Binary Dependencies: Identifying the Hidden Packages We All Depend On

Name: Binary Dependencies: Identifying the Hidden Packages We All Depend On
Start: 2026-01-31T13:15:00
End: 2026-01-31T13:15:00
Location: K.3.201

K.3.201 | Day 1 | 13:15 - 13:25 | Speakers: Vlad-Stefan Harbuz

Copy link

Copy link

Open in browser

Get involved in the conversation!Join the chat

Notes

Abstract

Package manifests record source-level dependencies: pandas depends on numpy's code. The story is different for binary dependencies: numpy depends on OpenBLAS's binaries, but package managers can't easily see this. We must map the OSS ecosystem's binary dependency relationships to reliably (1) identify upstream security vulnerabilities and (2) properly credit and financially support maintainers. I propose solving this problem by creating a global index of binary dependencies, using a global linker that tracks binaries' symbols across the entire Open Source ecosystem, combined with auxiliary strategies like statically analysing build recipes. (read more)

Speakers

Vlad-Stefan Harbuz

I work on software and philosophy that contributes to the public good. My current focus is to find ways to get more money to Open Source maintainers in order to make our Open Source ecosystem healthier and more sustainable.

I'm a maintainer of the Open Source Pledge, which is creating a new social norm of companies paying the maintainers they depend on, and has raised $4,103,685 for maintainers since launching.

I'm also a core contributor to thanks.dev, which enables companies to scan their codebases to find and directly pay the Open Source maintainers they depend on. I co-maintain the Hare programming language and previously founded software company Saffron and gaming hardware company Submodule.

Next to my work in software, I am also a PhD researcher in philosophy at the University of Edinburgh, where I research why social conventions make us put up with exploitation, and how to identify ethical ways of working together.

I think that being kind is important, and I love cats and birds. I write on vlad.website.

External Links

Notice: The placeholder video image is licensed under CC BY-SA 4.0. The original image can be found hereChanges made to the image are: Cropped the image to a new ratio, part of the image was cut off.