►
Description
[Standing Reminder] Should we cut a release soon?
Not at the moment.
After Docker is complete it might make sense, coordinate via slack.
[JH] 2FA Requirement
US team to pick this up and create an open-source issue for it.
Connecting with other CF cross-company teams and learn how they’re doing it.
Docker Epic
Started it and working through the stories.
Filling in Roles in the future
Consider using “kubectl auth can-i” to validate RBAC rules for each role.
Provisioned Services
Potential future proposal if we end up doing this.
A
Hey
well
in
the
dock,
we've
got
one
standing
reminder
about
cutting
a
release,
but
no
other
topics.
So
if
anybody
would
like
to
add
a
topic
well,
we
can
definitely
talk
about
it.
C
You
think
we
have
a
chore
in
our
background
to
go.
Do
it.
C
I
think
we
do
I
think
the
problem
is
they're
gonna
start
requiring
to
factor
off,
which
means
we
have
to
pick
some
second
Factor
and
the
so
the
way
that
we
kind
of
get
around
that
is
instead
of
engaging
a
second
factor
for
our
bot
account.
We
reset
the
password
every
time
we
need
to
log
in,
and
we
just
store
like
some
sort
of
recovery
key
instead
of
restoring.
Instead
of
storing
the
password,
we
store
some
recovery
key.
C
D
B
How
would
the
user
create
PRS
and
all
that
I
mean
if
we
store
that
recovery
key
this?
Wouldn't
that
mean
that
the
user
will
still
not
have
to
factory
enabled
on
their
account,
so
maybe
we'll
be
getting
the
warning
and
if
we
do
enable
two-factor,
wouldn't
the
you,
the
the
bot
have
to
use
the
second
factor
to
open,
PRS
and
stuff,
like
that,
that's
what
I
don't
quite
get.
C
C
But
but
it's
a
specific
it's
per
repo,
not
per
you
know.
It's
not.
C
B
C
B
Hope,
no
yeah,
okay,
maybe
I'm
just
misremembering,
because
yeah
this
me
maybe
sort
of
makes
sense,
because
then
you
can
still
have
service
account
like
access
per
repo
and
they
want
to.
They
don't
want
to
support
both
users,
like
it's
a
user
owned
by
some
human,
that
don't
doesn't
really
use
that
user
for
anything.
B
B
I,
don't
remember
the
deadline,
what's
the
dates
that
they're
going
to
absolutely
make.
A
B
A
requirement
but
I
guess
we
should
address
it
soon.
So
I
guess
the
only
thing:
I
I
guess:
either
we
do
it
or
you
do
it.
So
we
just
need
to
agree
on
that
and
then
whoever
whoever
will
do
it
will
put
a
chore
in
their
column
or
whatever,
because
we
don't
have
one
backlog
at
this
moment.
B
So
yeah
we're
a
little
bit
underwater
right
now.
So
we'll
really
appreciate,
if
you
can
do
it,
but
I
guess
we
can
also
do
it.
C
That's
fine
as
well
I
think
we
can
do
it.
We
are.
We
have
it
in
our
mixed
in
with
our
proprietary
junk
in
in
a
different
backlog,
so
we
just
didn't
copy
it
into
the
open
source
backlog,
but
we
can
do
it
and
then
we'll
we'll
have
have
more
concrete
recommendations
about
how
to
log
in
and
whatnot
yeah.
B
D
B
I
wonder
if
that
affects
the
the
public
GitHub
only
or
it
would
also
affect
Enterprise
GitHub
accounts
that
we
have
inside
our
companies
respectively,
but
we
don't
really
have
Bots
there,
I
guess
so.
Maybe
it's
not
so
important
and
anyway
it's
not
important
but
yeah
thanks.
Thanks
for
doing
that,
I
mean
we
could
also
have
done
it,
but
lately
we've
been
also
struggling
between
some
internal
stuff
and
the
docker
epic
and
some
other
small
bits
and
pieces,
and
it's
been
feeling
a
bit
like
you
know.
C
B
Yeah
we
just
we
haven't
really
properly
started
yet
like
we
did
one
story
about
being
able
to
create
Docker
apps
with
the
docker
type
life
cycle,
which
is
just
it's
a
small
one.
Something
that
did
come
up
in
this
one
was
validation,
because
the
this
is
very
weird.
This
is
Victory
API,
because
in
the
I
think
in
the
app
you
have
a
life
cycle
and
it
can
be
either
buildback
or
Docker.
B
But
then
it
entails
different
life
cycle
data
structure,
which
doesn't
translate
very
well
to
go
because
you
have
to
have
on
any
field
which
is
a
pain
or
you
have
to
have
a
single
strict
with
all
Fields
mixed,
and
this
is
the
approach
that
we
took
and
then
I
have
to
validate,
to
have
a
very
heavy
validation
around
like
when
build
pack
is
set
like
you,
don't
have
images
things
like
that,
and
the
other
way
around
and
the
generator
Library
doesn't
seem
to
have
a
way
of
doing
natively.
B
In
this,
this
condition
of
validation,
we
were
able
to
to
write
a
custom,
a
small
custom
function
for
validation.
It's
it's
a
bit
weird
because
it's
not
using
their
predicates,
but
it's
just
plugging
in
some
gold
code
with
an
if
not
the
end
of
the
world.
We
I
think
we
wasted
the
whole
day
on
it,
but
we
couldn't
couldn't
really
find
a
better
approach.
Maybe
the
library
needs
appear
or
something,
but
not
critical,
right
now,
just
something
that
didn't
come
up
in
the
spike,
because
we
wasn't
really
touching
these
parts.
B
We
just
hardcoded
the
docker
life
cycle
there,
but
yeah
other
than
that
I,
don't
know,
I
think
the
the
the
controller
part
of
it
is.
Oh,
that
doesn't
doesn't
hold
as
many
surprises,
because
that's
where
we
actually
worked
during
the
spike
and
now
we've
been
dealing
with
the
API,
which
was
we
we
consider
it
trivial
but
yeah.
This
is
what
what
came
up
other
than
that
I.
Think
it's
fine!
B
It's
just
that!
We
don't
have
tons
of
time
and
we're
making
slow
progress,
because
we've
been
also
doing
color
things
like
caring
about
the
pipeline,
doing
internal
stuff
and
whatnot.
B
A
I
think
we've
been
thinking
a
little
bit
lately
around
trying
to
get
some
of
the
roles
filled
out
to
some
degree,
so
we'll
likely
put
something
forth
before
too
too
long
on
that,
but
I
don't
think
that's
too
crazy
or
controversial
either.
A
I
think
part
of
it
is
just
making
sure,
like
the
roles
that
we
have
are.
The
roles
that
are
like
done
by
the
CLI
automatically
usually
or
are
at
least
close
to
correct,
is
the
general
consensus
on
that.
But
yeah
I
don't
know
I,
don't
know
that
we're
gonna
go
so
far
as
to
do
like
auditor
and
some
of
the
crazy
some
of
the
more
nuanced
roles,
but
you
know
I
think
we're
going
to
dig
in
to
figure
out
what
that
could
look
like
and
and
raise
some
thoughts
on
it.
So.
B
I
think
we
once
we
had
a
discussion
with
Daddy
on
authorization,
I
think
it
was
a
part
of
our
recent
E2
simplification.
Oh
that's,
that's
the
other
thing.
We've
been
doing
some
chores,
meaning
that
not
a
lot
of
product
increment
went
in,
but
anyway
we're
thinking
about
authorization
because
remember
we
cut
down
authorization
test
dramatically
in
the
E3
suite
and
we
thought
maybe
it's
a
good
idea
like.
If
you
want
to
test
rows,
it
could
be
a
possibility
to
write
end
to
end
like
tests
with
that.
B
That
does
something
similar
to
the
cubecutor
can
I
so
that
you
can
just
do
a
round
trip
with
the
token
it
would
do
the
token
review-
and
this
way
you
can
probably
check
if
the
if
the
row
can
do
this
or
that
without
having
to
do
a
very
complex,
very
complex
test,
setup.
B
B
D
D
A
C
We
had
a
a
provisional
possible
Epic
to
allow
people
to
bind
provision
secrets
as
user
provided
services
or
or
Services
of
some
kind,
but
I
don't
know
if
that's
going
to
happen
or
not.
Basically,.
C
Yeah
I'm
pretty
sure,
that's
what
it's
called.
It's
like
a
kubernetes
service
construct,
which
is
essentially
it's
a
duct
type,
so
any
object
that
has
a
status
binding
name.
C
It
fits
the
dark
type
and
that
that
status
of
finding,
that
name
is
a
reference
to
a
secret
in
the
same
name,
space
right.
So
that's
already
how
our
services
are
getting
created.
When
you
do
a
user
provided
service
and.
B
A
C
And
I
mean
we
haven't
really
done
a
whole
lot
of
anything
on
it
yet,
but
it's
just
a
possible
next
step
and
service
history,
because
we
have
a
kind
of
lousy,
Services
story
right
now,
user.
B
Yeah,
that's
interesting.
If
you
have
more
information,
this
would
be
will
be
interested
to
take
a
look.
So
if
you
have
something
in
written
form
at
some
point,
just
just
send
it
along.
C
B
Yeah,
we'll
be
interested
also
in
more
like
context
about
around
why
you
need
it
like
what
was
the
sort
of
high-level
use
cases?
It's
like
sharing
external
services,
that
you're
doing
provision
and
so
on.
So
it
would
be
interesting.