From: Siddhesh Poyarekar <siddhesh@gotplt.org>
To: Alexandre Oliva <oliva@gnu.org>
Cc: GNU C Library <libc-alpha@sourceware.org>
Subject: Re: GNU C Library as its own CNA?
Date: Wed, 6 Sep 2023 20:56:03 -0400 [thread overview]
Message-ID: <1fd12501-cc77-1943-9fe0-611376c77e09@gotplt.org> (raw)
In-Reply-To: <orv8cnarm3.fsf@lxoliva.fsfla.org>
On 2023-09-06 18:01, Alexandre Oliva wrote:
> No, that would be reading too much into what I wrote about an earlier
> attempt to make GNU a CNA.
OK, thanks for clarifying. Then I continue to look for volunteers.
> I'd just be surprised if anyone serious about software freedom and
> security would seriously consider engaging with that web site while it
> remains detrimental to both of these concerns.
>
> If we can find people who don't mind interacting with it as it is, I
> suppose we might, but there might be continuity challenges, and, having
> been denied access to the site because of javascrippling, I don't even
> know how much of a commitment by any community it would amount to.
>
> I expect finding people who care about freedom and security but don't
> mind interacting with that website to be difficult, so that is a point
> of concern for me.
>
> If we do find a path forward, however, it would be useful to extend it
> to all of GNU, because there was much interest, we just couldn't figure
> out a way to make interaction viable.
That would be a worthy goal, but it may be best to have individual CNAs
for glibc, binutils, gcc, etc. because it allows the individual
communities to nominate their own security teams for example and run
independently. Lets see how the glibc experiment goes and then we can
extend the idea to other parts of the toolchain.
Thanks,
Sid
next prev parent reply other threads:[~2023-09-07 0:56 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-28 15:56 Siddhesh Poyarekar
2023-07-28 16:09 ` Florian Weimer
2023-07-28 16:11 ` Siddhesh Poyarekar
2023-07-28 16:41 ` Joseph Myers
2023-07-28 17:28 ` Paul Eggert
2023-09-06 11:41 ` Siddhesh Poyarekar
2023-09-06 12:33 ` Florian Weimer
2023-09-06 16:00 ` Paul Eggert
2023-09-06 16:33 ` Florian Weimer
2023-09-06 17:04 ` Paul Eggert
2023-07-31 17:42 ` Siddhesh Poyarekar
2023-09-06 11:40 ` Siddhesh Poyarekar
2023-09-06 18:35 ` Alexandre Oliva
2023-09-06 18:57 ` Siddhesh Poyarekar
2023-09-06 19:02 ` Paul Eggert
2023-09-06 22:01 ` Alexandre Oliva
2023-09-07 0:56 ` Siddhesh Poyarekar [this message]
2023-09-07 3:27 ` Alexandre Oliva
2023-09-07 10:48 ` Siddhesh Poyarekar
2023-09-07 15:46 ` Florian Weimer
2023-09-07 17:14 ` Alexandre Oliva
2023-09-08 10:58 ` Siddhesh Poyarekar
2023-09-10 16:57 ` Alexandre Oliva
2023-09-11 7:46 ` Florian Weimer
2023-09-11 12:59 ` Carlos O'Donell
2023-09-11 9:58 ` Siddhesh Poyarekar
2023-09-11 12:47 ` Carlos O'Donell
2023-09-12 11:40 ` Siddhesh Poyarekar
2023-09-12 13:15 ` Adhemerval Zanella Netto
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1fd12501-cc77-1943-9fe0-611376c77e09@gotplt.org \
--to=siddhesh@gotplt.org \
--cc=libc-alpha@sourceware.org \
--cc=oliva@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).