►
From YouTube: CHAOSS.Evolution.WG.Sept.9.2020
Description
CHAOSS.Evolution.WG.Sept.9.2020
A
A
I
know
there's
some
stuff
from
from
last
week
that
you
guys
are
talking
about
that.
Shawn
told
me
about
sorry
that
I
haven't
been
on
the
calls
for
a
while.
I
was
working
my
internship,
which
was
all
day
every
day,
so
I
I
didn't
have
time
to
make
these
calls
and
then,
after
it
ended,
I
just
had
some
some
personal
stuff
and
school
getting
started
up.
So
I
wasn't
able
to
make
it
for
a
couple
weeks
in
a
row,
but
I'm
back
for
good
now,
at
least
until
something
happens
again
so.
B
A
Won't
have
yep,
I
won't
be
able
to
drive
too
much
today,
but
I'm
happy
to
to
help
take
notes
if
there's
particular
things
we
want
to
talk
about
from
from
last
week.
I
know
sean
mentioned
that
you
guys
were
talking
about
changing
the
language
of
reviews
was
one
thing
that
he
mentioned.
Did
I
remember
that
correctly.
C
A
B
Independent
code
dependencies
is,
is
what
so
dependencies
becomes
a
focus
area,
and
then
evolution
can
decide
how
they
want
to
what
metrics
they
want
to
create
to
look
at
dependencies.
Okay
and
then
there.
The
interesting
thing
about
dependencies
is
that
we're
going
to
try
to
run
that
as
a
focus
group
in
or
a
focus
area
in
different
working
groups,
and
each
working
group
will
look
at
that
focus
area
from
a
different
perspective.
B
A
B
A
B
A
C
C
D
C
I'm
like
I'm,
focusing
it
to
the
evolution,
so,
okay
in
the
process
of
project
evolution,
is
project
dependent
on
anything,
maybe
liabilities,
be
it
koda,
beeps
people
whatever.
So
what
is
our
as
a
evolution
group
focused
on
the
dependencies?
What
can
we
think
that's
what
I'm
trying
to
brain
is
from
here.
A
I
think
breaking
up
the
types
of
dependencies
that
we
want
to
look
at
just
overall
probably
would
be
helpful,
and
then
we
can
kind
of
further
refine
and
say
these
are
the
types
that
we
want
to
look
at.
That's
when
we
can
go
about
it.
We
could
also
just
go
about
trying
to
think
of
generic
questions
that
we
would
want
to
answer
related
to
dependencies
and
also
evolution
and
kind
of
tackle
it
from
that
way.
Is
there
did
so?
How
did?
How
did
the
the
discussion
about
dependencies
come
about
was?
A
A
B
Been
getting
requests
from
outside
of
the
community
to
start
exploring
dependencies,
and
I
think
those
those
requests
also
match
some
interest
from
within
this
within
the
community
to
explore
dependencies
as
well,
but
the
I
think,
the
the
thing
that
started
us
down
this
conversation
was
a
request
from
outside
the
community.
I
believe.
E
Okay,
so
I
have
a
q,
a
question
we
could
answer
so
something
like
what
how
do
dependencies
affect
the
the
project
velocity?
So
in
other
words,
if
we,
if
there
are
more
dependencies
or
more
outside
libraries
or
projects
that
are
we're
dependent
on
a
project,
is
dependent
on,
does
that
enable
a
project
to
move
faster,
to
close
issues
faster
to
ship
releases?
Faster,
would
is
that
is
that
kind
of
what
we're
talking
about.
I
think
with
regard
to
dependencies
and
evolution
specifically.
A
A
So
this
is
how
I
phrased
that
elizabeth,
how
do
dependencies
affect
the
project
velocity
and
does
having
more
or
less
of?
Is
that
the
main
distinction
like
more
or
less
or
maybe
like
a
certain
type
or
so
even
even
a
specific
dependency
like?
Can
we
say
that
projects
that
use
this
framework
have
some
sort
of
common
thread?
E
A
Are
there
dependencies
that
I
think,
like
tracking
the
maybe
looking
at
what
dependencies
get
added
and
dropped
as
a
project
matures
like
if
they
start
using
flask
and
then
they
drop
it
for
django
or
they
drop
it
and
switch
to
their
own?
You
know
home
rolled
dependency.
You
know
to
do
some
some
web
requests
or
something.
I
think
that
could
be
an
interesting
question
like
can
you
can
you
look
at
it
at
a
project's
dependency,
chart
and
kind
of
get
an
idea
of
what
else
was
happening
kind
of
that's.
Does
that
make
sense?
E
A
This
is
my
internet
connection.
It's
unstable!
That's
annoying!
Sorry,
I
think,
as
that
is
an
interesting
question
actually
like
do
like
looking
at
this.
This
project
is
maturing,
and
so
is
this
one
and
you
know
they're
both
getting
adopted
at
the
same
rate
or
something
like
that.
But
I
think
my
question
is
more
focused
on
like:
can
you
use
the
changes
in
a
project's
dependency
dependencies
as
a
proxy
for
other
events
that
happened
like
or
or
to
make
some
like
to
say
they
switched
frameworks
or
they
dropped
a
bunch
of
dependencies?
A
And
now
it's
it's
more
mature
because
they
they
took
the
time
to
do
this
or
it's
less
mature
because
they
added
a
bunch
of
dependencies
because
they
just
added
a
bunch
of
dependencies
out
of
nowhere.
Like
you
know
in
our
is
there
kelly?
Can
you
make
those
kinds
of
those
those
calls
just
looking
at
the
dependency.
A
B
A
There
was
a
audrey
at
one
point
used
a
project
called
libraries.io,
which
you
guys
might
have
heard
of
two.
It
did
a
bunch
of
it
just
had
like
a
huge
index
of
what
packages
needed.
What
other
packages
across
a
few
like
of
quite
a
few
different
platforms
like
they
had
ruby
gems.
They
had
python
packages,
they
had
node
and
stuff
in
there.
I'm
trying
to
remember
we,
we
built
some
metrics
from
that
like
a
really
long
time
ago,.
C
E
I
think
maybe
another
interesting
question
would
be
around
contribute
contributors
so
like
if
there
are
more
dependencies,
does
that
also
increase
the
number
of
contributors,
because
people
might
be
familiar
with
one
of
those
packages
or
one
of
those
dependent
pieces
of
software?
You
know
like
thinking
of
like
frameworks
and
things
like
that.
Would
that
expand
the
pool
of
potential
contributors
or
would
it
make
the
waters
muddier?
A
Yeah
I've,
never,
I
would
never
thought
of
that.
So
like
is
there
a
relation
between
the
numbers
of
contributors
and
dependencies
in
the
context
of
like
you
know,
does
if
there
are
more
dependencies,
then
there's
a
higher
chance
that
contributors
would
be
willing,
willing
or
able
to
to
contribute
because
they
understand
these
packages,
but
also
it
muddies
the
water
is
that
kind
of
like
yeah,
I'm
just
trying
to
make
sure
I
captured
your
thought
totally.
E
A
B
B
F
A
Okay,
so
just
to
to
make
sure
that
I
click
that
I'm
what
I
understand
it's
like,
if
I
you
know
I,
you
could
say,
I'm
a
core
contributor
for
auger,
but
if
there's
a
sub
repository,
that's
a
side
project
of
auger
that
loosely
depends
on
it,
and
I
make
only
a
couple
commits.
I
would
be
a
core
contributor
for
auger
and
periphery,
for
the
other
thing
is
that
I.
F
A
A
B
C
A
A
A
B
E
B
B
A
D
A
Maybe
maybe
it's,
it
would
also
be
interesting
to
try
to
classify
code
dependencies
even
further
like
this
is
a
framework
like
this
is
like
this
is
a
this
is
dependency.
You
have
one
of
in
your.
You
have
one
of
these
types,
because
this
is
the
framework
that
you
use
and
then
you
have
some
like,
maybe
utility
ones,
or
maybe
you
have
like
some
some
in-house
dependencies
that
you've
rolled
like
other
ones
that
we
can
say
are
definitively
for,
like
you
know,
maybe.
B
A
Oh,
I
remember,
but
my
question
was:
I
think
it
might
also
be
interesting
to
try
to
look
at
like
all
of
the
downstream
dependencies
from
a
project
like
you
know,
out
of
all
the
projects
that
use
react.
If
you
know
it,
I
think
the
most
interesting
ones
to
be
look
to
look
through.
It's
like
how
many
still
use
an
unsupported
version.
Like
you
know,
I
don't
know
what
version
react
is
on,
but
it's
like
we're
on
react,
10
and
long
term.
Support
for
six
has
stopped.
A
A
You
know
we
have
people
using
it
from
two
years
ago
and
also
the
most
recent
update
is,
or
is
most
everybody
using
after
a
certain
date
or
after
a
certain
version,
or
is
it
you
know,
like
almost
everybody
is
using
the
up-to-date
version.
I
think
that
would
be
a
that
could
be
an
interesting
question,
something
like
that,
or
is
that
way
too
simple?
How
many,
how
many
versions
of
a
dependency?
A
C
I
think
what
I'm
getting
from
this
conversation
is
like.
We
are
focused
on
the
code
dependency
on
library
dependency
and
we
are
having
different
filters
in
that.
So
with
that
in
mind,
I
think
it's
a
good
idea
to
if
we
start
like
brainstorming
code
dependency
in
a
template
like
developing
a
code
dependency
as
a
metric,
and
in
that
we
see
okay,
what
are
the
different
filters
that
can
help
us
answer
these
kinds
of
questions.
E
That,
I
might,
I
might
be
seeming
pedantic
here.
I
apologize
for
that.
If
that's
the
case,
but
I
guess
I'm
not.
I'm
not
sure
where
the
line
is
between
what
the
risk
working
group
would
be
considered
would
be
concerned
with
versus
us
in
evolution,
because,
because
that
to
me,
seems
more
of
like
a
risk
category
or
or
something
that
they
would
be
concerned
about.
You
know
just
for
potential
bugs
and
holes
and
security
vulnerabilities,
not
necessarily
the
the
growth
of
the
project,
but
I
could
be
totally
wrong.
B
C
Correct
then,
that's
a
shame,
because
that
actually
is
really
helpful.
This
is
like,
I
really
like
this
distinction,
because
it's
clear
because
I
always
felt
like
risk
and
evolution
are
very
interrelated,
but
this
is
a
like
fine
line
between
them.
Revolution
is
more
on
the
production
and
risk
is
on,
like
assessments
are
used.
F
B
C
A
C
B
B
C
E
F
E
A
I
agree
first
of
all,
definitely
going
through
this.
I
think
it's
become
very
clear
that
there's
a
I
mean,
obviously
there's
a
lot
of
cross-pollination,
but
one
thing
that
I
that
I
thought
about.
While
you
were
well
you're
talking
about
that
is-
and
I
don't
mean
to
totally
change
the
subject
away
from
this,
but
the
idea
of
a
code
dependency
versus,
like
the
term
code
dependency
versus
a
library
or
package
dependency.
A
I
think
we
should
maybe
at
least
put
down
like
write
down
that
we
should
think
about
that
language
difference,
because
you
could
almost
say
that
a
code
dependency
is
if
I
write
one
class
that
does
some
functionality
and
then
another
class
that
depends
on
that
class
to
provide
some
functionality.
That's
a
code
dependency,
but
I
think
what
we're
mostly
talking
about
is
libraries
or
packages.
Like
the
nod
said,
like
I
take
this
source
code
from
you
know,
I
take
this
code
that
somebody
else
wrote
completely.
A
A
C
So,
for
example,
if
I
take
a
if
somebody
else
has
written
a
class
I've
taken
that
class
and
used
it
in
my
own
program
writing
I
have
just
taken
the
class,
but
now
I'm
not
depending
on
that
class.
So
if
that
class
is
updated
or
not,
that
doesn't
affect
my
code
because
I
just
copied
as
exact
code,
whereas
in
terms
of
library
I'm
pointing
to
that
library
and
I'm
relying
on
that
library.
If
that
library
gets
updated
and
my
pointer
gets
broken,
that
is
a
difference.
A
I
mean
I
agree,
but
I
would
be.
I
would
be
fascinated
to
see
the
cases
where
directly
copying
one
class
from
the
source
code
of
a
library
would
give
you
the
functionality,
like
I'm
not
sure
how.
How
often
that
happens,
because
I
don't
know
how
often
that
would
work.
I
agree
that
they're
different
things
and
that
it
would
be
hard
to
you
know
it's
they're,
both
providing
they're
both
a
dependency,
but
I've
never
just
copied
the
code,
the
source
code
for
an
other
for
another
library
and
dropped
it
into
mine
and
made
it
work.
A
C
C
But
what
I'm
trying
to
communicate
is
there
are
different
developers
who
just
don't
want
to
use
entire
every
a
particular
class
is
useful
to
them
and
that's
where
they
feel
like
this
is
only
functionality
I
can
get
from
this
particular
thing,
and
I
just
copy
that
code
and
embed
it
in
my
program
instead
of
like
relying
on
the
whole
library
which
carries
a
lot
of
weight
and
memory
things.
That's
what
I'm
trying.
A
C
A
Okay,
okay,
I
understand
you
know
yeah.
I
think
that's
also.
Actually
a
great
point
is
that
there's
definitely
there's
even
weights
to
how
much
you
depend
on
on
a
on
a
project
because,
like
yeah,
if,
if
I
depend
on
this
library
for
one
it's,
you
know,
I
need
a
helper
function
to
do
this,
one
weird
date,
time,
calculation
and
one
part
of
some
optional
path.
In
my
application,
it's
different
than
if
it's
the
main
framework,
I
built
my
entire
application
around.
I
don't
know
if
that's.
F
A
C
So
what
I
was
trying
to
communicate
from
this
was
like
code
dependency
is,
I
don't
know,
I
just
copied
the
class,
but
I'm
not
depending
on
it,
whereas
in
library
or
in
package,
I'm
relying
on
that
entire
package.
If
that
gets
updated
or
changed,
I'm
mr,
like
my
links,
will
be
broken
or
my
entire
software
is
going
to
be
broken.
If
there
is
a
change
in
that
library
or
package,
wouldn't.
G
D
A
A
Yeah,
I
think
that
would
be
helpful
to
define
these
three
first
or
maybe
even
if
there
are
other
types
we
want
to
include.
Like
I
don't
know,
platform
dependency
like
are
you
you
know,
are
you
a
facebook
plugin
or
I
don't
even
know?
That's
that's.
If
that's
a
thing
like
are
you?
Are
you
a
browser
extension?
Do
you
depend
on
the
existence
of
some
other
third
party
for
your
application?
A
E
D
C
G
B
A
C
B
B
G
Infrastructure
will
be
part
of
a
platform
because
it
rests
on
a
platform.
For
example,
if
you
have
a
32-bit
machine,
let's
say
you
know,
and
someone
has
a
64-bit,
then
that
is
a
problem
of
compatibility,
and
you
know
you
can
start
talking
about
problem
of
dependence
and
things
like
that.
But
docker
sits
on
any
of
this
platform
without
any.
You
don't
have
to
worry
about
those
dependencies
anymore.
G
B
A
A
A
Like
you
know,
we
have
dependency
on
the
chaos
governing
board
and
the
leaders
of
the
working
groups,
like
obviously
that's
much
more
nebulous
than
than
what
we're
talking
about
here
and
probably
warrants
a
whole
other
other
discussion.
But
that's
that's
something
that
I
thought
about
it's
like
you
know.
A
A
I
think
I
think
that
these
these
different
types
of
dependencies
that
we've
been
talking
about
for
the
past
couple
of
minutes
are
our
first
metrics
either.
I
think
they're
good
candidates
for
the
first
metrics,
just
because
they'll
allow
us
to
say
like
okay.
These
are
the
types
of
tendencies
we
have
and
then,
after
we
flush
these
out
a
little.
F
A
E
B
B
C
B
A
B
A
B
G
B
C
B
A
A
A
B
If
you,
if
you
put
the,
if
you
add
the
links
to
the,
if
we
have
google
docs
for
them-
and
you
add
the
the
links
to
the
excel
sheet,
you
could
just
send
out
a
link
to
the
excel
sheet
and
just
say:
hey:
we've
added,
okay,
these
depend
metrics.
That
way.
That
way,
you
don't
have
to
send
out
a
ton
of
links.