►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Let's
start
I
would
say:
do
you
think
minus
color
yep,
okay,
welcome
to
the
foundational
infrastructure
working
group
10th
of
August,
so
we
have
our
usual
agenda,
we'll
go
over
the
port
and
then
discuss
any
other
topics.
A
So
the
first
one
is
about
Azure
storage
account,
so
we
match
everything
here
this
about
the
documentation,
yeah.
B
B
A
Yeah
but
anyway,
so.
C
E
D
B
D
A
A
If
we
have
the
option
about
the
major
version
vampire
will
be
for
that
readable.
G
A
Okay,
we
have
a
decision
here.
I
can
put
oh
yeah.
A
A
B
E
G
D
On
RCI
we've
seen
some
flakes
lately
on
integration
tests,
but
doesn't
seem
like
it's
related
to
this
doesn't
seem
like
it
should
be
related
to
anything.
That's
gone
in
recently.
It's
just
been
a
little
more
flaky.
Lately,
I,
don't
know
if
that's
our
RCI
or
or
what
but
yeah
there's
a
a
minor
bump
of
postgres
going
through
this
morning.
When
that
finishes,
I
can
bump
the
major
and
ship
it.
A
A
Okay,
this
one
we
don't
need
to
discuss.
E
A
This
is
yeah
the
two
reposters
here
we
want
to
move
to
another
working
group,
but.
G
G
G
Let's
see
if
they
moved
it,
so
you
have
multiple
people
have
tested
this.
G
Basically,
someone
of
one
of
us
can
try
it
if
they're
using
virtualbox
ever.
G
A
A
E
D
F
B
A
Okay,
we
have
two
reviews
on
created.
A
A
G
B
A
C
It
keeps
happening
you
can
also
update
the
temporary
the
team.
You
can
take
people
out
of
the
rotation.
E
A
I'm
awesome:
okay,
she
is
someone
volunteering
to
whatever
it
is.
Oh
I
can
try
again
to
assignments.
A
A
G
B
If
they
are
quick
enough,
yes,
but
I
mean
I'm.
A
Yeah
we
have
also-
and
one
here,
yeah.
C
You
have
taken
materials
out
of
the
rotation
so
like
in
the
team
settings
you
can
take
people
out
of
like
the
assignments.
So,
if
you're
back
from
vacation
yeah,
we
have
to
remember
to
put
you
back
in
I.
D
For
the
for
the
one
that
we
were
just
looking
at
the
on
stem
cell
change,
PRS,
do
we
I
didn't
look
at
the
docs
one
yet,
but
I
don't
know
in
the
past,
we've
had
some
features
that
we
Mark
as
experimental
because
they
are.
You
know
often,
though,
there's
many
features
that,
like
we've
been
using
for
years
that
are
still
experimented
because
we're
really
bad
about
taking
them
out
of
that
state.
D
But
like
yeah
I,
don't
know
this
feels
like
a
large
change
and
that
it,
the
behavior,
might
change
in
upcoming
versions,
because
cert
rotation
is
hard
I,
don't
know
if
that's
something
we're
concerned
with,
as
far
as
like
marking
it
as
experimental
or
people
are
really
going
to
care
too
much.
If
we
do
have
to
change
the
behavior,
we
can
do
that
in
the
release.
Notes
too
I
don't
know
I
just
don't
know
what
we
think
of
as
a
policy.
For
that
sort
of
thing.
We
don't
really
have
one.
D
D
No,
no,
the
the
on
stem
cell
change
for
variable
consumption,
stuff.
D
Like
I
just
feel,
like
the
odds
of
us,
getting
that
correct
on
the
first,
try
seems
very,
very
unlikely
just
because
there
are
so
many
edge
cases
and
seeing
seeing
I
haven't
I
haven't
touched
it
yet,
but
seeing
people
on
our
side
like
oh,
what,
if
you
have
like
multiple
stem
cells
or
the
same
stem
cell
twice,
and
it
manifest
with
different
aliases
or
something
and
having
to
to
deal
with
these
edge
cases.
I,
don't
know
I,
just
don't
know.
D
If
we're
going
to
end
up
having
to
tweak
the
behavior-
and
you
know
I,
don't
think
anybody's
gonna
be
like
oh
I
was
so
dependent
upon
that
broken
Behavior.
You
had
the
first
time,
I,
don't
think
it's
a
huge
deal.
It's
more
of
a
this
thing
feels
likely
to
be
sort
of
in
flux
for
the
next
a
couple
months
and
if
we're,
if
we're
how
we
want
to
handle
features
like
that,
you
know
the
the
Azure
blob
store
change
that
one's
like
there's,
not
that's.
D
If
there's
any
bugs
with
that,
it's
going
to
be
just
a
fix.
There's
no
going
to
be
there's
not
going
to
be
any
future.
Behavioral
change,
whereas
this
one
we
might
have
to
tweak
some
of
the
like
edge
cases
around
how
it
the
expectations
around
it.
But.
C
Yeah
I
I
believe
the
behavior
is
described
pretty
well
right,
like
it's
more
of
like
we
expect
us
to
maybe
not
have
implemented
the
behavior
correctly
as
in
like
maybe
we're
missing
like
if
you're
talking
about
edge
cases,
then
I
mean
I.
It's
just
bug
fixes
right
to
that.
Or
do
you
expect
the
the
interface
to
change
as
in
like
the
conflict
parameter
or
like
it
going
away
all
together,
like.
D
I
honestly
I
haven't
looked
at
it
too
closely,
but
it's
the
type
of
thing
where
it's
like
I
wouldn't
be
it
would
not.
You
know
it
might
be
100
fine
and
it
might
be
like.
Oh
here's,
some,
like
really
crazy
edge
cases
we
didn't
think
about.
We
need
to
change
the
interface
to
make
it
more
clear
how
this
type
of
thing
is
going
to
be
handled.
I.
C
Would
just
like
put
it
as
expect
or
announce
it
as
experimental,
like
put
it
in
the
release,
notes.
G
E
G
C
D
I
think
in
the
release
notes
there
may
be
fine.
Just
saying
like
this
thing
is
new,
there's,
maybe
higher
risk
than
normal
features
due
to
complexity.
So,
if
you're
concerned,
you
might
want
to
give
it
some
time,
but
yeah
we're
going
to
be
using
it
in
the
very
near
future.
So
it's
not
like
you
know
it's
going
to
be
six
months
and
there's
going
to
be
massive
changes
with
it.
D
A
D
A
Oh
okay,
it's
let's,
let's
keep
another
week,
then
we
can
close
in.
A
Yes,
the
pr
is
sold
it
in
March
I.
Think
we
need
now.
A
So
the
openstack
one
is
a
little
bit
today.
They
are
saying
that
the
change
we
did
regarding
the
ID
length,
yeah.
C
G
A
So
it
looks
like
on
openstack,
you
have
a
part
which
is
only
the
first
20
characters
of
the
ID,
and
now
we
have
to
kill
I
at
the
end.
They
cannot
resolve
anymore
by
18.
G
A
C
We
know
it's
nice
yeah
I,
like
the
fact
that
we
had
a
test
and
stuff
documenting
this
behavior.
But
can
we
fix
this
with
the
the
the
the
regex
stuff,
or
is
that
that's
only
for
the
prefix
right?
That's
the
suffix.
C
A
C
A
So
it's
it's
a
little
bit
smaller,
but.
C
But,
given
that
we're
not
using
this
yet
in
the
stem
cell
Builder,
it
might
be
worth
making
this
more
generic
so
that
we
can
also
remove
things
right.
So
we
have
to
use
it
for
both
cases.
F
B
C
C
I,
don't
know
who
won't
like,
ideally
it,
but
the
change
would
be
made
by
the
people
caring
about
openstack.
C
C
D
Openstack
is
also
a
disaster
as
far
as
versioning
goes
like
I,
don't
know,
all
of
our
openstack
cluster
is
like
what
is
it
Queens,
I
I
forget
what
version
it's
like.
It's
like
a
version
that
is
not
as
ancient
as
our
previous
cluster,
but
still
not
even
a
currently
supported
like
cluster
I.
Think,
but
who
knows
this
Behavior
might
only
exist
with
like,
like
eight
year
old
versions
of
openstack
like
who.
C
A
Yeah,
maybe
maybe
also
you
can
add,
a
comment
with
which
openstack
version
you
don't
see
the
issue
and
ask
about
stack.
They
use.
A
Okay,
I
think
the
other
ones
are
quite
old,
so
we
hit
in
the
QC
meeting
we
discussed
RFC,
which
is
actually
for
related
to
our
user
group,
to
integrate
ticket
release
into
bush,
and
we
decided
to
start
the
yeah.
The
final
comment
period
for
that
one.
A
So
that
means,
if
you
have
any
comments,
it's
now
the
time
to
go
and
put
them
here
on
feedback,
because
next
week,
yeah
sorry
for
scrolling
yeah
next
week,
most
probably
will
be
approved
so
that
this
decision
was
to
take
the
white
version
of
the
two
proposals.
Only
using
SSH
and
TCP
damp
on.
F
G
So
yeah
so
I
added
this
I
asked
Thomas,
who
did
the
flip
stem
cell
and
he
I
think
he's
working
for
canonical
and
he
said
yeah
well,
you're
you're
using
the
hardware,
enabled
kernels
and
they
will
always
be.
They
will
always
be
bumped
at
certain
interval
level
for
LTS
releases,
and
so
they
can
do
a
major
bomb.
G
G
C
C
That's
not
something
we
can
like,
it
will
happen
right.
We
have
no
option
right,
we
cannot,
or
we
have
to
switch
to
a
different
kernel
package
but
like
if
we
want
to
keep
getting
security
fixes
we
need
to
bump
just
might
want
to
notify
these
Downstream
consumers.
G
C
G
D
G
Yeah,
that's
true,
so
we
just
agree
that
we
just
did
we
just
bump
it
or.
G
File
in
the
stem
cell
Builder,
basically
because
it's
only
like
you
built
this
in
like
a
long
time
ago,
where,
if
the
stem
shop
Builder,
if
the
kernel
changes
like
a
major
version,
then
it
will
just
fail.
C
Like
it
would
be
probably
work
to
call
out
in
the
release,
notes.
D
F
G
I
will
should
I
make
a
PR
or
should
I
just
do
direct.
You
should
make
a
PR.
C
A
They
are
better
with
PR,
because
if
we
have,
we
can
reference
that
one
in
the
future.
If
there
are
some
yeah.
B
D
I
had
a
question:
is
there
a
current
owner
of
the
postgres
boss
release?
Is
anybody
maintaining
that.
C
A
G
A
We
have
a
PR
here
and
let's
find
it
so
maybe
we
cannot
review
us
so.
A
C
F
G
A
C
A
My
no.
G
G
C
There's
there's
authors
in
these
areas
and
they
have
their
own
our
reviewers
and
stuff
in
those
areas,
and
they
have
their
own
process.
It
would
be
nice
to
standardize
it,
but
I
haven't
figured
out
how
to
engage
with
these
people.
C
D
D
I
was
wondering
if
we
want
to
add
Auto
bumping
to
this,
like
I
was
planning.
If,
if
this
wasn't
here,
I
was
definitely
planning
on
doing
that
work
today
or
tomorrow,
but
I'm
happy
to
I'm
happy
to
still
do
it
like,
like
I,
don't
know.
D
Is
there
a
CI
for
this
there's
some
pipelines
in
here
that
don't
look
like
they're
run,
I'm
happy
to
like
update
the
CI
and
throw
it
on
bosch.ci
and
add
Auto
bumping
to
it,
or
at
least
add
a
PR
to
do
all
that
if
people
are,
if
people
think
that's
valuable,
if
people
want
to
keep
doing
the
way,
it
is
I'm.
Also
fine
with
that.
C
D
I'm
happy
yeah,
it's
an
interesting
thing:
I
mean
it's
mostly
copy
paste
like
I
was
going
to
take
a
lot
of
the
auto.
We
already
do
all
this.
That's
the
other
half
of
this,
which
is
all
of
this
always
already
done
in
the
Bosch
director,
release
the
auto
bumping
and
of
postgres
like
I,
don't
know
like
not
anytime
soon,
but
long
term.
D
I
don't
know
if
that
that
seems
like
a
cleaner,
better
future
I,
don't
know
if
we're
ever
going
to
get
there
but
like
this
is
one
step
that
you
know
makes
it.
Theoretically,
a
Direction.
C
D
D
A
D
Yeah
I'll
see
you
today
or
tomorrow.
If
I
can
come
up
with
a
PR
for
basically
copying
and
pasting
the
stuff
out
of
the
Bosch
director
CI.
D
I'll
be
most
optimistic
and
let
people
give
feedback
probably
add
Auto,
releasing
in
there
too,
that
we're
doing
on
a
lot
of
stuff
right
now.
I
think
we're
probably
gonna
be
adding
that
to
the
boss
director
soon
we're
adding
it
to
a
lot
of
other
things.
D
Most
of
them
are
go
laying
things
we
have
scripts
that
are
detecting
in
the
golang
release.
Right
now,
if
there's
a
a
cve,
that's
been
a
higher
critical
CDE,
that's
been
fixed
and
if
so,
the
pipelines
just
Auto
release
with
those,
as
the
release
notes
same
if
there's
a
a
bump
to
golang
itself,
which
is
Auto
release
with
that
in
the
release.
Notes
so
doesn't
seem
like
most
of
these
things
have
any
there's
no
good
reason
not
to
it's
like
hey
new
version
of
postgres.
Here's,
a
new
new
patch
version.
A
G
Reuben:
what's
how
is
the
s-bomb
things
that
we're
going?
We
do
that
you
were
going
to
do
every
every
repo.
C
C
So
we're
gonna
have
some
proof
of
concepts
of
some
ideas
and
then
that's
gonna
fall
into
and
I'm
a
an
RFC,
but
the
the
way
I'm
thinking
about
this
currently
is
that
we're
gonna
build
like
smaller
composable
pieces
that
like
we
can,
for
example,
run
some
I
mean
I
have
a
light
weights.
Let
me
quickly
make
a
slide,
that's
applicable
to
the
Open
Source.
By
removing
some
of
the
closed
Source
bits
still
not
have
a
slide.
C
So
I
don't
know
the
you
know
the
way
we're
thinking
about
this
is
that
maybe
we
can
have
like
different
pieces
of
a
chain
that
so
we
could
add
something
like
a
go
mod
verifier.
That
would
run
like
a
it's
a
reusable
GitHub
action
that
would,
if
the
a
go
mod
file
changes
verifies
that
all
the
contents
of
a
vendor
directory
are
correct
right
and
then
it
would
generate
an
s-bomb
snippet.
C
The
idea
here
is
that
at
some
point
we
will
want
to
add
support
for
embedding
as
boom
Snippets
in
Bosch
packages.
So
that
will
be
a
bar
CLI
feature
and
then
the
idea
is
so
we
don't
want
everything
to
be
owned
by
Bosch
right.
So
there's
the
the
trust
aspect
that
will
be.
C
You
basically
need
a
layer
around
your
release
or
multiple
of
these
composable
layers
around
your
release,
creation
process
and
then
Bosch
is
just
gonna
that,
like
if
the
borsche
create
release
happens
in
a
trusted
environment,
then
we
can
trust
the
contents
that
went
into
the
release.
So
the
s-bomb
Snippets
and
everything
are
then
gonna,
be
okay,
I
guess
so
it's
done
for
go
mods.
We
can
do
a
similar
thing
for
Ruby
bundles.
C
There
needs
to
be
a
similar
process
for
when
adding
a
blob
right
so
that
you
can
write
an
aspirin
snippet
and
that
the
or
like
it
has
fetched
The
Blob
in
a
secure
environment
and
added
it
to
a
release,
and
then
we
can
say
yes,
this
was
done
in
that
environment,
so
one
of
these
blue
boxes
looks
like
something
like
this.
Where
you
can
take
in
some
dependencies
and
for
these
dependencies
you
want
to
be
able
to
configure
which
combination
of
yeah
well
platform
and
version
of
this
executable.
C
You
trust
and
those
need
to
be
verified
and
then
but.
C
C
Whole
I
I
know,
but
like
there's,
no
value
in
adding
s-bombs,
if
you
cannot
trust
them.
Okay,
like
that's
the
whole
problem
like
so
how
do
you
make
sure
that
the
s-bomb
actually
represents
what
you're
like
what
you're
putting
in
a
bus
release
like?
How
do
you
detect
if
the
S
like,
if
the,
if
it's
not
all
happening
in
one
step,
which
I
think
is
really
hard
to
do
with
the
way
we
we're
doing
things?
C
You
basically
have
to
regenerate
the
s-bomb
every
time
you
go
mod
file
changes
and
you
have
to
detect
if
that
happened,
and
the
way
to
do
that
is
by
creating
an
attestation
when
you're
creating
the
thing
so
that
you
like
say
this
was
the
the
show
some
of
the
go
mod
file
when
I
looked
at
this
and
by
the
way,
I
executed
all
this
in
a
trusted
environment.
So
you
can
trust
my
attestation
and
it's
signed.
C
I
know
it's
a
bit
complicated,
but
that's
the
if
you
want
to
like
this
is
not
only
about
s-bombs,
but
it's
also
about
like
hardening
or
supply
chain.
Even
more
right.
We
already
are
in
a
pretty
good
spot,
but
this
is
how
you
can
improve
that
and
in
the
process
also
produce
a
good
as
bomb.
C
But
that's
the
the
bigger
problem
that
I'm
trying
to
solve
the
s-bombs
to
me
are
not
that
valuable.
If
we're
adding,
if
we're
just
adding
them
right,
we
want
to
come
up
with
a
standardized
way
to
add
them
for
the
whole
ecosystem.
Right,
if
everybody
is
just
gonna,
really
nearly
add
as
bombs,
that
we
have
like
really
varying
quality
among
the
different
components
and
then
we're
not
really
getting
any
much
value.
C
I
think
yeah
that
so
that's
where
I'm
currently
at
and
that's
why
it's
taking
a
bit
of
time,
because
this
is
all
I
don't
know
like
this-
is
taking
a
lot
of
ideas
from
where
salsa
wants
to
go
with
the
way
they're
like
implementing
trust
and
the
ideas
around
like
verifying
your
inputs
and
stuff,
but
yeah
that
it
needs
some
proof
of
Concepts
before
we
can
make
any
recommendations.
D
How
important
is
the
trusted
platform
aspect
of
this
like?
Is
it
enough
to
just
have
metadata
that
we
sort
of
have
you
know
Shaw's
for
like
hey
I'm,
adding
a
blob
and
here's
sort
of
the
Manifest
of
like
I
got
it
from
here,
and
the
shaw
was
this
stuff
that
you
could
then
take
and
work
backwards
from
to
get
back
to
like?
Oh,
yes,
that
is
and
and
then
we
take,
you
know
the
Shah
of
that
and
save
that
off
as
sort
of
or
the
the
s-bomb
of
that.
C
C
Yeah,
so
you
can
do
the
reproducible
so
there's
two
ways:
you
can
go
about
this,
so
you
can
do
it
either
fully
reproducible.
So
then
you
don't
have
to
do
the
trusting
so
you're
gonna,
just
reproduce
it
later
and
say
see
that
you're
you're
getting
the
same
things,
but
that's
hugely
expensive.
If
you
want
to
solve
that
for
everything
because
then
basically
you
have
to
refetch
all
your
go
modules.
All
your
gems
and
like
do
that,
like
really
Downstream.
C
So
I
I'm
like
this,
it
doesn't
the
I
think
that's
where
it
is
salsa
Community
started
with
like
their
ideas,
like
everything
should
be
reproducible,
and
then
it
turned
out
that
it's
like
not
that
practical,
also
because
I
mean
like
it's
expensive.
If
you
have
to
rebuild
everything
and
refetch
everything
and
verify
everything
so
doing
that
chain
of
trust
concept
is
more
I,
don't
know.
D
Yeah
re,
like
only
taking
this
I,
don't
know
I
feel
like
there's
a
middle
ground
where
it's
like
not
like.
This
is
where
we
get
everything
from
go
and
get
it
again,
but
like
this
thing's
cached
here,
this
is
where
we
got
it
from
you.
Can
you
can
use
these
to
reproduce?
Please
go
fetch
it
again
later
and
verify
it,
but
like
I,
don't
know
I,
guess,
I,
guess
the
secure
environment
thing
confuses
me
because
I'm
like
I,
don't
know
what
who
says
whether
an
environment
is
secure
or
not
like.
What
is
that?
C
One
piece
of
that
trusted
is
that,
like
zero
trust,
which
means
like
the
the
authors,
have
no
control
over
it
like
the
authors,
as
in
we,
we
cannot
be
trusted.
So
this
should
be
like
this.
These
Builder
steps
in
in
GitHub
actions
you
have
like
reusable
workflows
so
like
someone
can
publish
a
workflow
and
you
can
as
an
author,
you
can
just
provide
the
inputs
as
in
configure
where
certain
things
are,
but
you
cannot
go
in
there
and
change
the
thing
or
change
which
version
of
the
Builder
must
use
right.
C
So
that's
the
idea
and
to
be
able
to
execute
those
in
I
mean
yeah.
You
need
a
platform
that
supports
that
type
of
abstraction.
C
C
I'm
well.