On Thu, Jul 09, 2026 at 02:52:28AM +0200, Mark Wielaard wrote:
> Friday, 10 July is the second Friday of the month, so it is time for
> the Sourceware Open Office. The topic is "Fundraising for Sourceware".
> 
> Last year we successfully completed our infrastructure hardware
> refresh cycle. We doubled individual donations and increased corporate
> "in-kind" support for hosting and networking.
> 
> For the 2026/2027 fiscal year, we would like to shift our budget
> focus to spend less on "iron" and more on "services and people".
> https://sourceware.org/financials.html

For those that couldn't attend here is a short summary of the
discussions:

- fundraising
- scraper bot/ddos attack defenses
- forge updates

= Fundraising

People have found their way to https://sourceware.org/donate.html last
month we got ~$400 in individual donations. Please donate if you
haven't yet. Every contribution makes a difference.

After the discussion last open office and polishing (nitpicking)
by the PLC we got a fresh corporate sponsorship page
https://sourceware.org/sponsor.html

It's certainly a vast improvement over what we had before. Instead (or
actually in addition to) the plans/tasks we had originally this just
has three tiers of support. We started mailing friendly engineers at
various companies with a request to show this sponsorship program to
their management or OSPO office and let us know whether there is any
interest.

It would be nice to create a detailed prospectus (or slide show) from
our existing materials combining/summarizing:
https://sourceware.org/sourceware-25-roadmap.html
https://sourceware.org/sourceware-security-vision.html
https://sourceware.org/mission.html
https://sourceware.org/financials.html
The SFC has some experience with that and could help.

For this year we would be happy with just one or two corporate
sponsors, we haven't really yet budgeted for more and would even be
able to do everything we did with are current individual donations.

= scraper bot/ddos attack defenses

Anubis and mod_qos are helping to keep the most aggressive bots
away. But we had to crank up anubis to use javascript challenges for
cgit/gitweb and patchwork.

On idea is to use IP addresses of active authenticated sourceware
users as a whitelist to bypass anubis / mod_qos throttles, so people
who have login powers would also get as unrestricted access to the
unauthenticated protocols as possible

Another idea is to wrap many of the cgi services into separate systemd
cgroups (instead of being lumped togehter with all of them along with
https), so we can throttle them indepdendently; this is accounting for
some of the bugzilla slowdowns e.g. when some other service is under
stress.

One question is the interaction with ipv6 changing/temporary addresses
https://en.wikipedia.org/wiki/IPv6_address#Temporary_addresses

LWN just posted a good update on the scraper situation:
https://lwn.net/SubscriberLink/1080822/57356e250ac8806e/ 

= forge updates

Claudio would like feedback on some changes he likes to make to the
gcc organization repos:
https://inbox.sourceware.org/[email protected]
- Renaming gcc/gcc-TEST to gcc/gcc
- Renaming gcc/gcc-mirror to gcc/gcc-archive
- Removing some (unused?) branches and tags
- Remove master and trunk branches and use "main"?
Please give feedback in the above email thread.

We also had some discussion on reviewing on the forge. One opinion was
that it is slightly easier than email to comment on a specific line
and easier to spot formating issues (diff adding + in the front makes
it harder due to tabs). it is easier for the forge also to see the
difference between the 2 versions especially when doing renaming.

Reply via email to