GNU C Library “glibc” developers have decided to move ahead with plans of migrating their core services from Sourcware.org infrastructure over to the Core Toolchain Infrastructure “CTI” project hosted by the Linux Foundation.
In order to better meet the needs of Glibc development and the GNU Toolchain at large, they are moving to the LF/CTI-hosted infrastructure for security, robustness, and sustainable infrastructure.
Migrating to CTI hosted by Linux Foundation IT will provide a robust and secured mirrored Git repository, more robust CI/CD workflow possibilities, a scalable email system, a sustainable funding model, and more. They wrote in today’s announcement:
“While it was clear to the GNU Toolchain leadership that requirements were coming to improve the toolchain cyber-security posture, these requirements were not clear to all project developers. As part of receiving this feedback we have worked to document and define a secure development policy for glibc and at a higher level the GNU Toolchain. While Sourceware has started making some critical technical changes, the GNU Toolchain still faces serious, systemic concerns about securing a global, highly available service and building a sustainable, diverse sponsorship model. At the same time we are freeing up the GNU Toolchain developers and volunteers to focus on next-generation work, such as Sourceware’s post-commit CI and Forge-based workflows.
The decision to leverage CTI and LF IT is the direct result of seeking a comprehensive, long-term solution to these exact challenges, expanding our sponsorship base and leveraging existing sponsors like the OpenSSF. The CTI TAC’s proposal to use Linux Foundation IT is rooted in the fact that they are an existing team in the industry that implements very similar functionality for the Linux kernel. The proposal directly benefits glibc developers. By partnering with a team that develops and understands FOSS tooling (b4, grokmirror and patatt) and large-scale kernel infrastructure. This partnership ensures our core infrastructure is secure and scalable.”
They did acknowledge that not everyone was in agreement but CTI/LF hosting does seem to be the best path forward:
“While consensus for the move among GNU Maintainers for glibc is not unanimous, most of the maintainers endorse the move, and key developers have expressed their support in the upstream discussions. Additionally CTI has received a lot of feedback over the last 3 years as the project worked on infrastructure, and we include some of that feedback here and in our CTI FAQ with comments.
Some members of the community have expressed disappointment that funding would go to the Linux Foundation. Some members of the community have expressed concern that a board structure would allow corporate influence. Neither of these concerns are new and exist today with Red Hat and IBM, both being for-profit corporate entities. The GNU Toolchain leadership has a 30+ year history of successfully navigating the dynamics of working with sponsors and providing FOSS solutions, including meeting the GNU Ethical Repository hosting criteria.”
Those wanting to learn more about the Core Toolchain Infrastructure project in general can do so via cti.coretoolchain.dev.
