[Dwarf-discuss] Sourceware infrastructure updates for Q2 2024

Mark Wielaard mark@klomp.org
Wed Jun 5 17:30:20 GMT 2024

Sourceware infrastructure community updates for Q2 2024

A summary of news about Sourceware, the Free Software hosting project
for core toolchain and developer tools, from the last 3 months.

- Ongoing rDNS email issue
- Aging inactive users policy
- Sourceware hosts are not affected by the latest xz backdoor
- Sourceware infrastructure security vision
- Upgraded server2
- Sourceware @ Conservancy - Year One
- Sourceware Open Office hours

= Ongoing rDNS email issue

  There are currently issues with rDNS for sourceware.org, cygwin.com,
  gcc.gnu.org and lists.dwarfstd.org which cause email delays for some
  people in Europe.

  If you find something like:
    Client host rejected: cannot find your hostname, []
  in your mail.logs you are affected.

  Lumen [CenturyLink, Level3] reports they have isolated this issue to
  their Frankfurt, DE facility but do not have an ETR at this time.

  If you have trouble receiving emails over smtp because of this issue
  note that https://inbox.sourceware.org provides public mailinglists
  through http, imap, nntp and makes it possible to git clone whole

  You can get the latest updates from the fediverse:

= Aging inactive users policy

  We started on the "aging inactive users" process by sending emails
  to the first batch of users without any activity in the last year
  and disabled accounts that really weren't active (putting them in
  the emeritus group)

  Various people already replied saying it was OK to disable their
  account. But we also noticed that some of the account contact
  information is no longer valid. Please keep your account details up
  to date so that we always have a way of contacting you.

  Please see the account management page on how to set your current
  email address: https://sourceware.org/sourceware/accountinfo.html

= Sourceware hosts are not affected by the latest xz backdoor

  Sourceware hosts are not affected by the latest xz backdoor. We have
  reset the builder.sourceware.org containers of debian-testing,
  fedora-rawhide and opensuse-tumbleweed. These containers however
  didn't have ssh installed, were running on isolated VMs on separate
  machines from our main hosts, snapshots and backup servers.

= Sourceware infrastructure security vision

  During Q2 2024 we held various open office and public email
  discussions with the community and made plans for Sourceware and all
  the hosted projects.


  After the xz-backdoor incident obviously a lot of discussions
  focused on various security aspects. As Sourceware Project
  Leadership Committee we turned those ideas into concrete plans.


  The Sourceware infrastructure security vision explains what
  Sourceware is, the mission, how the organization works, the secure
  Sourceware project goals and plans. This includes not just
  infrastructure services updates, but also the secure software
  development framework projects use and secure supply chain issues.

  We are currently working with Conservancy staff on funding proposals
  for these plans.

= Upgraded server2

  server2.sourceware.org now has 512GB RAM, thanks Red Hat.

= Sourceware @ Conservancy - Year One


  Communications (lots, also on the fediverse), New and updated
  services (snapshots server, email, public-inbox, cgit), Security
  (CVEs, git signing, autoregen builders, aging inactive users, secure
  supply chain), New and upgraded hardware (thanks Red Hat OSUOSL
  StarFive), Finances (we spend hundreds and raised thousands of
  dollars), Next year plans (more, bigger and isolated), Conclusion
  (Five Stars, Would Recommend).

= Sourceware Open Office hours

  Every second Friday of the month is the Sourceware Overseers Open
  Office hour in #overseers on irc.libera.chat from 16:00 till 17:00
  UTC. Note this is a new time!

  Please feel free to drop by with any Sourceware services and hosting
  questions. Of course you are welcome to drop into the #overseers
  channel at any time and we can also be reached through email and
  bugzilla: https://sourceware.org/mission.html#organization

  If you aren't already and want to keep up to date on Sourceware
  infrastructure services then please also subscribe to the overseers
  mailinglist. https://sourceware.org/mailman/listinfo/overseers

  The Sourceware Project Leadership Committee also meets once a month
  to discuss all community input. The committee will set priorities
  and decide how to spend any funds, negotiate with hardware and
  service partners, create budgets together with the Conservancy,
  or decide when a new fundraising campaign is needed. The current
  committee is Frank Ch. Eigler, Christopher Faylor, Ian Kelling,
  Ian Lance Taylor, Tom Tromey, Jon Turney, Mark J. Wielaard and
  Elena Zannoni.

More information about the Dwarf-discuss mailing list