Sourceware / GNU Toolchain at Cauldron

Frank Ch. Eigler
Wed Sep 28 11:14:04 GMT 2022

Hi -

> - Defense in depth
>   - Multiple servers, each with distinct services.
>   - Multiple servers for one service where possible.

Depends on the threat model.  Which one are you concerned about?

> - If governments want to use FOSS tools directly, do we need to
>   comply with security standards like a contractor would?
>   - Does NIST SP 800 53r5 apply to
>     [...]

If we don't have evidence that it does, what is the purpose of bringing it up?

> It is two proposals.
> A fiscal sponsor for infrastructure in the OpenSSF via the GNU
> Toolchain Infrastructure project at the Linux Foundation.
> A proposal to use managed services with the Linux Foundation IT for
> projects currently at

Are they separable?

- FChE

More information about the Overseers mailing list