why does FreeBSD only offer trustworthiness and transparency to people who donate money?

Reply: Odhiambo Washington : "Re: why does FreeBSD only offer trustworthiness and transparency to people who donate money?"
Reply: John Baldwin : "Re: why does FreeBSD only offer trustworthiness and transparency to people who donate money?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Lexi Winter <lexi_at_le-fay.org>
Date: Thu, 18 Apr 2024 21:30:33 UTC

so today i came across this press release:

https://freebsdfoundation.org/blog/freebsd-foundation-delivers-v1-of-freebsd-ssdf-attestation-to-support-cybersecurity-compliance/

"FreeBSD Foundation Delivers V1 of FreeBSD SSDF Attestation to Support
Cybersecurity Compliance"

this is about some new thing called "SSDF Attestation" which is now
available to people who give money to the FreeBSD Foundation.

reading the PR, i learned:

> The SSDF Attestation continues the FreeBSD community’s longstanding
> commitment to security by providing transparency and trustworthiness
> in its software development environment. This move aligns with the US
> federal government’s recent initiative to bolster software security.

i would like to know exactly what "transparency" and "trushworthiness"
is being provided to Foundation donors which is not provided to the rest
of us.

can anyone summarise exactly what this "SSDF" includes that is being
witheld from normal users like me?

cc: core@ since i assume core was somehow involved in this.