From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from elastic.org (elastic.org [96.126.110.187]) by sourceware.org (Postfix) with ESMTPS id D8ECD3858C83 for ; Wed, 28 Sep 2022 11:14:06 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org D8ECD3858C83 Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none) header.from=elastic.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=elastic.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=elastic.org ; s=default2; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=JcJi51BAkY32OxT6izHy3QY9FQPPtVKvtLbA33YUD4c=; b=R0ZM4jbhTuxd9rqVBvecSFqWL0 6E5vjXpOlIXJA/T+MZizDe89gtWPKSJTkJ3EuV8t7HrY364jRbbekCUX3irW/qCJkqUlLYdAhPar4 C1QmWZyjIBsGYr9/dVcbc9EaBm8ra3B867Zf50WYjgXoTjFp4ZynIr9NfFbDNAcOrM0oOEXQeuKFC PHB1rqAeQ0aUld7WJGezXjv6IcGlIpJhRON73rOfDb39eWUaOiGEr3IUq9jLplpMByUcrBCONxuG4 wdzhgBZYa9AH3vl3f5W+WL5E646Nujcg9Pm7r1wybU60pPbJwJgqfI5mJjzO/fvfNZ9okpKP3SdRT vzDvCl1g==; Received: from vpn-home.elastic.org ([10.0.0.2] helo=elastic.org) by elastic.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1odV0v-0001pg-2o; Wed, 28 Sep 2022 11:14:05 +0000 Received: from very.elastic.org ([192.168.1.1]) by elastic.org with esmtp (Exim 4.96) (envelope-from ) id 1odV0u-000OQL-2e; Wed, 28 Sep 2022 07:14:04 -0400 Received: from fche by very.elastic.org with local (Exim 4.96) (envelope-from ) id 1odV0u-00ELDk-2S; Wed, 28 Sep 2022 07:14:04 -0400 Date: Wed, 28 Sep 2022 07:14:04 -0400 From: "Frank Ch. Eigler" To: Overseers mailing list Cc: Carlos O'Donell , Mark Wielaard Subject: Re: Sourceware / GNU Toolchain at Cauldron Message-ID: References: <20220918162733.GB27812@gnu.wildebeest.org> <20220918213842.GC27812@gnu.wildebeest.org> <2db869b5-5724-18c0-e356-9e5df8f7cb4d@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2db869b5-5724-18c0-e356-9e5df8f7cb4d@redhat.com> X-Sender-Verification: "" X-Spam-Status: No, score=-101.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS,TXREP,USER_IN_WELCOMELIST,USER_IN_WHITELIST autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hi - > - Defense in depth > - Multiple servers, each with distinct services. > - Multiple servers for one service where possible. Depends on the threat model. Which one are you concerned about? > - If governments want to use FOSS tools directly, do we need to > comply with security standards like a contractor would? > - Does NIST SP 800 53r5 apply to Sourceware.org? > [...] If we don't have evidence that it does, what is the purpose of bringing it up? > It is two proposals. > > A fiscal sponsor for infrastructure in the OpenSSF via the GNU > Toolchain Infrastructure project at the Linux Foundation. > > A proposal to use managed services with the Linux Foundation IT for > projects currently at sourceware.org. Are they separable? - FChE