Re: Sourceware / GNU Toolchain at Cauldron

public inbox for overseers@sourceware.org
 help / color / mirror / Atom feed

From: "Frank Ch. Eigler" <fche@redhat.com>
To: Overseers mailing list <overseers@sourceware.org>
Cc: Carlos O'Donell <carlos@redhat.com>,
	Siddhesh Poyarekar <siddhesh@gotplt.org>,
	Mark Wielaard <mark@klomp.org>
Subject: Re: Sourceware / GNU Toolchain at Cauldron
Date: Mon, 3 Oct 2022 09:53:17 -0400	[thread overview]
Message-ID: <20221003135317.GJ7916@redhat.com> (raw)
In-Reply-To: <95f2c79d-1dbc-4e52-0d89-d3babdae66c5@gotplt.org>

Hi -


> > We are fortunate to use fully decentralized source control systems,
> > where full clones at developers - and at other services like github
> > etc. - are routine, and permit work to continue.  I'd be surprised to
> > hear of any organization hoping to hurt free software development by
> > DoS'ing the sites - it'd be a futile gesture.
> 
> At least for GNU toolchain we have never really blessed other clones. The
> only blessed way to get sources is via sourceware.  

This is easily corrected.  Git mirrors at the FSF and other hosting
systems can be stood up, today, at the projects' individual discretion.

> Also a DoS is the least of our concerns.  

(And yet it was the example brought up.)

> An unauthorized access could potentially end up compromising the
> integrity of *all* data on the system, which means multiple projects
> get affected in one fell swoop.

We've discussed -integrity- previously, via git's native resistance,
plus hypothetical per-project adoption of gpg signing & verification
of hosted source content.  https://sourceware.org/PR29615

- FChE

next prev parent reply	other threads:[~2022-10-03 13:53 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-16 20:57 Zoë Kooyman
2022-09-16 21:10 ` Ian Kelling
2022-09-18 16:27 ` Mark Wielaard
2022-09-18 21:38   ` Mark Wielaard
2022-09-19 21:09     ` Mark Wielaard
2022-09-26 22:04     ` Carlos O'Donell
2022-09-27  1:31       ` Alexandre Oliva
2022-09-27 11:02       ` Mark Wielaard
2022-09-28 11:14       ` Frank Ch. Eigler
2022-09-30 13:38         ` Carlos O'Donell
2022-10-02 14:55           ` Frank Ch. Eigler
2022-10-03 13:26             ` Siddhesh Poyarekar
2022-10-03 13:53               ` Frank Ch. Eigler [this message]
2022-10-03 19:16                 ` Mark Wielaard
2022-10-03 15:55               ` Christopher Faylor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221003135317.GJ7916@redhat.com \
    --to=fche@redhat.com \
    --cc=carlos@redhat.com \
    --cc=mark@klomp.org \
    --cc=overseers@sourceware.org \
    --cc=siddhesh@gotplt.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).