How do we provide platform engineers and security architects with the same immutability and integrity for the operating system (OS) that they expect from containers? While OSTree pioneered transactional deployments, the ecosystem has shifted toward OCI images and sealed, hardware-rooted attestation, leaving a gap for a standardized, verifiable OS delivery path.

This talk introduces a shift in image-mode Linux, aligning the OS directly with the OCI model using bootc and composefs. By consuming OCI images and materializing them through composefs, we create a bootable, verifiable filesystem with strong lifecycle and update guarantees.

We compare this approach with traditional OSTree methods, examining layering, updates, and operational trade-offs. We will demonstrate deploying a composefs-backed system on Fedora 44.

After this talk, attendees will be ready to build, verify, and deploy OCI-native operating systems with production-grade integrity.

In this meetup, we will focus on the topic of LLMs/GenAI and FOSS: there's obviously a wide spectrum of opinion here, from banning it to 100% vibecoding. The goal of this meetup is especially to focus in on those who need/want to LLMs safely and responsibly for "important" software. What are the shared best practices, tools and procedures? What can we do to use these tools to address prior problems around things like supply chain security?

The submitter of this workshop has a lot of of experience and opinions, but is looking to have a realistic in-person discussion where different tools and experiences are presented and attendees can learn from each other.