aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--source/faq/index.rst50
1 files changed, 50 insertions, 0 deletions
diff --git a/source/faq/index.rst b/source/faq/index.rst
index 1107cea..1ad148e 100644
--- a/source/faq/index.rst
+++ b/source/faq/index.rst
@@ -6,6 +6,56 @@ FAQ
You have questions we have answers!
+* Q: Can we keep deploying services as we have?
+
+ * A: No. The GNU Toolchain is a critical foundation of trust for the GNU/Linux
+ ecosystem and the demands on its infrastructure, services, and security
+ requirements have grown over time. The trend of increasing complexity to
+ support its development and associated financial demands will not abate.
+ Different projects have different risk tolerances and the GNU Toolchain
+ must meet more stringent expectations to maintain the trust of the
+ ecosystem. It is with this context in mind that CTI has been formed.
+
+* Q: What concrete steps will CTI help with?
+
+ * A: Some of the major goals include:
+
+ * Isolating all services in VMs or containers to increase service
+ security and reduce service resource interference.
+
+ * Allow volunteers to focus efforts outside of core infrastructure
+ maintenance.
+
+ * Prepare for additional software supply chain requirements from
+
+* Q: Why are you currently using Linux Foundation IT as the service provider?
+
+ * A: The CTI TAC recommendation is to use Linux Foundation IT services
+ for core infrastructure. The LF IT team already supports many of
+ the same services for the Linux kernel and at scale. The migration
+ would involve moving services from Sourceware.org to LF IT servers.
+ We continue to be thankful and appreciative of the time spent by
+ Sourceware.org volunteers in support of the current services.
+
+* Q: What is the urgency vs what is the timeline?
+
+ * A: The GNU Toolchain community should be making consistent forward
+ progress to improve our infrastructure and cybersecurity position.
+ Showing progress is important for the ecosystem to trust us as a
+ secure and critical part of the software supply chain. We should
+ not wait until there are Cybersecurity regulations that are beyond
+ our ability to comply with as the FOSS ecosystem of tooling and
+ infrastructure. Projects of similar scope and importance have been
+ deploying significant resources for the use of the development community.
+
+* Q: Sourceware volunteers have fielded requests and organized volunteer
+ efforts that have worked well. Does LF allow volunteers to administer
+ the servers together with them? Have they in the past?
+
+ * A: The CTI TAC is the point of contact for volunteers. CTI can fund
+ multiple activities, by multiple entities, and the way in which the
+ volunteers engage may differ between them.
+
* Q: How does this project relate to the GNU Project or the Free Software
Foundation (FSF)?