Sourceware / GNU Toolchain at Cauldron

Frank Ch. Eigler fche@elastic.org
Wed Sep 28 11:14:04 GMT 2022


Hi -


> - Defense in depth
>   - Multiple servers, each with distinct services.
>   - Multiple servers for one service where possible.

Depends on the threat model.  Which one are you concerned about?


> - If governments want to use FOSS tools directly, do we need to
>   comply with security standards like a contractor would?
>   - Does NIST SP 800 53r5 apply to Sourceware.org?
>     [...]

If we don't have evidence that it does, what is the purpose of bringing it up?


> It is two proposals.
>
> A fiscal sponsor for infrastructure in the OpenSSF via the GNU
> Toolchain Infrastructure project at the Linux Foundation.
>
> A proposal to use managed services with the Linux Foundation IT for
> projects currently at sourceware.org.

Are they separable?


- FChE


More information about the Overseers mailing list