Sourceware / GNU Toolchain at Cauldron
Frank Ch. Eigler
Wed Sep 28 11:14:04 GMT 2022
> - Defense in depth
> - Multiple servers, each with distinct services.
> - Multiple servers for one service where possible.
Depends on the threat model. Which one are you concerned about?
> - If governments want to use FOSS tools directly, do we need to
> comply with security standards like a contractor would?
> - Does NIST SP 800 53r5 apply to Sourceware.org?
If we don't have evidence that it does, what is the purpose of bringing it up?
> It is two proposals.
> A fiscal sponsor for infrastructure in the OpenSSF via the GNU
> Toolchain Infrastructure project at the Linux Foundation.
> A proposal to use managed services with the Linux Foundation IT for
> projects currently at sourceware.org.
Are they separable?
More information about the Overseers