Information Request for FreeType
Good morning, My name is Jennifer Robinson, and I am a Supply Chain Risk Management Analyst at NASA. NASA is currently conducting a supply chain assessment of FreeType. We are interested in confirming the following information: 1. Is there an organization which sponsors/publishes the project, or a primary developer who audits the code for potential vulnerabilities, errors, or malicious code? Y/N 2. We have identified contributors on GitHub from the following locations: Austria, United States, Canada, United Kingdom, Spain, India, Netherlands, Germany, France, Russia, Turkey, Switzerland, Latvia, Argentina, Hong Kong, Japan, Australia, and China. https://github.com/freetype/freetype/graphs/contributors * If possible, could you confirm this information? Thank you, Jennifer Robinson NASA OCIO
Re: Information Request for FreeType
Hello Jennifer, > 1. Is there an organization which sponsors/publishes the project, > or a primary developer who audits the code for potential > vulnerabilities, errors, or malicious code? Y/N There is no organization, but at least two people (Alexei und me) continuously monitor changes in the code – which we usually commit by ourselves – and take care of error reports, including potential vulnerabilities. > 2. We have identified contributors on GitHub from the following > locations: Austria, United States, Canada, United Kingdom, > Spain, India, Netherlands, Germany, France, Russia, Turkey, > Switzerland, Latvia, Argentina, Hong Kong, Japan, Australia, > and China. > https://github.com/freetype/freetype/graphs/contributors If you add Singapore it looks correct. However, I haven't checked this in full detail. Werner