From nobody Fri Apr 19 06:30:31 2024
X-Original-To: questions@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VLPt654Mtz5Hx8s
	for <questions@mlmmj.nyi.freebsd.org>; Fri, 19 Apr 2024 06:31:10 +0000 (UTC)
	(envelope-from odhiambo@gmail.com)
Received: from mail-oa1-x34.google.com (mail-oa1-x34.google.com [IPv6:2001:4860:4864:20::34])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VLPt630Khz4R2P
	for <questions@freebsd.org>; Fri, 19 Apr 2024 06:31:10 +0000 (UTC)
	(envelope-from odhiambo@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-oa1-x34.google.com with SMTP id 586e51a60fabf-222b6a05bb1so754512fac.3
        for <questions@freebsd.org>; Thu, 18 Apr 2024 23:31:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1713508268; x=1714113068; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=6IHJlHdBCs+Z2G06PsjypRqYvC98E90gkyMFgFql32U=;
        b=c1vmXtTpiBSfvwsTOCwb7iiXaFoZtJqku3D5gAMLxuTrq0g1ny82PLU5sz026VCGRf
         /HiSrWHmr2RsMAU4n0GlxEKlwTQLod7wxaQMXCWJX+vdXjFaW1uhMa5Hbwzj0QWkN1+S
         qqNeDUJmPfotQqPBdXfPXqItv8lmpbLJsRfRwIXFddGKsLCpcg4J9jLRwpWecoPhp7CI
         oinvY1KYVB7EcUgT0gnwIqCQGorjLj+QxlBnRJz6pf71X/x5jrY6nxtT1Ii+ASA1xD2e
         XwPVppoP493PNe9AenO6KhLSdBGBO2pxsAnNO4LMtUq5qqFVb9NxLbScjkkF+G6vE5jK
         QEew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1713508268; x=1714113068;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=6IHJlHdBCs+Z2G06PsjypRqYvC98E90gkyMFgFql32U=;
        b=qhQ33I1WzY4p5/v/My3ia2n8VKp6SVsJ8zqGfFiKCVfOxO93G9F9Eq8ajV5/oirMSb
         7UH2wwwfC/YYiel/XbOjjtlKJyhF5cPOiNCf3FWfnrhbyg2micIlj1o+OVqNAC3/fKrB
         NtYi2NUza1yg0mb7e2Nhd6eNzRjWa6VlQHF32V9NeDL5r3yjdsLwfP8GzDOJ6UrGzfFl
         ZIJhRViycBwa8ODfwXsp1nW8rH7l4o7Mufdz9+XTiTqB96FlIxwWOGa8VhILl2cJY0yy
         C8I3vTuxOgrU07cX5V2PR7sq0PbSYxKbAu7EOZGmqXK3SNA2hNRmHYgUR8r+wqv/VQKV
         gvQw==
X-Gm-Message-State: AOJu0YzfqDFVrmxSMdI0qhBSP9DZp8yJ1vQWmQqeGCe+SXiYm5kyZrWz
	1H4rqAXCpBAhfrvecaI4PjVla9Y5HP7Is/L8QbyKMjfL8Jr2DhHrsvu0Kcv9hN9M3t3j4ORKm8F
	c2Qprlqa2TDyR2i5EBFMbzi5WMmn7RuOfOSE=
X-Google-Smtp-Source: AGHT+IGzNOG+3WDStdoQos3aLY5mdcvsZuUNo3qDkgxFDAXV45TRwELPwAp2bWIHUNL0sNJlh7hacMgJuBiPgeqv2bo=
X-Received: by 2002:a05:6871:742a:b0:22e:8576:bcd8 with SMTP id
 nw42-20020a056871742a00b0022e8576bcd8mr1327899oac.42.1713508267987; Thu, 18
 Apr 2024 23:31:07 -0700 (PDT)
List-Id: User questions <freebsd-questions.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-questions
List-Help: <mailto:questions+help@freebsd.org>
List-Post: <mailto:questions@freebsd.org>
List-Subscribe: <mailto:questions+subscribe@freebsd.org>
List-Unsubscribe: <mailto:questions+unsubscribe@freebsd.org>
X-BeenThere: freebsd-questions@freebsd.org
Sender: owner-freebsd-questions@FreeBSD.org
MIME-Version: 1.0
References: <ZiGQ-RSQAsrEET5x@ilythia.eden.le-fay.org>
In-Reply-To: <ZiGQ-RSQAsrEET5x@ilythia.eden.le-fay.org>
From: Odhiambo Washington <odhiambo@gmail.com>
Date: Fri, 19 Apr 2024 09:30:31 +0300
Message-ID: <CAAdA2WOQdE7ArY0NAamnCOe62Qo67Ks5EYdEHTCipEV576aUjA@mail.gmail.com>
Subject: Re: why does FreeBSD only offer trustworthiness and transparency to
 people who donate money?
To: Lexi Winter <lexi@le-fay.org>
Cc: questions@freebsd.org
Content-Type: multipart/alternative; boundary="000000000000a21b0506166d3b79"
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2001:4860:4864::/48, country:US]
X-Rspamd-Queue-Id: 4VLPt630Khz4R2P

--000000000000a21b0506166d3b79
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Fri, Apr 19, 2024 at 12:30=E2=80=AFAM Lexi Winter <lexi@le-fay.org> wrot=
e:

> so today i came across this press release:
>
>
> https://freebsdfoundation.org/blog/freebsd-foundation-delivers-v1-of-free=
bsd-ssdf-attestation-to-support-cybersecurity-compliance/
>
> "FreeBSD Foundation Delivers V1 of FreeBSD SSDF Attestation to Support
> Cybersecurity Compliance"
>
> this is about some new thing called "SSDF Attestation" which is now
> available to people who give money to the FreeBSD Foundation.
>
> reading the PR, i learned:
>
> > The SSDF Attestation continues the FreeBSD community=E2=80=99s longstan=
ding
> > commitment to security by providing transparency and trustworthiness
> > in its software development environment. This move aligns with the US
> > federal government=E2=80=99s recent initiative to bolster software secu=
rity.
>
> i would like to know exactly what "transparency" and "trushworthiness"
> is being provided to Foundation donors which is not provided to the rest
> of us.
>
> can anyone summarise exactly what this "SSDF" includes that is being
> witheld from normal users like me?
>
> cc: core@ since i assume core was somehow involved in this.
>

There is only one codebase for FreeBSD, IIRC.
There aren't special users and normal users.


--=20
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]

--000000000000a21b0506166d3b79
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Fri, Apr 19, 2024 at 12:30=E2=80=
=AFAM Lexi Winter &lt;<a href=3D"mailto:lexi@le-fay.org">lexi@le-fay.org</a=
>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px=
 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">so =
today i came across this press release:<br>
<br>
<a href=3D"https://freebsdfoundation.org/blog/freebsd-foundation-delivers-v=
1-of-freebsd-ssdf-attestation-to-support-cybersecurity-compliance/" rel=3D"=
noreferrer" target=3D"_blank">https://freebsdfoundation.org/blog/freebsd-fo=
undation-delivers-v1-of-freebsd-ssdf-attestation-to-support-cybersecurity-c=
ompliance/</a><br>
<br>
&quot;FreeBSD Foundation Delivers V1 of FreeBSD SSDF Attestation to Support=
<br>
Cybersecurity Compliance&quot;<br>
<br>
this is about some new thing called &quot;SSDF Attestation&quot; which is n=
ow<br>
available to people who give money to the FreeBSD Foundation.<br>
<br>
reading the PR, i learned:<br>
<br>
&gt; The SSDF Attestation continues the FreeBSD community=E2=80=99s longsta=
nding<br>
&gt; commitment to security by providing transparency and trustworthiness<b=
r>
&gt; in its software development environment. This move aligns with the US<=
br>
&gt; federal government=E2=80=99s recent initiative to bolster software sec=
urity.<br>
<br>
i would like to know exactly what &quot;transparency&quot; and &quot;trushw=
orthiness&quot;<br>
is being provided to Foundation donors which is not provided to the rest<br=
>
of us.<br>
<br>
can anyone summarise exactly what this &quot;SSDF&quot; includes that is be=
ing<br>
witheld from normal users like me?<br>
<br>
cc: core@ since i assume core was somehow involved in this.<br></blockquote=
><div><br></div><div>There is only one codebase for FreeBSD, IIRC.<br>There=
 aren&#39;t special users and normal users.=C2=A0</div></div><br clear=3D"a=
ll"><div><br></div><span class=3D"gmail_signature_prefix">-- </span><br><di=
v dir=3D"ltr" class=3D"gmail_signature"><div dir=3D"ltr"><div dir=3D"ltr"><=
div>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254 7 3200 0004=
/+254 7 2274 3223</div><div><span style=3D"color:rgb(34,34,34)">=C2=A0In=C2=
=A0</span><span style=3D"color:rgb(34,34,34)">an Internet failure case, the=
 #1 suspect is a constant: DNS.</span><br>&quot;<span style=3D"font-size:12=
.8px">Oh, the cruft.</span><span style=3D"font-size:12.8px">&quot;,=C2=A0</=
span><span style=3D"font-size:12.8px">egrep -v &#39;^$|^.*#&#39;=C2=A0</spa=
n><span style=3D"background-color:rgb(34,34,34);color:rgb(238,238,238);font=
-family:&quot;Lucida Console&quot;,Consolas,&quot;Courier New&quot;,monospa=
ce;font-size:13.6px">=C2=AF\_(=E3=83=84)_/=C2=AF</span><span style=3D"font-=
size:12.8px">=C2=A0:-)</span></div><div><span style=3D"font-size:12.8px">[H=
ow to ask smart questions:=C2=A0</span><span style=3D"font-size:12.8px"><a =
href=3D"http://www.catb.org/~esr/faqs/smart-questions.html" target=3D"_blan=
k">http://www.catb.org/~esr/faqs/smart-questions.html</a>]</span></div></di=
v></div></div></div>

--000000000000a21b0506166d3b79--