The GNU Toolchain Infrastructure Project

Carlos O'Donell carlos@redhat.com
Tue Sep 27 19:59:32 GMT 2022


The GNU Toolchain is a critical foundation of trust for the GNU/Linux ecosystem
and the demands on its infrastructure, services, and security requirements have
grown over time. The trend of increasing complexity to support its development
and associated financial demands will not abate. Different projects have
different risk tolerances and the GNU Toolchain must meet more stringent
expectations to maintain the trust of the ecosystem. It is with this context in
mind that the following proposal has been developed.

During the Sourceware / Infrastructure BoF sessions at GNU Cauldron, the GNU
Toolchain community in collaboration with the Linux Foundation and OpenSSF,
announced the GNU Toolchain Infrastructure project (GTI).  The collaboration
includes a fund for infrastructure and software supply chain security, which
will allow us to utilize the respected Linux Foundation IT (LF IT) services
that host kernel.org and to fund other important projects.  The key
stakeholders of the GNU Toolchain community have been proactively briefed and
included in community conversations during the process of developing this
proposal with incorporation of their feedback. The key stakeholders consulted
include GNU Toolchain project leadership, GNU Toolchain project release
managers, GNU Toolchain project core developers, major vendors, active
Sourceware / Overseers administrators, and both John Sullivan and Zoë Kooyman
of the Free Software Foundation.

The GNU Toolchain Infrastructure project includes a Governing Board and a
Technical Advisory Council[1].  The Governing Board is composed of
representatives of the major donors and a representative from the GTI Technical
Advisory Council.  The board will have fiscal accountability for spending, as
other, similar foundations are organized.  The Technical Advisory Council will
provide technical guidance and recommendations, and set the technical direction
for the infrastructure project, in consultation with the GNU Toolchain
community.  All meetings of the Governing Board and the Technical Advisory
Council are open to non-member observers.  GTI welcomes all donors whose vision
for GTI aligns with the GNU Toolchain and its role in the Free Software
ecosystem.  The leadership and governance of the GNU Toolchain projects are not
affected by the creation of GTI.

The Linux Foundation IT services have a long and respected history of hosting
kernel.org for the Linux community with a robust set of infrastructure.  The
GNU Toolchain serves a similar, critical role and has similar requirements to
ensure its resiliency.  The Linux Foundation IT team has the experience and
infrastructure to efficiently provide those services, and the Linux Foundation
has graciously offered its assistance. 

Linux Foundation IT services plans for the GNU Toolchain include Git
repositories, mailing lists, issue tracking, web sites, and CI/CD, implemented
with strong authentication, attestation, and security posture. Utilizing the
experience and infrastructure of the LF IT team that is already used by the
Linux kernel community will provide the most effective solution and best
experience for the GNU Toolchain developer community. By utilizing the same
infrastructure, the resources of donors who support Free Software can be
targeted at projects that provide unique value to the Free Software community.

The GNU Toolchain projects are currently hosted on sourceware.org, funded and
maintained by Red Hat, for which we are grateful.  Sourceware.org includes the
core GNU Toolchain projects (GCC, GLIBC, GDB, and Binutils) as well as many
other active and inactive projects.  The other projects hosted on
sourceware.org are welcome to join the proposed services at LF IT, in whole or
in part as would best suit their needs

As with kernel.org, GTI has requested from the Linux Foundation IT that all
software implementing the infrastructure for the GNU Toolchain projects must be
Free Software.  If Free Software versions of necessary security tools are
missing, GTI will work with Free Software supporters to develop Free Software
alternatives.

If ever the GNU Toolchain leadership determines that GTI and LF IT are not the
appropriate partners for the project, the Linux Foundation has agreed that the
GNU Toolchain is free to seek alternative financial support and/or
infrastructure services, taking all assets with it.

The GNU Toolchain Infrastructure project welcomes cooperation with other
efforts to fund and improve the GNU Toolchain infrastructure.

This proposal is an exciting opportunity for the GNU Toolchain and helps to
ensure its continued vitality.

Happy Hacking!

Carlos O’Donell
David Edelsohn

[1] Current GTI TAC members are:
Joel Brobecker
Nick Clifton
David Edelsohn
Frank Ch. Eigler
Jeff Law
Martin Liška
Jose Marchesi
Simon Marchi
Joseph Myers
Carlos O'Donell
Siddhesh Poyarekar



More information about the Overseers mailing list