Two major concerns have occupied much of core's attention during the last quarter: the reorganisation of the Security Team and the question of whether to import GPLv3 licensed code to the source repository.

The Security Team reorganisation, first proposed to Core during a meeting at BSDCan this year by Gleb Smirnoff -- core member and newly-appointed deputy Security Officer -- has now been accomplished. In order to improve the project's responsiveness to security alerts, to maintain security on privileged information received in confidence before general publication and, not least, to reduce the work load on the security officer, the role of the SO team has been redefined as the controller of the distribution of security sensitive information within the project; responsible for interfacing with external bodies and individuals reporting security problems, and connecting them with appropriate individuals within the project with the technical expertise to address the identified concerns. The SO team was cut down to just the Security Officer and his deputy, assisted by a secretary, and with input and help in drafting security advisories from former and any potential future Security Officers plus liasons with Core, Cluster Administration and Release Engineering.

Core would particularly like to thank the former members of the Security Team group for their past contributions, now that the Security Team role has been merged into the Security Officer's responsibilities.

The other large question concerning Core is how to provide a modern toolchain for all supported achitectures. Tier 1 architectures are required to ship with a toolchain unencumbered by onerous license terms. This is currently provided for i386 and arm64 by the LLVM suite, including the Clang compiler, LLD and LLDB. However LLVM support for other Tier 2 or below, architectures is not yet of sufficient quality to be viable, and the older but pre-existing GPLv2 toolchain cannot support some of the interesting new architectures such as arm64 and RISC V. Pragmatically, in order for the project to support these until LLVM support arrives we must turn to the Gnu project's GPLv3 licenced toolchain.

The argument here is whether to import GPLv3 licensed code into the &os; src repository with all of the obligations on patent terms and source code redistribution that would entail, not only for the &os; project itself but for numerous downstream consumers of &os; code. Not having a toolchain readily available is a big impediment to working on a new architecture.

One potential solution is to create a range of 'GPLv3 toolchain' base-system packages out of a completely separate source code repository, for instance within the &os; area on Github. These would be distributed equivalently to the other base system binary packages when that mechanism is introduced.

Core recognises that this is a decision with wide ranging consequences and will be producing a position paper for circulation amongst all interested parties in order to judge community opinion on the matter. Core welcomes feedback from all interested parties on the subject.

Beyond these two big questions Core has handled a number of lesser items:

• Core approved the formation of a wiki-admin team to take over managing the Wiki, to curate the Wiki content and work on navigation and organization of existing technical content and to evaluate new Wiki software with the aim of opening up the Wiki to contributions from the public.
• An external review board has been assembled to look at the Code of Conduct, including a mixture of project members and experts from external groups. The review process is getting under way and Core is awaiting their report.
• The standard documentation license was found to be unfit for purpose, and the doceng group had temporarily reverted to the previous license while a new replacement was drafted. This new license is now the default for new documentation submissions. However one factor emerging from this review was the difficulty of maintaining correct authorial attributions for sections of documentation, some of which may only be a few words long. Unlike source code, blocks of documentation are frequently moved around within individual files, or even between files. Consequently Core would like to introduce a 'Voluntary Contribution Agreement' along the lines of the one operated by the Apache Foundation. With this, copyrights are signed over to the &os; Foundation, with individual contributions being recognised by recording names in a general 'Authors' file. This will be another alternative alongside the existing copyright mechanisms used in the project. Core is interested to hear any opinions on the subject.
• Core approved the formation of a new 'dev-announce' mailing list, which all &os; committers should be members of. This will be a low-traffic moderated list to contain important announcements, heads-ups, warnings of code freezes, changes in policy and notifications of events that affect the project as a whole.
• Around eight years ago, an attempt was made to import the OpenBSD sensors framework. This was rejected at the time as potentially blocking the development of a better designed framework. However, no such development has occurred in the interveining time whilst the sensors framework has been in use successfully by both OpenBSD and FreeNAS. Despite some concerns about the efficiency of the framework and potential impacts on power consumption and hence battery lifetime, core is minded to approve the import, but wants to consult with interested developers first.
• Core is exploring the legal ramifications for the project of the "Right to Be Forgotten" established by the European Court of Justice.
• Core is also seeking an alternative means for holding their regular monthly conference calls. The current, paid-for, service has less than satisfactory sound quality and reliability, and Core would like to switch to a free video conferencing solution.

This quarter also saw a particularly large influx of new commit bit requests, with on occasion, four votes running simultaneously. Please welcome Kurt Lidl, Svatopluk Kraus, Michal Meloun, Jonathan Looney (Juniper), Daisuke Aoyama, Phil Shafer (Juniper), Ravi Pokala (Panasas), Anish Gupta and Mark Bloch (Mellanox) to the ranks of src committers. In addition, core was delighted to restore commit privileges for Eric Melville after a hiatus of many years.

No commit bits were taken in during the quarter. A non-committer account was approved for Kevin Bowling of LimeLight Networks. Kevin will be doing systems administration work with clusteradm with particular interest in the parts of the cluster that are now hosted in LLNW's facilities. Deb Goodkin, of the &os; Foundation was added to the developers mailing list: she was one of the few members of the Foundation Board not already on the list, and having awareness of what is going on in the developer community will help her to support the project more effectively.