This is a fascinating peek into the unglamourous administrative moving parts of supply chain risk management.
Octave [0], Cygwin [1] and GIMP [2] mailing lists were also fortunate enough to be included in this process. Given the timespan between the posts this seems to be taken rather seriously.
I also found the likely reason in [3]: since 2019 they have a new supply chain risk management proces. Slide 10 gives some additional background.
The US Government has been tightening restrictions on Chinese equipment for a while now, particularly ones it has identified as having a close relationship with the PLA.
7 comments
[ 2.7 ms ] story [ 45.9 ms ] threadOctave [0], Cygwin [1] and GIMP [2] mailing lists were also fortunate enough to be included in this process. Given the timespan between the posts this seems to be taken rather seriously.
I also found the likely reason in [3]: since 2019 they have a new supply chain risk management proces. Slide 10 gives some additional background.
[0] https://octave.1599824.n4.nabble.com/Country-of-Origin-Verif...
[1] http://cygwin.1069669.n5.nabble.com/Country-Of-Origin-Verifi...
[2] https://www.talkend.net/post/75432.html
[3] https://csrc.nist.gov/CSRC/media/Projects/cyber-supply-chain...
> Huawei Technologies Company
> ZTE Corporation
> Dahua Technology Company
> Hangzhou Hikvision Digital Technology Company
why does it list these specific companies?
More generally, it appears NASA doesn’t trust software from Chinese entities. As is only prudent, in my opinion.
It's against the law to do business with those specific companies in the performance of contracts with the federal government.