Ladybird, an open-source web browser still in development, is revising its code contribution process as it approaches its first alpha release.
After deciding in February to rewrite the entire engine in Rust, the project founder, Andreas Kling, announced yesterday that Ladybird will no longer accept public pull requests. Going forward, only project maintainers will introduce code changes, and all currently open public pull requests will be closed.
“We will no longer accept public pull requests. From now on, code changes to the Ladybird codebase will only be introduced by project maintainers.”
The reason given for this decision is that Ladybird is entering a phase that requires a more controlled development process, a clearer security model, and a smaller group responsible for accepted code. This change supports Ladybird’s transition from an experimental project to software intended for end users.
Of course, Ladybird remains open source, and its code will continue to be publicly available under an open-source (BSD-2-Clause) license. However, the contribution model is changing: external code submissions will no longer be accepted through public PRs or other methods such as issues, comments, email, or forks.
And if you’re wondering why, it’s all about the trust. Kling explained that traditional open-source workflows helped projects identify trusted contributors, as individuals submitted code and built trust through ongoing involvement. But let’s face it: the AI era has largely changed that.
He also noted that attackers may build trust over time before exploiting it, and that AI-generated code makes it easier and less costly to submit apparently legitimate contributions.
With that said, from now on, external involvement in the project will continue through bug reports, test cases, website testing, standards and design discussions, security reports, and technical feedback.
