Ladybird browser restricts code contributions to maintainers ahead of alpha release
Open source browser project closes all public pull requests, limiting code changes to internal team as it prepares for first public release.
The Ladybird browser project has announced it will no longer accept public pull requests, restricting code changes to project maintainers only. The decision, detailed in a post published on 5 June 2026, aims to tighten the development process and security model as the project prepares for its first alpha release. All currently open public pull requests have been closed as part of the transition.
Maintainers stated that the shift is driven by the changing economics of open source contributions due to artificial intelligence tools. While the project uses these tools internally, they noted that a pull request no longer serves as a reliable proxy for good faith or effort, as AI allows for the rapid production of work that appears serious. This change in the landscape has altered how trust is established in open source communities, where substantial patches previously implied substantial effort.
The decision comes as Ladybird moves into a phase where it aims to ship a browser to real users. Browsers run untrusted input from the internet on user machines, making security vulnerabilities critical. The project highlighted that a single well-disguised vulnerability is all an attacker needs, necessitating a smaller set of people responsible for the code that enters the browser.
Ladybird referenced historical instances of patient, well-resourced campaigns in open source to earn maintainer trust and subsequently abuse it. The project emphasized that every change introduced must fit the architecture, survive future refactoring, and be understood by the maintainers. The focus is on who is responsible for the code once it enters the browser, rather than how the code was originally typed.
The project clarified that it will not create a shadow contribution system through issues, comments, email, or forks. External code will not be treated as a review queue for upstream Ladybird. However, the project remains open source, with source code publicly available under an open source license. External contributions are still welcomed in the form of bug reports, testing, standards discussion, design feedback, and security reports.
This move marks a significant shift in how the Ladybird project operates, prioritising security and accountability as it prepares for its first alpha release. The decision reflects the growing challenges of managing open source projects in an era where AI tools have changed the dynamics of code contribution and trust.
