This is a fascinating peek into the unglamourous administrative moving parts of supply chain risk management.
Octave [0], Cygwin [1] and GIMP [2] mailing lists were also fortunate enough to be included in this process. Given the timespan between the posts this seems to be taken rather seriously.
I also found the likely reason in [3]: since 2019 they have a new supply chain risk management proces. Slide 10 gives some additional background.
The US Government has been tightening restrictions on Chinese equipment for a while now, particularly ones it has identified as having a close relationship with the PLA.
Octave [0], Cygwin [1] and GIMP [2] mailing lists were also fortunate enough to be included in this process. Given the timespan between the posts this seems to be taken rather seriously.
I also found the likely reason in [3]: since 2019 they have a new supply chain risk management proces. Slide 10 gives some additional background.
[0] https://octave.1599824.n4.nabble.com/Country-of-Origin-Verif...
[1] http://cygwin.1069669.n5.nabble.com/Country-Of-Origin-Verifi...
[2] https://www.talkend.net/post/75432.html
[3] https://csrc.nist.gov/CSRC/media/Projects/cyber-supply-chain...