Sourceware infrastructure updates for Q1 2024

Sourceware infrastructure updates for Q1 2024

[Mark Wielaard]

Sourceware infrastructure community updates for Q1 2024

A summary of news about Sourceware, the Free Software hosting project
for core toolchain and developer tools, from the last 3 months.

- Sourceware now has an official donation page
- StarFive VisionFive-2 RISC-V boards for builder.sourceware.org
- server2 and server3 disk drive updates
- Upgrading project websites from CVS to GIT
- Sourceware @ Fosdem
- Security policy updates for a CVE system out of control
- Summer of Code

= Sourceware now has an official donation page

  Sourceware is a Free Software hosting project for core toolchain and
  developer tools. Sourceware is maintained by volunteers. Hardware
  and bandwidth is provided by sponsors. Sourceware is a Software
  Freedom Conservancy member project. Conservancy handles all
  non-profit administrivia for Sourceware. Thanks to the Conservancy
  we already have collected enough money for an emergency hardware
  replacement fund. In case one of our hardware partners would
  suddenly and unexpectedly drop support we can now simply buy new
  hardware. And we now also have an official donation page to help
  fund accelerating tasks the community feels most useful.
  
  https://sourceware.org/donate.html

= StarFive VisionFive-2 RISC-V boards for builder.sourceware.org

  StarFive has donated 4 VisionFive-2 risc-v boards with 8GB, 4-core
  JH7110 supporting the RV64GC ISA for the CI running on
  builder.sourceware.org. Which has allowed us to setup CI (and try)
  builders for various projects: annobin, binutils(+try), bzip2,
  debugedit, dwz, elfutils(+try), glibc, poke and libabigail(+try).

  Please contact the builder project if you want to help out with the
  CI services. https://sourceware.org/mailman/listinfo/buildbot

= server2 and server3 disk drive updates

  One of the drives in server2 broke down. It was part of a 10 drive
  raid6 setup, which can take 2 bad disks before full failure. We also
  have a full mirror on server3, which has a similar raid6 setup. We
  ordered 3 new disks, one as replacement for the bad disk and a spare
  for server2 and server3 in case of future drive failures. The drive
  has been replaced and everything is running smoothly. We have a fund
  for replacing hardware when needed. But if you want to help out
  keeping everything running smoothly you can donate on our new
  donation page https://sourceware.org/donate.html

= Upgrading project websites from CVS to GIT.

  Various projects were still creating their project homepages from
  CVS. We upgraded both glibc and binutils to have a public git htdocs
  repository now to which the whole community can contribute.
  
  https://sourceware.org/cgit/binutils-htdocs/
  https://sourceware.org/cgit/glibc-htdocs/
  
  Please contact us if you want to upgrade how you publish your
  projects homepage. https://sourceware.org/mission.html#organization

= Sourceware @ Fosdem

  2024 started strong with various Sourceware core toolchain and
  developer tool projects presenting at Fosdem. If you missed the in
  person meetings, most talks have video recordings:

  https://fosdem.org/2024/schedule/track/gcc/
  https://fosdem.org/2024/schedule/track/debuggers-and-analysis/
  https://fosdem.org/2024/schedule/event/fosdem-2024-2207-the-plan-for-gccrs/

  Various Sourceware volunteers, overseers and project leadership
  committee members also met informally with FSF/GNU and SFC admins to
  coordinate cross free software infrastructure administration
  matters.

  And if you like to organize an online virtual mini-BoF around some
  topic or project then the Conservancy BBB server is available for
  all Sourceware projects. You can create your own account at
  https://bbb.sfconservancy.org/b/signup which we can then activate
  for you. Note: Anyone is able to join a meeting, accounts are only
  required to create new meetings.

= Security policy updates for a CVE system out of control

  The Common Vulnerabilities and Exposures (CVE) system seems broken
  and has been issuing more and more questionable advisories. Various
  Sourceware hosted projects have been writing security policies to
  help users know which bugs might have security implications.

  https://sourceware.org/cgit/elfutils/tree/SECURITY
  https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt
  https://gcc.gnu.org/cgit/gcc/tree/SECURITY.txt

  The glibc project even setup their own security mailinglist and CNA
  (CVE Numbering Authority) publishing their own advisories:
  https://sourceware.org/glibc/security.html
  https://sourceware.org/cgit/glibc/tree/advisories

  If you need any help adding infrastructure services for your
  security projects, please reach out:
  https://sourceware.org/mission.html#organization

= Summer of Code

  Some Sourceware hosted projects will take part in Summer of Code
  2024. If you are interested in participating please see
  https://gcc.gnu.org/wiki/SummerOfCode
  https://www.gnu.org/software/soc-projects/ideas-2024.html