From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ian@airs.com>
Received: from sam.airs.com (sam.airs.com [64.13.145.90])
	by sourceware.org (Postfix) with ESMTPS id 8EEC13858CDA
	for <overseers@sourceware.org>; Mon, 26 Sep 2022 14:07:52 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 8EEC13858CDA
Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=airs.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=airs.com
Received: (qmail 2117 invoked by uid 10); 26 Sep 2022 14:07:51 -0000
Received: (qmail 2547796 invoked by uid 500); 26 Sep 2022 14:07:20 -0000
Mail-Followup-To: overseers@sourceware.org
From: Ian Lance Taylor <ian@airs.com>
To: Overseers <overseers@sourceware.org>
Subject: Re: Moving sourceware to the Linux Foundation? No thanks.
References: <Yw5aTCLyYx8qqN3W@wildebeest.org> <87ler4qcmo.fsf@gnu.org>
	<YxBtIOKYGmE3Jpip@wildebeest.org> <YxJQyhMnfOYweDJ7@wn>
	<ecdcb1c5f585ed7cc33327fd7a4441b3@sfconservancy.org>
	<mailbox-882941-1663528656-244078@external.cgf.cx>
	<YzDW3fJaw8NHFUwV@wildebeest.org>
Date: Mon, 26 Sep 2022 07:07:20 -0700
In-Reply-To: <YzDW3fJaw8NHFUwV@wildebeest.org> (Mark Wielaard via Overseers's
	message of "Mon, 26 Sep 2022 00:31:57 +0200")
Message-ID: <m3mtamns9z.fsf@pepe.airs.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Status: No, score=1.8 required=5.0 tests=BAYES_20,JMQ_SPF_NEUTRAL,KAM_DMARC_STATUS,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6
X-Spam-Level: *
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <overseers.sourceware.org>

I see two important points that ought to be discussed on this topic.

The first is succession planning.  Sourceware is essentially a community
project with a relatively small number of people keeping it going.  It
needs trusted and capable people to step it to continue to maintain it.
Where are those people going to come from?  We shouldn't simply hope
that it will keep carrying on as before.

The second, mentioned in Mark's e-mail, is security.  I hope that we can
all agree that there are highly intelligent, highly motivated people
seeking to break security on GNU/Linux and other free operating systems.
Years ago Ken Thompson laid out the roadmap for attacking an operating
system via the compiler and other code generation tools.  These days
these are known as supply chain attacks.  I think that the free software
community should reasonably insist that sourceware be defended against
these kinds of attacks with mechanisms for prevention and detection and
restoration.  This is a hard job.

Ian