From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dormouse.elm.relay.mailchannels.net (dormouse.elm.relay.mailchannels.net [23.83.212.50]) by sourceware.org (Postfix) with ESMTPS id 066923858D1E for ; Fri, 30 Sep 2022 14:35:50 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 066923858D1E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gotplt.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id CBD2F2346C; Fri, 30 Sep 2022 14:35:48 +0000 (UTC) Received: from pdx1-sub0-mail-a305 (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 0DE4222D27; Fri, 30 Sep 2022 14:35:48 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1664548548; a=rsa-sha256; cv=none; b=8BCGMlIe6vRReN6+Hu//BU3WLkUFKJO+IP9TNXZbxOABv5HDV0UNrvJH0BsRl4HBpAMZG/ xIdYziBDEB31Gxpi5UxPEyytjYE2VO3J+oWLRgFzWLB0ctgcLsbmMWC0sYU3UBGQxBo5oH DLybHluxH1wQoIzSN/fgnaT/euK/EfAu/oDO0eT2yj8jNC+HxaI0pWRlaeBq06nhQMguww h9025Ebnc+0TKkrA2vftoQmvb1hz3/geRybcJl14Yfh4SVRZHDKtxQ19JpNhWWe3X2YBaW fWEW+HAUoLeKbqkgkZDYnlXDCgJWuhKud7kH3YDLcKr3JELVpmf3CRBD9HrPgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1664548548; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ohBVR3fbraWAbtW7j2dH39IJTUxPL3WRB5ja6S9eemM=; b=c+nWYBcaG2r6C2cqDFyvm0iHcVblbDSCpDVRb/bU/R7eb23f44a7ZHZQStnxs3WkAhoTAW d0/EhKNZwEiO4d1ZYRaXUK91V4bicS361gFtyLbIAKvUs9Eub5RVLoITZugafJXBbGqnLN HOWmySV1YvZ/wbRAjmqBJASU4vaVWrSh36SOEiisyjr8sqNfJJ6RHnXjK80AQrm0L1NIw2 kAaiuyX0msTOCVBCsbCrLgnJwk2JOdER8Q0UdiuIWhust/OlhOC4lW713custU9aimZ94L N8zoGtSAeVpcfIkKWLuxKl+qPKA4w2OCwwt2GQFTSpBEcNcaN3T2cUrlzjQqYQ== ARC-Authentication-Results: i=1; rspamd-6d4bb977-54j7l; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Bitter-Reaction: 73c3f9c63386b012_1664548548397_3653176637 X-MC-Loop-Signature: 1664548548397:1720641593 X-MC-Ingress-Time: 1664548548397 Received: from pdx1-sub0-mail-a305 (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.120.38.142 (trex/6.7.1); Fri, 30 Sep 2022 14:35:48 +0000 Received: from [192.168.0.182] (bras-vprn-toroon4834w-lp130-16-184-147-84-238.dsl.bell.ca [184.147.84.238]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a305 (Postfix) with ESMTPSA id 4MfCSz1gc0z48; Fri, 30 Sep 2022 07:35:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotplt.org; s=dreamhost; t=1664548547; bh=ohBVR3fbraWAbtW7j2dH39IJTUxPL3WRB5ja6S9eemM=; h=Date:Subject:To:Cc:From:Content-Type:Content-Transfer-Encoding; b=cAD5wweLy+CCLukOvrBwF+Xxc0MnCJ7JxT/8kshvMkIzTisqcfOip0uWwWCUfvp4F wlxF5NYRhpSBPU7u/Miyq/6K+tzDnS2OqbQD2qRYvMPT2ovUv6sZuOqyEk4ALhK+a2 bmf5yoP0l+Cq7/VpMn0YL8idRazqFSKnDGUBsVUFDNWr/SWlKuM4jfMc6wPnYSrBAU 9Nh4SzUEIV+PQGB66af/eIFf2qN7dml3ZaDw71dAQ56bTtsXyH+08m+zMuTbygSE/G TGN/EzAEh27ThCmWFpzftndRvywNZL3ODqNBEPLPZMU3ytaGSFNfP+1drKgiI7te/p u01DFcBNUfUNA== Message-ID: <91af050b-c02a-23c8-2002-4740708b251f@gotplt.org> Date: Fri, 30 Sep 2022 10:35:45 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0 Subject: Re: The GNU Toolchain Infrastructure Project Content-Language: en-US To: Overseers mailing list Cc: Andrew Pinski References: From: Siddhesh Poyarekar In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3032.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2022-09-29 17:13, Andrew Pinski via Overseers wrote: > The way this announcement was handled was done in a bogus way and > loses trust of many smaller/independent developers. > It makes many folks feel like this was done in a hosital way and even > more is LF and OpenSSF the correct groups to collaborate with here? > I feel like LF and OpenSSF is actually not the right folks to get > involved with sourceware and even more with the compiler. > LF is very much Linux centric and while the GNU Toolchain and other > projects on sourceware are not even related at all to the Linux and > even more there are many embedded developers who like not to even to > be associated with Linux. GitHub sits on the board of OpenSSF which > seems to run counter to what GTI is trying to do. It's natural for GitHub and perhaps more other code hosting platforms to be on the OpenSSF board, it doesn't mean that they're on the advisory board for GTI or can influence its technical or ideological direction. I can't see why that should be a problem. > I get the feeling also there is too many corporations trying to push > the way forward with this proposal rather than a true open source > community. It is a fact that most people on the steering committee, stewards, etc. are paid by corporations to work on the GNU toolchain. Claiming that they're doing this for their company's interests rather than in the interest of the upstream project itself is unfair to them IMO. >> The collaboration >> includes a fund for infrastructure and software supply chain security, which >> will allow us to utilize the respected Linux Foundation IT (LF IT) services >> that host kernel.org and to fund other important projects. > >> The key >> stakeholders of the GNU Toolchain community have been proactively briefed and > No they were not and I have a problem with the word "key" here because > I was not briefed at all. > I get the feeling what you define as key is not the same as myself. AFAICT, "key" is overseers, gcc steering committee, fsf stewards and release managers. You're a valuable member of the gcc community and if you think you should be included into one of these groups I'm sure it's something that the gcc steering committee can discuss. > I think the governing board should NOT have major donors at all. That > is bad just like a way to buy a seat to shut down other > converstations. That is very anti-democratic and very much > anti-open/free source ideals. > This has been a huge problem in politics in general so why extend it > to open source? > Also what is the definition of major donors? Since it is not given > here. Is it 1% of the total donated or is it 10k USD donated? The governing board influence is limited to fiscal discussions. It is the responsibility of the TAC to mould the technical direction of the infrastructure. We have the choice of moving away from LF if we feel that the governing board is unjustly blocking critical improvements to the technical direction without. > I don't doubt LF technical experience. I am just thinking back to the > hack of kernel.org back in 2011 and how it was the IT folks who got > hacked rather than the developers .... > I wonder if LF and kernel.org learned their leasons from that hack. That's just FUD :) >> The GNU Toolchain projects are currently hosted on sourceware.org, funded and >> maintained by Red Hat, for which we are grateful. > > Actually it is not maintained by RH at all. This is wrong describtion > of sourceware really. > In fact this is a huge disservice to the folks who have been > maintaining sourceware. Most have not been Redhat employees for years > now. AFAICT, all but one of the active overseers are Red Hat employees, I can't see the full list unfortunately, if one exists. The overseers archives too AFAICT were made public only recently and I only happened to discover it last week. The actual hardware is also owned and managed by Red Hat. > There are a few other issues I want to raise about infrastructure > projects going forward here: > * supply chain security > ** This seems to push out the small developers and even developers who > don't want to do public key signing (I am included here). It doesn't push out individual developers but I agree it will likely make it harder for developers who refuse to do public key signing. > ** I get where corporations want to do this because they can track > where things come from. But this is very much anti-open/free source > ideals and very much anti-small developers I disagree. > * bug tracking > ** as I mentioned in my other email, bugzilla right now is the best > and only bug tracking system which statisfies the issue tracking for > GCC because of the fields/meta data > ** Providing funding to folks working on (and releasing) bugzilla > might be a good resource for donations to go towards FWIW, there are no viable alternatives to bugzilla at the moment and nothing's really intended to change here. Sid