Sourceware infrastructure updates for Q1 2024
Mark Wielaard
mark@klomp.org
Tue Feb 27 09:23:56 GMT 2024
Sourceware infrastructure community updates for Q1 2024
A summary of news about Sourceware, the Free Software hosting project
for core toolchain and developer tools, from the last 3 months.
- Sourceware now has an official donation page
- StarFive VisionFive-2 RISC-V boards for builder.sourceware.org
- server2 and server3 disk drive updates
- Upgrading project websites from CVS to GIT
- Sourceware @ Fosdem
- Security policy updates for a CVE system out of control
- Summer of Code
= Sourceware now has an official donation page
Sourceware is a Free Software hosting project for core toolchain and
developer tools. Sourceware is maintained by volunteers. Hardware
and bandwidth is provided by sponsors. Sourceware is a Software
Freedom Conservancy member project. Conservancy handles all
non-profit administrivia for Sourceware. Thanks to the Conservancy
we already have collected enough money for an emergency hardware
replacement fund. In case one of our hardware partners would
suddenly and unexpectedly drop support we can now simply buy new
hardware. And we now also have an official donation page to help
fund accelerating tasks the community feels most useful.
https://sourceware.org/donate.html
= StarFive VisionFive-2 RISC-V boards for builder.sourceware.org
StarFive has donated 4 VisionFive-2 risc-v boards with 8GB, 4-core
JH7110 supporting the RV64GC ISA for the CI running on
builder.sourceware.org. Which has allowed us to setup CI (and try)
builders for various projects: annobin, binutils(+try), bzip2,
debugedit, dwz, elfutils(+try), glibc, poke and libabigail(+try).
Please contact the builder project if you want to help out with the
CI services. https://sourceware.org/mailman/listinfo/buildbot
= server2 and server3 disk drive updates
One of the drives in server2 broke down. It was part of a 10 drive
raid6 setup, which can take 2 bad disks before full failure. We also
have a full mirror on server3, which has a similar raid6 setup. We
ordered 3 new disks, one as replacement for the bad disk and a spare
for server2 and server3 in case of future drive failures. The drive
has been replaced and everything is running smoothly. We have a fund
for replacing hardware when needed. But if you want to help out
keeping everything running smoothly you can donate on our new
donation page https://sourceware.org/donate.html
= Upgrading project websites from CVS to GIT.
Various projects were still creating their project homepages from
CVS. We upgraded both glibc and binutils to have a public git htdocs
repository now to which the whole community can contribute.
https://sourceware.org/cgit/binutils-htdocs/
https://sourceware.org/cgit/glibc-htdocs/
Please contact us if you want to upgrade how you publish your
projects homepage. https://sourceware.org/mission.html#organization
= Sourceware @ Fosdem
2024 started strong with various Sourceware core toolchain and
developer tool projects presenting at Fosdem. If you missed the in
person meetings, most talks have video recordings:
https://fosdem.org/2024/schedule/track/gcc/
https://fosdem.org/2024/schedule/track/debuggers-and-analysis/
https://fosdem.org/2024/schedule/event/fosdem-2024-2207-the-plan-for-gccrs/
Various Sourceware volunteers, overseers and project leadership
committee members also met informally with FSF/GNU and SFC admins to
coordinate cross free software infrastructure administration
matters.
And if you like to organize an online virtual mini-BoF around some
topic or project then the Conservancy BBB server is available for
all Sourceware projects. You can create your own account at
https://bbb.sfconservancy.org/b/signup which we can then activate
for you. Note: Anyone is able to join a meeting, accounts are only
required to create new meetings.
= Security policy updates for a CVE system out of control
The Common Vulnerabilities and Exposures (CVE) system seems broken
and has been issuing more and more questionable advisories. Various
Sourceware hosted projects have been writing security policies to
help users know which bugs might have security implications.
https://sourceware.org/cgit/elfutils/tree/SECURITY
https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt
https://gcc.gnu.org/cgit/gcc/tree/SECURITY.txt
The glibc project even setup their own security mailinglist and CNA
(CVE Numbering Authority) publishing their own advisories:
https://sourceware.org/glibc/security.html
https://sourceware.org/cgit/glibc/tree/advisories
If you need any help adding infrastructure services for your
security projects, please reach out:
https://sourceware.org/mission.html#organization
= Summer of Code
Some Sourceware hosted projects will take part in Summer of Code
2024. If you are interested in participating please see
https://gcc.gnu.org/wiki/SummerOfCode
https://www.gnu.org/software/soc-projects/ideas-2024.html
More information about the Cygwin
mailing list