commercially relevant setting for silicon.

OpenTitan is the first open-source silicon project to reach commercial availability based on the engineering samples we released last year. The OpenTitan project started from scratch in 2018 with a coalition of commercial, academic, and not-for-profit partners. The OpenTitan project is hosted by lowRISC CIC in Cambridge, UK. Google and project partners – Nuvoton, ETH Zurich, G+D Mobile Security, lowRISC, Rivos, Seagate, Western Digital, Winbond, zeroRISC, and a number of independent contributors – provide open source hardware register-transfer level (RTL) and design verification (DV) code, along with integration guidelines, and reference firmware to drive adoption throughout industry.

The Future

With the introduction of production-ready OpenTitan chips, we are excited to welcome an era where security is based on transparency from the very beginning of the stack. OpenTitan is the first commercially available open source RoT to support PQC secure boot based on SLH-DSA (formerly known as SPHINCS+). Our vision is that these chips will help drive broader industry adoption not only of open designs and their security properties, but also of this innovative method of open source collaboration between organizations.

Samples of production OpenTitan silicon are now available, with reference provisioning and application-level firmware releases coming soon. Product integrations have begun to intercept Chromebooks shipping later this year, with datacenter integrations following shortly after.

Getting Involved

With OpenTitan, we’ve introduced brand new methodologies for how commodity chips get designed that are increasingly economical moving forward. OpenTitan provides Google with a high-quality, low-cost, commoditized hardware RoT that can be used across the Google ecosystem. This will also facilitate the broader adoption of Google-endorsed security features across the industry.

The fabrication of production OpenTitan silicon is the realization of many years of dedication and hard work from our team. It is a significant moment for us and all contributors to the project. OpenTitan’s broad community has been critical to its success. As the following metrics show (baselined from the project’s public launch in 2019), the OpenTitan community is rapidly growing:

• Almost nine times the number of commits at launch: from 2,500 to over 24,200.
• 176 contributors to the code base
• 17k+ merged pull requests
• 1.5M+ LoC, including 500k LoC of HDL
• 2.5k Github stars

If you are interested in learning more or contributing to OpenTitan, visit the open source GitHub repository or reach out to the OpenTitan team.

By Cyrus Stoller and Miguel Osorio – OpenTitan