From nobody Sat Apr 20 18:42:08 2024
X-Original-To: questions@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VML364DhYz5JGhp
	for <questions@mlmmj.nyi.freebsd.org>; Sat, 20 Apr 2024 18:42:10 +0000 (UTC)
	(envelope-from jhb@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VML363mcqz4J4W;
	Sat, 20 Apr 2024 18:42:10 +0000 (UTC)
	(envelope-from jhb@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1713638530;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=oaswXQyMsckMV0Z1vuAW13af2zJe6OxLe6wgSuB+UYM=;
	b=Mvq1tiphtu5UoHYX8tTsEV7HXJeutOEdudyCTjhfxlOpPmAaRnpOb33b3SxEOQKPst05O2
	Pyseks6OdqyikTcs122sMpRCFHsss7MgxdP6qmQPdyfhb+4aoeHJBJMoa0hTGXbP6/VXmb
	OGV2zO/mxD1TxpqHE6BlATMPSEolvaL/dRKuecbaySRn3H1FB1Tk1FHnMVHX+3/UfDjpaM
	acI2m16ipRlf0mAIOJoE3VkBLFPmp74pceW3UwHjfYJGTnu2q0Pia1NPJJMKV7bXiVaRsE
	lt+L6iYSHnVrLm6ET5wWKqsl3k2HXADlhX/wzWTUnzH5v0TQIi0mhpRMg5KENg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1713638530; a=rsa-sha256; cv=none;
	b=lxWfVJNdwzY8EdvQbg1ui5owOmOkIWllkl5hG1jgt0SKv89wwlJonW1h77UfR1ryJZl+sP
	U38ZQNeAyDi+Ga4H3pzf03AUnDkLG1wkv8MHCH97ueWLTuha+NkQZuAjllIIFmtNKl/7ZV
	d5UqNOUUwUL3WLCpJv0Kdw+FElovgmKCNAWulAwhqdhJLZ+DM7ZbU42GaK8/Z5AH8qnVw+
	mBncdDy3ScSl7Cf+/B07rV3WOXS9zyxm4SwlQOaYd88EiijI9EryjYUWHczdClF2tVXuOl
	/g3PGhBZjVDR1Cx04AR3rym8FhMK9oRhNbIcdill+Gy1gnr40UzichWbV/H+bg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1713638530;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=oaswXQyMsckMV0Z1vuAW13af2zJe6OxLe6wgSuB+UYM=;
	b=j/OuwJDJnVSh2iFnwIdK+jb+pCrDsHNcfUUImL38pS1Xa65tvWfhJ3KC8jly4Le8cP0O1j
	y00pH/4WqZ/TGu/H+ph5GCWl5REEf/D92ObQ+jyc5ELxZpPuHj0Hc50ALV3MSyyo6X6Vy2
	OpI1STJjvA2ghj+CEg9uPp60K+8Ky50cPRrBYyCOfF1Jq4dmmrLai97XghvcsD1K5ta0Rg
	rD2xQKpSw4moFU9iwb4HvWmNZLuoxjDu6HoVKOpJfiHtqkTnwPCKjAw421Fq18S/4+45Ez
	FpXN7wltJlh6IUp3M5gKxsMh/ank0mYtcnqWJqbi96sYwRx6iR/coMBJBZI8Ag==
Received: from [IPV6:2601:644:937f:4c50:ace4:f593:f45d:460] (unknown [IPv6:2601:644:937f:4c50:ace4:f593:f45d:460])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: jhb)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4VML360P3qz1S0B;
	Sat, 20 Apr 2024 18:42:09 +0000 (UTC)
	(envelope-from jhb@FreeBSD.org)
Message-ID: <ecd907f3-c788-4c30-bde2-a31ab445c7bd@FreeBSD.org>
Date: Sat, 20 Apr 2024 11:42:08 -0700
List-Id: User questions <freebsd-questions.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-questions
List-Help: <mailto:questions+help@freebsd.org>
List-Post: <mailto:questions@freebsd.org>
List-Subscribe: <mailto:questions+subscribe@freebsd.org>
List-Unsubscribe: <mailto:questions+unsubscribe@freebsd.org>
X-BeenThere: freebsd-questions@freebsd.org
Sender: owner-freebsd-questions@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: why does FreeBSD only offer trustworthiness and transparency to
 people who donate money?
Content-Language: en-US
To: Dale Scott <dalescott@shaw.ca>
Cc: Lexi Winter <lexi@le-fay.org>, questions <questions@freebsd.org>,
 core@freebsd.org
References: <ZiGQ-RSQAsrEET5x@ilythia.eden.le-fay.org>
 <0b3d0e98-318f-4807-b4d1-6597af6afd6d@FreeBSD.org>
 <868244543.174654890.1713563094902.JavaMail.zimbra@shaw.ca>
From: John Baldwin <jhb@FreeBSD.org>
In-Reply-To: <868244543.174654890.1713563094902.JavaMail.zimbra@shaw.ca>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

On 4/19/24 2:44 PM, Dale Scott wrote:
> ----- Original Message -----
>> From: "John Baldwin" <jhb@FreeBSD.org>
>> To: "Lexi Winter" <lexi@le-fay.org>, "questions" <questions@freebsd.org>
>> Cc: core@freebsd.org
>> Sent: Friday, April 19, 2024 2:55:46 PM
>> Subject: Re: why does FreeBSD only offer trustworthiness and transparency to people who donate money?
> 
>> On 4/18/24 2:30 PM, Lexi Winter wrote:
>>> so today i came across this press release:
>>>
>>> https://freebsdfoundation.org/blog/freebsd-foundation-delivers-v1-of-freebsd-ssdf-attestation-to-support-cybersecurity-compliance/
>>
> 
> Thank you John for a very clear explanation.
> 
> Can you comment if cybersecurity-type attestations may also be available one day? Personally I suspect there are too many variables for a general attestation, but also suspect your opinion will be infinitely more informed than mine. ;-)

I have no idea on that currently.  In general attestations / certifications are
drive by someone who needs them (e.g. a vendor selling a product that requires
an attestation for specific customers).  The Project itself doesn't really do
any of those directly.

-- 
John Baldwin