The CNCF LFX Mentorship program is now accepting applications for its June cohort, Warp opened its terminal client under AGPL, and GitHub’s Open Source Guides added a practical new accessibility chapter. Here is this week’s open source roundup.
Open Source News This Week
CNCF LFX Mentorship 2026 Term 2 applications are open until May 19
The June to August 2026 term is now accepting applications through Tuesday, May 19 at 11:00 AM PDT. The program pairs contributors with experienced mentors across CNCF projects and includes a stipend. If you have been looking for a structured, paid entry point into cloud native open source work, this is worth a look. Apply through the LFX Mentorship portal.
Warp opened its terminal client under AGPL
After years of community requests, Warp released its terminal client to GitHub on April 28 under AGPLv3, with the UI framework under MIT. Contributions are handled through Oz, Warp’s cloud agent orchestration platform, while human contributors focus on ideas and review. OpenAI is the founding sponsor. For developers who avoided Warp because of its closed-source model, the code is now on GitHub.
GitHub’s Open Source Guides now include an accessibility chapter
Published in late April, the guide covers practical steps for making projects accessible to people with disabilities: partnering with disabled users from the start, writing accessible documentation, designing accessible interfaces, and testing continuously. The opening principle is “Nothing about us without us.” Worth reading if your project produces any kind of interface or documentation.
Open source code does not automatically mean open independence
The European Open Source Academy makes the case that access to source code is not the same as the capacity to act on it. Organizations that adopt open source without the skills, infrastructure, or governance to adapt it can end up with a different kind of dependence. A useful read for teams thinking seriously about digital sovereignty.
Kubernetes contributor docs now include explicit guidance on AI in pull requests
The Kubernetes contributor guide has been updated with a section covering AI-assisted contributions: what is acceptable, what requires disclosure, and how maintainers approach AI-generated code. Explicit written policy on this is becoming standard practice across large open source projects.
A coordinated GitHub malware campaign used fake repositories to distribute malware
Oliver Zehentleitner documented a campaign where attackers created dozens of GitHub repositories mimicking legitimate proxy tools, all pointing to the nailproxy.space domain. The repositories used inflated star counts and copied READMEs to appear credible. A good reminder that GitHub search results are not a reliable indicator of trustworthiness. The case was submitted to GitHub Support for campaign-level review.
W3C Web Sustainability Guidelines recommend open source by default
The W3C Web Sustainability Guidelines include a criterion recommending open source software where possible, citing reduced duplication of effort, longer software lifecycles, and lower energy costs from shared maintenance. An interesting framing: open source as a sustainability choice, not just an ethical or economic one.
Open Source Tools Worth Checking Out
OpenFeature and flagd
OpenFeature is a CNCF incubating project providing a vendor-neutral specification for feature flagging, with contributors from Dynatrace, Flagsmith, Unleash, and others. Write feature flag code once against the OpenFeature API and switch providers without touching application code. flagd is the companion daemon: a lightweight evaluation engine that follows Unix conventions, supports hot-reload of flag definitions, and deploys natively to Kubernetes via the OpenFeature Operator. Both are directly behind this week’s community challenge, built by Simon Schrottner, who maintains OpenFeature. OpenFeature docs and flagd on GitHub.
GoReleaser
Built by Carlos Alexandro Becker and a small team of maintainers. GoReleaser handles the full release pipeline for Go, Rust, Zig, TypeScript, and Python projects: building cross-platform binaries, generating changelogs, and publishing to GitHub, Homebrew, Docker, and package registries from a single config file. It was selected for the GitHub Secure Open Source Fund because it sits in the supply chain of thousands of projects. Relevant this week given the supply chain and repository trust themes in the news. Carlos Alexandro Becker: GoReleaser getting started guide.
OpenHAB
A vendor-agnostic home automation platform supporting over 3,000 technologies, maintained by a large open source community. Not cloud native tooling, but a good example of what open source looks like when the users are not developers. Community member @flo uses it to run more than 1,000 sensors and as an observability playground. The OpenHAB community and docs are worth exploring if you are curious about open source with a different kind of real-world footprint.
OpenTelemetry
OpenTelemetry is the CNCF’s open standard for telemetry, covering traces, metrics, and logs across distributed systems. It is a CNCF graduated project maintained by hundreds of contributors across the cloud native ecosystem. The core value is instrumentation portability: instrument once and export to any backend without changing application code. Community member @adrianamvillela has been contributing since 2022 and described it plainly: the project is thoughtful, collaborative, and vendor neutral by design, with observability competitors working toward a single common standard. The project also released its first experimental GenAI Semantic Conventions in March, covering standardized attributes for LLM observability. OpenTelemetry docs and getting started guide.
This Week in the Community
@theharithsa published two posts worth reading together. The first covers an OpenTelemetry package built for the GitHub Copilot SDK, explaining why tracing matters when embedding LLM models in Node.js applications. The second goes further: llm-otel-kit adds observability to LLM backends in six lines of Python, covering FastAPI proxies, Ollama, and vLLM. If you are running an LLM service and have not thought about observability yet, these are a practical starting point.
Challenge Update
We have a new challenge up and this one is special. It was created by Simon Schrottner, a CNCF Ambassador and maintainer of OpenFeature and JUnit Pioneer, and our first challenge from an external contributor.
In this challenge you will wire OpenFeature and flagd into a Spring Boot service, covering provider registration, hot-reload of flag definitions, and more. No complex setup required.
The top 3 players across all levels will receive a Credly badge, and the top player across all levels wins a 50% Linux certification voucher.
Wire OpenFeature + flagd into a Spring Boot service: Adventure 04 Beginner
Thank you @simon.schrottner for bringing this to the community.
Question of the Week: Accessibility in Open Source
GitHub’s new accessibility guide is a good prompt to think about this more concretely. What tools do you use to check for accessibility in your projects? Automated scanners, screen readers, browser extensions, manual testing, something else entirely? And if you have not started yet, what would make it easier to add to your workflow?