<div style="text-align:center"><img src="https://i0.wp.com/www.awordpresscommenter.com/wp-content/uploads/2025/06/Screenshot-2025-06-11-at-22608pm.png?ssl=1" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="The Community Responds to FAIR: Hope, Skepticism, and Support for Decentralizing WordPress" title="The Community Responds to FAIR: Hope, Skepticism, and Support for Decentralizing WordPress" /></div><div>
<p>Within hours of <a href="https://www.therepository.email/fair-to-decentralize-wordpress-backed-by-linux-foundation-and-contributors">FAIR’s launch at Alt Ctrl Org in Basel</a>, reactions from across the WordPress community began rolling in — via blog posts, Slack threads, comment sections, and even on stage at WordCamp Europe.</p>
<p>The <a href="https://www.linuxfoundation.org/press/linux-foundation-announces-the-fair-package-manager-project-for-open-source-content-management-system-stability">Linux Foundation-backed project</a> aims to decentralize WordPress plugin and theme distribution through a federated system of trusted repositories. Supporters say it’s a long-overdue step toward better governance and supply chain security. Critics worry it could fragment trust, complicate moderation, and weaken the ecosystem’s cohesion.</p>
<p>FAIR’s backers insist the project isn’t a fork, but a parallel infrastructure layer designed to complement WordPress, not compete with it. But in a community already frayed by disputes over leadership and accountability, FAIR has quickly become more than a technical proposal — it’s become a litmus test for how much change the WordPress ecosystem is willing to embrace.</p>
<div class="yarpp yarpp-related yarpp-related-shortcode yarpp-template-list">
<!-- YARPP List --></p>
<hr>
<p><strong style="font-family: Arial, Helvetica, sans-serif;font-size:14px;color:#42619a;text-transform: uppercase;letter-spacing:2px"></strong>Related news</p>
<ul>
<li style="font-family:Arial, Helvetica, sans-serif;font-size:15px;line-height:20px;margin:0px 0 10px 0"><a href="https://www.therepository.email/fair-to-decentralize-wordpress-backed-by-linux-foundation-and-contributors" rel="bookmark" title="New FAIR Project Aims to Decentralize WordPress.org Services, Backed by Linux Foundation and Hundreds of Contributors">New FAIR Project Aims to Decentralize WordPress.org Services, Backed by Linux Foundation and Hundreds of Contributors</a>
<li style="font-family:Arial, Helvetica, sans-serif;font-size:15px;line-height:20px;margin:0px 0 10px 0"><a href="https://www.therepository.email/cloudfest-hackathon-2025-recap-what-the-teams-built-how-it-went-and-whats-next" rel="bookmark" title="CloudFest Hackathon 2025 Recap: What the Teams Built, How It Went, and What’s Next">CloudFest Hackathon 2025 Recap: What the Teams Built, How It Went, and What’s Next</a>
<li style="font-family:Arial, Helvetica, sans-serif;font-size:15px;line-height:20px;margin:0px 0 10px 0"><a href="https://www.therepository.email/patchstack-whitepaper-wordpress-plugin-vulnerabilities-rise-by-34-as-cra-compliance-deadline-nears" rel="bookmark" title="Patchstack Whitepaper: WordPress Plugin Vulnerabilities Rise by 34% as CRA Compliance Deadline Nears">Patchstack Whitepaper: WordPress Plugin Vulnerabilities Rise by 34% as CRA Compliance Deadline Nears</a>
<li style="font-family:Arial, Helvetica, sans-serif;font-size:15px;line-height:20px;margin:0px 0 10px 0"><a href="https://www.therepository.email/wordpress-contributors-and-community-leaders-call-for-governance-reform-in-rare-open-letter" rel="bookmark" title="WordPress Contributors and Community Leaders Call for Governance Reform in Rare Open Letter">WordPress Contributors and Community Leaders Call for Governance Reform in Rare Open Letter</a>
</ul>
<hr>
</div>
<h2 class="wp-block-heading" id="h-fair-s-origins-from-slug-seizure-to-supply-chain-security"><strong>FAIR’s origins: From slug seizure to supply chain security</strong></h2>
<p>FAIR — short for Federated and Independent Repositories — emerged from private conversations that escalated following the takeover of Advanced Custom Fields in October 2024, and later Matt Mullenweg’s decision to shut down WordPress.org during the Christmas holidays. Those actions, and the contributor bans that followed, pushed longstanding frustrations about centralization into public view.</p>
<p>Following FAIR’s launch last Friday, five people closely involved with the project — Joost de Valk, Karim Marucchi, Ryan McCue, Siobhan McKeown, and Samuel Sidler — published blog posts over the weekend explaining their involvement with FAIR and why they believe it’s essential to WordPress’s future.</p>
<p>“I remember the phone calls vividly,” wrote Marucchi in his post <a href="https://marucchi.com/introducing-the-fair-package-manager-for-wordpress/">Introducing FAIR: A Stronger, More Resilient WordPress Ecosystem</a>. “Multiple chief legal counsel, from various large enterprises on the line, asking me point-blank: ‘Karim, why should we trust WordPress if one person can unilaterally make changes that jeopardize our supply chain, with no apparent checks and balances?&#8217;”</p>
<p>Marucchi and de Valk <a href="https://www.therepository.email/joost-de-valk-calls-for-end-to-matt-mullenwegs-bdfl-leadership-of-wordpress">proposed FAIR</a> in December 2024 as part of a broader call for governance reform in the WordPress project. Since then, as many as 300 people, including many veteran core committers and contributors, have built FAIR.</p>
<p>“The FAIR Package Manager is built to complement and work alongside the WordPress central project, ensuring that users, contributors, hosts, and business owners have a choice, and have a secure and decentralised option with a sustainable and reliable form of governance,” says Siobhan McKeown, who wrote about her involvement in <a href="https://siobhanmckeown.com/a-way-forward-with-fair/">A way forward with FAIR</a>.</p>
<div class="ad-aligncenter">
<div class="ad-row">
<div id="ad-4144" class="ad-300x250 adsanity-300x250 aligncenter adsanity-aligncenter">
<div class="adsanity-inner">
</div>
</div>
</div>
</div>
<p>McKeown, one of the signatories of last year’s <a href="https://www.therepository.email/wordpress-contributors-and-community-leaders-call-for-governance-reform-in-rare-open-letter">open letter to Mullenweg calling for governance reform</a>, describes FAIR as a space to rebuild trust: “We have the beginnings of a new space where open source contributors can scratch their itch, where dissent and challenge are welcomed and celebrated.”</p>
<h2 class="wp-block-heading" id="h-mullenweg-responds-at-wceu-a-lot-of-challenges-to-it"><strong>Mullenweg responds at WCEU: “A lot of challenges to it”</strong></h2>
<p>During the closing Q&#038;A at WordCamp Europe, longtime Documentation Team co-rep Milana Cap asked Mullenweg whether he would consider collaborating with the FAIR project.</p>
<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio">
<div class="wp-block-embed__wrapper">
<iframe loading="lazy" title="Fireside chat with Q&#038;A | Mary Hubbard and Matt Mullenweg" width="500" height="281" src="https://www.youtube.com/embed/mzJwYejWUbY?start=1629&#038;feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
</div>
</figure>
<p>Mullenweg’s response was cautious. “Of course we consider everything,” he said, “but even in what you said, I think there’s a lot of challenges to it.”</p>
<p>He raised concerns about security and reliability across distributed mirrors, and questioned how FAIR’s design might impact phased rollouts, plugin telemetry, and moderation enforcement. “Right now a supply chain attack needs to breach WordPress.org, which has never been hacked,” he said. “Now all of a sudden there’s N places that could potentially be compromised.”</p>
<p>Still, he acknowledged the effort: “I do think it’s awesome that people are shipping code versus just arguing or talking or writing blog posts.”</p>
<p>Executive Director Mary Hubbard echoed a similar view in <a href="https://www.fastcompany.com/91347003/wordpress-veterans-launch-fair-project-to-tackle-security-and-control-concerns">comments published by Fast Company</a>, emphasizing that WordPress has always allowed site owners to configure where their updates come from. “If this work leads to improvements like signed updates or better fallback systems, we’re open to that,” she said. “But it has to be done with the same long-term care that got us here.”</p>
<h2 class="wp-block-heading" id="h-centralization-or-stability"><strong>Centralization or stability?</strong></h2>
<p>On LinkedIn, Jesse Friedman, Head of WP Cloud at Automattic, framed FAIR as a <a href="https://www.linkedin.com/posts/jesserfriedman_we-have-all-said-to-beginners-make-sure-activity-7337646477999046656-NJnT/">potential risk to user safety</a>. “We have all said to beginners: make sure you download your plugins at WordPress.org; it’s the safest, most secure place to extend WordPress,” he posted. “I am seriously concerned with how diluting that source of truth will lead to confusion and malicious actors.”</p>
<div class="ad-aligncenter">
<div class="ad-row">
<div id="ad-4144" class="ad-300x250 adsanity-300x250 aligncenter adsanity-aligncenter">
<div class="adsanity-inner">
</div>
</div>
</div>
</div>
<figure class="wp-block-image size-large"></figure>
<p>The comments section offered a snapshot of the divide.</p>
<p>“Linux is served from mirrors. So is PHP, MySQL, NGINX, Apache, Python, Node, Docker images, Helm charts, Composer packages, pip, npm, and nearly every tool in the modern open source stack,” <a href="https://www.linkedin.com/feed/update/urn:li:activity:7337646477999046656?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A7337646477999046656%2C7337755292547358720%29&#038;dashCommentUrn=urn%3Ali%3Afsd_comment%3A%287337755292547358720%2Curn%3Ali%3Aactivity%3A7337646477999046656%29">wrote</a> consultant Robin Scott. “WordPress was never the App Store. Open source works because it’s decentralized — not in spite of it.”</p>
<p>“With all due respect man I have found compromised plugins in the org repository,” <a href="https://www.linkedin.com/feed/update/urn:li:activity:7337646477999046656?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A7337646477999046656%2C7337806519322701824%29&#038;dashCommentUrn=urn%3Ali%3Afsd_comment%3A%287337806519322701824%2Curn%3Ali%3Aactivity%3A7337646477999046656%29">posted</a> SEO consultant Joe Hall. “Generally speaking security is top of mind to the plugin team, but I have counted at least three or four issues of injecting links… This is a trusted source of open source professionals that have been managing distributions at the same scale as WordPress for a long time.”</p>
<p>“It’s unreasonable to expect 42% of the internet to update their software solely from the personal website of some guy from Texas,” <a href="https://www.linkedin.com/feed/update/urn:li:activity:7337646477999046656?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A7337646477999046656%2C7337830095962705920%29&#038;dashCommentUrn=urn%3Ali%3Afsd_comment%3A%287337830095962705920%2Curn%3Ali%3Aactivity%3A7337646477999046656%29">added</a> developer Brent Toderash, who is involved with both FAIR and AspirePress. “In the world of risk management, this is completely unacceptable.”</p>
<p>“This is not an action that is without a cause. It is a step that the community has chosen to take to safeguard against similar actions in the future,” <a href="https://www.linkedin.com/feed/update/urn:li:activity:7337646477999046656?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A7337646477999046656%2C7337674804432445440%29&#038;dashCommentUrn=urn%3Ali%3Afsd_comment%3A%287337674804432445440%2Curn%3Ali%3Aactivity%3A7337646477999046656%29">posted</a> Zash Stepek, Director of Agency Operations at BigScoots. “When one person wields a button that can shut off updates to an entire host’s customer base because they disagree with how they conduct their business, that doesn’t just hurt the host, it hurts the customers and erodes trust in a platform that powers a significant portion of the web.”</p>
<p>Others struck a more measured tone. At WordCamp Europe 2025, Katie Keith, CEO of Barn2 Plugins, was optimistic. “A lot of good people, very important and loyal to the WordPress community, have got together and built this thing,” she said in <a href="https://x.com/KatieKeithBarn2/status/1932052158142099461">an interview</a>. “They’ve got some great backing from organisations like Linux, which is really impressive… For me, the key thing is, will it get mass adoption? And with the backing it’s got, I hope it does, because I think that’s essential to help it reach its potential.”</p>
<p>Matt Medeiros from The WP Minute welcomed FAIR as a smart move toward decentralization, calling it an “insurance policy” for WordPress sites if something happens to WordPress.org. But he raised concerns about adoption and messaging, particularly for agencies and power users, in <a href="https://thewpminute.com/why-im-not-jazzed-about-fair/">Why I’m Not Jazzed About FAIR</a>.</p>
<p>“There’s a marketing, a branding, and a messaging challenge,” he said. “What does this really mean for us power users and agency owners?”</p>
<p>He described the rollout as coordinated but club-like, and cautioned that the FAIR team must meet the same expectations the community has placed on WordPress leadership. “Anyone working on an initiative like FAIR must be open to the same criticisms we’ve given Mullenweg and Automattic,” he said.</p>
<h2 class="wp-block-heading" id="h-we-needed-to-start-building-the-future-ourselves"><strong>“We needed to start building the future ourselves”</strong></h2>
<p>Ryan McCue, one of FAIR’s technical steering committee co-chairs and a longtime WordPress core committer, said the project delivers on the structural reforms called for in last year’s open letter, which he also signed. “Until we fix this problem, WordPress remains vulnerable,” he wrote in <a href="https://journal.rmccue.io/488/building-a-stronger-ecosystem/">Building a Stronger Ecosystem</a>. “Accordingly, we’re taking action.”</p>
<p>FAIR’s governance model, he wrote, was designed to prevent the kinds of unilateral decisions that have rattled contributors in recent months. FAIR’s charter limits company representation, separates funding from technical decision-making, and gives contributors a clear path to influence policies. “It’s the first step to truly uniting the community to build the next 20 years of WordPress.”</p>
<div class="ad-aligncenter">
<div class="ad-row">
<div id="ad-4144" class="ad-300x250 adsanity-300x250 aligncenter adsanity-aligncenter">
<div class="adsanity-inner">
</div>
</div>
</div>
</div>
<p>For those with concerns about FAIR’s approach to security, Patchstack CEO Oliver Sild gives the best assurance yet, describing FAIR as a path toward compliance with the EU’s Cyber Resilience Act. “FAIR is most likely the only way the WordPress ecosystem can become compliant with CRA in time. We don’t have a lot of time,” he <a href="https://poststatus.slack.com/archives/CHNM7Q7T8/p1749278294393739?thread_ts=1749254956.736219&#038;cid=CHNM7Q7T8">posted</a> in Post Status Slack.</p>
<p>Former Audrey Capital and Automattic staffer Samuel Sidler, who wrote about his involvement with FAIR in <a href="https://www.delta.blog/why-i-joined-fair/">Why I joined FAIR</a>, put it more bluntly: “WordPress has a problem — an existential threat. And, if we don’t act, WordPress as we know it… won’t survive.”</p>
<h2 class="wp-block-heading" id="h-open-discussion-and-an-open-invitation"><strong>Open discussion and an open invitation</strong></h2>
<p>In the days since the launch, FAIR contributors have been actively answering questions on social media, in Post Status Slack, and in GitHub threads.</p>
<p>“We wanted to launch without having all the answers, so we can collaborate on them as a community,” McCue wrote in response to <a href="https://aaron.jorb.in/some-initial-questions-about-fair/">Some initial questions about FAIR</a> by longtime core committer Aaron Jorbin.</p>
<p>That open posture, paired with technical ambition and Linux Foundation backing, has helped FAIR avoid some of the polarization that has plagued past reform efforts. Still, it’s clear that not everyone agrees on the risks, or the path forward. Whether FAIR gains broad adoption or remains a niche initiative, it has already changed the conversation from what WordPress is, to what it could become.</p>
<p>“This is not a protest,” de Valk reiterated in his post, <a href="https://joost.blog/path-forward-for-wordpress/">A new path forward for WordPress, and for the open web</a>. “It is a contribution.”</p>
<p><em>Image credit: <a href="https://www.linkedin.com/in/kwstasf/">Kostas Fryganiotis</a>.</em></p>
<p>The post <a href="https://www.therepository.email/the-community-responds-to-fair-hope-skepticism-and-support-for-decentralizing-wordpress">The Community Responds to FAIR: Hope, Skepticism, and Support for Decentralizing WordPress</a> appeared first on <a href="https://www.therepository.email/">The Repository</a>.</p>
</div>

Cloudways is bringing back its free Prepathon online event next week, from September 30 to…
Fueled has confirmed layoffs this week, cutting 4–5% of its workforce. But the news reached…
After calling for “more weirdness” in WordPress theme design earlier this year, Nick Hamze has…
FAIR has reached its first major milestone with the release of version 1.0 this week,…
The full chat log is available beginning here on Slack. WordPress Performance Trac tickets @westonruter…
Back in 2011, Jon Penland was selling centrifugal pumping units into the water and wastewater…