From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-bounces~public-inbox=simark.ca@sourceware.org>
Received: from simark.ca
	by simark.ca with LMTP
	id cF/PGtlWR2c37gEAWB0awg
	(envelope-from <gdb-bounces~public-inbox=simark.ca@sourceware.org>)
	for <public-inbox@simark.ca>; Wed, 27 Nov 2024 12:28:57 -0500
Authentication-Results: simark.ca;
	dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=mqpijj+6;
	dkim-atps=neutral
Received: by simark.ca (Postfix, from userid 112)
	id 667701E097; Wed, 27 Nov 2024 12:28:57 -0500 (EST)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on simark.ca
X-Spam-Level: 
X-Spam-Status: No, score=-5.4 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_MED autolearn=unavailable autolearn_force=no
	version=4.0.0
Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256)
	(No client certificate requested)
	by simark.ca (Postfix) with ESMTPS id 9E2851E05C
	for <public-inbox@simark.ca>; Wed, 27 Nov 2024 12:28:56 -0500 (EST)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 1B3E0385842A
	for <public-inbox@simark.ca>; Wed, 27 Nov 2024 17:28:56 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1B3E0385842A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1732728536;
	bh=n9DxJD99qNfFomKX0F7ccGNOlNZbugGQFGM+kFIxaVM=;
	h=References:In-Reply-To:Date:Subject:To:Cc:List-Id:
	 List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
	 From:Reply-To:From;
	b=mqpijj+6e7g46LoaHy7GwO2ayOgfViWOiyhaQ9i8ty02khNanuflmyXp4uPL+2req
	 /B6uzRIOSPAV8vCtupUIBOyQjC9jOXEjPxw+p/MrOOmgz8aC2Hux5eD9sToqK9rJcg
	 wminHdaMxGKzarVaAGcXtqw/xqnPSaiHCpf0LlBs=
Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com
 [IPv6:2a00:1450:4864:20::135])
 by sourceware.org (Postfix) with ESMTPS id 676723858D37;
 Wed, 27 Nov 2024 17:27:53 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 676723858D37
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 676723858D37
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732728473; cv=none;
 b=k2jFiJco4nAZcbs9yEaA5vPlxUBGfBm1ed59CEWglbKvv+mBX/7+8gTOdviBNnZ1zTOEpYcOeseu+cX8Hd3pdnqbOzwTCxqJyHQj47CjT7vf5eZPg53Mfkc4q1mEn/1NkQ+71iyHrC/zBdWAPCoVoYVI2L+Z/WC8FO61AxIQUsY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1732728473; c=relaxed/simple;
 bh=FRKNNSDYwUzzgfeEbg7rpK14W8cbpVkhir8HMaJpegI=;
 h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To;
 b=Nbacy9pZIX9NPx7ZBnyx+1rWHzaVfAq76ZaH78jYqburr+aGqTOeyUXuzluGoliR5yYxIgE3FkeRbO7HtwUDPrLHHGzCuaJZ87FDwbHXPc3aN3DwQ9senivCCye71L9Xynmjide+isyxGe7U+OLLGHhNLPfgKsAyS73PMCwrDUw=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 676723858D37
Received: by mail-lf1-x135.google.com with SMTP id
 2adb3069b0e04-53dd59a2bc1so6617663e87.2; 
 Wed, 27 Nov 2024 09:27:53 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1732728472; x=1733333272;
 h=content-transfer-encoding:cc:to:subject:message-id:date:from
 :reply-to:in-reply-to:references:mime-version:x-gm-message-state
 :from:to:cc:subject:date:message-id:reply-to;
 bh=n9DxJD99qNfFomKX0F7ccGNOlNZbugGQFGM+kFIxaVM=;
 b=fJVEFJUhXzbn9K1jCgQ0RCi+AGP/RV8MazIn99BMvUEhqQutiycxaLTROhZYzv/I81
 mgLSszxPU4P6xJfQOz8ovluP1AKExbeVIxenZZs7Lu0Uu0ZbMvm+BnAJbz0l6YfVXKbt
 wECLIfdo3xiPbJ6gJOmFrfCRGImBYgv09CtyZeHNmBsl2oBCfdJbXjSllvMOZJs/QJOa
 VgyFd9O3yTCJwyoCYUH6hxVjyLaW7+OcLYt1pWwY6gfIKyBv4NinNjzgBsjviwcrsyFv
 6iuHaO9JP6cMPRuK5HTRgLySBk5SzGUmq1W6S15C2by83smOza2qfSOM7+zXbpVsYz8m
 XhUg==
X-Forwarded-Encrypted: i=1;
 AJvYcCVWr/RdAQ5fkKV3mEGlKGLQA+ztw41YYHOJNAKDRyia65it/pqmo2QQXc1Q3Lh1BT9+53f2@sourceware.org,
 AJvYcCW82OD+UKAL1ylUdxK6LQM50VGqG3jA6Cs5vanf0gEV0EVH+SOSDLVx3esrVGuNqeetP2mGN5Rzlg==@sourceware.org,
 AJvYcCXrA0TsBFuUT7gBxVtCsjy6HTducqjztWmyxzQZn24uHkjfqQ5YW1L6Hr/dGpV1wC+z6k9E0IufMpDdsQ==@sourceware.org
X-Gm-Message-State: AOJu0Yx7QuYTml2UO7KR6GrpHMrRMjXbWAkRqp+nEbJcJy1qn5zVavmI
 kgRWWCG7oJGKPTk2xVCA7ZLOr+HVQhbW5q8demVVhaU7hBDVc6aNhA26sdkgrVo2n+Ql8NwQB+R
 Ve9VaNSCCvtYswx3JnL1wrIUDbvIzskpj
X-Gm-Gg: ASbGncsw3cmWbVvhGSxP0thLAQT/3nXKCGuYqFC9RsF/s3dmudrZ7R7X6NGdlmQlYSD
 xUdnBGsg/fsTMRlJg8kTke6K0QZ+2eA==
X-Google-Smtp-Source: AGHT+IHzK9IdfKplsd5CFfcv621FNg13WXcEX6wvlQMc381U9BjKjt5Cgo7sSHeuOm4v70zSXV/0jBfWth5QVqNJuaQ=
X-Received: by 2002:a05:6512:33c8:b0:536:53f0:2f8e with SMTP id
 2adb3069b0e04-53df00ff1ebmr2459852e87.37.1732728471595; Wed, 27 Nov 2024
 09:27:51 -0800 (PST)
MIME-Version: 1.0
References: <5f6e7deb0c8c38dabb02bd38eb3efba1eb65807c.camel@klomp.org>
In-Reply-To: <5f6e7deb0c8c38dabb02bd38eb3efba1eb65807c.camel@klomp.org>
Date: Wed, 27 Nov 2024 12:27:14 -0500
Message-ID: <CAH8yC8mAFRDjpxc_pX4JxB+rXwSkZ4c+=PDAFikPu5pXMbO+2g@mail.gmail.com>
Subject: Re: Sourceware Cyber Security FAQ
To: Mark Wielaard <mark@klomp.org>
Cc: overseers@sourceware.org, gcc@gcc.gnu.org, binutils@sourceware.org, 
 libc-alpha@sourceware.org, gdb@sourceware.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-BeenThere: gdb@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Gdb mailing list <gdb.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb>,
 <mailto:gdb-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb/>
List-Post: <mailto:gdb@sourceware.org>
List-Help: <mailto:gdb-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb>,
 <mailto:gdb-request@sourceware.org?subject=subscribe>
From: Jeffrey Walton via Gdb <gdb@sourceware.org>
Reply-To: noloader@gmail.com
Errors-To: gdb-bounces~public-inbox=simark.ca@sourceware.org
Sender: "Gdb" <gdb-bounces~public-inbox=simark.ca@sourceware.org>

On Wed, Nov 27, 2024 at 11:35=E2=80=AFAM Mark Wielaard <mark@klomp.org> wro=
te:
>
> Hi all,
>
> After lots of discussions at some of our Open Office hours, at the
> Cauldron, with other Software Freedom organizations and some of our
> hardware and services providers we now have a Sourceware Cyber Security
> FAQ explaining topics like the "US Improving the Nation's Cybersecurity
> Executive Order 14028", "EU Cyber Resilience Act (EU CRA)" and "Secure
> Software Development Framework (NIST SP 800-218)".
>
> https://sourceware.org/cyber-security-faq.html

   s/so they share security threads/so they share security threats/g

> We would like to extend this with some recommended practices for
> projects to adopt. Although it is clear that these regulations are
> mainly aimed at commercial entities, who bear the brunt of these
> requirements. We believe this is an opportunity for projects to get
> more (corporate) contributions since these guidelines and requirements
> strongly suggest/mandate to make all their work public and contribute
> (security issues) back upstream. So any policies documenting how to
> clearly report issues and documenting the contributing and release
> practices should be helpful.
>
> Please let us know if you have any questions or suggestions.

Jeff