►
From YouTube: CHAOSS.Community.Sept.29.2020
Description
CHAOSS.Community.Sept.29.2020
A
That
is
happening
on
october,
19th
and
20th,
and
the
kind
folks
at
baturgia
have
donated
a
booth
for
us
for
the
chaos
project
as
part
of
their
sponsorship.
So
it's
virtual.
It's
really
cool.
I
have
not
personally
done
a
virtual
booth
yet,
but
so
I'm
excited
to
try
this
out
and
it
has
a
little
moon
landing.
Lunar
little
lunar
pod
thing
it's
pretty
cool
because
that's
their
theme
anyway,
I
digress.
We
do
have
slots
if
you
are
interested
in
chatting
with
people
about
the
chaos
project.
A
There
is
a
signup
sheet
and
I
have
oh
thank
you
for
recording
this
map.
I
apologize.
I
did
not
do
that.
If
you
would
like
to
staff,
the
virtual
booth
feel
free
to
add
your
name
wherever
I'm
not
sure
how
many
people
we
will
need.
So
I'm
I'm
just
guessing.
We
will
need
two,
but
if
we
have
a
lot
of
people
who
would
like
to
participate,
then
I
I
put
my
name
down
a
lot,
so
I
can
by
all
means
I
I'm
great
at
not
doing
stuff.
A
So
I'm
more
than
happy
to
stand
back
and
let
others
have
a
chance
to
to
chat
with
people
about
chaos,
so
feel
free
to
add
your
name
wherever
you
want
and
I'll
make
sure
that
you
have
all
the
information
beforehand
on
how
how
it
works
and
what
you're
supposed
to
do
and
all
that
stuff
and
also
the
conference
itself,
is
free
to
attend.
So
if
you're,
not
virtual,
conferenced
out
yet
I
it
all
things.
A
C
E
F
D
C
B
F
A
All
right
and
then
from
last
week
I
just
wanted
to
remind
everyone
again
about
hacktoberfest.
I
know
grimorlab,
they
are
gonna,
be
setting
up
a
page,
a
dedicated
page
on
their
website
about
how
they
people
can
participate
and
all
of
that
good
stuff-
and
I
know
auger,
I'm
pretty
sure
sean
wright
is
gonna
to
be
labeling
some
issues
that
would
be
appropriate
for
hacktoberfest
as
well.
So
if
you,
if
anyone
on
the
call
or
if
you
know
it.
G
A
B
A
Teamwork
makes
the
dream
work
all
right,
yeah,
so
we'll
do
that
dni,
badging
promotion.
So
last
time
we
said
we
were
going
to
ask
people.
We
were
going
to
voluntold
bow
and
tell
people
to
if
they
could,
but
at
all
reach
out
to
events
that
they
know
of
that
were
hosting
events
or
organizations
they
know
of
that
were
hosting
events
to
have
them
request
a
badge
I
don't
know.
If
that
happened,
does
anyone
have
any
follow-up
or
any
feedback
or
matt
smell.
A
B
B
A
B
Yeah,
the
openstack
one,
obviously
armstrong
was
soheal
with
bram.
J
I
can
fill
in
wherever
we
need
anybody
to
reach
out
to
someone
that
nobody
knows
and
and
get
fill
in
the
spots
that
we
need
filled.
A
A
A
A
Good
timing,
matt
yeah-
I
don't
know
anything
about
this
at
all,
so
I
guess
we
can
wait.
Till
matt
comes
rejoins
and
it
looks
like
that
might
have
been
the
last
item
of
the
agenda.
How
is
that
possible?
Let's
look
at
what
we
had
last
week.
A
A
Oh
the
community
health
reports,
we've
been
working
out,
some
some
bugs
with
that.
So
if
you
know
people
who
have
tried
to
submit
a
report
request
and
have
not
been
able
to,
let
us
know
and
we
can
reach
out
to
them.
A
I
know
there
was
some
issues
with
the
images,
the
logos
that
were
kind
of
blocking
the
form.
So
I
think
we're
I
think,
we're
getting
close
to
working
out
those
few
bugs
there's
just
a
few
browser
bugs
that
you
know,
because
the
internet
works
on
some
browsers
and
not
on
the
others,
so
because
things
have
to
be
hard
all
the
time
so
yeah
and
I'm
looking
down
here
to
see
what
else
we
have
oh
dependencies.
A
So
that's
my
understanding
is
that
every
working
group
will
be
addressing
the
the
idea
of
dependencies
in
their
own
ways.
So
obviously
it
will
look
a
little
different
in
the
evolution
group
versus
the
risk
group
versus
whoever
else.
So
if,
if
you
were
one
of
those
people
who
are
like
yeah,
I'm
really
interested
in
talking
about
that,
then
you
might
pick
a
working
group
or
two
to
join
if
you
can
and
bring
those
up
at
those
individual
meetings.
A
K
K
A
little
bit
of
the
thought
process
that
led
us
to
that
which
was
dependencies
are
such
a
huge
topic
that
I
think
at
least
some
of
us
felt
that
creating
just
a
singular
group
to
look
at
it
might
arbitrarily
limit
what
people
are
able
to
come
up
with
organically
and
so
by.
An
initial
phase
is
encouraging
multiple
groups
that
are
interested
in
it
to
go
through
how
they
would
approach
this
problem
independently.
K
Then,
when
we
come
back
together
as
a
group,
then
we
have
multiple
ideas
and
ways
that
we
can
approach
it,
and
so
I
think
the
eventuality
is
that
we'll
have
something
a
bit
more
focused
or
delegated.
So
if
we
come
up
with
a
bunch
of
categories
areas
of
interest
and
ways
to
scope
it,
then
we
can
break
that
up
and
ideally
align
it
to
the
working
groups
that
make
the
most
sense
to
cover
those
areas
of
dependencies.
K
To
start
broadly,
and
by
having
multiple
conversations,
then
the
hope
is
that
we'll
have
various
kinds
of
ideas
I
mean
if
everyone's
in
the
same
place,
then
it's
harder
to
it's
hard
to
have
a
diversion
idea
and
it's
just
kind
of
part
of
the
like
the
thought
in
the
ideation
process
and
because
he's
not
here,
I'm
going
to
pick
on
that
a
little
bit
because
he's
the
one
who
is
the
the
cross-pollination
between
the
groups
and
he
was
initially
going
to
be
serving.
K
As
that,
the
point
of
connection
to
know
when
it's
time
to
bring
bring
it
together
and
make
it
a
bit
more
of
a
focused
effort.
I
think
that
was
the
initial
thought.
After
talking
about
it
for
our
entire
meeting,
I
think
we
probably
had
other
agenda
items
that
we
didn't
get
to,
because
this
was
really
interesting.
But
it's
it's
such
a
big
topic
that
we,
we
didn't
feel
like.
We
had
an
immediate
direction
outside
of
that.
L
A
So
we
were,
we
had
just
been
talking
about
dependencies,
because
that
was
something.
A
So
sophia
was
sharing
with
us
the
logic
behind
the
conversation
that
happened
in
the
risk
group,
I
think,
was
where
it
happened.
That
kind
of
just
was
like
the
final
okay.
This
is
what
we're
gonna
do
for
now.
Until
we
bring
everybody
back
together,
we're
gonna
keep
it
in
the
separate
working
groups.
So
did
you
have
anything
to
add
to
that.
B
I
think
I
think
it
makes
a
ton
of
sense.
I
do
so.
The
one
thing
that
I
do
keep
thinking
about
with
respect
to
dependencies
is,
we
are
going
to
have
to
have
some
tooling
at
some
point
somewhere,
and
I
know
that
folks
have
been
working
on
not
hearing
the
chaos
project,
but
other
projects
have
been
thinking
about
dependencies,
but
I'm
not
sure
how
we
kind
of
think
through
that
part
of
it
so
like
in
the
in
the
metrics
working
group
side
of
things.
B
B
And
in
that
email
I
had
sent
out,
there
was,
I
already
forgot,
the
name
of
it,
but
there
was
a
linux
foundation
project
that
has
some
dependency.
A
G
I
G
We
also
know
that
we
need
to
look
at
the
import
statements
for
anything
that
is
a
github
project,
that's
not
distributed
by
a
package
manager
so
that
we
can
get
that
dependency
and
version
understood
and
and
there's
some
other
things
listed
in
the
email
I
sent
out.
But
there
is
a
difference
from
a
risk
perspective
between
runtime
and
development
dependencies.
G
L
There
is
no
intention
of
adding
source
code
analysis
or
dependencies
at
the
at
the
source
code
level
between
the
packages
we
have
code
in
gremorelab
that
is
for
license
scanning,
but
even
that
is
not
actively
being
used
or
deployed
by
anyone
that
I'm
aware
of
so
the
focus
is
really
on
the
people
and
when
you
talk
about
dependencies
or
relationships
between
projects
at
the
person
level,
then
yes,
that
is
something
in
grimoire
lab
that
we
can
talk
about.
B
B
J
If
I
remember
correctly,
we've
had
this
discussion
a
lot
a
lot
of
times
and
we
kind
of,
if
I
remember
right,
I
I
I've
been
in
this
kind
of
listening
to
this
conversation
for
a
while,
and
we
kind
of
do
this
thing
of
like
we
table
it
until
later
and
later
it's
just
kind
of
not
defined,
I
feel
like
we
should
at
best
we
could
define
a
time
like
at
what
point
do
we
want
to
care
about
this
or
want
to
start
working
on
this.
J
Yeah,
I'm
kind
of
curious
about
sofia
that
link
that
you
sent
about
dependency
track.
K
I
think
I
think
that
might
have
been
shared
by
david
wheeler
who's
been
joining
the
risk
meeting
groups
and
he's
been
approaching
it
from
a
security
and
vulnerability
standpoint,
and
also
trying
to
be
the
source
of
crop
pollination
with
what's
happening
in
this
secure
supply
chain
groups
that
are
working
around
the
linux
project.
K
F
Yeah,
I'd
be
glad
to
real
quick,
so
about
a
month
ago,
rit,
which
is
the
rochester
institute
of
technology,
opened
an
open
programs
office
which
makes
us
one
of
the
first
universities
to
do
such
a
thing
and
I've
twisted
the
arms
of
the
department
of
research
computing
and
asked
them
to
spin
up
grimoire
labs
instance
for
me,
which
they
say
they'll
do
by
the
end
of
the
semester,
which
will
be
good
and
met
and
george
and
I
started
talking
about
what
kinds
of
things
might
a
university
want
for
metrics
right,
a
lot
of
the
interest
would
be
not
only
just
reporting
out.
F
You
know
how
much
university
contributes
like
other
folks.
You
know
other
other
industry
folks
do,
but
also
for
tenure
and
promotion,
and
things
like
that
demonstrating
impact
on
projects
and
proving
that
your
efforts
are
worthy
of
your
mighty
role
as
a
professor
are
important.
So
looking
at
things
like
that,
looking
at
what
kind
of
metrics
might
you
want
to
look
at
for
student
projects?
F
So
that's
as
far
as
we've
gotten
and
since
I
got
a
bop.
Hopefully
we
can
kick
around
some
more
ideas
next
week,
nice
to
meet
you
all.
A
B
A
B
Johns
hopkins
also
has
an
open
source
program
office
that
they've,
I
don't
know
if
they've
been
working
on
it
lately,
but
they
have
they
have
one
as
well,
and
there
is
this
whole
initiative
to
try
to
to
build
ospos
inside
of
universities.
A
Interesting,
okay,
so
we'll
put
him
we'll
put
that
conversation
first
next
next
time
and
then
I
think
the
it
looks
like
the
last
item
we
didn't
really
talk
about
yet
is
the
apache
incubator
clutch
status,
which
we
decided
matt,
you
added
that
and
so.
B
Just
can
you
attach
it
here
and
then
we
would
have
the
logo
and
we
can
put
it
on
the
report,
for
whatever
reason
like
jpegs
in
firefox
are
the
only
only
ones
that
will
come
across.
I
have
no
idea
why
so
we're
talking
to
to
folks
with
the
sales
force
team,
because
I
think
this
is
I'm
guessing.
This
is
an
issue
there
to
try
to
get
that
solved.
So
we
have
a
little
bit
of
a
hitch
right
now
in
the
community
reports.
Just
so
people
know
the
other
thing
and
I'm
sorry
if.
L
B
That's
probably
the
safest
approach.
To
be
honest
with
you
at
this
point,
and
probably
the
most
sensible
approach
to
to
be
honest
with
you,
too
so
good
idea,
and
then
the
the
only
other
thing
I
had
on
here
was
yeah
the
apache
thing,
and
I
I'm
guessing
all
of
you
are
familiar
with
the
apache
incubator,
about
projects
that
would
join
the
incubator
and
go
through
a
series
of
steps
to
try
to
determine
whether
or
not
they
would
become
apache
projects.
I
think
is.
B
Matrixy
kind
of
things-
I
guess
it's
not
actually
at
the
bottom,
it's
just
at
the
end
of
that
big
table,
so
my
only
thought
was
to
to
start
looking
at
this
list
as
potential
metrics
candidates
and
kind
of
reach
out
to
to
folks
at
apache
I
mean
they're
already
in
they're,
already
being
deployed.
B
I
would
love
to
know
if
they
have
taken
the
time
to
really
formally
document
these,
and
it
might
be
a
nice
way
to
to
capture
the
work
that
that
is
already
being
done
at
apache.
That's.
C
B
L
A
Okay,
what
else
do
we
have
to
talk
about?
E
D
A
I
think
he
was
mentioning
about.
Can
it
sounded
like
from
the
garbled
words
I
could
get?
I
think
he's
talking
about
the
continuation
of
or
or
like
revisiting,
some
of
the
metrics
that
we
released
a
while
ago
to
see
if
we
should
revise
them
or
improve
them.
Is
that
is
that
what
everyone
else
thought
he
was
talking
about
as
well?.
M
I'm
not
certain,
but
I
do
think
that
that
is
a
a
key
issue,
so
I
was
in
the
in
the
past
when
we,
when
we
did
metrics
releases,
all
of
the
metrics
would
basically
be
re-released
at
each
at
each
release,
so
it
would
go
through
the
review
process
again,
even
if
even
if
there
were
no
changes.
So
when
I
and
when
I
say
in
the
past,
we
only
did
that
once
or
twice,
but
there
was
a
general
process
where
we
were.
M
We
were
going
back
and
those
metrics
would
go
back
into
review.
We
are
lacking
that
now
and
I,
I
think,
to
a
degree.
The
working
groups
do
kind
of
once
it's
been
released,
it's
kind
of
let's
move
on
to
a
different
metric.
However
they're
they're
not
done
they
they
need
to
be.
I
think
they
need
continuous
attention
so
for
continued
attention.
B
G
And
so
I
haven't
made
that
change,
because
I
didn't,
since
I
think
that
was
a
meeting
you
missed
matt,
I
didn't
feel
I
had
that
we
had
consensus
and
I
don't
want
to
make
changes
without
some
degree
of
consensus
about
it,
especially.
F
A
G
I
M
I
was
gonna
say
we
could
add
some
language
to
the
the
metrics
release.
That
says
you
know
it
goes
through
this
review
period
prior
to
release.
However,
you
know
we're
still
accepting
comments
on
these
metrics
for
future
releases
or
for
future
revision,
and
so
direct
people
from
those
metrics
release
documents
to
to
still
comment
if
they
want
to.
Even
if
it's
outside
of
the
comment
period,
where
would
they
come
in,
I
think
it
would
probably
have
to
get
directed
to
the
the
working
group
that
the
metric
was
released.
B
L
Yeah,
I
my
sense
is
that
even
when
we
have
the
review
period,
we
don't
get
that
much
outside
contributions
outside
comments,
and
I
don't
I
don't
have
high
hopes
for
just
saying.
Hey,
please
comment.
Usually
we
seek
out
these
conversations
and
that's
what
we're
doing
with
in
the
working
groups
when
we
ask
people
about
their
experiences
or
through
the
podcasts
or
at
conferences,
when
we
talk
with
people,
that's
I
think,
where
we
collect
that
feedback.
A
A
All
right:
well,
we
can
just
give
you
all
back.
Your
nine
minutes
and
yeah
have
an
awesome
rest
of
your
day,
and
we
will
see
you
all
next
week.