Re: Core Toolchain Infrastructure - October 2024 update

2024-11-04 Thread Mark Wielaard
Hi Carlos, On Wed, Oct 30, 2024 at 12:52:13PM -0400, Carlos O'Donell wrote: > > We discussed this with OpenSSF and submitted a funding request to > > OpenSSF Alpha Omega for this particular part. OpenSSF initially was > > supportive to funding these kinds of security plans, but they have been > >

Re: Core Toolchain Infrastructure - October 2024 update

2024-10-30 Thread Carlos O'Donell via Gcc
On 10/30/24 11:45 AM, Mark Wielaard wrote: > Hi Carlos, > > On Wed, 2024-10-30 at 08:32 -0400, Carlos O'Donell wrote: >> I can get down to specific requirements and possible solutions for them, >> including >> things like securing logins with 2FA etc. Which *could* be solved by >> Sourceware >>

Re: Core Toolchain Infrastructure - October 2024 update

2024-10-30 Thread Joseph Myers via Gcc
On Wed, 30 Oct 2024, Carlos O'Donell via Gcc wrote: > Have you broken down those project goals into actionable steps that > could be taken? > > For example filing Sourceware Infrastructure bugs for each service that > needs to be migrated into a VM and isolated (with a top level tracker > for

Re: Core Toolchain Infrastructure - October 2024 update

2024-10-30 Thread Joseph Myers via Gcc
On Wed, 30 Oct 2024, Mark Wielaard wrote: > Yes, we did already discuss this. But it is too early for that. Richard > setup a wiki page for the Forge Experiment that includes a list of > various bugs/issues in Forgejo that we would like to see resolved > before we can call the experiment an succes

Re: Core Toolchain Infrastructure - October 2024 update

2024-10-30 Thread Karen M. Sandler via Gcc
On 2024-10-30 11:45, Mark Wielaard wrote: Hi Carlos, On Wed, 2024-10-30 at 08:32 -0400, Carlos O'Donell wrote: I can get down to specific requirements and possible solutions for them, including things like securing logins with 2FA etc. Which *could* be solved by Sourceware today possibly usin

Re: Core Toolchain Infrastructure - October 2024 update

2024-10-30 Thread Mark Wielaard
Hi Carlos, On Wed, 2024-10-30 at 08:32 -0400, Carlos O'Donell wrote: > I can get down to specific requirements and possible solutions for them, > including > things like securing logins with 2FA etc. Which *could* be solved by > Sourceware > today possibly using Nitrokeys (open hardware and FOSS

Re: Core Toolchain Infrastructure - October 2024 update

2024-10-30 Thread Carlos O'Donell via Gcc
On 10/30/24 6:39 AM, Mark Wielaard wrote: > Hi Carlos, > > On Tue, Oct 29, 2024 at 06:02:03PM -0400, Carlos O'Donell via Gcc wrote: >> Recent discussions on the glibc mailing list make it clear >> that we need to expand and discuss more about our "why" along with >> the "what" and "how" of these c

Re: Core Toolchain Infrastructure - October 2024 update

2024-10-30 Thread Mark Wielaard
Hi Carlos, On Tue, Oct 29, 2024 at 06:02:03PM -0400, Carlos O'Donell via Gcc wrote: > Recent discussions on the glibc mailing list make it clear > that we need to expand and discuss more about our "why" along with > the "what" and "how" of these changes. Zoe wrote a good summary of that discussio