Sourceware infrastructure community updates for Q1 2025 Sourceware has provided the infrastructure for core toolchain and developer tools projects for more than 25 years. https://sourceware.org/sourceware-25-roadmap.html
Over the last couple of years, Sourceware has transformed from a purely volunteer into a professional organization with an eight person strong Project Leadership Committee, monthly open office hours, multiple hardware services partners, expanded services, the Software Freedom Conservancy as fiscal sponsor and a more diverse funding model that allows us to enter into contracts with paid contractors or staff when appropriate. Every quarter we provide a summary of news about Sourceware, the core toolchain and developer tools infrastructure, covering the previous 3 months. - Sourceware Survey 2025 - Cyber Security update and secure project policy checklist - AI/LLM scraperbots attacks and Anubis - New RISC-V CI builders - Q3 server moves - Signed-commit census report - Sourceware Organization, Contact and Open Office hours = Sourceware Survey 2025 The survey ran from Friday, 14 March to Monday, 31 March. In the end we got 103 (!) responses with a nice mix of developers, users and maintainers from various hosted projects. Full results can be found at https://sourceware.org/survey-2025 Thanks to everybody who responded, this will help guide the PLC allocate resources. = Cyber Security update and secure project policy checklist Thanks to all the input during some of the Sourceware Open Office hours earlier this year, feedback given at Fosdem and discussions with the Software Freedom Conservancy we have update the Sourceware Cyber Security FAQ (really an explainer) with updates to the current state of the US Improving the Nation's Cybersecurity Executive Order and EU Cyber Resilience Act. We also added a section with Recommendations for Sourceware hosted projects. https://sourceware.org/cyber-security-faq.html For Sourceware hosted projects that want to have a documented verifiable cybersecurity policy we now have a policy checklist your project can follow. Most are common sense things most projects already do. https://sourceware.org/cyber-security-faq.html#policy-checklist Also check out the Sourceware infrastructure security vision and sourceware security posture: https://sourceware.org/sourceware-security-vision.html https://sourceware.org/sourceware-wiki/sourceware_security_posture/ = AI/LLM scraperbots attacks and Anubis As some of you might have noticed Sourceware has been fighting the new AI/LLM scraperbots since start of the year. We are not alone in this. https://lwn.net/Articles/1008897/ https://arstechnica.com/ai/2025/03/devs-say-ai-crawlers-dominate-traffic-forcing-blocks-on-entire-countries/ We have tried to isolate services more and block various ip-blocks that were abusing the servers. But that has helped only so much. Unfortunately the scraper bots are using lots of ip addresses (probably by installing "free" VPN services that use normal user connections as exit point) and pretending to be common browsers/agents. We seem to have to make access to some services depend on solving a javascript challenge. So when using https://patchwork.sourceware.org or Bunsen https://builder.sourceware.org/testruns/ you might now have to enable javascript. This should not impact any scripts, just browsers (or bots pretending to be browsers). If it does cause trouble, please let us know. If this works out we might also "protect" bugzilla, gitweb, cgit, and the wikis this way. Thanks Xe Iaso who has helped us set this up. Please check out if you want to be one of their patrons as thank you. https://xeiaso.net/notes/2025/anubis-works/ https://xeiaso.net/patrons/ = New RISC-V CI builders Thanks to RISC-V International we got 3 new buildbot CI workers. One HiFive Premier P550 https://www.sifive.com/boards/hifive-premier-p550 and two Banana Pi BPI-F3 https://wiki.banana-pi.org/Banana_Pi_BPI-F3 They have been used for testing the Valgrind risc-v backend that will be introduced with Valgrind 3.25.0 later this month. The P550 now runs a gdb and full testsuite build. One bpi-f3 runs glibc and the full testsuite. The other bpi-f3 runs a gcc bootstrap and full testsuite the bpi-f3 has an 8 core SpacemiT K1 supporting rvv 1.0. Unfortunately we had to shut down the Pioneer box, which was faster than the above machines, but just overheated too often and then needed manual intervention. = Q3 server moves Somewhere in Q3 the Red Hat community cage, which hosts two of our servers, will move to another data center https://www.osci.io/tenants/ We don't know the precise date yet. Please contact us ASAP if there is a specific date where your project really cannot tolerate any down time. The data centers are not too far apart and we hope any downtime will be no more than 24 to 48 hours. The PLC is currently discussing if we can take advantage of this move by adding more machines, which might be installed in the new data center before the move. Which might help make any downtime as short as possible. And would help with our goals to isolate more services on separate machines. = Signed-commit census report Analyzing branch HEAD since 2025-01-01 annobin 25 commits 25 signed 100% 1 committers 1 signers 100% binutils-gdb 1296 commits 40 signed 3% 64 committers 4 signers 6% builder 35 commits 16 signed 45% 4 committers 3 signers 75% bunsen 118 commits 91 signed 77% 2 committers 2 signers 100% cygwin-calm 12 commits 12 signed 100% 1 committers 1 signers 100% cygwin-setup 4 commits 4 signed 100% 1 committers 1 signers 100% debugedit 5 commits 0 signed 0% 1 committers 0 signers 0% elfutils 53 commits 3 signed 5% 3 committers 1 signers 33% forge 6 commits 0 signed 0% 1 committers 0 signers 0% gcc 3125 commits 223 signed 7% 122 committers 9 signers 7% gitsigur 5 commits 5 signed 100% 1 committers 1 signers 100% glibc 449 commits 36 signed 8% 31 committers 2 signers 6% insight 18 commits 0 signed 0% 1 committers 0 signers 0% libabigail 49 commits 0 signed 0% 1 committers 0 signers 0% lvm2 232 commits 21 signed 9% 5 committers 1 signers 20% newlib-cygwin 220 commits 9 signed 4% 10 committers 2 signers 20% systemtap 37 commits 31 signed 83% 2 committers 1 signers 50% valgrind 171 commits 0 signed 0% 5 committers 0 signers 0% = Sourceware Organization, Contact and Open Office hours We can be reached through irc, email and bugzilla https://sourceware.org/mission.html#organization There is also a fediverse account for for announcements, notices about downtime and temporary issues with our network. https://fosstodon.org/@sourceware Every second Friday of the month is the Sourceware Overseers Open Office hour in #overseers on irc.libera.chat from 16:00 till 17:00 UTC. Please feel free to drop by with any Sourceware services and hosting questions. If you aren't already and want to keep up to date on Sourceware infrastructure services then please also subscribe to the overseers mailinglist. https://sourceware.org/mailman/listinfo/overseers Please see https://sourceware.org/donate.html if you want to financially support Sourceware. Sourceware PLC, Frank Ch. Eigler, Christopher Faylor, Ian Kelling, Ian Lance Taylor, Tom Tromey, Jon Turney, Mark J. Wielaard, Elena Zannoni -- Dwarf-discuss mailing list Dwarf-discuss@lists.dwarfstd.org https://lists.dwarfstd.org/mailman/listinfo/dwarf-discuss
