git: 8b6b6a22a4 - main - status: Add 2025q2 Foundation Infrastructure entry

The branch main has been updated by jrm:

URL: https://cgit.FreeBSD.org/doc/commit/?id=8b6b6a22a415855c22b6f4ef8893e1d9ebef1b8b

commit 8b6b6a22a415855c22b6f4ef8893e1d9ebef1b8b
Author:     Joseph Mingrone <jrm@FreeBSD.org>
AuthorDate: 2025-07-18 17:52:17 +0000
Commit:     Joseph Mingrone <jrm@FreeBSD.org>
CommitDate: 2025-08-07 16:30:04 +0000

    status: Add 2025q2 Foundation Infrastructure entry
    
    Author:         Alice Sowerby <alice@freebsdfoundation.org>
    Reviewed by:    status (lsalvadore, Pau Amma <paumma@gundo.com>)
    Pull Request:   https://github.com/freebsd/freebsd-doc/pull/531
    Sponsored by:   The FreeBSD Foundation
---
 .../report-2025-04-2025-06/foundation-sta.adoc     | 108 +++++++++++++++++++++
 1 file changed, 108 insertions(+)

diff --git a/website/content/en/status/report-2025-04-2025-06/foundation-sta.adoc b/website/content/en/status/report-2025-04-2025-06/foundation-sta.adoc
new file mode 100644
index 0000000000..f031280704
--- /dev/null
+++ b/website/content/en/status/report-2025-04-2025-06/foundation-sta.adoc
@@ -0,0 +1,108 @@
+=== Infrastructure Modernization
+
+Contact: Ed Maste <emaste@FreeBSD.org> +
+Contact: Alice Sowerby <alice@freebsdfoundation.org>
+
+The project started in Q3 of 2024 and was commissioned by the Sovereign Tech Agency with a budget of $745,000, to be spent over about one year.
+The main goals are to improve security tools for the base system, ports, and packages, update the project's infrastructure to speed up development, enhance build security, and make it easier for new developers to get started.
+
+==== Q2 update
+
+All five work packages are now in progress and will run until the end of December 2025, at which time the project will close.
+
+==== Work Package A: Technical Debt reduction
+
+The majority of the work in this work package is complete, with a small number of hours allocated each month to help support FreeBSD Project's Source Management team to embed their new processes to make bug management easier and more sustainable.
+The bug backlog dashboard link:https://grimoire.freebsd.org[] remains available to help make the backlog easier to understand.
+
+We have also been upgrading Bugzilla by applying patches from 2023 onward and improving the upgrade process to ensure smoother future updates.
+
+A panel discussion at link:https://events.linuxfoundation.org/open-source-summit-europe/[Open Source Summit Europe] in August will share this work with a wider audience.
+Two members of the Foundation project staff will be present, along with two representatives from Bitergia who delivered the GrimoireLab implementation for this project.
+(Members of the FreeBSD Project Source Management team were not available to attend.)
+
+Progress is being made to reduce technical debt by creating an link:https://github.com/linimon/patchQA[automated method] for evaluating patches (code improvements) attached to existing pull requests for source and ports trees to see whether they are still relevant, and applying them if they are.
+This tool is in beta.
+
+==== Work Package B: Zero Trust Builds
+
+This work package intends to improve tooling and processes to support Zero Trust Builds of FreeBSD by extending the current components to enable the project to build release artifacts (package sets, ISO images, etc.) without requiring any special privilege.
+
+The detailed scope was co-created with core@, srcmgr@, secteam@. Work items are as follows:
+
+* Must
+** No-root for all source release build cases/artifacts (in progress)
+** Src artifacts to build reproducibly (in progress)
+** Formalize and document make world and release.sh (in progress)
+* Should
+** Remove privilege from orchestration tooling (not started)
+** Move build scripts into the public repository (not started)
+* Could
+** Environment Standardization (not started)
+** Use enclaves, hardware-enforced secure containers (not started)
+** Ports to build reproducibly (not started)
+** CI to verify reproducibility (in progress)
+** Documentation to allow 3rd parties to confirm reproducibility (not started)
+
+===== Work Package C: CI/CD Automation
+
+This work package intends to improve CI/CD automation to streamline software delivery and operations for new and existing software by modernizing and securitizing the existing CI/CD system and extending it to cover the third party packages in the FreeBSD Ports Collection.
+
+The detailed scope was co-created with core@, srcmgr@, portmgr@, doceng@.
+
+* Must
+** Improve quality of incoming commits (completed)
+** Pre-merge CI (completed)
+** Environment Metadata (not started)
+** Extend CI to the Ports tree (in progress)
+** CI Threat Model (not started)
+** CI Management Process (in progress)
+** Documentation (not started)
+* Should
+** 3rd-party Interoperability (in progress)
+** Automated analysis in tests (in progress)
+** Test Case Management (not started)
+* Could
+** Granular Debugging (not started)
+
+===== Work Package D: Ports and Packages security improvements
+
+This work package intends to modernize and extend security controls in the FreeBSD Ports and Package Collection by:
+
+* migrating from our VuXML Vulnerability Database to OSV or similar contemporary format
+* developing a package audit backend and server to reliably fetch vulnerability data from global agency databases in any format (JSON - NIST) and produce insight
+* improving CI tooling for FreeBSD Ports.
+
+The detailed scope was co-created with core@, portmgr@, pkgmgr@, secteam@.
+
+* Must
+** New Database Format (in progress)
+** Set up 2+ Database Instances (not started)
+** Migrate Data from old to new database  (in progress)
+** Add support for new format in man:pkg[8] (in progress)
+** Upstream engagement (not started)
+** SBOM on demand (not started)
+** Document how to set up build and test targets (not started)
+** Integrate 3rd party test targets  (not started)
+** Continuous Testing (not started)
+* Could
+** Make CI artifacts available (not started)
+
+===== Work Package E: SBOM improvements
+
+This work package intends to improve existing, and implement new, tooling and processes for FreeBSD Software Bill of Materials (SBOM) by implementing: tooling to roll up the individual provenance data/markers from across the tree into a higher-level view; developing tooling to parse/review/inspect the FreeBSD source tree and produce a comprehensive/holistic report to act as a SBOM for the full software stack and; extending pkg to enable this capability for software installed from ports/packages.
+
+The detailed scope was co-created with core@, portmgr@, pkgmgr@, secteam@, releng@
+
+* Must
+** Evaluate projects/solutions available in the wider ecosystem (in progress)
+** Propose the target solution for SBOM (not started)
+** Produce an SBOM in CI (e.g. weekly builds) (in progress)
+** Produce an SBOM as an artifact as part of the release process (in progress)
+** SBOM artifact on demand (in progress)
+** Roll up existing data (not started)
+** Record and explain decisions made (not started)
+* Could
+** Engage with other similar projects (not started)
+
+Commissioning body: Sovereign Tech Agency