Date: Fri, 19 Apr 2024 09:30:31 +0300 From: Odhiambo Washington <odhiambo@gmail.com> To: Lexi Winter <lexi@le-fay.org> Cc: questions@freebsd.org Subject: Re: why does FreeBSD only offer trustworthiness and transparency to people who donate money? Message-ID: <CAAdA2WOQdE7ArY0NAamnCOe62Qo67Ks5EYdEHTCipEV576aUjA@mail.gmail.com> In-Reply-To: <ZiGQ-RSQAsrEET5x@ilythia.eden.le-fay.org> References: <ZiGQ-RSQAsrEET5x@ilythia.eden.le-fay.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000a21b0506166d3b79 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Apr 19, 2024 at 12:30=E2=80=AFAM Lexi Winter <lexi@le-fay.org> wrot= e: > so today i came across this press release: > > > https://freebsdfoundation.org/blog/freebsd-foundation-delivers-v1-of-free= bsd-ssdf-attestation-to-support-cybersecurity-compliance/ > > "FreeBSD Foundation Delivers V1 of FreeBSD SSDF Attestation to Support > Cybersecurity Compliance" > > this is about some new thing called "SSDF Attestation" which is now > available to people who give money to the FreeBSD Foundation. > > reading the PR, i learned: > > > The SSDF Attestation continues the FreeBSD community=E2=80=99s longstan= ding > > commitment to security by providing transparency and trustworthiness > > in its software development environment. This move aligns with the US > > federal government=E2=80=99s recent initiative to bolster software secu= rity. > > i would like to know exactly what "transparency" and "trushworthiness" > is being provided to Foundation donors which is not provided to the rest > of us. > > can anyone summarise exactly what this "SSDF" includes that is being > witheld from normal users like me? > > cc: core@ since i assume core was somehow involved in this. > There is only one codebase for FreeBSD, IIRC. There aren't special users and normal users. --=20 Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 In an Internet failure case, the #1 suspect is a constant: DNS. "Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html] --000000000000a21b0506166d3b79 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">= <div dir=3D"ltr" class=3D"gmail_attr">On Fri, Apr 19, 2024 at 12:30=E2=80= =AFAM Lexi Winter <<a href=3D"mailto:lexi@le-fay.org">lexi@le-fay.org</a= >> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px= 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">so = today i came across this press release:<br> <br> <a href=3D"https://freebsdfoundation.org/blog/freebsd-foundation-delivers-v= 1-of-freebsd-ssdf-attestation-to-support-cybersecurity-compliance/" rel=3D"= noreferrer" target=3D"_blank">https://freebsdfoundation.org/blog/freebsd-fo= undation-delivers-v1-of-freebsd-ssdf-attestation-to-support-cybersecurity-c= ompliance/</a><br> <br> "FreeBSD Foundation Delivers V1 of FreeBSD SSDF Attestation to Support= <br> Cybersecurity Compliance"<br> <br> this is about some new thing called "SSDF Attestation" which is n= ow<br> available to people who give money to the FreeBSD Foundation.<br> <br> reading the PR, i learned:<br> <br> > The SSDF Attestation continues the FreeBSD community=E2=80=99s longsta= nding<br> > commitment to security by providing transparency and trustworthiness<b= r> > in its software development environment. This move aligns with the US<= br> > federal government=E2=80=99s recent initiative to bolster software sec= urity.<br> <br> i would like to know exactly what "transparency" and "trushw= orthiness"<br> is being provided to Foundation donors which is not provided to the rest<br= > of us.<br> <br> can anyone summarise exactly what this "SSDF" includes that is be= ing<br> witheld from normal users like me?<br> <br> cc: core@ since i assume core was somehow involved in this.<br></blockquote= ><div><br></div><div>There is only one codebase for FreeBSD, IIRC.<br>There= aren't special users and normal users.=C2=A0</div></div><br clear=3D"a= ll"><div><br></div><span class=3D"gmail_signature_prefix">-- </span><br><di= v dir=3D"ltr" class=3D"gmail_signature"><div dir=3D"ltr"><div dir=3D"ltr"><= div>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254 7 3200 0004= /+254 7 2274 3223</div><div><span style=3D"color:rgb(34,34,34)">=C2=A0In=C2= =A0</span><span style=3D"color:rgb(34,34,34)">an Internet failure case, the= #1 suspect is a constant: DNS.</span><br>"<span style=3D"font-size:12= .8px">Oh, the cruft.</span><span style=3D"font-size:12.8px">",=C2=A0</= span><span style=3D"font-size:12.8px">egrep -v '^$|^.*#'=C2=A0</spa= n><span style=3D"background-color:rgb(34,34,34);color:rgb(238,238,238);font= -family:"Lucida Console",Consolas,"Courier New",monospa= ce;font-size:13.6px">=C2=AF\_(=E3=83=84)_/=C2=AF</span><span style=3D"font-= size:12.8px">=C2=A0:-)</span></div><div><span style=3D"font-size:12.8px">[H= ow to ask smart questions:=C2=A0</span><span style=3D"font-size:12.8px"><a = href=3D"http://www.catb.org/~esr/faqs/smart-questions.html" target=3D"_blan= k">http://www.catb.org/~esr/faqs/smart-questions.html</a>]</span></div></di= v></div></div></div> --000000000000a21b0506166d3b79--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAdA2WOQdE7ArY0NAamnCOe62Qo67Ks5EYdEHTCipEV576aUjA>