►
From YouTube: CNCF SIG Security 2020-03-04
Description
CNCF SIG Security 2020-03-04
A
Today
we
don't
have
any
scheduled
presentations
or
big
meaty
topics,
so
it's
going
to
be
more
of
a
working
session.
So
if
you're
new
orienting
may
not
be
the
the
best
meeting
for
that,
but
you
know
if
you
are
new,
go
ahead
and
stick
around,
we
do
check-ins
and
introductions
at
the
beginning
of
our
meeting
so
feel
free
to
you
know,
say
hi
and
you
know
come
back
next
week
where
we
have
a
more
formal
agenda
and
presentation
schedule.
A
I'm
looking
for
a
couple
folks
who
are
interested
in
scribing
today,
we
usually
have
oh
thanks
if
you're
new
and
not
familiar
in
our
attendance,
if
you
have,
if
you
don't
want
to
call
the
bond
and
ask
to
share
out
you'll,
see
the
other
folks
putting
in
no
update
that
way.
I
know
as
I'm
going
to
going
through
that
attendance
list
not
to
call
on
you.
I
won't
bother.
You
still
looking
for
a
couple,
scribes
love
to
get
good
notes
for
today.
A
A
A
A
Thank
You
Benny
all
right,
let's
go
ahead
and
get
started.
I'll
go
down
to
the
list,
so
quick
chicken.
From
the
TOC
meeting
yesterday
we
presented
yesterday
with
the
fig
check-ins
and
a
couple
big
big
items.
There
we
presented,
everybody
with
the
you
know,
voted
on
tech
needs
and
you
had
the
opportunity
to
share
that
out.
You
know
that's
a
sort
of
big
process
moment
for
us
and
you
know
really
happy
that
we
have
Justin
and
Brandon
Emily
joining
us
as
tech
leads,
formerly
recognized
with
the
TOC.
A
A
A
A
Then
you
know
touch
on
harbor
harbor
is
you
know
going
through
due
diligence
and
potentially
graduating?
You
know
that
so
far
hasn't
included
security.
There's
you
know
there
was
quite
a
pylon
of
groups
engaging
there
and
we're
being
discussed.
You
know
how
much
we
want
to.
You
know
assert
that
that
you
know
this
big
security
checkmark
should
be
part
of
that
magic
rain
welcomed.
C
A
D
Hi
yeah:
this
is
Brandon
I'm
from
IBM
and
just
a
couple
things
I
guess:
I've
been
working
on
trying
to
figure
out
how
to
make
the
triage
process
a
little
bit
better.
So
I'm,
looking
at
a
couple
bots
that
we
can
use
as
well
as
possibility
creating
our
project
so
that
we
can
better
measure
triage
and
I.
Think
one
other
thing
that
I've
kind
of
like
put
into
agenda,
which
is
the
issue
and
the
code
owner
such
a
poor
press,
that's
open,
which
I
think
should
be
ready.
A
A
So
Tim
Phang
mentions
that
he's
not
gonna
be
able
to
check
in
but
shares
a
note
Tim's
working
on
duty
assessment
of
kubernetes
security
and
would
like
to
sync
with
some
folks.
After
the
call
you
know
this
particular
call
is
recorded
in
public
forum.
I
I'd
be
happy
to
stick
around
for
about
a
half
an
hour
11
to
11:30.
Pacific
time
would
work
for
me
and
we
may
want
to.
You
know,
take
that
and
move
that
to
a
separate
forum,
since
this
will
be.
E
A
E
It
has
been
postponed
until
July,
August
timeframe.
It
will
still
be
in
Amsterdam
they're,
looking
to
get
new
dates
published
within
the
next
two
weeks.
So
please
bear
with
us,
as
we
figure
out
how
that
includes
security
day
as
well
as
being
postponed
as
well,
so
that
that's
kind
of
the
major
update
that
I
have
right
now.
So
apologies
to
anyone,
but
the
health
of
all
attendees
is
really
what's
important.
Right
now,.
A
So
you
know
that
moving
Q
Khan
is
creating
a
bit
of
a
vacuum.
Maybe
there's
an
opportunity
to
do
something
remote
in
that
that
time
and
maybe
sort
of
build,
build
up
towards
build
momentum
towards
you
know
see
Kerry
today,
something
to
consider
that
you
know
I
think
it
might
be
nice
since
you
know
so
much
so
many
of
us
have
that
our
schedules
and
life
disrupted
by
the
growing
corona
bite
virus.
F
G
H
I'm
Alex
I'm
a
software
engineer
at
lift
and
I'm
gonna,
be
presenting
next
week
actually
on
our
open
source
graphic
tool,
cartography,
which
helps
give
visibility
to
your
security
assets
and
yeah
I'll
share
more
about
that
later
on.
But
here
to
learn
a
lot
then
see
what's
going
on
in
the
security
open-source
space.
A
Looking
forward
to
that-
and
you
know
great
opportunity
for
folks
that
are
new-
you
know
to
come
in
and
you
know
dive
in
system
or
you
know
this.
This
is
going
to
be
discussion
heavy
you
know
next
week,
we'll
have
presentation
and
I'll
get
some
really
interesting
insight
to
what
industry
leaders
like
Alex
and
folks
and
Lester
are
doing
David.
C
Yeah,
so
I
am
David
vessel
here
with
worldwide
technology
I'm
within
our
container
platforms.
Practice
I
am
new
I
think
technically.
This
is
my
second
sig
to
actually
attend.
I
learned
about
the
community
SIG's
action
on
the
Google
Google
kubernetes,
podcast
and
I
have
wanted
to
get
more
involved
in
the
community.
So
this
is
me
starting.
I
Hey
guys
welcome
again,
usually
representing
myself
here,
but
I'll
just
remind
the
new
people.
I
am
affiliated
with
synchrony,
so
we
have
another
FinTech
connected
with
the
enterprise
I
wanted
to
mention
today.
This
is
basically
the
arness
big
data
working
group.
There's
a
project
which
I'm
going
to
put
the
link
in
the
chat.
I
Do
it.
Frizzle
emigrate,
I'm
here
to
them,
and
that's
a
much
smaller
group,
so
we
either
should
do
that
or
have
Gregor
who's.
The
professor
leading
up
this
cloud
network
talk
about
it
because
I
think
you
know,
there's
a
number
of
possible
overlaps.
Some
two
existing
open
source
projects,
but
also,
maybe
just
to
you
know,
get
some
alignment
between
that
kind
of
abstract
framework
that
was
proposed
for
security
and
privacy
and
some
of
the
more
pragmatic
reviews
that
we're
trying
to
do
in
this
working
group.
So
just
a
quick
overview.
A
A
You
know,
I,
think
this
opportunity
to
hear
from
these
folks
and
see
you
know,
get
some
insight
from
you
know
in
this
community
on
why
they're,
choosing
this
and
and
sort
of
validate
that
against
you
know,
our
assumptions
of
what
cloud
native
is
I
think
would
be
very
constructive.
It's
something
that
we're
definitely
grappling
with.
As
you
know,
some
some
projects
are
sort
of
on
the
inside
on
the
outside
and
you
know
we're
trying
to
get
more
concrete
definitions.
A
A
All
right
well,
thank
you!
Welcome,
Steven
and
I.
Don't
believe,
I
have
that
on
the
agenda,
but
you
know
per
common
Steven.
You
know
if
you've
been
active
and
participating
in
meetings.
We'd,
love
to
add
you
to
our
official
roster,
yeah
I'll.
Try
to
you
know,
go
and
grab
the
link
to
you,
know
kind
of
our
new
member
definition
and
the
guidelines
on
you
know
when,
when
you
should
add
yourself
a
little
bit
later,
but
we
welcome
Steven
and
and
if
you're
you
know
active
in
security.
Please
add
yourself
this
number.
A
J
A
J
Policy
working
group
is
essentially
focused
on
an
application
of
policy
with
kubernetes.
Primarily
it
has
a
security
focus
that
we've
had
discussions
and
presentations
around
other
policy
within
the
kubernetes
environment
such
as
you
know,
utilization
resource
usage,
but
yeah
I
mean
obviously
it
has
kind
of
a
heavy
security
skew
to
it
right
now.
We're
actively
considering
a
few
proposals.
One
is
a
policy
violation,
see
our
definition
that
was
proposed
by
new.
K
J
J
A
Great
and
if,
if
you
aren't
able
to
make
next
week,
maybe
in
the
the
top
of
our
meeting
notes
documents,
you
could
drop
in
the
new
time
once
that
finalizing,
oh
great
everybody,
okay,
so
again,
if
you're
new,
you
know
most,
the
rest
of
the
meeting
is
going
to
be
some
of
inner
workings
of
the
fig.
You
know
you're,
welcome
to
say,
get
oriented
next
week,
we're
having
a
presentation,
so
it
might
be.
You
know
a
much
more
interesting
introduction
to
the
work
that
we
do
here.
It's
like
security.
A
A
D
A
You
know
I
would
never
much
my
experience
is,
you
know
one
of
the
hardest
things
is
just
sort
of
managing
through
dead
air.
Being
you
know
getting
a
little
bit
comfortable
with
you
know
a
few
moments
where
there
will
be
positive,
everyone's
on
mute
and
just
keeping
the
you
know
the
meeting
flow
going,
Matthew
I'm,
sorry,
I,
interrupted
you.
Oh
no.
L
No
I,
my
time
it
was
born
with
respect
to.
If
someone
were
to
volunteers
of
as
a
meeting
facilitator,
how
versed
does
one
need
to
be
essentially
with
the
day-to-day
or
the
regular
discussions
taking
place
like?
Is
the
agenda
pieces
of
it
provided
in
advance
or
dude?
Do
facilitators
have
to
come
up
with
the
agenda
by
reaching
out
to
other
team
members
and
sort
of
figuring
out
what
topics
to
cover
such
as
the
golfer
being
facilitators
mentioning
the
cig
working
group
updates
I?
Just
how
do
you
put
the
meetings
together?
I
guess
right.
L
A
L
A
Right
I
apologize
for
not
having
10
mm.
You
know
cycles
to
chat
in
the
discuss,
appreciate
that.
So
you
know
in
that
at
the
very
top
we
have
kind
of
the
agenda
building
section
and
then
below
that
we
have.
You
know
the
actual.
You
know
meeting
instance
and
notes,
so
you
know
we
we
generally
try
to
fill
fill
those
out
as
we're
planning.
A
You
know,
meetings
and
and
add
notes
there,
and
then
you
know
kind
of
day
of
you
know.
For
me,
it's
usually
like
you
know
the
half
an
hour
or
so
before
the
meeting
I'll
go
in.
You
know
scrub
those
notes
and
go
through
it.
You
know,
if
you
know
and
I'm,
so
you
know
deep
in
the
the
working
group
and-
and
you
know
as
co-chair
and
you
know,
participating
in
the
other.
A
You
know
connective
tissue
meetings
to
the
CN
CF,
so
to
see,
meetings
are
liaison
meeting
and
we
have
a
dedicated
set
of
meanings
for
co-chairs
and
we'll
be
spending
up
some
time
for
tech
lead.
So
you
know,
like
you,
said,
I
do
have
that
ongoing
pulse.
You
know,
maybe
I
can
take
it
back
to
Brendan.
You
know
beyond
like
what's
in
the
notes,
you
know
what
what
are
the,
what
are
some
of
the
ways
that
you've
helped
build
and
make
sure
that
you
have
a
good
enough
agenda
before
starting
a
meeting.
D
A
A
Like
throwing
you
into
a
dead
dead
week,
not
a
dad
like
good,
like
reach
like
this
week
with
you
know
kind
of
an
open
schedule.
Things
like
you
know
not
the
best
opportunity,
but
you
next
week,
since
we
have
a
presentation,
seems
like
a
great
opportunity
and
I'll
be
around
you
know
and
and
how
could
to
support
you
should.
L
A
A
Thank
you.
I
appreciate
the
introduction
for
for
us,
as
the
co-chairs
of
the
meeting
facilitator
has
been,
you
know
a
real
huge
help.
There
are
so
many
activities,
and
you
know
this
is
the
real
anchor
interaction
that
we
have
every
week
and
you
know
being
able
to.
You
know,
get
some
support
on
that,
and
you
know
you
know,
have
members
of
the
sig.
You
know
help
us
drive
that
forward.
It's
been
a
good
amazing.
A
A
A
And
along
those
lines,
part
of
you
know
our
intent
in
you
know.
Moving
forward
with
you
know,
electing
tech
leads
is
really
to
increase
the
bandwidth
of
individuals
who
have
roles
and
responsibilities
that
can
you
know,
deal
with
some
of
these
issues
and
make
sure
that
we're
keeping
that
pipeline
moving
through.
So
you
know,
we've
grown
a
lot
and
you
know
added
some
really.
A
You
know
constructive
processes
that
are,
you
know,
being
integrated
into
the
overall
workflows
on
the
same
staff,
and
you
know,
as
that
happens,
you
know,
there's
there's
still
you
know
kind
of
the
detail,
work
and
the
other
cleanup
that
needs
to
me
to
be
dealt
with,
so
you
know
invitation
there.
If
you
have
some
cycles
and
you're
interested
in
getting
more
involved,
you
know
getting
involved
in
the
issue.
Tracker
of
sig
security
is
a
great
way
to
you
know
to
come
in.
A
You
know,
chop
wood,
carry
water
and
really,
you
know,
become
a
member
of
of
this
thing.
You
know
both
Brandon
and
Emily
were
relationally
elected
tech
lead.
You
know
a
key
part
of
you
know.
They're
coming
into
you
know
the
Sagan
coming
into
leadership.
It
was
being
proactive
on
contributing
and
in
that
way,.
A
D
So
so
I
think
I
add
the
one
entry
on
the
code,
onus,
c30,
yeah,
so
I
think
that
is
pretty
much
ready.
I
think
the
idea
was
that
we
wanted
to
get
a
approval
from
whoever
is
mentioned
in
the
quote
on
this
I'll
just
do
at
least
110
documented.
No,
it's
the
kind
of
treat
us
a
acknowledgement
of
the
corner.
D
A
D
A
Right,
yeah
saris
lying
today
in
JJ's
in
India
and
kind
of
in
a
a
current
moment
in
his
work
responsibilities.
So
you
know
I'm
I'm
on
point,
but
you
know
that
sort
of
ramped
up
other.
You
know
time
commitments
for
me,
so
I'll
take
the
action
of
growling
JJ
and
making
sure
that
we
finalize
you
know
our
input
on
that.
So
we
can,
you
know
basically
sort
of
open
up
more
bandwidth.
You
know
for
the
group.
A
A
D
L
A
A
So
you
know
a
few
weeks
ago
we
were
talking
about
the
importance
of
operators
and
in
you
know,
cloud
native
world.
We
you
know
proposed
maybe
having
you
share
a
bit
about
the
scaled,
agile
frameworks,
faith
and
you
know
how
are
you
feeling
about
that
is
you
know.
I
know,
you've
got
a
lot
on
your
plate.
Is
that
something
that
you,
you
know
want
to
put
on
the
calendar?
Just
to
you
know,
start
tracking
that
or
is
that
something
you
know,
consider
keeping
them
back
for
a
mine
from
teacher
I.
I
K
A
A
I
I
A
B
A
I
I
But
this
is
a
kind
of
meta
framework
for
ads
all
that
tries
to
expose
some
of
this
and
makes
claims
about
how
to
do
rapid
cycle
DevOps.
You
know
embraces
DevOps
as
a
core
principle,
frequent
testing
and
that
sort
of
thing,
but
when
the
pill
hits
the
metal
with
this,
there's
a
lot
of
overlap
between
site,
reliability,
engineering
for
offs
kind
of
functions
and
product
building,
for
you
know
traditional
releases,
and
in
the
middle
of
that
you
know
sort
of
natural
tension.
I
I
guess
is
you
know
this
problem
of
saying:
oh
there's
a
better
way
to
secure
this
piece
of
code
or
this
overall
framework
or
this
application,
or
to
audit
it
or
to
surface
the
policy
compliance
or
lack
thereof,
to
ourselves
to
the
testers
sort
of
to
the
auditors.
But
how
do
we
do
this,
and
when
do
we
do
it
within
a
project
management
framework
that
makes
to
the
business
owners?
So
that's
a
real!
You
know
active
since
active
area
of
figuring
out
how
to
do
this.
I
I
For
sure
I
mean
use
case
in
my
organization.
Is
our
regular
ops
team
so
think
about
this?
These
are
the
guys
looking
at
you
know,
incidents
and
doing
monitoring.
Probably
some
of
the
people
on
this
call.
Do
that
ask
yourself
it
was
that
agile,
you
know
what's
the
product
for
them,
so
you
could
well
maybe
it's
quality.
Maybe
it's
you
know,
speed.
H
I
A
Awesome
so
I
don't
believe
we
have
an
issue
crated
for
that
I'll
take
an
action
item
to
go
set
that
up
mark.
If
you
have
some
cycles
between
now
in
the
twenty-fifth,
it
would
be
great
if
you
could
add
some
details
to
you,
know
kind
of
flesh
out
an
abstract,
so
video
folks
that
are,
you,
know
curious
about
what
what
is
going
to
be
presented
have
a
little
more
context.
Okay,.
I
A
G
This
item
in
the
agenda,
so
yes
just
to
give
some
context
like
so
a
couple
of
weeks
ago.
We
had
this
discussion
around.
How
do
we
do
renewal
security
assessment
and
the
kind
of
D
consensus?
There
was
and
is
not
a
big
priority
right
now,
because
most
of
them
haven't
gone
to
the
initial
assessment
and
secondly
like
who
initiates
DV
assessment,
so
we
kind
of
left
in
there
at
that
point,
and
so
this
issue
around
security
says
because
around
projects
looking
to
graduate-
and
it
comes
around
stuff
Harbor
as
well.
G
G
So
does
it
have
to
go
through
the
initial
assessment
before
it
gets
a
recommendation
from
six
security
or
we
do
just
something
like?
What's
it,
runtime
did
and
just
review
the
due
diligence
talk
and
then
just
check
off
items
from
the
list.
That's
another
approach,
and
so,
if
you
do
want
like
projects
to
go
through
the
security
assessment,
then
the
question
is
what
about
projects
have
already
gone
through
it.
G
So
if
a
project
project
has
already
done
T
initial
assessment,
should
we
just
do
like
a
renewal
on
that
project
or
what's
it
what's
the
process
there?
So
this
is
just
to
initiate
the
chop
around.
That
and
probably
you
know,
figure
out
the
process
and
the
details
for
these
kind
of
assessments
for
projects
and.
K
This
is
Michael
and
by
the
way-
and
you
know
one
of
the
things
I'm
looking
for
is
potentially
like
what
you
mention
are
very
eloquently
is
you
know
some
form
of
check.
Checkboxes
I
basically
indicate
what
is
that
sick
Security's
looking
for
right
so,
for
example,
did
they
go
through
penetration
testing
good?
Do
they
have
a
security
policy?
How
do
they
respond
to
zero
at
a
CVS?
Have
they
done
that
before
you
know?
N
N
So
I
believe
it
was
the
intent
that
anyone
going
to
graduation
and
the
ciencia
would
have
a
self
assessment
subject
to
talk.
Prioritization
so
is
going
to
graduation
and
they
don't
have
a
self
assessment
that
there
should
come
to
us
and
we'll
probably
need
to
have
concurrence
from
the
talk
that
they're
prioritized
above
incubating
or
other
projects
that
we're
looking
to
do
that
way.
We
could
do
the
self
assessment,
because
it's
about
three
weeks
of
work
about
twenty
hours
on
the
part
of
security,
the
project
itself
will
have
significantly
more
work.
N
But
the
self
assessments
do
provide
a
lot
of
that
initial
security,
specific
documentation
and
for
projects
that
have
self
assessments
that
we've
done
in
the
past
and
they're
looking
to
graduate.
If
we
talked
about,
if
there
had
been
like
a
specific
amount
of
time
between
when
we
did
the
self
assessment
and
when
they're
graduating
so
probably
more
than
a
year
that
using
the
critical
functions
and
the
security
relevant
functions
is
the
way
to
track
changes
at
the
project
and
do
like
to
the
potential
assessment.
N
But
we
don't
have
a
lot
of
the
details
of
that
written
up.
So
I
I
would
recommend
creating
an
issue
linking
it
issue.
326
that
way
we
can
actually
start
exploring.
Some
of
these
things.
I
do
think
that
the
self
assessment
as
it
exists
today,
plus
the
changes
in
the
PR,
will
capture
a
lot
of
that
initial
security
data
set.
But
the
checklist
of
other
syncs
offer
products
is
like
an
int
as
a
recommendation.
G
Yeah
so
I
took
a
look
at
Emily's,
PR
326.
It
looks
really
awesome,
like
it's
pretty
comprehensive
the
improvements
in
that
PR
and
yeah
the
critical
section
feature,
which
can
also
help
in
the
renewal
process
that
that's
we
can
add.
That
is
a
self-assessment
that
could
be
like
pretty
helpful
for
renewals,
especially
so
yeah.
You
know,
if
you,
if
you
guys
want
I,
can
start
like
a
PR
around
this
and
then
I
can
link
it
in
in
326.
G
N
K
N
This
the
changes
to
the
self-assessment
are
in
the
PR
associated
with
it.
So
if
you
go
to
assessments
folder
in
the
repo
we
had
this,
the
it's
a
file
called
outline
MD,
and
that
is
the
self
assessment
templates
that
projects
are
supposed
to
fill
out
when
they
come
and
get
an
assessment
from
six
security
and
the
PR
associated
with
326
I.
Don't
have
the
number
memorized
just
yet.
A
A
You
know
gate
that
we
established
for
ourselves
in
formalizing
the
the
assessment
process.
We
said
you
know
the
completion
of
five
assessments,
and
you
know
that
that's
our
timeline,
we're
working
through
that
and
you
know
we're
still
finalizing
things
here.
You
know
in
you
know
the
stages
of
sandbox
incubating
and
graduating.
You
know
the
the
general
guidelines
is
the
deal
with
sandbox
and
incubating
you
know:
there's
not
a
lot
of
formality
as
we
get
into
graduating,
there's
an
opportunity
for
a
little
bit
more.
You
know
formal
process
and
we
are
introducing.
A
You
know
a
process
that
we
use
validated
and
built
out
a
entire
team
to
help
project
go
through
that
process.
Now,
as
we
mentioned,
you
know
that
process
has
a
timeline
that
you
no
more
long
lines
of
a
month,
long
journey,
and
so
you
know
harbors
right
at
the
edge
of
graduating
and
yeah.
We
do
not
want
to
assert
that
you
know
we
are
blocking
harbor,
because
you
know
our
a
month-long
process.
You
know,
isn't
completed
and
you
all
have
to
do
that.
A
K
Make
sense
yeah
absolutely
so
so
what
I'll
do
is
I'll
I
will
actually
go,
go,
get
that
outlined
MD
file
and
I'll
start
filling
it
in
for
harbor,
so
that
I
can
present.
I
can
basically
pyaar
reading
into
your
assessments.
That
way,
you
can
actually
start
commenting
on
that
as
a
PR.
One
of
the
things
I'm
looking
forward
to
is,
if
there
is
a
representative
from
six
security
that
has
possibly
some
time
so
that
he
may
be
responsible
for
basically
reading.
K
N
Michael
I
would
recommend
guide,
which
describes
the
entire
process
and
the
first
way
that
we
start
that
is
through
a
ticket
to
do
the
assessment
of
harbor
so
recommend.
Looking
at
the
guide,
first
cuz
that'll
give
you
all
the
instructions
for
what
needs
to
be
submitted,
how
it
gets
submitted,
how
the
process
works
that
way.
It'll
familiarize
you
with
like
what
expectations
there
are
for
all
the
docks
are
as
well
as
we
do
have
a
lead.
D
A
Do
you
have
the
cycles
too?
You
know
and
you
don't
necessarily
have
to
sign
up
to
be.
You
know
the
assessment
lead,
but
you
know
just
to
be
near
the
point
of
coordination
with
Michael
to
help
you
know
get
through
any
questions
that
they
have
and
in
the
understanding,
the
self-assessment
and
then
maybe
you
can
end
that
off
yeah.
G
I
can
help
with
my
experience
through
the
process.
I
can
help
with
any
questions
that
Michael
has
I'm
there
on
the
slack
Channel
for
six
security,
so
yeah
reach
out
to
me.
If
you
have
any
questions
about
the
process
itself,
I
think
it
in
examples
for
what
open
air
I'm
happy
to
help
in
that
way.
Sure.
K
A
A
A
A
So
you
know
if
you
haven't,
had
an
opportunity
already.
Please
take
a
look
at
graduation.
You
know
they're,
going
through
the
gauntlet
of
all
the
things
and
working
through
the
graduation
process
and
due
diligence.
So
you
know
more
eyes
and
more
support
would
be
appreciated
there.
Thank
you.
Everyone
we'll
see
you
next
week
have
a
great
week
thanks
Dan
Thanks.