[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#51976: Inquiry: gzip for NASA Use

From: Zhang, Cynthia X. (GSFC-705.0)[TELOPHASE CORP]
Subject: bug#51976: Inquiry: gzip for NASA Use
Date: Fri, 19 Nov 2021 19:04:40 +0000

Hello, my name is Cynthia and I am a Supply Chain Risk Management Analyst at 
NASA. NASA is currently conducting a supply chain assessment of gzip. As stated 
by Sections 208 and 514 of the Consolidated Appropriations Act, 2021, Public 
Law 116-260, enacted December 27, 2020, a required step of our process is to 
verify the Country of Origin (CoO) information for the product, aka the country 
where the products were developed, manufactured, and assembled. As gzip is open 
source, we understand that this inquiry is not directly applicable, as 
contributions may be made from individuals from around the world. In this case, 
NASA is interested in confirming whether there is an organization which 
sponsors/publishes the project, or a primary developer who audits the code for 
potential vulnerabilities, errors, or malicious code. Does gzip have overseeing 
organization or individual along these lines? If so, please provide the country 
they are established in so we can provide as much insight as possible following 
our federal mandate.

Thank you,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]