[Dwarf-discuss] Sourceware infrastructure updates for Q2 2024
Mark Wielaard
mark@klomp.org
Wed Jun 5 17:30:20 GMT 2024
Sourceware infrastructure community updates for Q2 2024
A summary of news about Sourceware, the Free Software hosting project
for core toolchain and developer tools, from the last 3 months.
- Ongoing rDNS email issue
- Aging inactive users policy
- Sourceware hosts are not affected by the latest xz backdoor
- Sourceware infrastructure security vision
- Upgraded server2
- Sourceware @ Conservancy - Year One
- Sourceware Open Office hours
= Ongoing rDNS email issue
There are currently issues with rDNS for sourceware.org, cygwin.com,
gcc.gnu.org and lists.dwarfstd.org which cause email delays for some
people in Europe.
If you find something like:
Client host rejected: cannot find your hostname, [8.43.85.97]
in your mail.logs you are affected.
Lumen [CenturyLink, Level3] reports they have isolated this issue to
their Frankfurt, DE facility but do not have an ETR at this time.
If you have trouble receiving emails over smtp because of this issue
note that https://inbox.sourceware.org provides public mailinglists
through http, imap, nntp and makes it possible to git clone whole
archives.
You can get the latest updates from the fediverse:
https://fosstodon.org/@sourceware
= Aging inactive users policy
We started on the "aging inactive users" process by sending emails
to the first batch of users without any activity in the last year
and disabled accounts that really weren't active (putting them in
the emeritus group)
https://inbox.sourceware.org/overseers/ZhQZXogZMozVjIYn@elastic.org/T/
Various people already replied saying it was OK to disable their
account. But we also noticed that some of the account contact
information is no longer valid. Please keep your account details up
to date so that we always have a way of contacting you.
Please see the account management page on how to set your current
email address: https://sourceware.org/sourceware/accountinfo.html
= Sourceware hosts are not affected by the latest xz backdoor
Sourceware hosts are not affected by the latest xz backdoor. We have
reset the builder.sourceware.org containers of debian-testing,
fedora-rawhide and opensuse-tumbleweed. These containers however
didn't have ssh installed, were running on isolated VMs on separate
machines from our main hosts, snapshots and backup servers.
= Sourceware infrastructure security vision
During Q2 2024 we held various open office and public email
discussions with the community and made plans for Sourceware and all
the hosted projects.
https://inbox.sourceware.org/20240325100226.GL5673@gnu.wildebeest.org/
https://inbox.sourceware.org/libc-alpha/ZiV8e8Xm4GFGbQ2E@debian/T/
https://inbox.sourceware.org/libc-alpha/20240423004822.GC4681@redhat.com/T/
After the xz-backdoor incident obviously a lot of discussions
focused on various security aspects. As Sourceware Project
Leadership Committee we turned those ideas into concrete plans.
https://sourceware.org/sourceware-security-vision.html
The Sourceware infrastructure security vision explains what
Sourceware is, the mission, how the organization works, the secure
Sourceware project goals and plans. This includes not just
infrastructure services updates, but also the secure software
development framework projects use and secure supply chain issues.
We are currently working with Conservancy staff on funding proposals
for these plans.
= Upgraded server2
server2.sourceware.org now has 512GB RAM, thanks Red Hat.
= Sourceware @ Conservancy - Year One
https://inbox.sourceware.org/20240529190215.GA26515@gnu.wildebeest.org
https://fosstodon.org/@sourceware/112526024910398811
Communications (lots, also on the fediverse), New and updated
services (snapshots server, email, public-inbox, cgit), Security
(CVEs, git signing, autoregen builders, aging inactive users, secure
supply chain), New and upgraded hardware (thanks Red Hat OSUOSL
StarFive), Finances (we spend hundreds and raised thousands of
dollars), Next year plans (more, bigger and isolated), Conclusion
(Five Stars, Would Recommend).
= Sourceware Open Office hours
Every second Friday of the month is the Sourceware Overseers Open
Office hour in #overseers on irc.libera.chat from 16:00 till 17:00
UTC. Note this is a new time!
Please feel free to drop by with any Sourceware services and hosting
questions. Of course you are welcome to drop into the #overseers
channel at any time and we can also be reached through email and
bugzilla: https://sourceware.org/mission.html#organization
If you aren't already and want to keep up to date on Sourceware
infrastructure services then please also subscribe to the overseers
mailinglist. https://sourceware.org/mailman/listinfo/overseers
The Sourceware Project Leadership Committee also meets once a month
to discuss all community input. The committee will set priorities
and decide how to spend any funds, negotiate with hardware and
service partners, create budgets together with the Conservancy,
or decide when a new fundraising campaign is needed. The current
committee is Frank Ch. Eigler, Christopher Faylor, Ian Kelling,
Ian Lance Taylor, Tom Tromey, Jon Turney, Mark J. Wielaard and
Elena Zannoni.
More information about the Dwarf-discuss
mailing list