From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id GKOHEiSnKGd8RSUAWB0awg (envelope-from ) for ; Mon, 04 Nov 2024 05:51:16 -0500 Received: by simark.ca (Postfix, from userid 112) id 47C881E5DD; Mon, 4 Nov 2024 05:51:16 -0500 (EST) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-6.7 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED, RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,URIBL_BLOCKED, URIBL_DBL_BLOCKED_OPENDNS autolearn=ham autolearn_force=no version=4.0.0 Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id 27DAB1E5DB for ; Mon, 4 Nov 2024 05:51:15 -0500 (EST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id CBBE43857723 for ; Mon, 4 Nov 2024 10:51:14 +0000 (GMT) Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id D92AC3857C5D; Mon, 4 Nov 2024 10:50:34 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D92AC3857C5D Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org D92AC3857C5D Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=45.83.234.184 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1730717438; cv=none; b=RBAHXx6A+heNe8UsX2uh7B2HjEc9PFETvtxdzS7IfqyF9C891MOBloELv4TjWZQXT3ebGIyqr4EeLp8ulaPHECWE/jbPL9rSymJJhhkekiTgVmxCfUoB4swR6nf8SSHEphX7Ps4Npl/kwPWvTy4VdM03bn14sdp/VO7zL4nFPuw= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1730717438; c=relaxed/simple; bh=/JEcYAKiFx6wU4BrpVZvQ3DItskofGiK7L8KaENBeDw=; h=Date:From:To:Subject:Message-ID:MIME-Version; b=XWdTUnVieDsSI6oT9DxVvAYtqVnspAhlpazoteo8jxFEUsiVk3OPUkaWrZKJdqh2g7Y49of473tStC4v38OJ8s+CMp4ogWCDpueOsEji9aWy+kjNAXfD23m5UZgulXin2OpyWZkef5aka554N3lGrQT/YuvQ8433IU62r3Hbf70= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by gnu.wildebeest.org (Postfix, from userid 1000) id CFC62303C2A0; Mon, 4 Nov 2024 11:50:33 +0100 (CET) Date: Mon, 4 Nov 2024 11:50:33 +0100 From: Mark Wielaard To: Carlos O'Donell Cc: gcc developers , glibc developers , gdb developers , binutils developers , Overseers mailing list , cti-tac@lists.linuxfoundation.org, =?iso-8859-1?B?Wm/r?= Kooyman , "Karen M. Sandler" Subject: Re: Core Toolchain Infrastructure - October 2024 update Message-ID: <20241104105033.GB25396@gnu.wildebeest.org> References: <9ee5b9e1-3f84-4d9e-8249-7a4bf8080bb0@redhat.com> <20241030103912.GD28606@gnu.wildebeest.org> <3a2c2d35-3b86-4286-a393-5ec166659f92@redhat.com> <5691d7c8-f92e-46f3-8edf-c83e085dbfa2@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5691d7c8-f92e-46f3-8edf-c83e085dbfa2@redhat.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: gdb@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-bounces~public-inbox=simark.ca@sourceware.org Sender: "Gdb" Hi Carlos, On Wed, Oct 30, 2024 at 12:52:13PM -0400, Carlos O'Donell wrote: > > We discussed this with OpenSSF and submitted a funding request to > > OpenSSF Alpha Omega for this particular part. OpenSSF initially was > > supportive to funding these kinds of security plans, but they have been > > silent for the last couple of months. If you have contacts to get this > > going forward again that would be great. > > I do have contacts at the OpenSSF and I'd be glad to help. We just > met with one of their team members today as part of the CTI TAC > meeting. Thanks, I see the OpenSSF General Manager and the Technical Program Managers have gotten different positions or moved on from OpenSSF. I added the new contacts to reach out to. > > Yes, please file bugzilla reports against the Sourceware > > Infrastructure project: > > https://sourceware.org/bugzilla/buglist.cgi?product=sourceware&component=Infrastructure > > Or bring it up on the overseers list or during the Sourceware open > > office hours. https://sourceware.org/mission.html#organization > > For tracking purposes I'll file them as Sourceware Infrastructure > bugs and we can go from there. Thanks, that would be useful input. > >> My deepest concerns here is that Sourceware PLC cannot convince > >> larger sponsors to provide the funding to do what needs to be > >> done to scale out and improve our services. > > > > Thanks for your concern. The whole idea of setting up Sourceware as an > > organization with Conservancy as a fiscal sponsor is precisely to make > > these kind of sponsorships easy. And to expand funding to be able to > > accept community donations and grants: > > https://sourceware.org/donate.html > > What you have done is make it *possible* for an organization to > place money at the fiscal sponsor for the mission you've set out, > and while this is a measure of ease, the hardest step is still to > come. You need to convince sponsors to donate. The hardest step and what cost most of the energy was setting up the organization, the PLC, working out our relationship with our fiscal sponsor, making sure to get the governance right. And setting rules for making sure to preserve software freedom and diversify income sources. Large monetary donations from corporations are certainly nice, but you have to make sure the community keeps in control. Having large corporations dominate the funding is risky, so we are also explicitly looking at individual donations and grants. Our largest sponsors provide hardware and services directly instead of exchanging money. https://sourceware.org/mission.html#sponsors They are valued partners with who we can discuss community and services goals. For example about cyber security regulations. > How have your fund raising activities been going for the Sourceware > fund at the SFC? Very well, thanks. See our last yearly report: https://inbox.sourceware.org/20240529190215.GA26515@gnu.wildebeest.org/ We have been getting more hardware and assistence from our sponsors to expand our services and are pulling in ~$250,- dollars a month from individual donations and small grants. We are currently just spending ~5% of that to make sure we are building up enough reserve to be able to replace any hardeware and services in case one of our regular sponsors might have to drop out. Cheers, Mark