From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 94DCC3858D39 for ; Wed, 19 Oct 2022 05:47:41 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 94DCC3858D39 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1666158461; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JoilYpNO8C7pMvZgnU5SlZxopSOlcHGKo5hZIGvFZU4=; b=TspypRPQcZtVv9YRXGbDN5GeJHn7neSTasILvCmdi9Sszv4ojhzMH7RppUzl9oGBU2Fc5k hhoNQq/HkvACqF5PkgtTEYONsoRGu3H3Obwiie9Y6Re90Ny1e2/KFp8GYuanVVox2PRExM nIA5APEfYWkLpfJ7b/htu2x5S8sUxjs= Received: from mail-io1-f70.google.com (mail-io1-f70.google.com [209.85.166.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-515-uTChOxi6NUamBOgKSzP4LQ-1; Wed, 19 Oct 2022 01:47:39 -0400 X-MC-Unique: uTChOxi6NUamBOgKSzP4LQ-1 Received: by mail-io1-f70.google.com with SMTP id q12-20020a5d834c000000b006bc2cb1994aso12140908ior.15 for ; Tue, 18 Oct 2022 22:47:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=JoilYpNO8C7pMvZgnU5SlZxopSOlcHGKo5hZIGvFZU4=; b=1W6ueYo8fsSC7RXagwkN0UPxm6l92W844bz80ywR9iUiLI0ZBvoqtn7ZwdkXU98Qwa rHuK+laHsAsFNnPdUBTxWI3FUO8e/mliNHn0oARkIWqcJ+YlR4naQA7TeDJykKEiEyNA eKNcE4S+gxMC95On6X1aZR9DDGr6Ea573aO78kEMjchOByHQSZzjcuMrWdSLTO9zYoys /sgiGYFdVNFdIC/UZh21ZO+b18lnkTA+XpOLBXRvCy+xcal7EOXkVsNJwAysSFd5sB0Q o9lctLD2Q+30/IuULomwnbJwBNmIcYod6/AzIFkCP6C5vqNJZ6eJTBWl0l21Y+Z+QsZm 8BAg== X-Gm-Message-State: ACrzQf3ExVpqvT92A2wVCblsY4cPEUGg7GXtFR2uJDDko26f9Di3YUKa DJ2tepJMn2TOau6IQlK/YBveMqziWpxJOdTZsA552KV5QzkaypxT2mFuhLlJgzYvyKmMERoC7Gt 6dvizUgsvtKAVpaErVrU= X-Received: by 2002:a6b:c809:0:b0:6bc:41d0:66ad with SMTP id y9-20020a6bc809000000b006bc41d066admr4530829iof.46.1666158459149; Tue, 18 Oct 2022 22:47:39 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5vVHT0he3LDraDS6hx7ovY42Lvp8cnZZsNn2AccVqgn/c/hfv8zHOFpsn7L62pVaA3DfVDPw== X-Received: by 2002:a6b:c809:0:b0:6bc:41d0:66ad with SMTP id y9-20020a6bc809000000b006bc41d066admr4530809iof.46.1666158458802; Tue, 18 Oct 2022 22:47:38 -0700 (PDT) Received: from [192.168.0.241] (192-0-145-146.cpe.teksavvy.com. [192.0.145.146]) by smtp.gmail.com with ESMTPSA id g12-20020a056602072c00b006a514f67f38sm1897387iox.28.2022.10.18.22.47.37 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 18 Oct 2022 22:47:37 -0700 (PDT) Message-ID: <3d75e761-ad7c-8b79-9587-51903378e189@redhat.com> Date: Wed, 19 Oct 2022 01:47:36 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: Re: The GNU Toolchain Infrastructure Project To: Jonathan Corbet Cc: overseers@sourceware.org References: <87v8p6i6ht.fsf@meer.lwn.net> From: Carlos O'Donell Organization: Red Hat In-Reply-To: <87v8p6i6ht.fsf@meer.lwn.net> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-5.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,KAM_SHORT,LOTS_OF_MONEY,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 9/29/22 10:45, Jonathan Corbet wrote: > carlos@redhat.com (Carlos O'Donell) writes: > >> During the Sourceware / Infrastructure BoF sessions at GNU Cauldron, the GNU >> Toolchain community in collaboration with the Linux Foundation and OpenSSF, >> announced the GNU Toolchain Infrastructure project (GTI). > > Thanks for making more information available. > > Just for the record, it is still my feeling that the LF's infrastructure > management has been a good thing for the kernel community. Whether it > would be suitable for the toolchain community is not something I'm in a > position to have an opinion on. If anybody is curious about how > interactions with that group work, there is a current discussion on > bugzilla that might be interesting: > > https://lwn.net/ml/ksummit-discuss/05d149a0-e3de-8b09-ecc0-3ea73e080be3@leemhuis.info/ > > Konstantin's response to the idea of moving everything to a Gitlab > instance is the sort of thing I find reassuring. > > I do, though, have a few questions. > > - Why not dispense with the governing board and have the TAC be the > decision-making body? That would help ensure ongoing community > control over this infrastructure. It would also be a clear statement > from the sponsors that they trust the community and do not intend to > force changes in how development is done. The GNU Toolchain leadership, and GTI TAC are always free to seek new funding if the governing board does not support a specific spend. A separation of the fiscal responsibility and technical responsibility is a standard model in most organizations. Any organization that provides fiscal sponsorship ultimately imposes some fiscal control, even if it is not stated explicitly. The separation of responsibilities also helps to avoid conflicts of interest and insider deals. With the transparency instituted for the GTI TAC and governing board, the FOSS community can see and respond to any inappropriate pressure or influence. We don't expect the FOSS community to suddenly become timid about these concerns. After 35+ years of negotiating the various challenges of guiding the GNU Toolchain interactions with software ecosystems, IHVs, ISVs, the GNU Project and the FSF, the GNU Toolchain leadership and the GTI TAC have the experience and mandate to advocate for the GNU Toolchain projects when working with a governing board. > - How were the members of the TAC chosen, and what will be the process > for choosing members in the future? The GTI TAC was bootstrapped by engaging community contributors with direct experience in GNU Toolchain infrastructure and the technical requirements of the GNU Toolchain developers. This includes members from gcc, glibc, gdb and binutils communities along with members of overseers. These invited members were asked to suggest additional members to the TAC. We expect the next set of TAC members will be determined with input from the community and with the assistance of the current TAC. > - During the Cauldron discussion it was said that $400,000 in annual > funding has been committed to GTI. You must have a rough budget for > how those funds will be spent that you can share? When we approached the Linux Foundation as part of developing the proposal we worked with the LF IT team to consider a TAC proposal where all services offered by Sourceware were provided by the LF IT team. This was designed as an exercise to scope costs if all the projects decided they wished to adopt a proposal to move to managed services at the LF. I don't want to quote out-dated numbers. The budget needs to be revised as the GTI TAC works through the current proposal with the community. The rough number listed above are part of the OpenSSF's sponsorship to help support infrastructure for the GNU Toolchain in keeping with the OpenSSFs mission to improve open source security. The initial scoped cost I mentioned earlier was less than the $400K/yr and included non-recurring costs for migration along with ongoing costs required to deliver services for gitolite, mail, mailing lists, public-inbox, patchwork/patchwork-bot, git hooks, wikis, and websites. These services are listed and discussed in the last GTI TAC meeting: https://gti.gotplt.org/tac/ The rough budget was focused heavily on FOSS infrastructure and IT support costs to ensure security and quality for the service provided to the projects. Some costs were not fully scoped, like websites for example, because they involve more complex requirements from the projects. > - Keeping that money stream going will surely require ongoing > fundraising efforts; who will be responsible for that? What happens > if, say, tech companies start getting nervous about dark economic > clouds on the horizon and stop funding the project? The Linux Foundation has ongoing fund raising discussions with its membership, and they would play a key part in working with GTI to find funding for the project. Many current corporate sponsors of the GNU Toolchain are also members of the Linux Foundation. The GNU Toolchain and the FSF have been around for 35+ years. The Linux Foundation has been around for 20+ years. These organizations have weathered many storms, and continued to support their core projects. Lastly, the use of FOSS-based distributed development models allow us the most freedom if we need to move or change hosting for any reason. -- Cheers, Carlos.