From 8d0dd83cadac25a7df6db8699c5c3c6fe875b6d1 Mon Sep 17 00:00:00 2001 From: Carlos O'Donell Date: Wed, 28 Feb 2024 14:51:01 -0500 Subject: faq: Add more difficult questions to the FAQ. Added questions about why and when and the relationship with the Sourceware project. --- source/faq/index.rst | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/source/faq/index.rst b/source/faq/index.rst index 1107cea..1ad148e 100644 --- a/source/faq/index.rst +++ b/source/faq/index.rst @@ -6,6 +6,56 @@ FAQ You have questions we have answers! +* Q: Can we keep deploying services as we have? + + * A: No. The GNU Toolchain is a critical foundation of trust for the GNU/Linux + ecosystem and the demands on its infrastructure, services, and security + requirements have grown over time. The trend of increasing complexity to + support its development and associated financial demands will not abate. + Different projects have different risk tolerances and the GNU Toolchain + must meet more stringent expectations to maintain the trust of the + ecosystem. It is with this context in mind that CTI has been formed. + +* Q: What concrete steps will CTI help with? + + * A: Some of the major goals include: + + * Isolating all services in VMs or containers to increase service + security and reduce service resource interference. + + * Allow volunteers to focus efforts outside of core infrastructure + maintenance. + + * Prepare for additional software supply chain requirements from + +* Q: Why are you currently using Linux Foundation IT as the service provider? + + * A: The CTI TAC recommendation is to use Linux Foundation IT services + for core infrastructure. The LF IT team already supports many of + the same services for the Linux kernel and at scale. The migration + would involve moving services from Sourceware.org to LF IT servers. + We continue to be thankful and appreciative of the time spent by + Sourceware.org volunteers in support of the current services. + +* Q: What is the urgency vs what is the timeline? + + * A: The GNU Toolchain community should be making consistent forward + progress to improve our infrastructure and cybersecurity position. + Showing progress is important for the ecosystem to trust us as a + secure and critical part of the software supply chain. We should + not wait until there are Cybersecurity regulations that are beyond + our ability to comply with as the FOSS ecosystem of tooling and + infrastructure. Projects of similar scope and importance have been + deploying significant resources for the use of the development community. + +* Q: Sourceware volunteers have fielded requests and organized volunteer + efforts that have worked well. Does LF allow volunteers to administer + the servers together with them? Have they in the past? + + * A: The CTI TAC is the point of contact for volunteers. CTI can fund + multiple activities, by multiple entities, and the way in which the + volunteers engage may differ between them. + * Q: How does this project relate to the GNU Project or the Free Software Foundation (FSF)? -- cgit 1.2.3-korg