Mail Archives: cygwin/2025/04/22/19:46:12
| DMARC-Filter: | OpenDMARC Filter v1.4.2 delorie.com 53MNkCEM1846191
|
| Authentication-Results: | delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
|
| Authentication-Results: | delorie.com; spf=pass smtp.mailfrom=cygwin.com
|
| DKIM-Filter: | OpenDKIM Filter v2.11.0 delorie.com 53MNkCEM1846191
|
| X-Recipient: | archive-cygwin AT delorie DOT com
|
| X-Original-To: | cygwin AT cygwin DOT com
|
| Delivered-To: | cygwin AT cygwin DOT com
|
| DMARC-Filter: | OpenDMARC Filter v1.4.2 sourceware.org EB38B3858C51
|
| ARC-Filter: | OpenARC Filter v1.0.0 sourceware.org EB38B3858C51
|
| ARC-Seal: | i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1745365534; cv=none;
|
| b=eUnF1fr2Tb3WbrBJQyETqA22gxeDjhR6eWWI8A8xyi06g1E4wn9xvJJk89Ls612+L2tA3RlPlAiaCsuCgsmdt+7jcj7ijwKJtkufseXP/vGug4Yc3P/s8Ks+CWOgIHYeeCcb9f/WMKH7FKfycXcxLumbZh/qa07LUXeFP/YkKiM=
|
| ARC-Message-Signature: | i=1; a=rsa-sha256; d=sourceware.org; s=key;
|
| t=1745365534; c=relaxed/simple;
|
| bh=j7A7Whjd4v5eqFq2TqSwq5YrPnos6j+yye/MPd0ZBGA=;
|
| h=Date:From:To:Subject:Message-ID:MIME-Version;
|
| b=I6h55aQj4AF4PaxUYIdU6mrSqNH7yL42SEtyV5YSAouPiTg7oMDPdSXeH4cS2cw6kuHQW7w3PRdB54xAFNpoQT/VhlGoaPiJ7PvdHFpDiWX4bbTCIFh34f/LAAoPws6fh43pprkLvXf8B8iIzEj+N24wBzWDdKj49bmWu0UpYOk=
|
| ARC-Authentication-Results: | i=1; server2.sourceware.org
|
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org EB38B3858C51
|
| Date: | Wed, 23 Apr 2025 01:45:32 +0200
|
| To: | cygwin AT cygwin DOT com
|
| Subject: | Sourceware infrastructure updates for Q1 2025
|
| Message-ID: | <20250422234532.GZ2323@gnu.wildebeest.org>
|
| MIME-Version: | 1.0
|
| User-Agent: | Mutt/1.5.21 (2010-09-15)
|
| X-BeenThere: | cygwin AT cygwin DOT com
|
| X-Mailman-Version: | 2.1.30
|
| List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com>
|
| List-Archive: | <https://cygwin.com/pipermail/cygwin/>
|
| List-Post: | <mailto:cygwin AT cygwin DOT com>
|
| List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help>
|
| List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>,
|
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
|
| From: | Mark Wielaard via Cygwin <cygwin AT cygwin DOT com>
|
| Reply-To: | Mark Wielaard <mark AT klomp DOT org>
|
| Sender: | "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>
|
Sourceware infrastructure community updates for Q1 2025
Sourceware has provided the infrastructure for core toolchain
and developer tools projects for more than 25 years.
https://sourceware.org/sourceware-25-roadmap.html
Over the last couple of years, Sourceware has transformed from a
purely volunteer into a professional organization with an eight person
strong Project Leadership Committee, monthly open office hours,
multiple hardware services partners, expanded services, the Software
Freedom Conservancy as fiscal sponsor and a more diverse funding model
that allows us to enter into contracts with paid contractors or staff
when appropriate.
Every quarter we provide a summary of news about Sourceware, the core
toolchain and developer tools infrastructure, covering the previous 3
months.
- Sourceware Survey 2025
- Cyber Security update and secure project policy checklist
- AI/LLM scraperbots attacks and Anubis
- New RISC-V CI builders
- Q3 server moves
- Signed-commit census report
- Sourceware Organization, Contact and Open Office hours
= Sourceware Survey 2025
The survey ran from Friday, 14 March to Monday, 31 March. In the end
we got 103 (!) responses with a nice mix of developers, users and
maintainers from various hosted projects.
Full results can be found at https://sourceware.org/survey-2025
Thanks to everybody who responded, this will help guide the PLC
allocate resources.
= Cyber Security update and secure project policy checklist
Thanks to all the input during some of the Sourceware Open Office
hours earlier this year, feedback given at Fosdem and discussions
with the Software Freedom Conservancy we have update the Sourceware
Cyber Security FAQ (really an explainer) with updates to the current
state of the US Improving the Nation's Cybersecurity Executive Order
and EU Cyber Resilience Act.
We also added a section with Recommendations for Sourceware hosted
projects.
https://sourceware.org/cyber-security-faq.html
For Sourceware hosted projects that want to have a documented
verifiable cybersecurity policy we now have a policy checklist your
project can follow. Most are common sense things most projects
already do.
https://sourceware.org/cyber-security-faq.html#policy-checklist
Also check out the Sourceware infrastructure security vision and
sourceware security posture:
https://sourceware.org/sourceware-security-vision.html
https://sourceware.org/sourceware-wiki/sourceware_security_posture/
= AI/LLM scraperbots attacks and Anubis
As some of you might have noticed Sourceware has been fighting the
new AI/LLM scraperbots since start of the year. We are not alone in
this.
https://lwn.net/Articles/1008897/
https://arstechnica.com/ai/2025/03/devs-say-ai-crawlers-dominate-traffic-forcing-blocks-on-entire-countries/
We have tried to isolate services more and block various ip-blocks
that were abusing the servers. But that has helped only so much.
Unfortunately the scraper bots are using lots of ip addresses
(probably by installing "free" VPN services that use normal user
connections as exit point) and pretending to be common
browsers/agents. We seem to have to make access to some services
depend on solving a javascript challenge.
So when using https://patchwork.sourceware.org or Bunsen
https://builder.sourceware.org/testruns/ you might now have to
enable javascript. This should not impact any scripts, just
browsers (or bots pretending to be browsers). If it does cause
trouble, please let us know. If this works out we might also
"protect" bugzilla, gitweb, cgit, and the wikis this way.
Thanks Xe Iaso who has helped us set this up.
Please check out if you want to be one of their patrons as thank you.
https://xeiaso.net/notes/2025/anubis-works/
https://xeiaso.net/patrons/
= New RISC-V CI builders
Thanks to RISC-V International we got 3 new buildbot CI workers.
One HiFive Premier P550
https://www.sifive.com/boards/hifive-premier-p550
and two Banana Pi BPI-F3
https://wiki.banana-pi.org/Banana_Pi_BPI-F3
They have been used for testing the Valgrind risc-v backend that
will be introduced with Valgrind 3.25.0 later this month.
The P550 now runs a gdb and full testsuite build. One bpi-f3 runs
glibc and the full testsuite. The other bpi-f3 runs a gcc bootstrap
and full testsuite the bpi-f3 has an 8 core SpacemiT K1 supporting
rvv 1.0.
Unfortunately we had to shut down the Pioneer box, which was faster
than the above machines, but just overheated too often and then
needed manual intervention.
= Q3 server moves
Somewhere in Q3 the Red Hat community cage, which hosts two of our
servers, will move to another data center
https://www.osci.io/tenants/
We don't know the precise date yet. Please contact us ASAP if there
is a specific date where your project really cannot tolerate any
down time. The data centers are not too far apart and we hope any
downtime will be no more than 24 to 48 hours.
The PLC is currently discussing if we can take advantage of this
move by adding more machines, which might be installed in the new
data center before the move. Which might help make any downtime as
short as possible. And would help with our goals to isolate more
services on separate machines.
= Signed-commit census report
Analyzing branch HEAD since 2025-01-01
annobin 25 commits 25 signed 100% 1 committers 1 signers 100%
binutils-gdb 1296 commits 40 signed 3% 64 committers 4 signers 6%
builder 35 commits 16 signed 45% 4 committers 3 signers 75%
bunsen 118 commits 91 signed 77% 2 committers 2 signers 100%
cygwin-calm 12 commits 12 signed 100% 1 committers 1 signers 100%
cygwin-setup 4 commits 4 signed 100% 1 committers 1 signers 100%
debugedit 5 commits 0 signed 0% 1 committers 0 signers 0%
elfutils 53 commits 3 signed 5% 3 committers 1 signers 33%
forge 6 commits 0 signed 0% 1 committers 0 signers 0%
gcc 3125 commits 223 signed 7% 122 committers 9 signers 7%
gitsigur 5 commits 5 signed 100% 1 committers 1 signers 100%
glibc 449 commits 36 signed 8% 31 committers 2 signers 6%
insight 18 commits 0 signed 0% 1 committers 0 signers 0%
libabigail 49 commits 0 signed 0% 1 committers 0 signers 0%
lvm2 232 commits 21 signed 9% 5 committers 1 signers 20%
newlib-cygwin 220 commits 9 signed 4% 10 committers 2 signers 20%
systemtap 37 commits 31 signed 83% 2 committers 1 signers 50%
valgrind 171 commits 0 signed 0% 5 committers 0 signers 0%
= Sourceware Organization, Contact and Open Office hours
We can be reached through irc, email and bugzilla
https://sourceware.org/mission.html#organization
There is also a fediverse account for for announcements, notices
about downtime and temporary issues with our network.
https://fosstodon.org/@sourceware
Every second Friday of the month is the Sourceware Overseers Open
Office hour in #overseers on irc.libera.chat from 16:00 till 17:00
UTC. Please feel free to drop by with any Sourceware services and
hosting questions.
If you aren't already and want to keep up to date on Sourceware
infrastructure services then please also subscribe to the overseers
mailinglist. https://sourceware.org/mailman/listinfo/overseers
Please see https://sourceware.org/donate.html if you want to
financially support Sourceware.
Sourceware PLC,
Frank Ch. Eigler, Christopher Faylor, Ian Kelling, Ian Lance Taylor,
Tom Tromey, Jon Turney, Mark J. Wielaard, Elena Zannoni
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
- Raw text -