Second star to the right and straight on till morning...
Today we, Joost de Valk and Karim Marucchi, are announcing that we are stepping away from FAIR's day-to-day operations. FAIR was born out of necessity, built with conviction, and is now strong enough to continue without us at the helm.
FAIR continues under the Linux Foundation
From the very beginning, FAIR was designed to be bigger than any one person or company. We chose the Linux Foundation as our home precisely because it provides the neutral governance, legal framework, and institutional stability that a project like this needs. That decision is paying off now.
The Technical Steering Committee, the Governing Board, and the broader community of contributors have grown into a capable, self-sustaining organization. The infrastructure is solid, the governance is proven, and the mission is clear. FAIR doesn't need us to keep going — it needs the community that has already formed around it.
Beyond WordPress
When we started FAIR, it was focused on WordPress. That was intentional: WordPress was where the pain was most acute, where the dependency on a single point of failure was most visible, and where we had the deepest expertise. But FAIR was never meant to stop at WordPress.
The principles behind FAIR — federated distribution, cryptographic trust, decentralized discovery — apply to any software ecosystem. The architecture was designed from the start to be CMS-agnostic, and the protocol doesn't care whether you're distributing WordPress plugins, TYPO3 extensions, or something else entirely.
AI and trust
One of the things we've been thinking about a lot is the intersection of AI and software distribution. As AI-generated code becomes more prevalent, the question of trust becomes even more critical. How do you know that the code you're installing was written by who it claims to be? How do you verify that it hasn't been tampered with? How do you establish provenance in a world where code can be generated at scale?
FAIR's architecture — with its ED25519 signatures, DID-based identity, and labeler system — is uniquely positioned to address these challenges. The trust infrastructure we've built isn't just about solving today's problems; it's about being ready for tomorrow's.
TYPO3 integration
We're thrilled to share that work is already underway to bring FAIR to the TYPO3 ecosystem. TYPO3 is one of the most widely used open-source CMS platforms in Europe, and its community shares many of the same values that drove FAIR's creation: openness, independence, and a commitment to the open web.
The TYPO3 integration demonstrates exactly what FAIR was designed to do: provide a universal, federated infrastructure for software distribution that any community can adopt. We're excited to see this become a reality.
EU Cyber Resilience Act
The EU Cyber Resilience Act (CRA) is set to transform how open-source software is distributed in Europe. The act introduces new requirements around software supply chain security, vulnerability reporting, and provenance tracking. These are exactly the kinds of challenges FAIR was built to address.
With its cryptographic signatures, federated trust model, and transparent governance, FAIR provides the infrastructure that open-source communities will need to comply with the CRA. The timing isn't coincidental — these are problems we've been working on since day one.
Looking ahead
Stepping away isn't easy. FAIR has been a labor of love, a project that consumed our nights and weekends and conference hallway tracks. But the best thing we can do for FAIR now is to let it grow beyond us.
To the community: thank you. Thank you for believing in this vision, for contributing code and ideas and energy, for showing up when it mattered. FAIR is yours now. Take it further than we ever could.
Second star to the right and straight on till morning.
— Joost de Valk and Karim Marucchi