From: Christopher Faylor <cgf-use-the-mailinglist-please@sourceware.org>
To: overseers@sourceware.org
Subject: Re: Moving sourceware to the Linux Foundation? No thanks.
Date: Mon, 26 Sep 2022 13:05:10 -0400 [thread overview]
Message-ID: <20220926170510.g6byftdaown4fnta@cgf.cx> (raw)
In-Reply-To: <m3mtamns9z.fsf@pepe.airs.com>
On Mon, Sep 26, 2022 at 07:07:20AM -0700, Ian Lance Taylor wrote:
>I see two important points that ought to be discussed on this topic.
>
>The first is succession planning. Sourceware is essentially a community
>project with a relatively small number of people keeping it going. It
>needs trusted and capable people to step it to continue to maintain it.
>Where are those people going to come from? We shouldn't simply hope
>that it will keep carrying on as before.
The "GTI" debacle has shown fche, mjw, and me that there needs to be
some way to formalize the management of sourceware. I think that the
SFC proposal helps with that since we will need some sort of official
governing board when we move forward. Those people should be a hedge
against the hit-by-a-bus problem.
Personally, I feel more comfortable with a group of formalized
volunteers who will presumably listen to input than with a corporate
entity which dictates what (sometimes non-free) software *must* be used
to adhere to their corporate guidelines.
"You want a mailing list? Sure! That will be $157. We'll have it for
you in about six weeks and it *will* be groups.io."
>The second, mentioned in Mark's e-mail, is security. I hope that we can
>all agree that there are highly intelligent, highly motivated people
>seeking to break security on GNU/Linux and other free operating systems.
>Years ago Ken Thompson laid out the roadmap for attacking an operating
>system via the compiler and other code generation tools. These days
>these are known as supply chain attacks. I think that the free software
>community should reasonably insist that sourceware be defended against
>these kinds of attacks with mechanisms for prevention and detection and
>restoration. This is a hard job.
It's a hard job but I think it is only partly sourceware's job. We can
provide the tools and guidance, but it has got to be up to the projects
(gcc, glibc, cygwin) to implement the protocols which enhance security.
One thing we've talked about is hiring someone to do a security audit
once sourceware has some funding.
cgf
next prev parent reply other threads:[~2022-09-26 17:05 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <Yw5aTCLyYx8qqN3W@wildebeest.org>
2022-08-31 22:19 ` Proposing Sourceware as SFC member project Jose E. Marchesi
2022-09-01 8:28 ` Mark Wielaard
2022-09-02 18:51 ` Daniel Pono Takamori
2022-09-03 14:07 ` Karen M. Sandler
2022-09-03 16:38 ` Mark Wielaard
2022-09-18 19:42 ` Moving sourceware to the Linux Foundation? No thanks Christopher Faylor
2022-09-25 22:31 ` Mark Wielaard
2022-09-26 14:07 ` Ian Lance Taylor
2022-09-26 17:05 ` Christopher Faylor [this message]
2022-09-26 19:57 ` Frank Ch. Eigler
2022-09-27 13:03 ` Carlos O'Donell
2022-09-28 8:53 ` Ian Kelling
2022-10-02 21:15 ` Mark Wielaard
2022-09-28 8:33 ` Ian Kelling
2022-09-28 10:08 ` Frank Ch. Eigler
2022-09-26 21:53 ` Moving sourceware into the future Mark Wielaard
2022-09-27 17:12 ` Daniel Pono Takamori
2022-09-26 22:21 ` Moving sourceware to the Linux Foundation? No thanks Carlos O'Donell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220926170510.g6byftdaown4fnta@cgf.cx \
--to=cgf-use-the-mailinglist-please@sourceware.org \
--cc=overseers@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).