blob: 1ad148e257b5830f55c1b505b0e467564d435442 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
.. index::
single: FAQ
FAQ
===
You have questions we have answers!
* Q: Can we keep deploying services as we have?
* A: No. The GNU Toolchain is a critical foundation of trust for the GNU/Linux
ecosystem and the demands on its infrastructure, services, and security
requirements have grown over time. The trend of increasing complexity to
support its development and associated financial demands will not abate.
Different projects have different risk tolerances and the GNU Toolchain
must meet more stringent expectations to maintain the trust of the
ecosystem. It is with this context in mind that CTI has been formed.
* Q: What concrete steps will CTI help with?
* A: Some of the major goals include:
* Isolating all services in VMs or containers to increase service
security and reduce service resource interference.
* Allow volunteers to focus efforts outside of core infrastructure
maintenance.
* Prepare for additional software supply chain requirements from
* Q: Why are you currently using Linux Foundation IT as the service provider?
* A: The CTI TAC recommendation is to use Linux Foundation IT services
for core infrastructure. The LF IT team already supports many of
the same services for the Linux kernel and at scale. The migration
would involve moving services from Sourceware.org to LF IT servers.
We continue to be thankful and appreciative of the time spent by
Sourceware.org volunteers in support of the current services.
* Q: What is the urgency vs what is the timeline?
* A: The GNU Toolchain community should be making consistent forward
progress to improve our infrastructure and cybersecurity position.
Showing progress is important for the ecosystem to trust us as a
secure and critical part of the software supply chain. We should
not wait until there are Cybersecurity regulations that are beyond
our ability to comply with as the FOSS ecosystem of tooling and
infrastructure. Projects of similar scope and importance have been
deploying significant resources for the use of the development community.
* Q: Sourceware volunteers have fielded requests and organized volunteer
efforts that have worked well. Does LF allow volunteers to administer
the servers together with them? Have they in the past?
* A: The CTI TAC is the point of contact for volunteers. CTI can fund
multiple activities, by multiple entities, and the way in which the
volunteers engage may differ between them.
* Q: How does this project relate to the GNU Project or the Free Software
Foundation (FSF)?
* A: Many of the GNU Toolchain components are a part of the GNU
Project, and contribute to the development of the GNU system.
The FSF supports the GNU Project, and in turn supports the GNU
Toolchain. The GNU Toolchain community works with the FSF via a
working together fund (https://www.fsf.org/working-together/fund)
to support the development of the GNU Toolchain directly.
The Core Toolchain Infrastructure project is distinct from the
GNU Project and the FSF.
* Q: How does this project relate to the GCC Compile Farm Project
(https://gcc.gnu.org/wiki/CompileFarm)?
* A: The GCC Compiler Farm is a unique resource for the GNU Toolchain
and provides interactive systems for developers to manually test on
a wide variety of hardware and software configurations. This is not
exactly the same set of requirements that the community might have
for securing a supply chain, or using modern CI/CD workflows.
* Q: How will the composition of the Core Toolchain infrastructure project
reflect the communities it supports?
* A: Members of the GNU Toolchain community will always be invited to
become members of the technical advisory cuncil for the project.
* Q: What is the composition of the project steering committee?
* A: The project steering committee will be composed of sponsoring
members of the Linux Foundation and members of the GNU Toolchain
community.
* Q: What does the project TAC do?
* A: The TAC takes input from the GNU Toolchain community and works
with the members to, implement, and resolve prioritized requirements.
* Q: Is the GNU Toolchain development model going to change?
* A: No. The aim of the project is to provide additional infrastructure
for the community that is being made available to support the
GNU Toolchain. All development changes will always be driven by the
community.
* Q: Is Sourceware (https://sourceware.org/) going to be deprecated?
* A: The GNU Toolchain Infrastructure project is distinct from Sourceware.
The intent is to move critical infrastructure from Sourceware to the
Core Toolchain Infrastructure project to provide paid services.
* Q: Who can use the new infrastructure?
* A: That depends on the requirements given by the GNU Toolchain community.
The requirements from the community are input to the steering committee,
and so the answer depends largely on exactly what was the intended purpose.
* Q: What can the new infrastructure be used for?
* A: That depends on the requirements given by the GNU Toolchain community.
The requirements from the community are input to the steering committee,
and so the answer depends largely on exactly what was the intended purpose.
-----------------
* :ref:`genindex`
* :ref:`search`
|