aboutsummaryrefslogtreecommitdiff
path: root/website/content/en
diff options
context:
space:
mode:
Diffstat (limited to 'website/content/en')
-rw-r--r--website/content/en/status/report-2025-07-2025-09/foundation-sta.adoc114
1 files changed, 114 insertions, 0 deletions
diff --git a/website/content/en/status/report-2025-07-2025-09/foundation-sta.adoc b/website/content/en/status/report-2025-07-2025-09/foundation-sta.adoc
new file mode 100644
index 0000000000..c8cd2a96cb
--- /dev/null
+++ b/website/content/en/status/report-2025-07-2025-09/foundation-sta.adoc
@@ -0,0 +1,114 @@
+=== Infrastructure Modernization
+
+Contact: Ed Maste <emaste@FreeBSD.org> +
+Contact: Alice Sowerby <alice@freebsdfoundation.org>
+
+The project started in Q3 of 2024 and was commissioned by the Sovereign Tech Agency with a budget of $745,000, to be spent until the end of 2025.
+The main goals are to improve security tools for the base system, ports, and packages, update the project's infrastructure to speed up development, enhance build security, and make it easier for new developers to get started.
+
+For more detailed information and updates, please visit the new link:https://github.com/FreeBSDFoundation/all-projects/tree/main/Infrastructure%20Modernization%20(STA%20commissioned)[project information repo].
+
+==== Q3 update
+
+All five work packages are in progress and will run until the end of December 2025, at which time the project will close.
+
+===== Work Package A: Technical Debt Reduction
+
+This work package is complete as of September 2025.
+The project successfully ran alongside the setting up of the FreeBSD Project's Source Management team as they created and embedded their new processes to make bug management easier and more sustainable.
+The bug backlog dashboard they commissioned remains available to help make the backlog easier to understand.
+
+In August, we held a panel discussion at link:https://osseu2025.sched.com/event/25VsE/from-backlog-to-breakthrough-how-freebsd-and-bitergia-tackled-7k+-bugs-with-data-driven-dashboards-alice-sowerby-freebsd-foundation-contractor-daniel-izquierdo-cortazar-miguel-angel-fernandez-sanchez-bitergia-moin-rahman-freebsd-project[Open Source Summit Europe] to share this work with a wider audience.
+Two members of the Foundation project staff (Alice Sowerby and Moin Rahman) were on the panel along with two representatives from Bitergia who delivered the GrimoireLab implementation for this project.
+(Members of the FreeBSD Project Source Management team were not available to attend.)
+
+The Foundation will continue to check in with the Source Management team regularly until at least the end of 2025 to ensure that we understand the value of the project going forward.
+
+The scope was co-created with srcmgr@. Work items are as follows:
+
+* Create a dashboard for the Source Management team to get a clearer picture of the bug backlog, and how effectively it's being managed (e.g. Time to First Attention for new bugs).
+** Output: https://grimoire.freebsd.org/
+* Upgrade Bugzilla to a supported release to improve security and benefit from new functionality.
+** Output: https://wiki.freebsd.org/Bugzilla/Roadmap
+* Create a method for applying patches automatically.
+** Output: https://github.com/linimon/patchQA
+* Creating upstream documentation for running GrimoireLab (bug dashboard) on FreeBSD.
+** Output: https://github.com/chaoss/grimoirelab/blob/main/FreeBSD.md
+
+===== Work Package B: Zero Trust Builds
+
+This work package intends to improve tooling and processes to support Zero Trust Builds of FreeBSD by extending the current components to enable the project to build release artifacts (package sets, ISO images, etc.) without requiring any special privilege.
+
+The detailed scope was co-created with core@, srcmgr@, secteam@. Work items are as follows:
+
+* Must
+** No-root for all source release build cases/artifacts (complete)
+** Src artifacts to build reproducibly (in progress)
+** Formalize and document make world and release.sh (in review)
+* Should
+** Remove privilege from orchestration tooling (not started)
+** Move build scripts into the public repository (in progress)
+** Address dependencies (in progress)
+* Could
+** Environment Standardization (in progress)
+** Ports to build reproducibly (in progress)
+** CI to verify reproducibility (in progress)
+** Documentation to allow 3rd parties to confirm reproducibility (not started)
+
+===== Work Package C: CI/CD Automation
+
+This work package intends to improve CI/CD automation to streamline software delivery and operations for new and existing software by modernizing and securitizing the existing CI/CD system and extending it to cover the third party packages in the FreeBSD Ports Collection.
+
+The detailed scope was co-created with core@, srcmgr@, portmgr@, doceng@
+* Must
+** Improve quality of incoming commits (completed)
+** Pre-merge CI (completed)
+** Environment Metadata (in progress)
+** Extend CI to the Ports tree (in progress)
+** CI Threat Model (in progress)
+** CI Management Process (in progress)
+** Documentation (not started)
+* Should
+** 3rd-party Interoperability (in progress)
+** Automated analysis in tests (in progress)
+** Test Case Management (in progress)
+* Could
+** Granular Debugging (in progress)
+
+===== Work Package D: Ports and Packages security improvements
+
+This work package intends to modernize and extend security controls in the FreeBSD Ports and Package Collection by: Migrating from our VuXML Vulnerability Database to OSV or similar contemporary format; developing a package audit backend and server to reliably fetch vulnerability data from global agency databases in any format (JSON - NIST) and produce insight and; improving CI tooling for FreeBSD Ports.
+
+The detailed scope was co-created with core@, portmgr@, pkgmgr@, secteam@
+
+* Must
+** New Database Format (in progress)
+** Set up 2+ Database Instances (not started)
+** Migrate Data from old to new database (in progress)
+** Add support for new format in pkg(8) (in progress)
+** Upstream engagement (in progress)
+** SBOM on demand (not started)
+** Document how to set up build and test targets (not started)
+** Integrate 3rd party test targets (not started)
+** Continuous Testing (not started)
+* Could
+** Make CI artifacts available (not started)
+
+===== Work Package E: SBOM improvements
+
+This work package intends to improve existing, and implement new, tooling and processes for FreeBSD Software Bill of Materials (SBOM) by implementing: tooling to roll up the individual provenance data/markers from across the tree into a higher-level view; developing tooling to parse/review/inspect the FreeBSD source tree and produce a comprehensive/holistic report to act as a SBOM for the full software stack and; extending pkg to enable this capability for software installed from ports/packages.
+
+The detailed scope was co-created with core@, portmgr@, pkgmgr@, secteam@, releng@
+
+* Must
+** Evaluate projects/solutions available in the wider ecosystem (in progress)
+** Propose the target solution for SBOM (in progress)
+** Produce an SBOM in CI (e.g. weekly builds) (in progress)
+** Produce an SBOM as an artifact as part of the release process (in progress)
+** SBOM artifact on demand (in progress)
+** Roll up existing data (in progress)
+** Record and explain decisions made (in progress)
+* Could
+** Engage with other similar projects (in progress)
+
+Commissioning body: Sovereign Tech Agency
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-03 02:59:15 +0000