Re: Inquiry: Country of Origin for gfortran
Hi Cynthia, > Hello, my name is Cynthia and I am a Supply Chain Risk Management > Analyst at NASA. NASA is currently conducting a supply chain > assessment of gfortran. As stated in Sections 208 and 514 of the > Consolidated Appropriations Act, 2022, Public Law 117-103, > enacted March 15, 2022, a required step of our process is to > verify the Country of Origin (CoO) information for the > product (i.e., the country where the products were developed, > manufactured, and assembled.) > As gfortran is open source, we understand that this inquiry is > not directly applicable, as contributions may be made from > individuals from around the world. In this case, NASA is > interested in confirming the following information: > 1. Is there an organization which sponsors/publishes the project, or > a primary developer who audits the code for potential vulnerabilities, > errors, or malicious code? Y/N gfortran is not an independent project, it is part of the Gnu Compiler Collection, https://gcc.gnu.org/ . As such, any evaluation you may already have made of gcc also should also apply to gfortran, and I am also addressing this mail to the gcc mailing list, where it is more appropriate, especially since I personally am unclear about the current relationship with the Free Software Foundation. Regarding gfortran specifically: Code changes are reviewed by the individuals listed in the file https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=MAINTAINERS;hb=HEAD (where you can search for Fortran). > 2. Does gfortran have an overseeing organization or individual > along these lines? Y/N See my previous reply. > 1. If so, please provide the name of the organization and country > they are established in > If the information above is unknown or cannot be provided, we > request that you provide the country or list of countries where > the majority of contributions originate from to satisfy Sections > 208 and 514 of the Consolidated Appropriations Act, 2022, Public > Law 117-103, enacted March 15, 2022. Main contributions to gfortran, i.e. the Fortran front end to gcc and its supporting library, came (in no particular order) from the UK, the US, France, Finland, Germany, the Netherlands and the Czech Republic. Up to 2006, there were also some contributors from China. Best regards Thomas
Re: Inquiry: Country of Origin for gfortran
Should this question be posed to the Linux distribution that NASA is using? Thanks, David On Sun, Jul 17, 2022 at 4:56 AM Thomas Koenig via Gcc wrote: > > Hi Cynthia, > > > Hello, my name is Cynthia and I am a Supply Chain Risk Management > > Analyst at NASA. NASA is currently conducting a supply chain > > assessment of gfortran. As stated in Sections 208 and 514 of the > > Consolidated Appropriations Act, 2022, Public Law 117-103, > > enacted March 15, 2022, a required step of our process is to > > verify the Country of Origin (CoO) information for the > > product (i.e., the country where the products were developed, > > manufactured, and assembled.) > > > As gfortran is open source, we understand that this inquiry is > > not directly applicable, as contributions may be made from > > individuals from around the world. In this case, NASA is > > interested in confirming the following information: > > > 1. Is there an organization which sponsors/publishes the project, or > > a primary developer who audits the code for potential > vulnerabilities, > errors, or malicious code? Y/N > > gfortran is not an independent project, it is part of the Gnu Compiler > Collection, https://gcc.gnu.org/ . As such, any evaluation you > may already have made of gcc also should also apply to gfortran, > and I am also addressing this mail to the gcc mailing list, where > it is more appropriate, especially since I personally am unclear > about the current relationship with the Free Software Foundation. > > Regarding gfortran specifically: Code changes are reviewed by > the individuals listed in the file > > https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=MAINTAINERS;hb=HEAD > > (where you can search for Fortran). > > > 2. Does gfortran have an overseeing organization or individual > > along these lines? Y/N > > See my previous reply. > > > 1. If so, please provide the name of the organization and country > > they are established in > > > If the information above is unknown or cannot be provided, we > > request that you provide the country or list of countries where > > the majority of contributions originate from to satisfy Sections > > 208 and 514 of the Consolidated Appropriations Act, 2022, Public > > Law 117-103, enacted March 15, 2022. > > Main contributions to gfortran, i.e. the Fortran front end to gcc and > its supporting library, came (in no particular order) from the UK, the > US, France, Finland, Germany, the Netherlands and the Czech Republic. > Up to 2006, there were also some contributors from China. > > Best regards > > Thomas >
Re: Inquiry: Country of Origin for gfortran
> Should this question be posed to the Linux distribution that NASA is using? Yes, most likely. But exactly how Free Software fits into the Buy America Act (what she's talking about) is less than clear.
Re: Inquiry: Country of Origin for gfortran
On Sun, 17 Jul 2022 14:18:40 EDT Richard Kenner via Gcc wrote: > > Should this question be posed to the Linux distribution that NASA is using? > > Yes, most likely. But exactly how Free Software fits into the > Buy America Act (what she's talking about) is less than clear. If these bureaucratic parasites (but I repeat myself) don't want to use GCC, or Clang, then they can write their own compiler suite from scratch. Doubt that's going to happen, so this "investigation" is simply yet another frivilous waste of taxpayer dollars. -- Dave Blanchard
Re: Inquiry: Country of Origin for gfortran
> If these bureaucratic parasites (but I repeat myself) don't want to > use GCC, or Clang, then they can write their own compiler suite from > scratch. Doubt that's going to happen, so this "investigation" is > simply yet another frivilous waste of taxpayer dollars. I won't blame this on bureaucrats. Congress is who passed the law (in 1933). These folks are just checking the boxes.
