Re: why does FreeBSD only offer trustworthiness and transparency to people who donate money?

Reply: Matthew Seaman : "Re: why does FreeBSD only offer trustworthiness and transparency to people who donate money?"
In reply to: Lexi Winter : "why does FreeBSD only offer trustworthiness and transparency to people who donate money?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Odhiambo Washington <odhiambo_at_gmail.com>
Date: Fri, 19 Apr 2024 06:30:31 UTC

On Fri, Apr 19, 2024 at 12:30 AM Lexi Winter <lexi@le-fay.org> wrote:

> so today i came across this press release:
>
>
> https://freebsdfoundation.org/blog/freebsd-foundation-delivers-v1-of-freebsd-ssdf-attestation-to-support-cybersecurity-compliance/
>
> "FreeBSD Foundation Delivers V1 of FreeBSD SSDF Attestation to Support
> Cybersecurity Compliance"
>
> this is about some new thing called "SSDF Attestation" which is now
> available to people who give money to the FreeBSD Foundation.
>
> reading the PR, i learned:
>
> > The SSDF Attestation continues the FreeBSD community’s longstanding
> > commitment to security by providing transparency and trustworthiness
> > in its software development environment. This move aligns with the US
> > federal government’s recent initiative to bolster software security.
>
> i would like to know exactly what "transparency" and "trushworthiness"
> is being provided to Foundation donors which is not provided to the rest
> of us.
>
> can anyone summarise exactly what this "SSDF" includes that is being
> witheld from normal users like me?
>
> cc: core@ since i assume core was somehow involved in this.
>

There is only one codebase for FreeBSD, IIRC.
There aren't special users and normal users.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]