aboutsummaryrefslogtreecommitdiffstats
path: root/source/faq
diff options
context:
space:
mode:
authorCarlos O'Donell <carlos@redhat.com>2024-02-28 14:51:01 -0500
committerCarlos O'Donell <carlos@redhat.com>2024-02-28 14:51:01 -0500
commit8d0dd83cadac25a7df6db8699c5c3c6fe875b6d1 (patch)
tree54d393da5be9653ee6f16449610cf5efad2b0215 /source/faq
parent2992ef6071d9f3d922d86a7140b8a671ee71603b (diff)
downloadcti.coretoolchain.dev-8d0dd83cadac25a7df6db8699c5c3c6fe875b6d1.tar.gz
faq: Add more difficult questions to the FAQ.
Added questions about why and when and the relationship with the Sourceware project.
Diffstat (limited to 'source/faq')
-rw-r--r--source/faq/index.rst50
1 files changed, 50 insertions, 0 deletions
diff --git a/source/faq/index.rst b/source/faq/index.rst
index 1107cea..1ad148e 100644
--- a/source/faq/index.rst
+++ b/source/faq/index.rst
@@ -6,6 +6,56 @@ FAQ
You have questions we have answers!
+* Q: Can we keep deploying services as we have?
+
+ * A: No. The GNU Toolchain is a critical foundation of trust for the GNU/Linux
+ ecosystem and the demands on its infrastructure, services, and security
+ requirements have grown over time. The trend of increasing complexity to
+ support its development and associated financial demands will not abate.
+ Different projects have different risk tolerances and the GNU Toolchain
+ must meet more stringent expectations to maintain the trust of the
+ ecosystem. It is with this context in mind that CTI has been formed.
+
+* Q: What concrete steps will CTI help with?
+
+ * A: Some of the major goals include:
+
+ * Isolating all services in VMs or containers to increase service
+ security and reduce service resource interference.
+
+ * Allow volunteers to focus efforts outside of core infrastructure
+ maintenance.
+
+ * Prepare for additional software supply chain requirements from
+
+* Q: Why are you currently using Linux Foundation IT as the service provider?
+
+ * A: The CTI TAC recommendation is to use Linux Foundation IT services
+ for core infrastructure. The LF IT team already supports many of
+ the same services for the Linux kernel and at scale. The migration
+ would involve moving services from Sourceware.org to LF IT servers.
+ We continue to be thankful and appreciative of the time spent by
+ Sourceware.org volunteers in support of the current services.
+
+* Q: What is the urgency vs what is the timeline?
+
+ * A: The GNU Toolchain community should be making consistent forward
+ progress to improve our infrastructure and cybersecurity position.
+ Showing progress is important for the ecosystem to trust us as a
+ secure and critical part of the software supply chain. We should
+ not wait until there are Cybersecurity regulations that are beyond
+ our ability to comply with as the FOSS ecosystem of tooling and
+ infrastructure. Projects of similar scope and importance have been
+ deploying significant resources for the use of the development community.
+
+* Q: Sourceware volunteers have fielded requests and organized volunteer
+ efforts that have worked well. Does LF allow volunteers to administer
+ the servers together with them? Have they in the past?
+
+ * A: The CTI TAC is the point of contact for volunteers. CTI can fund
+ multiple activities, by multiple entities, and the way in which the
+ volunteers engage may differ between them.
+
* Q: How does this project relate to the GNU Project or the Free Software
Foundation (FSF)?