Should this question be posed to the Linux distribution that NASA is using?
Thanks, David On Sun, Jul 17, 2022 at 4:56 AM Thomas Koenig via Gcc <g...@gcc.gnu.org> wrote: > > Hi Cynthia, > > > Hello, my name is Cynthia and I am a Supply Chain Risk Management > > Analyst at NASA. NASA is currently conducting a supply chain > > assessment of gfortran. As stated in Sections 208 and 514 of the > > Consolidated Appropriations Act, 2022, Public Law 117-103, > > enacted March 15, 2022, a required step of our process is to > > verify the Country of Origin (CoO) information for the > > product (i.e., the country where the products were developed, > > manufactured, and assembled.) > > > As gfortran is open source, we understand that this inquiry is > > not directly applicable, as contributions may be made from > > individuals from around the world. In this case, NASA is > > interested in confirming the following information: > > > 1. Is there an organization which sponsors/publishes the project, or > > a primary developer who audits the code for potential > vulnerabilities, > errors, or malicious code? Y/N > > gfortran is not an independent project, it is part of the Gnu Compiler > Collection, https://gcc.gnu.org/ . As such, any evaluation you > may already have made of gcc also should also apply to gfortran, > and I am also addressing this mail to the gcc mailing list, where > it is more appropriate, especially since I personally am unclear > about the current relationship with the Free Software Foundation. > > Regarding gfortran specifically: Code changes are reviewed by > the individuals listed in the file > > https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=MAINTAINERS;hb=HEAD > > (where you can search for Fortran). > > > 2. Does gfortran have an overseeing organization or individual > > along these lines? Y/N > > See my previous reply. > > > 1. If so, please provide the name of the organization and country > > they are established in > > > If the information above is unknown or cannot be provided, we > > request that you provide the country or list of countries where > > the majority of contributions originate from to satisfy Sections > > 208 and 514 of the Consolidated Appropriations Act, 2022, Public > > Law 117-103, enacted March 15, 2022. > > Main contributions to gfortran, i.e. the Fortran front end to gcc and > its supporting library, came (in no particular order) from the UK, the > US, France, Finland, Germany, the Netherlands and the Czech Republic. > Up to 2006, there were also some contributors from China. > > Best regards > > Thomas >
