Core Toolchain Infrastructure - October 2024 update
Mark Wielaard
mark@klomp.org
Mon Nov 4 10:50:33 GMT 2024
Hi Carlos,
On Wed, Oct 30, 2024 at 12:52:13PM -0400, Carlos O'Donell wrote:
> > We discussed this with OpenSSF and submitted a funding request to
> > OpenSSF Alpha Omega for this particular part. OpenSSF initially was
> > supportive to funding these kinds of security plans, but they have been
> > silent for the last couple of months. If you have contacts to get this
> > going forward again that would be great.
>
> I do have contacts at the OpenSSF and I'd be glad to help. We just
> met with one of their team members today as part of the CTI TAC
> meeting.
Thanks, I see the OpenSSF General Manager and the Technical Program
Managers have gotten different positions or moved on from OpenSSF. I
added the new contacts to reach out to.
> > Yes, please file bugzilla reports against the Sourceware
> > Infrastructure project:
> > https://sourceware.org/bugzilla/buglist.cgi?product=sourceware&component=Infrastructure
> > Or bring it up on the overseers list or during the Sourceware open
> > office hours. https://sourceware.org/mission.html#organization
>
> For tracking purposes I'll file them as Sourceware Infrastructure
> bugs and we can go from there.
Thanks, that would be useful input.
> >> My deepest concerns here is that Sourceware PLC cannot convince
> >> larger sponsors to provide the funding to do what needs to be
> >> done to scale out and improve our services.
> >
> > Thanks for your concern. The whole idea of setting up Sourceware as an
> > organization with Conservancy as a fiscal sponsor is precisely to make
> > these kind of sponsorships easy. And to expand funding to be able to
> > accept community donations and grants:
> > https://sourceware.org/donate.html
>
> What you have done is make it *possible* for an organization to
> place money at the fiscal sponsor for the mission you've set out,
> and while this is a measure of ease, the hardest step is still to
> come. You need to convince sponsors to donate.
The hardest step and what cost most of the energy was setting up the
organization, the PLC, working out our relationship with our fiscal
sponsor, making sure to get the governance right. And setting rules
for making sure to preserve software freedom and diversify income
sources.
Large monetary donations from corporations are certainly nice, but you
have to make sure the community keeps in control. Having large
corporations dominate the funding is risky, so we are also explicitly
looking at individual donations and grants.
Our largest sponsors provide hardware and services directly instead of
exchanging money. https://sourceware.org/mission.html#sponsors
They are valued partners with who we can discuss community and
services goals. For example about cyber security regulations.
> How have your fund raising activities been going for the Sourceware
> fund at the SFC?
Very well, thanks. See our last yearly report:
https://inbox.sourceware.org/20240529190215.GA26515@gnu.wildebeest.org/
We have been getting more hardware and assistence from our sponsors to
expand our services and are pulling in ~$250,- dollars a month from
individual donations and small grants. We are currently just spending
~5% of that to make sure we are building up enough reserve to be able
to replace any hardeware and services in case one of our regular
sponsors might have to drop out.
Cheers,
Mark
More information about the Gdb
mailing list