Core Toolchain Infrastructure - October 2024 update The Core Toolchain Infrastructure (CTI) Project’s mission is to support the GNU Toolchain community with secure infrastructure and state of the art services required to support the community’s development efforts to be a trusted foundation in a secure supply chain.
We want to keep the GNU Toolchain development community updated with the latest information on the CTI project and how it can support the GNU Toolchain. Since 2022 [1][2] the CTI project has been working to carry out a detailed enumeration of the services required by the projects and how those services may be provided in a secure and robust fashion. We have completed a detailed service enumeration for the GNU Toolchain: https://cti.coretoolchain.dev/projects/enum.html In 2024 we published updated project documentation: https://cti.coretoolchain.dev Also in 2024 we've looked at the details of the services we provide, why we provide them, and how we might provide them with with increased security and robustness, including putting together a statement of work with the Linux Foundation Core IT team (who provides similar services to the Linux Kernel) [3]. The CTI Technical Advisory Committee (TAC) is made up of members of the development community of the projects, and is working on behalf of the GNU Toolchain to improve security and robustness of the infrastructure used by the community. The CTI TAC meets monthly and the meetings are open for anyone to attend. There is still a lot of work ahead of us to find a way forward to state of the art sustainable secure and robust services for the GNU Toolchain projects. Recent discussions on the glibc mailing list make it clear that we need to expand and discuss more about our "why" along with the "what" and "how" of these changes. We will be sending out one of these updates every 3 months to all the projects to keep you updated on our progress and discussions with the GNU Toolchain projects and the wider Sincerely, Core Toolchain Infrastructure Technical Advisory Committee [1] https://inbox.sourceware.org/overseers/ef140a6b-c72d-bd63-b94c-bceeb365b...@redhat.com/ [2] https://inbox.sourceware.org/overseers/2513b668-9ebd-9e78-7263-dc24f4a95...@redhat.com/ [3] https://inbox.sourceware.org/libc-alpha/eb0d5e7b-0280-4c5a-aff6-3418a4210...@redhat.com/
