7 comments

[ 2.7 ms ] story [ 45.9 ms ] thread
This is a fascinating peek into the unglamourous administrative moving parts of supply chain risk management.

Octave [0], Cygwin [1] and GIMP [2] mailing lists were also fortunate enough to be included in this process. Given the timespan between the posts this seems to be taken rather seriously.

I also found the likely reason in [3]: since 2019 they have a new supply chain risk management proces. Slide 10 gives some additional background.

[0] https://octave.1599824.n4.nabble.com/Country-of-Origin-Verif...

[1] http://cygwin.1069669.n5.nabble.com/Country-Of-Origin-Verifi...

[2] https://www.talkend.net/post/75432.html

[3] https://csrc.nist.gov/CSRC/media/Projects/cyber-supply-chain...

> Hytera Communications Corporation

> Huawei Technologies Company

> ZTE Corporation

> Dahua Technology Company

> Hangzhou Hikvision Digital Technology Company

why does it list these specific companies?

The US Government has been tightening restrictions on Chinese equipment for a while now, particularly ones it has identified as having a close relationship with the PLA.