Two visions for the future of sourceware.org
The session in question was initially set up as a birds-of-feather gathering where Sourceware "overseer" Mark Wielaard would describe some of the new services that are being developed for that site. He did not get far before being interrupted by David Edelsohn, who questioned whether it was correct to describe Sourceware as a "software project". Wielaard tried to push on, noting that there are currently two Red Hat employees, helped by a number of volunteers, looking after the site. Carlos O'Donell repeatedly broke in to describe Sourceware as specifically a Red Hat system. The site's mission statement, he said, describes it as "a Red Hat system providing services for open-source projects for Red Hat" (which isn't quite the wording on the actual statement). The purpose of these interjections was evidently (at a minimum) to dispute the notion that Sourceware is a community resource.
Continuing, Wielaard claimed that all seems well with Sourceware; the hosted projects are doing well and new services being set up. Sourceware does not really have any problems currently, he said. Wielaard was intending to talk about those new services (the slides for the intended talk are online), but he was interrupted at that point and reminded of an agreement, evidently made ahead of the session, that the real focus of the session would be the SFC proposal and it's (still undisclosed) competitor. Wielaard acquiesced after complaining that he really wanted to talk about new services. [Update: it's worth noting that the existence of this agreement is disputed by some of those who were said to be a party to it.]
The SFC proposal
With regard to the SFC proposal, he said, the idea had been posted on the mailing list and discussed there; the replies seemed to all be positive. O'Donell jumped in to say that the SFC proposal talked about fiscal management, but said nothing about who would be raising funds. That is a difficult and thankless task, he said. SFC director Karen Sandler, dialed in remotely, said that SFC would help with that task; that sort of support is something that SFC routinely provides to its member projects. That said, the SFC does rely on the projects themselves doing fundraising work as well.
Wielaard said that, in the discussion, representatives of the projects hosted on Sourceware seemed to like the SFC proposal, and the Free Software Foundation also seems to be happy with the idea. He said that he did not get a single negative response during the discussion and that his impression was that the community had accepted the idea; yelling from the audience made it clear that there was some disagreement at this point — disagreement that had never been expressed during the month-long mailing-list discussion.
O'Donell repeated that the SFC provides a place to put funding, but that it is necessary to find sources for those funds. Once that happens, he asked, what was the plan for using those funds? Wielaard answered that it would be good to have an offsite backup for Sourceware. Red Hat could turn evil someday (though he sees no signs of that now) and it is good to have a contingency plan. But there are no immediate needs for funds to keep Sourceware going; the purpose is to have a structure to receive funds should the need arise.
GTI revealed
At this point O'Donell, who along with Edelsohn clearly had another plan in mind, finally revealed it to the rest of the group. While discussion of new services for Sourceware would be great, he said, Cauldron is the place where the community can work on structural issues, such as where funding comes from and what is done with it. The SFC would be "within its rights" to take on Sourceware, it has many well-served projects and there is nothing wrong with it. But, he said, there are some serious challenges coming for the toolchain community that may require support beyond what SFC can provide. Specifically, he talked about cybersecurity requirements that could lead to the exclusion of the GNU tools from important projects if its development systems are not seen as being managed in a sufficiently secure manner. Details on what those requirements would be, or how they might be met, were not provided.
The Free Software Foundation is the fiscal sponsor for the GNU project, he continued, while Red Hat is currently the sponsor for Sourceware. Perhaps it is time to seek new sponsors; specifically, the Linux Foundation's Open Source Software Security Foundation (OpenSSF) could become the sponsor for a "GNU Toolchain Initiative" (GTI). There are useful things that could be done with funding, such as setting up Big Blue Button (BBB) servers or establishing a fund to support developers' travel to conferences like Cauldron.
But he would particularly like to see the toolchain's repositories and related services move onto "managed infrastructure", improving security while freeing up developer time for other tasks; this move is a big part of the GTI proposal and where a lot of the funding would go. The toolchain development model looks a lot like the Linux kernel's model, he said, so there would be value in taking advantage of the infrastructure that the Linux Foundation has set up to support the kernel. This is not about the governance of the toolchain projects, which would not change. Those projects could keep their development model and tools while offloading the administrative work.
The SFC's Bradley Kuhn, also dialed in remotely, said that he welcomes debate over how Sourceware should be managed. But naturally he felt that the SFC would be a better home; it is organized as a charity, he said, which gives it more of a community focus. He would understand if the toolchain developers were reluctant to hand off Sourceware to "a big IT team" controlled by large companies. Edelsohn responded that this proposal was not about control, it was about finding the best combination of funders and organizations to ensure the future of the GNU toolchain projects. The GTI proposal is put forward by a number of vendors working on those projects, along with maintainers, release managers, and more.
At this point there was a break in the discussion as it moved to a smaller room.
Governance
Jeremy Bennett restarted things by letting it be known that his company (Embecosm) is one of those that have agreed to sponsor GTI; there are evidently several other sponsors lined up, but none of them were named in the session despite requests. SFC is a fine organization, Bennett said, but he felt that the Linux Foundation would be a better home for Sourceware. He mentioned complaints about the proprietary conferencing system used for Cauldron, claiming that the community lacked the resources and skills to set up a BBB server to use instead. Having a funded operation to manage the infrastructure currently provided by Sourceware could be a way to address problems like that.
O'Donell said that this was the right time to have this discussion, not during the preceding period (seemingly over a year) that he and Edelsohn have been quietly working on GTI. He has been "burned" in the past by overly public discussions, so the development of GTI was, instead, done by creating a "stakeholder map" and working through it slowly and privately. Issues like where the money would come from needed to be worked out before going public, he said.
I could not resist taking this moment to make a bit of a speech. From my point of view, having the Linux Foundation take over kernel.org has been an unambiguously good thing for the kernel community; everything works well and the people running it are trustworthy. But, I said, the secretive way that this project has been handled is a poor example of how to deal with a community. Regardless of what the reality may be, GTI looks to a number of the people involved like a murky, hostile takeover of an important piece of community infrastructure. I asked what the governance structure for GTI would be, and finished by saying that, while the Linux Foundation does many things, supporting free software for remote conferencing isn't one of them; anybody hoping for support for BBB servers from that direction may be disappointed.
Sandler said that the SFC would happily step back if that's what the community wants. Frank Eigler, another one of the Sourceware overseers, said that, however things, go, future discussions on this topic need to happen in the open.
O'Donell started addressing the governance issue by saying that GTI would have an "open and transparent" technical advisory committee made up of the maintainers of the projects hosted there. Wielaard jumped in to complain that the openness is limited when proprietary tools are used in the current GTI discussions. O'Donell said that the use of these tools (seemingly Google Groups) was the result of "laziness" on his part and thanked Wielaard for pointing that out. Serhei Makarov observed (over the videoconference chat) that "laziness is not a good thing to demonstrate when proposing a major community move".
Edelsohn acknowledged that the GTI effort had been going on for a long time outside of the public eye but, he said, the point was not to present the result as a fait accompli. This organizing was happening during the pandemic and, more importantly, during a period where there were a number of controversies surrounding the Free Software Foundation. There was a strong desire for GTI to not look like an attack on the FSF or as a response to the debate surrounding it. Instead, the intent was to get a minimum number of sponsors to launch the project before going public, and to "be kind" to those sponsors who wanted their names to be on the initial press release. There is, he said, $400,000 in annual funding that has been committed at this point.
He also briefly mentioned the GTI governing board, which would be making the decisions on how to use those committed funds; I asked him to elaborate on that aspect of the plan. This board, he said will be populated by representatives of the "major sponsors" of the GTI, and will give one seat to a representative from the technical advisory committee. He added that "everybody" would be able to attend board meetings as observers; it wasn't clear whether he meant "everybody" or "everybody on the technical advisory committee".
Kuhn said that this plan constituted governance by the project's corporate members; that represents a major difference with regard to how SFC manages its projects. There, he said, projects are governed by a volunteer committee and funding organizations have no say in decisions. Bennett said that Sourceware is currently owned by Red Hat, so it is Red Hat's asset (and thus presumably governed by a company as well); Wielaard answered that, for a number of projects, Red Had just provides servers but is not involved in how they are managed. There was some disagreement in the room on this point, since Red Hat also funds some of the developer time that goes into running Sourceware.
Security and conclusion
At times during the session there were questions about which security issues the GTI organizers were worried about, and whether Sourceware has security-related problems now. Joseph Myers reminded the group of the 2010 Sourceware compromise, where a spammer was able to exploit outdated software running on the system to gain shell access and put up some web pages that had little to do with free software. The problem was discovered when the changes tripped up a cron job. Investigation revealed that the Apache server was running in the "gcc" group, meaning that the attacker had been in a position to modify the GCC Subversion repository. In that case it was possible to verify the integrity of the repository but, he said, we cannot assume that something worse won't happen in the future. Notably, nobody mentioned anything about the existence of any more recent security incidents.
Wielaard said that the SFC, too, had suggested putting some resources into security; O'Donell said "let's raise funds for it".
At this point the discussion had gone on for two hours and there was little desire to continue. Jose Marchesi asked what the next steps should be. Wielaard suggested that everything should be put onto the overseers list for public discussion. It should be possible to work things out as a community, he said, but he said he was no longer sure that the toolchain developers were still all one community. Elena Zannoni suggested that a technical discussion on security issues could certainly be held in public.
As of this writing, there still has been no public posting of the GTI proposal.
This article has tried to distill the important issues out of a discussion that was loud, contentious, and bordered on physical violence at one point. Most of that is not truly relevant; the important issue is that the GNU toolchain community has to find a way to rebuild trust and engage the full community in designing a future for Sourceware. This community, one of the oldest in the free-software world, has gotten through many difficult periods in the past; it should be able to handle this one as well.
The video for the first half of this discussion is on YouTube; the second half has not been posted as of this writing.
[Thanks to LWN subscribers for supporting my travel to this event.]
| Index entries for this article | |
|---|---|
| Conference | GNU Tools Cauldron/2022 |
Posted Sep 22, 2022 0:05 UTC (Thu)
by louie (guest, #3285)
[Link] (2 responses)
Posted Sep 23, 2022 20:38 UTC (Fri)
by mjw (subscriber, #16740)
[Link] (1 responses)
If you could that would be really appreciated. Specificaly if you could explain whether it has to be either/or? Since one solution here seems to mix-and-match the different approaches. For example that LF/GTI or OpenSSF as (c)6 funds Sourceware through the Conservancy as (c)3. At least it seems that OpenSSF does something like that already with PyPi. Or maybe the other way around as jsm28 seems to suggest below. That funds for Sourceware are raised through Conservancy which then hires the LF/IT team to provide certain services?
> But most of me is just sad at what sounds like a fairly unhealthy community situation, piled onto an already unhealthy GNU/FSF situation.
I am not denying that it sounds fairly unhealthy right now, but I actually think things are already (very slowly) healing. And I am really happy to see the BBB discussion result in various of these organizations are now exchanging their setups on the sourceware overseers list. If more projects start to offer BBB (or similar) services that would be a great outcome.
Posted Nov 19, 2022 19:07 UTC (Sat)
by ceplm (subscriber, #41334)
[Link]
Posted Sep 22, 2022 1:17 UTC (Thu)
by flussence (guest, #85566)
[Link] (7 responses)
First of all, thank you Mr. Corbet for putting up with that for us.
I don't particularly get the impression present-day GNU is interested in regaining trust or respect from anyone, and the feeling is mutual. The sewers of the internet have had their meathooks embedded in the project in broad daylight with no resistance for the better part of 20 years, and this behaviour is the inevitable product of that. It seems beyond fixing at this point, and not for lack of people trying.
Free and open resources are better spent on actual free and open software, like musl. Let this alt-right talk show ambush be a wakeup call to anyone who thinks GNU is too big to fail.
Posted Sep 22, 2022 2:01 UTC (Thu)
by atai (subscriber, #10977)
[Link] (4 responses)
Posted Sep 22, 2022 8:00 UTC (Thu)
by seyman (subscriber, #1172)
[Link] (3 responses)
I would nuance this with the fact that people trusted them so much at one point that they forked the gcc project, calling it egcs (yes, I realize this was 25 years ago and that things have changed since then).
Posted Sep 22, 2022 8:52 UTC (Thu)
by pbonzini (subscriber, #60935)
[Link] (2 responses)
Posted Sep 22, 2022 9:01 UTC (Thu)
by rsidd (subscriber, #2582)
[Link] (1 responses)
Posted Sep 22, 2022 19:51 UTC (Thu)
by JoeBuck (subscriber, #2330)
[Link]
So it was about either having gcc accepted as gcc3, and having egcs people manage gcc in the egcs way, or staying independent. But the disputes were not about free software philosophy (at least, 95% was not), it was about how to manage a large free software project.
For those of us not working for Cygnus, it was also about not having the only usable g++ become effectively proprietary, which some of the Cygnus marketing people were trying to do (sure, it would be GPL, but their idea was that you could only get it from Cygnus and they would strongly discourage sharing by whatever legal means the could come up with). We wanted the good code to be available easily to all, not just to Cygnus customers. This eventually was a big selling point that convinced RMS.
Posted Sep 22, 2022 7:04 UTC (Thu)
by pbonzini (subscriber, #60935)
[Link]
Posted Sep 23, 2022 1:42 UTC (Fri)
by milesrout (subscriber, #126894)
[Link]
Posted Sep 22, 2022 2:31 UTC (Thu)
by mtaht (subscriber, #11087)
[Link] (14 responses)
Posted Sep 22, 2022 3:28 UTC (Thu)
by WolfWings (subscriber, #56790)
[Link] (12 responses)
And good solid open source conference call systems have been around for ages even before Google existed as a domain name.
That plus a good screen-share and automated subtitling of each speaker would be a veritable master-stroke IMHO.
Posted Sep 22, 2022 8:55 UTC (Thu)
by rsidd (subscriber, #2582)
[Link] (1 responses)
People like to see faces and hand gestures. The latter are often used by speakers to make a point. And video enables viewing blackboards/whiteboards (the physical kind). Why go back to the 1990s? I'm not sure what "good solid open source conference call system" you have in mind either from that era.
Posted Sep 23, 2022 19:40 UTC (Fri)
by ballombe (subscriber, #9523)
[Link]
and yet... I have been (virtually) to a large number of video conference where one almost never see the speaker, only their shared computer screen for all the talk.
Posted Sep 22, 2022 12:53 UTC (Thu)
by jreiser (subscriber, #11027)
[Link] (7 responses)
Please name two or three that you like.
> automated subtitling of each speaker
Does this mean real-time speech-to-text?
Posted Sep 22, 2022 13:19 UTC (Thu)
by jch (guest, #51929)
[Link] (4 responses)
> Please name two or three that you like.
There are a number of very solid open source servers. The best known is probably Jitsi Meet (https://meet.jit.si/), but there's also Janus (https://janus.conf.meetecho.com/), and a number of implementations based on Pion stack (https://pion.ly), such as Galene (https://galene.org), already mentioned earlier in the discussion.
What is lacking, in my opinion, is the client side. Jitsi's client is only really suitable for meetings, not for talks or lectures, while the client most suitable for use with Janus, Meetecho, is proprietary. In Galene, we've tried our best to provide a client that's usable for both meetings and lectures (and, in the latter case, that's comfortable for both the lecturer and for the students), but there's no denying that we'd need the help of a good UI expert.
Posted Sep 23, 2022 3:17 UTC (Fri)
by pabs (subscriber, #43278)
[Link] (3 responses)
Posted Sep 23, 2022 14:25 UTC (Fri)
by jch (guest, #51929)
[Link] (2 responses)
In the specific case of Galene, the protocol was designed to be easy to implement in native clients. As a proof of concept, I've written a lightweight Android client for Galene, which you can download at <https://galene.org/galene.apk> (the source code is not available yet, I'm only just learning Android programming and don't feel comfortable developing in the open yet).
As to the other clients, I am aware of a desktop client for Jitsi Meet, but it uses Electron, and I suspect it's essentially a wrapper around the web client. I am not aware of any native clients for Janus.
Posted Sep 23, 2022 23:55 UTC (Fri)
by pabs (subscriber, #43278)
[Link] (1 responses)
Posted Sep 24, 2022 2:43 UTC (Sat)
by jch (guest, #51929)
[Link]
The more interesting thing, in my opinion, would be for multiple server implementations to agree on a common well-documented protocol, so that a single client can work with multiple servers. There's been some effort in that direction with WHIP <https://www.ietf.org/archive/id/draft-ietf-wish-whip-04.html>, but that's limited to ingress (traffic in the client to server direction only, which is useful for IP cameras and video broadcasting software), and it's too early to say whether it will gain any traction.
Posted Sep 24, 2022 8:31 UTC (Sat)
by WolfWings (subscriber, #56790)
[Link] (1 responses)
And that's one oversight a lot of 'pure web based' attempts has made over the years IMHO is they forget to support POTS dial-in at times. Folks invest hundreds into their phone and accessories to customize their listening/speaking tool to fit them exactly, don't turn that away. Even (or especially) if they use a browser to view the screenshare.
And regarding 'real time subtitling' yeah, TTS, most folks I encounter use the former not the latter term but I recognize the latter is the more accurate technical term to most implementations. But from a UI/UX perspective... it's being able to turn on subtitling. Doesn't matter if it's using TTS on the back-end or not.
Posted Sep 29, 2022 12:14 UTC (Thu)
by jch (guest, #51929)
[Link]
I would be interested in understanding this comment, but I don't wish to hijack this discussion. Perhaps you could describe the UI you envision by mail, either privately (jch at irif.fr) or, preferably, on the mailing list (galene at lists.galene.org)? (No need to subscribe, I'll manually whitelist you.)
Posted Sep 23, 2022 3:16 UTC (Fri)
by pabs (subscriber, #43278)
[Link] (1 responses)
This new "open" multi-lingual TTS system would be useful for that. Apparently it is better quality than other options that exist such as Kaldi/DeepSpeech/coqui/etc.
https://openai.com/blog/whisper/
Please note that according to the HN comments, while the model/code is freely licensed, the audio/text data used for training/evaluating the model is not public and not freely licensed.
Posted Sep 23, 2022 3:16 UTC (Fri)
by pabs (subscriber, #43278)
[Link]
Posted Sep 22, 2022 9:16 UTC (Thu)
by tzafrir (subscriber, #11501)
[Link]
Posted Sep 22, 2022 9:35 UTC (Thu)
by motk (guest, #51120)
[Link]
Posted Sep 22, 2022 10:03 UTC (Thu)
by paulj (subscriber, #341)
[Link] (9 responses)
Doesn't like a good situation here. Also, from the reading of this article, it sounds like it was people from this submarine, behind-closed-doors, corporate-led project that were kind of disruptive and antagonistic. If they wanted, they could surely have given their own talk on their own plans, rather than interrupt someone else's talk?
Posted Sep 22, 2022 10:08 UTC (Thu)
by nix (subscriber, #2304)
[Link] (5 responses)
Posted Sep 22, 2022 14:07 UTC (Thu)
by Wol (subscriber, #4433)
[Link] (4 responses)
But see my other comment about the agreed agenda, and the presenter's agenda, being two completely different things ...
Cheers,
Posted Sep 22, 2022 15:27 UTC (Thu)
by fuhchee (guest, #40059)
[Link]
Posted Sep 22, 2022 15:32 UTC (Thu)
by smakarov (subscriber, #135270)
[Link]
https://gcc.gnu.org/wiki/cauldron2022#cauldron2022talks.s...
> ... This BoF is for everybody who likes to discuss (and wants to help with) automating the infrastructure to make contributing to our projects more fun and more productive.
Posted Sep 22, 2022 16:40 UTC (Thu)
by siddhesh (subscriber, #64914)
[Link] (1 responses)
There was a lot of confusion about the agenda. I had asked for my talk (which conflicted with one of the infrastructure slots) to be moved so that I could participate but I was told that both speakers had agreed to host the BoF jointly and that the conflicting slot was merely a spillover.
Unfortunately it looks like the message didn't reach the published agenda and evidently even the speakers don't seem to have spoken to each other about how they're going to present jointly.
Posted Sep 23, 2022 22:57 UTC (Fri)
by mjw (subscriber, #16740)
[Link]
But Carlos and I do actually agree on most things, we just differ in style and sometimes the path to take to a common goal. So when he proposed to join the BoF I had assumed the other prepared discussion topics that included how to use the new service to do pre-commit ci, testcase analysis, patch attestation for a secure supply chain, contribution tracking, etc. were all of common interest to both him and the whole community attending, so I really wanted to do that discussion first.
I had added the new part about the future of Sourceware and becoming a Conservancy member because I thought it was a nice bridge to Carlos topic. I hadn't intended it to be something controversial or a debate on different visions. Just that having a nonprofit fiscal sponsor for the community without funds seemed like it would be a good bridge to a topic about finding sponsors with funds to spend.
Posted Sep 23, 2022 21:25 UTC (Fri)
by mjw (subscriber, #16740)
[Link] (2 responses)
Yeah, it isn't really that clear in the recording, but I really was at a
Posted Sep 27, 2022 9:47 UTC (Tue)
by paulj (subscriber, #341)
[Link]
I don't think it was proper to be repeatedly interrupted, even if the reaction was too strong. I assume everyone has learned from this.
Posted Jan 2, 2023 20:10 UTC (Mon)
by fuhchee (guest, #40059)
[Link]
Posted Sep 22, 2022 10:06 UTC (Thu)
by jezuch (subscriber, #52988)
[Link] (14 responses)
If now the community frowns upon this governance design, would they lose the sponsors?
> He has been "burned" in the past by overly public discussions,
Double huh!
Posted Sep 22, 2022 10:34 UTC (Thu)
by nix (subscriber, #2304)
[Link] (11 responses)
Stranger is the governance structure (of what? the hosting? all of sourceware and all the software running on it? do they have veto power on what the projects can do, or is this just overseers again under a new name?) where in return for huge piles of money -- paid, as far as I can tell, from the new sponsors to the hosting organization of their choice, *quite possibly themselves*, so this is quite possibly only money in theory, like living in a house you own is foregone rent -- the sponsors get to occupy almost all the seats on the new governance board, leaving only *one* for a rep of the actual projects. So a huge loss of control compared to now where overseers are almost all involved in various projects too. Indeed the original talk was all about the neat things that that control were letting them do and the services they were providing, which would probably be impossible in this new world because they'd be beholden to asking, and probably paying, someone else instead.
And, uh, what are the benefits? Well, unnamed third parties are worried about "cybersecurity" causing the projects to not be allowed in various other projects. Were there any actual examples? Not in the first half of the talk, and even if there were this appears to be third parties engaging in what looks very like extortion, threats to obtain a desired end, particularly if some of them are among the sponsors (not saying they are because the sponsors' identities are also largely unknown, a really good look for this sort of thing). Generally one doesn't respond to extortion by saying "yeah, good, go on, you can have all but one seat on the governing board".
Presumably, going by their actions, the unnamed third parties are worried about attackers getting into the hosting, rather than about the actual developers, at least for now, but who's to say they wouldn't start using the same argument to impose extra constraints on who can push to the GNU toolchain software on their hardware in future? Not working for an approved employer? Goodbye, you can always switch jobs! They can even use the exact same excuse. Only approved employers are "secure". This sort of thing is routine in the proprietary world, and no doubt that's the sort of entity pushing this.
Also, this whole thing is also only worthwhile if the "professionally managed hosting" is vastly better than what it replaces. As we know cloud infrastructure and hosting providers are perfectly secure and never go down, oh wait no they're a really big basket containing lots of eggs, and an even bigger target for attackers!
Honestly to me it seems like the right solution is preventing people messing with the repos, and oh look we're using git so that's easy. It's pretty obvious if anyone messes with history because everyone's pulls conflict suspiciously (and if it was way back in history, fixing it is *hard*, needs hacking at everyone's individual working repos, and will stand out a mile). For recent commits getting locally committed under someone else's name, we also already have a fix: get everyone to sign their commits. SSH keys are fine, they can stick them up somewhere else on the web, on a SSL-signed domain they control or on a verified github account or something, or just get people to vouch for each other. The feature's only been in git for about ten years -- but quite possibly teaching these third parties' security consultants that git commit signing is even possible will be very hard, as will teaching them why git histories are hard to surreptitiously modify. Such people are almost always box-tickers and their boxes are often decades out of date. Maybe you can call git a blockchain to make them happy.
Attackers can also modify the system configuration (and often do), so keep the system config in git too and autovalidate it every N hours, and an attacker can only get in for N hours before their changes are reverted and the system sounds the alarm.
As someone who wasn't even at cauldron, and whose only previous impressions of Carlos have been enormously positive: if Carlos had *wanted* everyone to look on this as a giant and distinctly ugly conspiracy akin to the attempted takeover of .org by venture capitalists helmed by the person then running .org (also described as critical for security reasons, and it didn't happen and none of the promised disasters came to pass), I'm not sure he could have done better. I am baffled.
Posted Sep 22, 2022 10:41 UTC (Thu)
by nix (subscriber, #2304)
[Link] (2 responses)
(And this is the *starting* position, before they start using all that new power we just gave them. What if they decide they don't like us any more or they say they want more money because "the cost of hosting went up" -- and if these people are largely paying that money to themselves they can set the "cost" to whatever they want, whenever they want -- and then they suddenly leave us without any hosting or infrastructure or (in a "managed" world) systems at all unless we buckle under and do whatever they say or give them whatever they want to extort from us. Don't tell me hosting providers with *actual governance positions* and no other connections to the things they "govern" don't do that sort of thing, because they do, there are lots of examples starting with what happened to ICANN over the years. Overseers would never do that both because they literally can't because we never gave them the whip hand like this and because they're *us*.)
I wish I could stop thinking this way. It feels awful. I wish I could convince myself I was wrong.
Posted Sep 30, 2022 17:13 UTC (Fri)
by donbarry (guest, #10485)
[Link]
Yes. I think this will wake up many people whose salaries are not tied to the silent actors behind this.
Posted Oct 3, 2022 9:13 UTC (Mon)
by paulj (subscriber, #341)
[Link]
Yes.
Not in any organised conspiracy way, but simply as an emergent property of the fact that corporations (i.e., the managers who allocate resources) want some level of control in return for the resources they allocate. And they can be _very_ ruthless about how they go about it. They will hire programmers to work on an open-source project, then work to get control - in back-room dealing kinds of ways (see my other comment on how corporate politics can work).
Just speaking as someone who was at the sharp end of this on another project. And - I'm sorry Jon - but LWN completely uncritically ran the LF press release on that one, without reference to the other side.
Posted Sep 22, 2022 11:40 UTC (Thu)
by nix (subscriber, #2304)
[Link] (5 responses)
I suspect the only, partial protection against this would be to have an augmented version of the rules about employer identity on the GCC steering committee: that far from being a committee of sponsors, it's a committee of individuals; that no one employer or set of employers with more than 50% control in common may control more than $smallnum seats (ideally, 1)... and even then just the fact that this is an official governance structure risks employers telling their minions on the governance committee what to do. Overseers is so unglamorous that that basically doesn't happen, so this alone is a risk.
It seems to me that this idea is only justified if the risk is extreme, perhaps if IBM had said that they were reassigning all RH employees working on the toolchain to something else unless this was done -- but in that case this is an internal corporate bunfight between IBM and its subsidiary RH and why on earth is anyone else getting involved? Also, since they own sourceware anyway... this is both a worst case because of course IBM runs a cloud and might well be one of the sponsors so we might well have been landed into the above extortion scenario... and a best-case because IBM *already* in effect controls sourceware. (But the fact that overseers@ could not manage what ran on it anymore would be an awful loss, and probably a good justification on its own for migrating as much of sourceware hosting as possible to somewhere else that is not subject to this, rendering the whole thing moot.)
But of course we don't know if this is true, because almost all the parties in this proposed setup are anonymous. Anonymous, but want almost complete control. Is there any *wonder* that people are coming up with worst-case scenarios? They're writing themselves!
Posted Sep 23, 2022 9:51 UTC (Fri)
by paulj (subscriber, #341)
[Link] (4 responses)
There is a tension in Free Software between the (typically) original motivation of some development - where a developer scratches some itch and believes in Freedom, and so does the initial community that builds around it - and the motivation of those who end up working on it later IF the project becomes successful and widely used.
Many in the latter set will be corporate programmers, working for a large corporate. They like corporate control. They see it as structured, ordered, and responsible. They want clear governance. They want a corporate structure in place that can over-ride any messy disagreements in the community, sometimes even override community consensus. And of course, it pays for their house, their family, etc. - not unreasonable things for a programmer to want, per se. Some of those in the latter set may well have come from the original set.
Some people of course do not see corporate control - whether by one or a committee of them - as a good thing. Of course, people in this set are far less likely to receive resources from the corporates. So this is typically a resources starved set, and they simply can't (reliably) achieve as much as those backed by the corporate, commercial interests.
And I guess such is life.
The one thing I have seen is that /some/ in the corporate set can be /very/ ruthless about getting their way. Some in this set are career players of the "smile to your face, while plotting to stab you in the back, and one day surprise you with the knife" kind of politics found (and encouraged) in certain corporates. And they will bring this misery into your community.
Tales of year-long behind the scenes, secret organising with other corporates + then disrupting a talk of others, to hijack a relatively technical talk for the purposes of discussing what you want, starts to point a bit in that direction, least for me.
Also, funny how Linux Foundation is often the preferred umbrella for such corporate governed projects / project reorgs.
Without casting any aspersions, it is worth noting LWN gets funding from LF - AFAIK. I doubt it has any direct influence, but we are all humans. And, even just subconsciously, we all do tend to be slightly nicer towards hands that feed us.
Posted Sep 23, 2022 9:54 UTC (Fri)
by paulj (subscriber, #341)
[Link]
Posted Sep 23, 2022 13:24 UTC (Fri)
by corbet (editor, #1)
[Link]
We might see if they are willing to renew the travel money at some point, but we have not even asked that question. The steady stream of "I got COVID" reports coming in from the events of the last two weeks has not increased our urgency on that point.
Posted Sep 30, 2022 19:01 UTC (Fri)
by pebolle (guest, #35204)
[Link] (1 responses)
My gut feeling is that some in the non-corporate set can be just at bad. Not restricted by corporate metrics - market share, profits, etc. - some people in non-profit roles, volunteers, etc. show very limited restraint. Many such cases documented on lwn.net.
Posted Sep 30, 2022 21:17 UTC (Fri)
by Wol (subscriber, #4433)
[Link]
The big problem I hit is that the professionals just don't "get" that many of us are elderly and disabled. Okay, that's not true of me but it is true of most of my fellow volunteers. And every now and then they have to be forcibly reminded that we just can't do what they want.
(Then throw into the mix what I see far too often on LWN and other views of America - the *assumption* of bad faith and conspiracy - and you have a toxic mix that sadly makes stories like this commonplace.)
What's that I heard (that I've mentioned here before)? If you assume other people are typically decent, well meaning, and rational - you know, just like you - then when you have disagreements the obvious conclusion is that one of you is mis-informed. And what's the betting it's you!
Cheers,
Posted Sep 23, 2022 20:19 UTC (Fri)
by jhhaller (guest, #56103)
[Link]
I don't know what the actual cybersecurity concerns are, but this could be part of the concerns.
Posted Sep 23, 2022 20:40 UTC (Fri)
by carlos.odonell (guest, #99737)
[Link]
Posted Sep 22, 2022 13:37 UTC (Thu)
by kpfleming (subscriber, #23250)
[Link] (1 responses)
Posted Sep 22, 2022 14:04 UTC (Thu)
by Wol (subscriber, #4433)
[Link]
When things are screwed up that early in the proceedings, it's rather difficult to clean up the mess.
Thus giving fuel to the conspiracy theorists. It sounds like this discussion has been going on for a while, but I remember a similar situation not that long ago when the purists were baying "why didn't you tell us earlier", and when the protagonists said "we didn't tell you earlier because there was nothing to tell you" the purists' response was "that's no excuse!".
I don't know, but if this meeting was MEANT to be "we've been discussing and we'd like to present our ideas" I think they were on a hiding to nothing. Not only did they completely mess up the presentation, but the mob are usually only too keen to complain about "fait accompli" when the presenters really do want to discuss ...
Damned if you do, damned if you don't. Sounds a bit like it ...
Cheers,
Posted Sep 22, 2022 12:48 UTC (Thu)
by smakarov (subscriber, #135270)
[Link] (3 responses)
I will admit that it was difficult to follow the entire discussion over Zoom chat. In particular, the acronym GTI was being thrown around for both the public ongoing work of GNU Toolchain leadership, but also for the closed-doors discussion group that had been working on the Linux Foundation proposal. I ended up with the impression that someone identified on the 'stakeholder map' had been excluded from the discussion group because the discussion group was held on Google Meet, and Carlos was apologizing for the 'laziness' in not setting up a different solution. In hindsight I'm not sure if I understood correctly. If I understood correctly, that is a good argument for open discussions with meeting minutes that are shared to mailing lists.
If the video of the second half is posted, I will be able to re-watch it and determine if my remark was relevant.
Posted Sep 22, 2022 16:31 UTC (Thu)
by siddhesh (subscriber, #64914)
[Link] (2 responses)
As someone who had been involved in many of those discussions (on email and on the calls), I don't remember anybody expressing that.
Posted Sep 22, 2022 17:09 UTC (Thu)
by smakarov (subscriber, #135270)
[Link]
(When there isn't a public video recording to review, I thought it prudent to sort out the assumptions behind my remark.)
Posted Sep 23, 2022 23:27 UTC (Fri)
by mjw (subscriber, #16740)
[Link]
I was told I could talk about the technical aspects of it publicly though. Which is when we started the Sourceware GNU Toolchain Infrastructure roadmaps on overseers (one of which even made it to lwn). We recently dropped the GNU Toolchain part though, since that seemed slightly confusing.
Some of the controversy now seems to come from that, because as far as I understand all of the infrastructure to discuss/participate is still proprietary. And none of our technical roadmaps seem to be part of GTI.
Posted Sep 22, 2022 14:20 UTC (Thu)
by smoogen (subscriber, #97)
[Link] (2 responses)
While that meeting looks pretty chaotic and angry, it is how I have seen most discussions about this service for the last 12 years. There are a group of people who believe that this is a community owned project and there are a group of people who believe it is a company sponsored project (first Cygnus and then Red Hat). And usually the fights center on how the other group is going to destroy whatever they have been working on for the last 30+ years. [Since sourceware.org is really an extention of the Cygnus ftp server where you went to get fixes for gcc and other tools way before they would ever show up on the gnu.ai.mit.org system.] I can understand how each side sees the other is at fault, and how each one thought the method they were working would avoid all the landmines they had run into when doing it some other way before.
Posted Sep 22, 2022 14:52 UTC (Thu)
by fuhchee (guest, #40059)
[Link] (1 responses)
(all this is news to me)
Posted Sep 23, 2022 14:31 UTC (Fri)
by smoogen (subscriber, #97)
[Link]
When I originally read the article, I felt that I could map various people's comments to previous discussions. Some things seemed to be like ones on #sourceware, others various discussions on various lists after the Cygnus/Red Hat merger, and even before that in the early 1990's to gnu.misc.discuss threads about when Cygnus was seen as the potential enemy of Free Software and could go evil some day. Trying to do that was a mistake on my part as things are much more complicated, and I did people a disservice.
That said, I still agree with my ending comment. I feel like people were doing these things each from a place of what they thought was best, and trying to avoid various problems they had run into a long lifetime of discussions. It just rarely works out when trying to do that.
Posted Sep 22, 2022 14:38 UTC (Thu)
by karim (subscriber, #114)
[Link]
I find it fascinating how presumably competent people from the corporate world approach their interactions with the open source community with what seems a certain sense of disdain. It's as if their view is that they're going to "knock some sense into this mess"; seemingly oblivious to the fact that whatever they feel they need to sort out existed way before there was any interest in free/open source software to begin with. Better yet, whatever non-corporate-style-governed communities existed seemed to have been able to pierce corporate interest without the "adult" oversight.
Prominent corporate-backed community organizations should be very careful not to come to believe that their corporatizing has now surpassed what the community can do on its own.
Posted Sep 22, 2022 19:52 UTC (Thu)
by jsm28 (subscriber, #104141)
[Link] (23 responses)
(a) I think the presentation to the last GTI TAC meeting should be published (for that matter, I think publishing the meeting recording would be appropriate). There was lots of emphasis on how LF services are designed to make it easy for projects to extract all their data and take their hosting elsewhere if desired, and on working with projects to meet their requirements for the particular services provided, as well as other general information about the design of the LF services.
(b) While I'd like to see more details provided of the apparently relevant software supply chain requirements, I think some security issues are very clear. For high-value targets, defence in depth is important, and that means running separate services in isolation on separate systems with minimum privilege and limited interfaces between them. Traditional system administration of a single system like current sourceware, running many services and with many user accounts, is hardly best practice any longer for a high value target; I think providing sufficient defence in depth implies something very different from current sourceware, whether it's run by the current sourceware administrators, LF IT or someone else (and a lot of work disentangling the different services, regardless of the hosting solution chosen).
(Also, if the community were to conclude that they liked some LF services but with a different governance structure, I think that would be a perfectly reasonable thing to consider if the LF services are available with a different governance structure.)
Posted Sep 23, 2022 4:00 UTC (Fri)
by IanKelling (subscriber, #89418)
[Link] (16 responses)
I don't think that is quite right. There could be beautiful separation of services between machines, but there are, in every hosting infrastructure I've seen, multiple humans that have keys which unlock them all, and those humans get tricked or otherwise compromised into giving access to those keys, and none of that separation matters. And I'm sure there's 100x more people who's computers have the keys which allow them to change what github serves up than sourceware.
Posted Sep 23, 2022 5:44 UTC (Fri)
by mjg59 (subscriber, #23239)
[Link] (15 responses)
Posted Sep 23, 2022 5:53 UTC (Fri)
by mjg59 (subscriber, #23239)
[Link] (14 responses)
Posted Sep 26, 2022 8:13 UTC (Mon)
by NYKevin (subscriber, #129325)
[Link] (13 responses)
* If you have a computer, and someone has physical access to it, then that person has root on that system. If nobody has physical access to it, then when it breaks, you can't fix it.
Posted Sep 26, 2022 18:14 UTC (Mon)
by mjg59 (subscriber, #23239)
[Link] (12 responses)
Posted Sep 27, 2022 17:45 UTC (Tue)
by NYKevin (subscriber, #129325)
[Link] (11 responses)
0. Provide a precise operational definition for root-equivalent, as well as "close enough to root-equivalent that we have to lock it down."
Every single one of those steps has complicated technical and administrative implications. Realistically, this could easily take a large organization years to churn through, even assuming it's a high priority (many organizations take a checklist/audit approach to security, and will only do this sort of thing in narrow domains where someone is specifically checking their work).
Posted Sep 28, 2022 12:11 UTC (Wed)
by paulj (subscriber, #341)
[Link] (10 responses)
E.g., you might have to create a request for a permission in a system, get it approved by a line manager, and then that request goes to another security RBAC-overview team to sign-off. The line manager probably doesn't have great insight into exactly why you might need a permission - you just invent some reason why it's needed for your job. The RBAC security sign-off team also has no great insight - they're dealing with these requests from across the many systems and people in this large organisation, and unless there are clear red-flags they're going to approve a request that has whatever "I need X to do Y for my job" rationale that is signed off by line management.
In some systems in large orgs, some security roles in RBAC systems may be team specific and there may be a requirement that another IC on that team already in that security role has to sign-off (rather than line management; or perhaps in addition, depends). But this is obviously subvertable too.
Some roles have extra-ordinary powers too. E.g. "network root". Even if you could break that role up and make it more fine-grained, end of the day you will still end up with some super-power roles. There's just no avoiding that some kinds of tech management work require super-admin powers, and there'll be no avoiding that in very large tech organisations, the number of people engaged in such work will not be trivial (even if that role scales well and those with super-roles comprise a relatively small ratio of the overall tech staff).
Posted Sep 28, 2022 13:09 UTC (Wed)
by foom (subscriber, #14868)
[Link] (9 responses)
Of course, regular deployments are done with automation, which auto-deploys securely and reproducibly built binaries, built from code which has had mandatory enforced code reviews for all changes. So in the regular course of business, you never need to touch the production system.
But stuff happens.
So, want to tweak the configuration of your running service? You need to get a second person to approve the particular config change -- that's enforced.
Want to run an arbitrary shell command on the production system, to fix an emergency problem? Get the actual command-line you're going to execute reviewed by a second person, before it can be executed -- again, enforced.
There will always be a "break glass in case of emergency" access available to a small number of people which bypasses the complex enforcement systems and gives you direct control -- but that should be used so rarely, so as to be actually notable if the glass is indeed broken. And invoking such extraordinary access should still require multi-party concurrence of some sort -- and be logged and audited after the fact.
Posted Sep 29, 2022 11:58 UTC (Thu)
by paulj (subscriber, #341)
[Link] (2 responses)
That culture + heavy reliance on automation there leads to default attitudes of "If the CI passes, push it" .
Posted Sep 29, 2022 14:28 UTC (Thu)
by foom (subscriber, #14868)
[Link] (1 responses)
But any sort of intentional wrongdoing is significantly more difficult/risky -- and would also likely take longer -- when you either need to involve multiple appropriately-privileged people in the conspiracy, or else hope your non-conspiring counterpart doesn't notice what you're doing.
And of course, all of this also generates an audit trail, so if an incident is noticed after the fact, there is a better ability to figure out what happened.
There is plenty of history in organizations large and small -- going back even to very early system administrators -- where an individual who has the ability, will abuse their privilege to, e.g., spy on someone they're romantically interested in. (Not to mention nation state hacking operations...)
These sorts of policies can make both of those attacks much trickier to pull off -- and possibly even prevent them.
Posted Sep 30, 2022 11:46 UTC (Fri)
by paulj (subscriber, #341)
[Link]
"generates an audit trail, so if an incident is noticed after the fact, there is a better ability to figure out what happened."
Right, this is the main thing. You can figure out /who/ did something, hopefully. And fire them / hand them to the police / sue them.
Posted Sep 30, 2022 11:50 UTC (Fri)
by paulj (subscriber, #341)
[Link] (5 responses)
When this happens, you've likely got engineers running commands all over the place trying to debug a complex, multi-faceted problem. There's no review! "Get the {major system} back!" is the only concern.
As these emergencies happen fairly regularly (consequence of the "err on the side of pushing, can always fix later" culture), a good strategy for an attacker would be to prepare whatever internal exploit/subversion, and then just wait for the next emergency and push stuff out unnoticed amid the chaos.
Posted Sep 30, 2022 12:18 UTC (Fri)
by zdzichu (subscriber, #17118)
[Link] (1 responses)
Posted Sep 30, 2022 13:23 UTC (Fri)
by paulj (subscriber, #341)
[Link]
Does that mean some subversion hidden somewhere in there will be caught? I don't know.
Does it mean that a subversion that was pushed /outwith the control or visibility of the normal CI tools/ (cause, shit was down! fix fast! maybe even the CI infra was down, cause it depends on the site being up!) will be caught? That's a lot less likely.
A manually pushed out subversion could easily run for weeks, until the next update of whatever component it is in.
Posted Sep 30, 2022 19:03 UTC (Fri)
by Cyberax (✭ supporter ✭, #52523)
[Link]
In environments where I worked, emergency access still logs everything. And the logging systems are really separate from everything else (and rarely need maintenance anyway).
Posted Sep 30, 2022 19:21 UTC (Fri)
by mjg59 (subscriber, #23239)
[Link] (1 responses)
Posted Sep 30, 2022 19:59 UTC (Fri)
by paulj (subscriber, #341)
[Link]
Scenario I was envisaging is the subversive does /not/ initiate the "break glass" procedures, but just waits patiently for the big "break the glass, all hands on deck to debug this massive outage!" event to happen (which is inevitable, with current culture in many big tech places) - and then capitalise on that.
Will it be picked up? Who knows.
But I know for a fact that in some of these big outages, ad-hoc binaries get built on devs machines and pushed out with dirty scripts, outwith all the CI and stuff, with quick-fixes. (The CI and other normal deployment tools may be broken as part of the outage anyway). And those binaries may end up running for a week or two.
Posted Sep 23, 2022 9:32 UTC (Fri)
by pbonzini (subscriber, #60935)
[Link] (5 responses)
Most projects on sourceware.org are dead and should be archived. Some of them (e.g. GSL) have already migrated out of sourceware in fact. I don't know if any of them have CGI for the websites, but if so that might be an entry point for an attacker too.
Of the about ten projects that are alive, the big four projects are gcc, gdb, binutils and glibc, and they have substantially different needs from smaller projects like elfutils, systemtap, cygwin or libabigail (plus others that, while alive, are barely so).
Both proposals fail to recognize that with such a varied lot:
1) there is no reason for these projects to live on the same server.
2) it does seem weird for Conservancy to be the fiscal sponsor for *sourceware*, as opposed to individual projects hosted by it; but on the other hand a migration to LF IT might not take into account the needs of smaller projects very well.
Besides, there's in general no reason for all of the services to be provided by a single server. Different services can be easily outsourced to different people, companies or external providers.
Therefore, if the bigger projects are worried about supply chain attacks, to begin with they can very easily migrate their source code control repositories elsewhere (could be LF or gitlab/github). More in general, the bigger projects do not *need* all their infrastructure to be on a single server, whether that single server is sourceware.org or LF's or something else. To be honest, most of the smaller projects probably would be better served by migrating to gitlab, github or sourcehut, which would likely provide better CI than a custom buildbot infrastructure.
The only common needs of large and small projects alike seem to be mailing lists (where migrating to a new domain can be painful) and the wiki server. A machine that does only these two things has a relatively small attack surface, operating cost, and supply chain risk. So perhaps sourceware.org can keep on providing that with a vastly smaller effort on part of the overseers, which can concentrate on doing those two things better (e.g., adding a public-inbox instance does seem like a good idea). It can also host source code control repos (git/gitweb) for the smaller projects that do not want to migrate, and provide backwards-compatible HTTP-level redirects for those that decide to migrate somewhere else. The cost to run these services would be peanuts for Red Hat (bandwidth for downloads and source control usually dwarves everything else), and it would also be easier to recruit sysadmins because the stakes are lower.
The larger projects then would be free to host everything else with LF IT, Conservancy or somebody else altogether. They don't even have to do the same thing between the four of them, though it would make sense for binutils, gcc and gdb to do so. I am rusty on how they do release management, but perhaps they could even use a monorepo with per-project release branches.
Posted Sep 23, 2022 10:22 UTC (Fri)
by fuhchee (guest, #40059)
[Link] (2 responses)
Posted Sep 23, 2022 13:32 UTC (Fri)
by pbonzini (subscriber, #60935)
[Link] (1 responses)
Posted Sep 30, 2022 13:45 UTC (Fri)
by law@redhat.com (guest, #31677)
[Link]
You're a respected voice in the broader free software community and many of us in the GCC community absolutely remember your numerous contributions through the years. Definitely chime in to the discussion.
Jeff
Posted Sep 23, 2022 23:42 UTC (Fri)
by mjw (subscriber, #16740)
[Link] (1 responses)
Just wanted to reply to this part here:
> (e.g., adding a public-inbox instance does seem like a good idea)
Done :) https://inbox.sourceware.org/
This was actually part of the original BoF topics, including discussion on how to use b4 for patch attestation and how that might help with the secure supply chain discussions: https://gnu.wildebeest.org/~mark/sourceware/presentation....
Posted Sep 24, 2022 12:59 UTC (Sat)
by pbonzini (subscriber, #60935)
[Link]
Posted Sep 22, 2022 22:35 UTC (Thu)
by scientes (guest, #83068)
[Link] (2 responses)
Posted Sep 22, 2022 22:39 UTC (Thu)
by scientes (guest, #83068)
[Link]
Posted Sep 22, 2022 22:42 UTC (Thu)
by corbet (editor, #1)
[Link]
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
egcs had to be created because FSF gcc had completely broken in the late 90s; it was unable to produce releases for a period of about two years, and forks were exploding all over the place. Merging back into gcc2 wasn't really possible because gcc2 had been using a flow where only one overworked guy (whose main focus was elsewhere) did all the checkins, and it had a badly broken C++ that was mainly good for internal compiler errors.
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
bbb vs galene
bbb vs galene
bbb vs galene
bbb vs galene
> And good solid open source conference call systems have been around for ages
bbb vs galene
bbb vs galene
bbb vs galene
bbb vs galene
bbb vs galene
bbb vs galene
bbb vs galene
bbb vs galene
bbb vs galene
https://news.ycombinator.com/item?id=32927360
bbb vs galene
GNU tools cauldron videos
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Wol
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
>
> Topics to discuss include the shared buildbot [1]. Whether we need more/other arches/distro support. Which builders are most beneficial to projects. How buildbot should report issues. Whether to use the buildbot to automate other tasks like updating documentation, websites, generate release tars or updating bugzilla. How to use git user try branches. Taking advantage of the Bunsen [2] testrun cluster analysis, per-testrun testcase search/browse engines, search operators, testsuite summary (vs detail) grids. Patch tracking using patchwork [3] integrated with buildbot and the CICD trybot [4]. How to use the sourcehut mirror [5]. ...
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
loss when someone started shouting and even pushing other participants
to shut up. That had never happened to me before and I didn't really
know how to handle it. So I lost control. What I of course should have done was simply tell that person to calm down and state that there would be plenty of time later for other discussion topics they wanted to bring up. Now it looked like I didn't want them to speak which made the optics even worse.
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Through the end of 2019, LWN received some travel sponsorship from the LF that enabled us to get to events and was much appreciated. For some strange reason we stopped travelling in 2020 and that sponsorship ended; we have received no funds from the LF since that time. So the claim in the above comment is not really true.
Funding from the LF
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Wol
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Wol
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
How is sourceware.org run
How is sourceware.org run
How is sourceware.org run
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
* If you have more than one computer, and those computers talk to each other automatically (for any reason), then they need to authenticate each other, which means they need certificates, which means you need a key that signs those certificates. That key is root-equivalent, or very nearly so.
* You can break it up into multiple keys, but now you have to solve for key management, so your key management system is probably root-equivalent.
* If you have any sort of access control (authorization) system, then anyone who can administer that system probably has root (within the context for which that system is authoritative).
* Does your access control system have a storage backend? Who administers that?
* What about the network? Do you trust certain network segments more than others? Could that be exploited to become root?
* And on, and on, and on...
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
1. Find all the root-equivalent (and "close enough") services.
2. Figure out who has unilateral access to them.
3. Figure out who actually needs access (unilateral or otherwise).
4. Set up a system whereby the people who need access can get it when they need it.
5. Make that system non-unilateral (i.e. require a second person to approve and/or supervise the access).
6. Make sure that a second person is actually available when required.
7. Have some sort of contingency plan for when the system breaks.
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
David Edelson agreed when Noam Chomsky asked him to accept my contract work (bountysource.com) into libGcrypt and not pay me what had been agreed on, and then brag about notoaing me while not answering my question when I email him about it.
This spcific incident of policial persecution became so political that it even got reception in the Russian Federation, with a ban on investments into unfriendly countries.
Two visions for the future of sourceware.org
Two visions for the future of sourceware.org
That sounds unpleasant, but it's also entirely unrelated to the topic at hand. LWN isn't the place to discuss personal financial disagreements.
Off-topic