[Qgis-psc] Request for Information: QGIS

Andreas Neumann andreas at qgis.org
Wed Sep 27 00:08:57 PDT 2023


Dear Cynthia,

Thank you for your inquiry regarding QGIS software.

I am trying to answer your questions.

Q: Is there an organization which sponsors/publishes the project ?
A1: organization: QGIS.ORG is an association domiciled in Switzerland - see
https://www.qgis.org/en/site/getinvolved/governance/index.html - license
wise, the project uses the GPL v2 or higher license you are probably
familiar with from other open source software
A2: sponsors:  we have sustaining members and donors who finance the
project. You can find the lists of sustaining members in our financial
reports at
https://www.qgis.org/en/site/getinvolved/governance/finance/index.html or
at https://www.qgis.org/en/site/about/sustaining_members.html - in
addition, most feature that find their way into QGIS are typically
developed by one of our commercial support providers listed at
https://www.qgis.org/en/site/forusers/commercial_support.html - primarily
the core contributors. And of course there are also individual
contributions outside of such companies.

Q: Is there a primary developer who audits the code for potential
vulnerabilities, errors, or malicious code ?
A: we don't have a primary developer mainly responsible for security - but
we have a small team of core developers dealing with security issues. You
can reach out to them via the group email security at qgis.org

Q: We have identified contributors on GitHub located in Lithuania,
Australia, Portugal, South Africa, the Netherlands, the United Kingdom,
Japan, Slovakia, Norway, France, Romania, Canada, Italy, Brazil,
Switzerland, Germany, New Zealand, Indonesia, Austria, Tanzania, Bulgaria,
Spain, the Czech Republic, and Algeria
A: This list is probably quite comprehensive but most likely not complete.
We are a worldwide project - and there are almost certainly more
contributing countries involved than you listed above. To get an idea who
is contributing, you could start at
https://github.com/qgis/QGIS/graphs/contributors

We hope that this information helps you in your supply chain assessment? If
you have additional questions, please reach out to us.

And of course - if security or other issues are of concern for NASA then we
would welcome it if NASA becomes a sustaining member of QGIS.ORG - so that
we can address such issues in a more comprehensive and thorough way.

Best regards,
Andreas Neumann
QGIS.ORG PSC member

On Tue, 26 Sept 2023 at 22:06, Zhang, Cynthia X. (GSFC-710.0)[KPMG LLP] <
cynthia.x.zhang at nasa.gov> wrote:

> Hello, my name is Cynthia Zhang and I am a Supply Chain
> Risk Management Analyst at NASA. NASA is currently conducting a supply
> chain assessment of QGIS. We are interested in confirming the following
> information:
>
>    1. Is there an organization which sponsors/publishes the project, or a
>    primary developer who audits the code for potential vulnerabilities,
>    errors, or malicious code? Y/N
>    2. We have identified contributors on GitHub located in Lithuania,
>    Australia, Portugal, South Africa, the Netherlands, the United Kingdom,
>    Japan, Slovakia, Norway, France, Romania, Canada, Italy, Brazil,
>    Switzerland, Germany, New Zealand, Indonesia, Austria, Tanzania, Bulgaria,
>    Spain, the Czech Republic, and Algeria.
>       1. If possible, could you please confirm this information?
>
> Thank you for all your help,
>
> *Cynthia Zhang*
>
> SCRM Analyst | NASA
>
> Supply Chain Risk Management (SCRM)
>
> Office of the Chief Information Officer (OCIO)
>
> *Mobile:* 301.500.6250 | *Email:* cynthia.x.zhang at nasa.gov
>
> Website <https://nasa.sharepoint.com/sites/ictscrm/>
>
> ICT SCRM Knowledge Center <https://nasa.sharepoint.com/sites/ictscrm/>
>
>
>
>
>


-- 

--
Andreas Neumann
QGIS.ORG board member (treasurer)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-psc/attachments/20230927/08afa268/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 11224 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/qgis-psc/attachments/20230927/08afa268/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 11224 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/qgis-psc/attachments/20230927/08afa268/attachment-0003.png>


More information about the QGIS-PSC mailing list