Pulling 32-bit time_t Asbestos out of the Open Source Ecosystem: Mapping, Triaging, and Coordinating 2038-class Rollover Remediation

A collaborative working session on mapping, triaging, and coordinating 2038-class rollover remediation across the open source ecosystem — where the real problem isn’t ancient systems, but invisible dependencies.

The 2038 problem isn’t waiting in retired Unix servers. It’s 32-bit time_t assumptions still being baked into modern libraries, protocol implementations, and embedded toolchains shipping today. Many 64-bit systems depend on components that simply cannot represent time beyond 2038 — asbestos in the walls, not a single leaky pipe.

This BoF runs a collaborative thought experiment: if your government demanded a credible 2038 exposure assessment in 12 weeks, where would you actually start? What tooling exists? What’s missing? How do findings at the repository level roll up into something actionable?

To ground the discussion, we’ll introduce the 2038-Class Risk Exposure Matrix — a lightweight framework for comparing unlike risks across impact, uncertainty, remediation difficulty, and blast radius — along with a CC BY 4.0 workshop and full facilitation plan designed to help teams inventory their systems, surface unknowns, and translate technical findings into clear, decision-grade signals.

→ Here is the Matrix, with workshop and facilitation materials

Distro maintainers, embedded developers, and infrastructure engineers are invited to share inventories, swap remediation strategies, identify high-impact targets, and surface coordination gaps. We’ll map the technical landscape and connect the people already working on the problem.

Bring your war stories — your known-knowns and your known-unknowns.