From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from cgf.cx (external.cgf.cx [107.170.62.102]) by sourceware.org (Postfix) with ESMTPS id 98614385C40F for ; Mon, 3 Oct 2022 15:55:40 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 98614385C40F Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=sourceware.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=cgf.cx X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 cgf.cx 3B77610BCD2 X-Spam-Level: X-Spam-CGF-Status: No, score=-1.3 required=5.0 tests=ALL_TRUSTED,TXREP autolearn=ham autolearn_force=no version=3.4.6 spammy=Tokens not available. Date: Mon, 3 Oct 2022 11:55:36 -0400 From: Christopher Faylor To: Overseers mailing list Subject: Re: Sourceware / GNU Toolchain at Cauldron Message-ID: <20221003155536.h6lgvsrndyurahmp@cgf.cx> Mail-Followup-To: Overseers mailing list References: <20220918162733.GB27812@gnu.wildebeest.org> <20220918213842.GC27812@gnu.wildebeest.org> <2db869b5-5724-18c0-e356-9e5df8f7cb4d@redhat.com> <940b60c6-54fe-d4d2-22d1-d93dcf2aaf79@redhat.com> <95f2c79d-1dbc-4e52-0d89-d3babdae66c5@gotplt.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <95f2c79d-1dbc-4e52-0d89-d3babdae66c5@gotplt.org> X-Spam-Status: No, score=-99.8 required=5.0 tests=BAYES_20,HEADER_FROM_DIFFERENT_DOMAINS,KAM_DMARC_STATUS,SPF_HELO_PASS,SPF_PASS,TXREP,USER_IN_WELCOMELIST,USER_IN_WHITELIST autolearn=no autolearn_force=no version=3.4.6 List-Id: On Mon, Oct 03, 2022 at 09:26:57AM -0400, Siddhesh Poyarekar wrote: >... You're bringing up concerns but, even if they are valid, they don't translate into requiring a wholesale transfer of control to another entity. It is not a given that the current overseers can't act to mitigate agreed-upon security issues, especially with the help of the SFC. Also, if these are really serious issues then this plan was developed in private for two years without raising the alarm. During that time, the people who claim that sourceware is in jeopardy have advanced the issues as bullet points in presentations to the LF and friends. IMO, if these really are serious concerns, they should have been discussed here much earlier, without prompting, so that we could work through what needs to be done. It's like noticing that your neighbor's windows are open and working in secret to acquire the house out from under them so that you can close them "for their own good". cgf