Core Toolchain Infrastructure Project¶
The Core Toolchain Infrastructure (CTI) Project’s mission is to support the GNU Toolchain community with secure infrastructure and state of the art services required to support the community’s development efforts to be a trusted foundation in a secure supply chain.
Secure Infrastructure
|
Continuity Planning
|
Security
Policy
Planning
|
The CTI project continues to move forward the goal of creating a long-term sustainable set of secure and state of the art services and infrastructure for the GNU Toolchain and related packages.
Some of the major goals include:
Secure and state of the art infrastructure.
Continuity planning for infrastructure, development, and governance.
Security policy planning.
Contents:
The CTI Project aims to support the GNU Toolchain to attract a larger community of developers; to ensure that GNU Toolchain and the GNU system work on multiple architectures and diverse environments; and to more thoroughly test, extend and enhance the features of the GNU Toolchain.
The Core Toolchain Infrastructure (CTI) project is hosted and supported by the Open Source Security Foundation (OpenSSF), the Linux Foundation (LF) and its members. The primary sponsor is the OpenSSF.
The development of the GNU Toolchain is a part of the GNU Project, supported by the FSF and a worldwide community of developers and corporate sponsors. The GNU Toolchain aims to develop the toolchain used in the GNU/Linux system and Linux distributions built with the GNU Toolchain.
The GNU Toolchain development effort uses an open development environment and supports many other platforms in order to foster a world-class optimizing compiler, assembler, linker, debugger, C Library, language runtimes and utilities.
The GNU Toolchain community should be making consistent forward progress to improve infrastructure and cybersecurity positions. Showing progress is important for the ecosystem to trust us as a secure and critical part of the software supply chain. We should not wait until there are cybersecurity regulations that are beyond our ability to comply with as the FOSS ecosystem of tooling and infrastructure. Projects of similar scope and importance have been deploying significant resources for the use of the development community.