public inbox for gcc@gcc.gnu.org
 help / color / mirror / Atom feed
* Re: Inquiry: Country of Origin for gfortran
       [not found] <PH0PR09MB8537FABCA9ECD14246013F45D58B9@PH0PR09MB8537.namprd09.prod.outlook.com>
@ 2022-07-17  8:55 ` Thomas Koenig
  2022-07-17 16:04   ` David Edelsohn
  2022-07-18 11:27   ` [EXTERNAL] " Zhang, Cynthia X. (GSFC-710.0)[TELOPHASE CORP]
  0 siblings, 2 replies; 6+ messages in thread
From: Thomas Koenig @ 2022-07-17  8:55 UTC (permalink / raw)
  To: Zhang, Cynthia X. (GSFC-710.0)[TELOPHASE CORP],
	fortran, gcc mailing list


Hi Cynthia,

 > Hello, my name is Cynthia and I am a Supply Chain Risk Management
 > Analyst at NASA. NASA is currently conducting a supply chain
 > assessment of gfortran. As stated in Sections 208 and 514 of the
 > Consolidated Appropriations Act, 2022, Public Law 117-103,
 > enacted March 15, 2022, a required step of our process is to
 > verify the Country of Origin (CoO) information for the
 > product (i.e., the country where the products were developed,
 > manufactured, and assembled.)

 > As gfortran is open source, we understand that this inquiry is
 > not directly applicable, as contributions may be made from
 > individuals from around the world. In this case, NASA is
 > interested in confirming the following information:

 > 1.  Is there an organization which sponsors/publishes the project, or 
 > a primary developer who audits the code for potential 
vulnerabilities, > errors, or malicious code? Y/N

gfortran is not an independent project, it is part of the Gnu Compiler
Collection, https://gcc.gnu.org/ .  As such, any evaluation you
may already have made of gcc also should also apply to gfortran,
and I am also addressing this mail to the gcc mailing list, where
it is more appropriate, especially since I personally am unclear
about the current relationship with the Free Software Foundation.

Regarding gfortran specifically:  Code changes are reviewed by
the individuals listed in the file

https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=MAINTAINERS;hb=HEAD

(where you can search for Fortran).

 > 2.  Does gfortran have an overseeing organization or individual
 >   along these lines? Y/N

See my previous reply.

 > 1.  If so, please provide the name of the organization and country
 >     they are established in

 > If the information above is unknown or cannot be provided, we
 > request that you provide the country or list of countries where
 > the majority of contributions originate from to satisfy Sections
 > 208 and 514 of the Consolidated Appropriations Act, 2022, Public
 > Law 117-103, enacted March 15, 2022.

Main contributions to gfortran, i.e. the Fortran front end to gcc and
its supporting library, came (in no particular order) from the UK, the
US, France, Finland, Germany, the Netherlands and the Czech Republic.
Up to 2006, there were also some contributors from China.

Best regards

Thomas


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Inquiry: Country of Origin for gfortran
  2022-07-17  8:55 ` Inquiry: Country of Origin for gfortran Thomas Koenig
@ 2022-07-17 16:04   ` David Edelsohn
  2022-07-17 18:18     ` Richard Kenner
  2022-07-18 11:27   ` [EXTERNAL] " Zhang, Cynthia X. (GSFC-710.0)[TELOPHASE CORP]
  1 sibling, 1 reply; 6+ messages in thread
From: David Edelsohn @ 2022-07-17 16:04 UTC (permalink / raw)
  To: Thomas Koenig, Zhang, Cynthia X. (GSFC-710.0)[TELOPHASE CORP]
  Cc: fortran, gcc mailing list

Should this question be posed to the Linux distribution that NASA is using?

Thanks, David

On Sun, Jul 17, 2022 at 4:56 AM Thomas Koenig via Gcc <gcc@gcc.gnu.org> wrote:
>
> Hi Cynthia,
>
>  > Hello, my name is Cynthia and I am a Supply Chain Risk Management
>  > Analyst at NASA. NASA is currently conducting a supply chain
>  > assessment of gfortran. As stated in Sections 208 and 514 of the
>  > Consolidated Appropriations Act, 2022, Public Law 117-103,
>  > enacted March 15, 2022, a required step of our process is to
>  > verify the Country of Origin (CoO) information for the
>  > product (i.e., the country where the products were developed,
>  > manufactured, and assembled.)
>
>  > As gfortran is open source, we understand that this inquiry is
>  > not directly applicable, as contributions may be made from
>  > individuals from around the world. In this case, NASA is
>  > interested in confirming the following information:
>
>  > 1.  Is there an organization which sponsors/publishes the project, or
>  > a primary developer who audits the code for potential
> vulnerabilities, > errors, or malicious code? Y/N
>
> gfortran is not an independent project, it is part of the Gnu Compiler
> Collection, https://gcc.gnu.org/ .  As such, any evaluation you
> may already have made of gcc also should also apply to gfortran,
> and I am also addressing this mail to the gcc mailing list, where
> it is more appropriate, especially since I personally am unclear
> about the current relationship with the Free Software Foundation.
>
> Regarding gfortran specifically:  Code changes are reviewed by
> the individuals listed in the file
>
> https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=MAINTAINERS;hb=HEAD
>
> (where you can search for Fortran).
>
>  > 2.  Does gfortran have an overseeing organization or individual
>  >   along these lines? Y/N
>
> See my previous reply.
>
>  > 1.  If so, please provide the name of the organization and country
>  >     they are established in
>
>  > If the information above is unknown or cannot be provided, we
>  > request that you provide the country or list of countries where
>  > the majority of contributions originate from to satisfy Sections
>  > 208 and 514 of the Consolidated Appropriations Act, 2022, Public
>  > Law 117-103, enacted March 15, 2022.
>
> Main contributions to gfortran, i.e. the Fortran front end to gcc and
> its supporting library, came (in no particular order) from the UK, the
> US, France, Finland, Germany, the Netherlands and the Czech Republic.
> Up to 2006, there were also some contributors from China.
>
> Best regards
>
> Thomas
>

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Inquiry: Country of Origin for gfortran
  2022-07-17 16:04   ` David Edelsohn
@ 2022-07-17 18:18     ` Richard Kenner
  2022-07-17 19:26       ` Dave Blanchard
  0 siblings, 1 reply; 6+ messages in thread
From: Richard Kenner @ 2022-07-17 18:18 UTC (permalink / raw)
  To: dje.gcc; +Cc: cynthia.x.zhang, fortran, gcc, tkoenig

> Should this question be posed to the Linux distribution that NASA is using?

Yes, most likely.  But exactly how Free Software fits into the
Buy America Act (what she's talking about) is less than clear.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Inquiry: Country of Origin for gfortran
  2022-07-17 18:18     ` Richard Kenner
@ 2022-07-17 19:26       ` Dave Blanchard
  2022-07-17 20:13         ` Richard Kenner
  0 siblings, 1 reply; 6+ messages in thread
From: Dave Blanchard @ 2022-07-17 19:26 UTC (permalink / raw)
  To: gcc, cynthia.x.zhang, fortran, tkoenig

On Sun, 17 Jul 2022 14:18:40 EDT
Richard Kenner via Gcc <gcc@gcc.gnu.org> wrote:

> > Should this question be posed to the Linux distribution that NASA is using?
> 
> Yes, most likely.  But exactly how Free Software fits into the
> Buy America Act (what she's talking about) is less than clear.

If these bureaucratic parasites (but I repeat myself) don't want to use GCC, or Clang, then they can write their own compiler suite from scratch. Doubt that's going to happen, so this "investigation" is simply yet another frivilous waste of taxpayer dollars.

-- 
Dave Blanchard <dave@killthe.net>

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Inquiry: Country of Origin for gfortran
  2022-07-17 19:26       ` Dave Blanchard
@ 2022-07-17 20:13         ` Richard Kenner
  0 siblings, 0 replies; 6+ messages in thread
From: Richard Kenner @ 2022-07-17 20:13 UTC (permalink / raw)
  To: dave; +Cc: cynthia.x.zhang, fortran, gcc, tkoenig

> If these bureaucratic parasites (but I repeat myself) don't want to
> use GCC, or Clang, then they can write their own compiler suite from
> scratch. Doubt that's going to happen, so this "investigation" is
> simply yet another frivilous waste of taxpayer dollars.

I won't blame this on bureaucrats.  Congress is who passed the law (in
1933).  These folks are just checking the boxes.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* RE: [EXTERNAL] Re: Inquiry: Country of Origin for gfortran
  2022-07-17  8:55 ` Inquiry: Country of Origin for gfortran Thomas Koenig
  2022-07-17 16:04   ` David Edelsohn
@ 2022-07-18 11:27   ` Zhang, Cynthia X. (GSFC-710.0)[TELOPHASE CORP]
  1 sibling, 0 replies; 6+ messages in thread
From: Zhang, Cynthia X. (GSFC-710.0)[TELOPHASE CORP] @ 2022-07-18 11:27 UTC (permalink / raw)
  To: Thomas Koenig, fortran, gcc mailing list

Thank you for your help!

-----Original Message-----
From: Thomas Koenig <tkoenig@netcologne.de> 
Sent: Sunday, July 17, 2022 4:55 AM
To: Zhang, Cynthia X. (GSFC-710.0)[TELOPHASE CORP] <cynthia.x.zhang@nasa.gov>; fortran@gcc.gnu.org; gcc mailing list <gcc@gcc.gnu.org>
Subject: [EXTERNAL] Re: Inquiry: Country of Origin for gfortran


Hi Cynthia,

 > Hello, my name is Cynthia and I am a Supply Chain Risk Management  > Analyst at NASA. NASA is currently conducting a supply chain  > assessment of gfortran. As stated in Sections 208 and 514 of the  > Consolidated Appropriations Act, 2022, Public Law 117-103,  > enacted March 15, 2022, a required step of our process is to  > verify the Country of Origin (CoO) information for the  > product (i.e., the country where the products were developed,  > manufactured, and assembled.)

 > As gfortran is open source, we understand that this inquiry is  > not directly applicable, as contributions may be made from  > individuals from around the world. In this case, NASA is  > interested in confirming the following information:

 > 1.  Is there an organization which sponsors/publishes the project, or  > a primary developer who audits the code for potential vulnerabilities, > errors, or malicious code? Y/N

gfortran is not an independent project, it is part of the Gnu Compiler Collection, https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgcc.gnu.org%2F&amp;data=05%7C01%7Ccynthia.x.zhang%40nasa.gov%7C6cc48038caed4c1e908a08da67d211b3%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C637936449313898438%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=NxQtCichrdJBdyRR6ZIlmttE72yqSXE6rIxWUEQoMHQ%3D&amp;reserved=0 .  As such, any evaluation you may already have made of gcc also should also apply to gfortran, and I am also addressing this mail to the gcc mailing list, where it is more appropriate, especially since I personally am unclear about the current relationship with the Free Software Foundation.

Regarding gfortran specifically:  Code changes are reviewed by the individuals listed in the file

https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgcc.gnu.org%2Fgit%2F%3Fp%3Dgcc.git%3Ba%3Dblob_plain%3Bf%3DMAINTAINERS%3Bhb%3DHEAD&amp;data=05%7C01%7Ccynthia.x.zhang%40nasa.gov%7C6cc48038caed4c1e908a08da67d211b3%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C637936449313898438%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=PUhKlistyKpWB%2BvknwbesKHucw3uohnDMBqL66%2BrVkI%3D&amp;reserved=0

(where you can search for Fortran).

 > 2.  Does gfortran have an overseeing organization or individual
 >   along these lines? Y/N

See my previous reply.

 > 1.  If so, please provide the name of the organization and country
 >     they are established in

 > If the information above is unknown or cannot be provided, we  > request that you provide the country or list of countries where  > the majority of contributions originate from to satisfy Sections  > 208 and 514 of the Consolidated Appropriations Act, 2022, Public  > Law 117-103, enacted March 15, 2022.

Main contributions to gfortran, i.e. the Fortran front end to gcc and its supporting library, came (in no particular order) from the UK, the US, France, Finland, Germany, the Netherlands and the Czech Republic.
Up to 2006, there were also some contributors from China.

Best regards

Thomas


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2022-07-18 11:27 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <PH0PR09MB8537FABCA9ECD14246013F45D58B9@PH0PR09MB8537.namprd09.prod.outlook.com>
2022-07-17  8:55 ` Inquiry: Country of Origin for gfortran Thomas Koenig
2022-07-17 16:04   ` David Edelsohn
2022-07-17 18:18     ` Richard Kenner
2022-07-17 19:26       ` Dave Blanchard
2022-07-17 20:13         ` Richard Kenner
2022-07-18 11:27   ` [EXTERNAL] " Zhang, Cynthia X. (GSFC-710.0)[TELOPHASE CORP]

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).