►
From YouTube: CHAOSS Risk Working Group 10-14-21
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
B
B
B
B
A
B
B
A
B
B
C
A
C
E
A
B
There
was,
there
was
a
not
libyars,
but
it
was.
B
I
know
it
was
technical
debt.
There
was
a.
There
was
a
there's,
a
term
called
cumulative
technical
debt
that
has
been
used
inside
of
some
ospos
and
that,
let
me
see
if
I
can
find
the
essentially
what
that
metric
go
ahead,
david.
Let's.
A
Just
say
I'm
going
to
quickly
comment.
This
is
a
horrifically
terrible
name
because
it
has
nothing
to
do
with
technical
debt.
B
E
A
You
know,
and
there's
also
this
strange
notion
that
you,
you
know
having
zero
debt
is
your
goal,
which
is
actually
not
usually
the
case,
because
if
you
have,
if
you
spend
all
your
time
paying
down
your
debt,
you
know
it's
just
like:
buy,
I'm
gonna
buy
weight
and
buy
a
house
with
cash.
Really,
you
know,
if
you
wait
long
enough,
you
will
be
able
to
buy
the
house
with
cash.
You
will
also
be
dead
or
you
probably
won't
need
the
house
anymore.
There's
a
reason
you
acquire.
A
B
The
date
of
the
most
from
the
date
of
the
release
in
the
date
of
the
release
in
use
and
today's
date,
so
it
takes
no
consideration
of
how
far
behind
a
library
might
be.
So
if
I
have
a
10
year
old
library
and
I'm
actually
using
the
current
release,
libyars
would
not
calculate
that
as
being
anything
other
than
like
zero.
I
believe,
but
this
technical
debt
metric,
which
has
been
used
as
a
heuristic
in
some
ospose,
would
say:
okay,
well,
it's
10
years
old,
wait
from.
B
So
the
the
data,
so
what
I
meant
by
it-
and
maybe
it
needs
to
be
changed
it's
if
I'm
using
whatever
the
date.
So
if
I'm
using
2.01
and
there's
a
the
most
recent
release
is
2.01,
then
I'm
on
the
most
recent
release.
Even
if
it's
10
years
old
libyars
would
count
that
as
a
zero.
But
that's
trying
to
tangle.
E
A
Boy
they're
not
gonna,
like
left
pad.
B
Yeah
right
so
there
may
be.
You
know
there
may
be
an
argument
where
we,
you
know
what
would
be
a
better
name
for
technical
debt
than
technical
debt,
given
that
they're
looking
they're
looking
to
to
provide
some
kind
of
absolute
age
of
dependencies
using
the
current
date
instead
of
the
date
of
the
most
recent
release,
and
I'm
not
sure
what
different
information
that
provides,
or
maybe
that's
something
we
don't
need
to
address
and
shouldn't
talk
about.
A
All
right,
I'm
actually
not
a
fan
of
this
particular
measure,
but
you
know
what
I
mean.
You
know
anytime,
you
measure
anytime,
you
measure
something.
You'll
probably
get
some
insights
right,
so
I
mean
the
pro
here
pro
is
that
enables
noting
old
software
oops
that
might
no
longer
be
maintained.
B
A
A
I
actually
now
I
thought
I
had
it
configured
so
as
soon
as
I
plugged
in
a
mouse.
It
would
disable
that,
but
apparently
that
didn't
work.
Let
me
see
you.
A
B
D
A
All
right
so,
let's
see
here
enable
noting
old
software
that
might
no
longer
be
maintained
all
right
cons.
Basically,
it
penalizes
you
for
penalizes.
A
Use
of
of
stable
software
eg
left
pad
where
no
update
is
expected,
yeah
or
desired.
A
A
Yeah
but
though
auger
solved
it
but
other
you
know,
though
other
tools
can
implement.
You
know
now
implement
alternatives
like
yours,.
A
B
A
Is
older
than
the
current
release
right
and
the
other
one
is
frankly
not
so
great
too.
You
know
if
tomorrow
nothing
happens
to
in
my
dependencies.
The
number
keeps
changing.
B
A
Indented
lists
and
indented
lists.
I
used
I've
done
a
lot
of
list
programming,
so
I
don't
have
any
trouble
with
indentation
turtle's.
D
B
A
fable,
I
don't
think
it's
it's
a
fable,
but
it's
a
good
fable,
because
I.
B
A
D
A
A
All
right
I
mean
do
we.
B
B
It
might
be
useful
to
compare
a
collection,
a
large
collection
of
projects
at
one
point
in
time,
but
it
doesn't
really
give
you
any
kind
of
a
clear
sense
of
whether
or
not
your
dependencies
are
aging
or
you're
falling
behind
like
if,
if
I'm
using
a
five-year-old
library
with
libyars-
and
it's
current,
I'm
good
and
I
will
notice
a
big
change.
The
next
time
I
calculate
libyars,
if
there's
a
new
release
that
I
don't
implement.
A
Yeah
there's
actually
two
impacts.
The
number
constantly
slowly
changes,
even
when
there
are
no
new
releases
yeah,
even
when,
even
when
there
there
is
a
new
release,
this
metric
doesn't
only
changes
slowly
slowly,
so
it
doesn't
adequately.
B
No,
I
mean
yeah
like
yeah,
like
on
the
side
of
the
road
right,
a
little
pyrotechnics
in
the
pyrotechnic
sense.
Not
the
button
on
my
uniform
sense.
A
Right
right,
so
it's
I
mean
the
great
thing
about
this
is
that's
easy
to
implement.
I
think
I
I
think
actually,
maybe
actually
we
should
leave.
You
know
it's
easier
to
implement
than
libyars.
I
think
that's
the.
A
Well,
you
do
have
to
find
out
when
the
release
date
was
yeah,
since
you
only
need
to
know
its
date,
you
don't
have
to
find
out
when
it's
alternative
release.
C
A
But
please
excuse
me,
I
have
a
phone
call.
I
have
yeah.
B
No
problem
so
bernad
essentially
we're
talking
about
this
cumulative
age
of
all
dependencies,
which
was
called.
D
B
With
libya,
I
have
to
go
look
at
either
a
package
manager
or
a
github
repository
or
some
piece
of
information
to
know
the
date
of
the
most
recent
release.
Right
then,
I
have
to
be
able.
Then
I
have
to
go,
get
the
metadata
for
the
date
of
the
release
that
I'm
in
that
I'm
using
if
that's
different,
so
it
requires
access
to
a
package
manager
or
a
repository
so
that
I
can
calculate
a
delta
between
two
dates
that
are
not
today.
E
E
Yep,
so
that
is
the
date
we
got
it,
and
here
again
we
are
looking
for
the
date
for
that
library,
for
let
us
release
even
yeah.
B
Yeah
well,
it's
easier
because
you're
not
having
to
calculate
and
store
a
version
history
for
for
a
particular
dependency,
and
you
do
have
to
have
access
to
that
so
that
you
can
do
a
delta
between
your
current.
The
release
that
you're
using
and
the
more
current
the
most
current
release.
D
B
A
By
the
way,
I
I
would
call
this
the
cumulative
age
of
dependencies.
B
A
B
A
A
We
might
want
to
document
in
our
libya's
discussion
that
there
are
alternative
measures.
Here's
one
it
does
prov.
It
can
provide
some
useful
information,
but
we
have
chosen
not
to
dock,
to
define
it.
Here's
why
pros
cons
right
so
basically
grabbing
this
and
yanking
that
into
the
libyar's
text.
A
A
Oh
there's
a
visualization
references
contributors
I
mean:
do
we
have
an
discussion
or
alternatives
or
something
like
that?
Is
there
anything
like
that.
A
But
if
I,
if
I
do
sharp,
sharp
and
say
discussion
of
alternatives,
no
one
can
stop
me.
B
Well
for
data
collection
strategy:
if
we
did
it,
so
we
have
data
collection
strategies.
What,
if
what?
If
that
was
just
a
four
pounder
under
data
collection
strategies
that
shouldn't
break
anything.
E
A
Metrics
that
can
be
used
to
help
measure
the
age
of
dependencies
right.
B
C
B
A
A
Cumul,
let's
see
here
cumulative
a
oh
see:
well,
is
it
cumulative
age
or
it's
just
age
of
dependencies.
A
All
right,
yeah
and
so
on.
Let's
see
here.
A
Is
calculated
by
the
difference
between
the
eighth
and
the
totaled
up
total
across
total.
B
B
A
B
D
D
E
E
I'm
sorry,
I
have
a
one
question
on
this
alternative,
so
we
are
saying
there
are
alternative
metrics.
We
have
not
defined
this
as
a
chaos
as
a
this
cumulative
age
of
dependency
as
a
metric.
So
what
should
we
call
so
should
we
use
something
as
a
because
otherwise
this
will
confuse
the
reader
that
oh
there,
they
have
something
cumulative
dependency
metric,
let's
find
out
where
it
is
and
they
might
get
trapped
in
that.
A
B
E
Let's
turn
up
yep:
this
will
cover
this.
Then
they
don't
have
to
look
for
another
metric.
A
B
A
I
actually
have
a
quick
story:
the
department
of
defense
has
a
general
policy
of
when
they
say
you
do
something.
They
always
give
the
rationale.
Nasa
sometimes
would
copy
dod
stuff,
but
they
would
cut
out
the
rationale,
because
you
know
that
that
I
mean
that's
too
much
text.
We
don't
need
all
that
and
what
was
remarkable
is
that
every
time
somebody
said
hey,
I
don't
want
to
do
x.
That
doesn't
make
any
sense.
You
know
they
would
ask
for
a
waiver
and
nobody
knew
why
the
rule
existed
and
so.
A
A
So
and
it's
that
right
so,
including
there's
actually
a
particular
case
of
open
source
because
there's
a
rule
that
says
you
couldn't
use
software,
you
couldn't
use
public
domain
software,
but
nobody
but
well,
okay,
it
was.
It
was
actually
a
free
reader
word
than
that.
C
A
Obviously,
this
doesn't
apply
to
open
source,
but
all
the
nasa
folks
had
was
you.
You
cannot
use,
and
I
forgot
it
was
some
phrase
like
free.
You
know
publicly
free
or
I
forgot
what
the
word
yeah.
They
thought
open
it
applied
to
open
source
and
you
as
soon
as
you
looked
at
the
rationale.
You
realized.
Oh,
wait:
that's
by
definition,
not
open
source.
You
know
they're
worried
about
main
maintainability
perfectly
reasonable,
yeah
perfectly
reasonable.
Oh,
this
doesn't
apply
because
blah
so.
B
A
A
B
Can
she
can
fix
us
tomorrow
for
in
two
weeks
that
sounds
good.
Thank
you
all
for
participating
in
the
chaos
risk
working
group.
Today
I
bid
you
farewell
and
we'll
see
I'll,
probably
see
you
david
at
the
community
summit.