►
From YouTube: CNCF SIG-Security Meeting - 2019-05-08
Description
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
A
B
It's
very
exciting.
It
says
probably
nothing
that
everything
buddy
hasn't
read
before,
but
but
we
are
going
to
the
process
of
formalizing
our
governance
Docs
according
to
how
the
toc
wanted
to
see
them
written.
So
so
does
it
pull
requests
out
there
for
the
Charter
that
I'm
just
going
to
take
a
look
at
and
or
just
go,
I'm
gonna
address
the.
B
Open
questions
and
we'll
see
if
we
can
get
that
sent
over
to
listen
what
this
week.
A
A
A
A
Great
all
right,
so
let's
go
ahead
and
get
started.
You
know,
I
I
know
there
was
a
bunch
of
activity
last
week,
so
we'll
go
into
that.
But
you
know
let's,
let's
go,
you
know
around
around
the
room
and
you
know
just
check
in
you
know:
I've
had
really
just
insanely
busy
the
beginning
of
May
and
my
my
availability
has
been
pretty
challenged.
So
you
know
really
appreciate
all
of
the
effort
that
that
Sarah's
been
able
to
to
take
up
and
drive
things
forward.
A
B
B
How
can
we
in
a
resilient
way
sign,
commits
and
have
a
commit
history
that
is
verifiable?
And
so
so
those
group
talking
about
that-
which
I
think
is
very
related
to
some
of
our
work.
It's
you
know,
like
we've
talked
about
it
being
a
dependency
for
in
toto
in
not
necessarily
a
dependency,
but
like
one
of
those
things
you
probably
should
be
doing,
and
so
many
up
the
internet,
identity,
stuff
was
pretty
interesting
and
I
can
also
drop
all
dropping
on
the
notes,
they're
very
good,
about
keeping
notes.
A
B
I
gotta
be
articulate
this
format
of
what
we
want
to
say
and,
and
we
just
had
a
meeting
with
Santiago
and
Justin
capitalist
to
kind
of
go
through
the
open
questions
that
we
unearthed
and
so
so
that
security
assessment
team
also
let
Justin
cap.
Let's
talk
about
that
I
asked,
even
though
we
haven't
been
voted
in
as
co-chairs
I'm
sort
of
we're
all
acting
as
if
I
mean
we're
still
the
safe
working
group.
I
guess.
A
C
A
A
D
Yeah
I've
mostly
been
busy
with
the
with
the
assessments
that
were
discussed
both
getting
things
together
with
OPA
and
also
responding
to
the
in
toto
things.
There
has
also
been
a
bunch
of
standards
discussion
around
things.
How
do
you
do
specs
and
also
I
Triple
E
isto
standardization
of
obtain
is
proceeding,
which
is
a
tough
variant,
so
I
actually
presented
in
their
member
meeting
about
some
things
related
to
that.
So
yep
awesome.
B
D
E
F
F
A
F
E
E
I
spoke
to
a
couple
of
people
around.
It
seemed
like
there
was
a
big
theme
around
auditors,
not
knowing
how
to
do
security
audits
or
container
platforms,
mm-hmm
yeah,
and
so
it
seems
like
they.
They
spend
a
lot
of
time
just
trying
to
explain
to
them
how
it
works
and
what
they
should
be
looking
out
for,
and
it's
it's
taking
a
lot
of
them
because
they
keep
thinking
auditors
every
time
every
time
they
said
another
well.
A
E
A
But
was
the
the
security
assessment
challenges
a
and
user
challenge,
or
is
that
also
you
know?
Docker
has
product
offering
around
that,
but
our
people
think
that
product
offering
and
looking
for
independent
solutions.
You.
E
A
E
A
E
A
Yeah-
and
you
know
just
looking
looking
for
the
the
right
contacts
that
can
carry
back
that
that
challenge
and
you
know
see
if
we
can
partner
with
them
well
to
get
them
the
insight
that
they're
looking
for
and
help
coalesce.
So
you
know
if
Miss
is
coalescing
around
the
standard.
You
know
we're
coalescing
around
some
behavior,
then
you
know
we
can.
We
can
share
in
the
pair
notes,
and
you
know
work
toward.
You
know
that
broader
understanding
of
you
know
how
we're
solving
this
in
the
cloud
native
ecosystem.
A
A
B
Attended
the
open
source
sessions,
and
so
that
was
like
it
was
a
packed
room
and
there
were
four
different
sessions
too
about
different,
open
source
solutions,
and
we
heard
from
Santiago
about
in
toto
since
that's
great
presentation
and
OPA
I
think
yeah.
That
was
like
the
best
explanation
of
what
oppa
doesn't
policy
that
I've
ever
heard.
This.
B
B
B
I'll
dig
up
the
link:
cuz
I
tweeted
it,
but
that
seemed
like
I,
don't
know
if
anybody
else
has
any
thoughts
about
that,
but
I
I
thought
that
was
neat
yeah.
A
D
Like
that
a
lot
yeah,
his
name
is
Michael
wardrip
and
his
talk
was
also
quite
interesting
for
those
who
didn't
attend
it.
So
when
they
put
the
recordings
up,
I
think
it's
probably
worth
look
at
I
think
it
was
also
muted
before
when
you'd
asked
me
about
things
with
dr.
Khan,
because
I.
A
D
A
D
A
A
A
Yeah,
what
this
could
could
you
know
yeah
the
opportunities
for
attack
vectors.
You
know,
probably
you
know
not
necessarily
straight
down
the
middle
of
course,
and
you
know
how
this
would
differ
from
you
know:
a
research
activity,
a
targeted
research
activity
that
would
be
tied
to
a
particular
deployment
environment.
You
know,
I
think
the
potential
variance
in
deployment
environment
is
going
to
be.
You
know
the
most
compelling
you
know
framing
for
this
and
it's
gonna
change.
The
the
outcomes
greatly
based
on
know
how
that's
set
up.
A
How
that
that
would
be,
you
know,
set
up
in
a
neutral
way.
You
know
would
be
challenging
and
you
know
I'm
not
sure.
For
example,
if
you
know
Netflix
would
feel
uncomfortable
and
completely
replicating
their
operating
environment
right
and
adding
the
layers
that
that
you
know
they
would
have
the
environment.
B
A
B
B
Okay,
so
I
think
that
was
kind
of
the
idea
to
just
like
take
a
bunch
of
things
that
are
commonly
used
together
in
the
wild
right,
if
I
and
funded
by
companies
who
you
know
that
he
can
either
put
in
dollars
for
the
bounties
or
engineers
to
help
set
up
this
infrastructure
and
and
then
they
would
have
like
their
dependencies.
A
little
pre-vetted.
B
A
A
B
We
talked
about
it
and
Justin,
please
chime
in,
but
basically
what
we
kicked
off
really
are
we
had
this
team
of
four
of
us
who
are
going
to
do
like
sort
of
tag-team
this
set
of
assessments,
and
we
kind
of
looked
at
like
how
many
are
we
doing?
Are
we
kicking
off
a
process
to
do
every
the
NCA
project
and
be
a
lot
of
work,
and
so
we
looked
at
this
set
of
them.
B
A
B
It's
called
assessment
process,
which
is
for
all
the
different
things
that
we've
collected
and
unless
something's
getting
in
our
way,
we're
not
going
to
actually
make
process
improvements
until
we've
done
a
set
of
these
and
we'd
said
six
or
eight.
So
it
turns
out
with
ten
people
and
a
particular
rotation
that
we
drew
on
the
whiteboard
or
just
endure
on
the
right
board.
B
And
so
that
means
that
so
what
I
was
thinking
of
doing
is
basically
writing
up
our
team
currently
and
then
allowing
them
to
people
to
PR
themselves
in
as
volunteers
as
our
team
expands,
when
we
want
to
make
sure
that
every
team
of
three
for
these
next
five
has
at
least
one
person
who's
been
involved
in
these
assessments.
Before
so
one
of
this
group
of
four
of
us,
and
at
least
one
person
who
it
has
done
up
audit
before
right
and
those
could
be
the
same
people
or
not.
B
A
D
B
D
I
think
one
thing
we
also
discussed
a
bit
about
was
how
this
process
actually
goes
early
on.
Some
of
this
were
kind
of
inventing
as
it
goes,
but
there
was
at
least
a
thought
about
timelines
in
terms
of
what
the
person
you
know
having
someone
who's
the
lead
for
it.
Take
a
quick
read
over
the
document.
B
A
D
Think
that
I
mean
it
depends
a
little
bit
on
how
quickly
we
get
them,
but
I
think
it
takes
maybe
three
weeks
calendar
time
to
do
them
and
I'm
also
very
leery
of
having
these
happen
in
an
overlapping
way.
Until
we
have
a
lot
more
certainty
and
I.
Think
like
one
thing
really
to
ashes,
credit
is
ash
has
been
very
responsive
and
I
can
certainly
imagine
a
scenario
where
we
go
and
we
start
an
assessment
for
a
group
and
it
takes
them
two
weeks
to
do
the
stuff
that
ash
did
in
a
few
days.
D
A
E
E
A
Think
that
would
be
a
great
opportunity
to
you
know
sort
of
share
out
what
we're
doing
by
landing
as
many
as
possible,
right
I
think
we
should
shoot.
For
you
know
all
five.
You
know
we
have
to
under
our
belt,
so
you
know
that.
Would
that
would
probably
give
us
you
know
being
pessimistic.
You
know
three
new
ones,
two
old
ones.
You
know
a
body
of
five
to
choose
from
there
and
yeah.
Then
it's
gonna
be
really
really
interesting
and
a
great
opportunity
to
potentially
you
know,
brings
them
other
projects
on
stage.
A
A
The
the
biggest
gate
is
going
to
be
the
TOC
and
they're
buy-in.
So
you
know
if
we
can
get
a
intermediate
presentation
to
the
COC
proves
to
them
that
we're
delivering
a
significant
value
and
have
them
be
the
champion
for
us
being.
You
know
at
cube
con,
then
you
know,
that's
that's.
How
I
see
us
being
able
to
get
on
the
keynote
stage.
A
A
Yeah
yeah
I
think
that's.
You
know
a
great
discussion
to
tee
up
now
with
Chris
a
and
you
know
just
a
line
with
him
on.
You
know
what
the
what
message
is
that
they're
looking
for
in
at
Keuka,
North
America
and
you
know,
I-
think
there's
something
there
that
fits
I.
Don't
know
that
you
know
in
terms
of
expectations.
I
would
expect
it
to
be.
You
know
of
a
15-minute
presentation,
then,
in
a
longer
thing,
we'd
get.
B
Also
think
that
we,
we
still
have
some
work
to
do
on
crafting
like
what
it
is
that
on
helping
the
TOC
kind
of
under
craft
a
message
around
this
right,
because
you
know
like
there
are
things
that
I'm
here
like
I,
had
a
great
conversation
with
Liz,
where
there
are
things
that
people
asked
me
that
she's
like
no.
Why
would
you
be
doing
that
and
I'm
like
cuz
people
are
asking
me
to
do
it
right
with
them
and
they're,
not
always
voices
from
the
TOC,
sometimes
they're.
B
You
know
companies
that
are
involved
in
the
CNC
f
there.
You
know
what
let's
call
these
end-user
companies
and
it's
everything
from
you
know
a
you
know,
a
fairly
naive
stance
of
saying:
oh,
can
I
look
to
the
CN
CF
to
say.
Yes,
this
project
secured
right
like
nobody
wants
to
be
like
yeah,
it's
a
binary
all
the
way
to
the
other
end
of
the
spectrum,
where
it's
just
like.
Oh
well,
we're
just
providing
some
information
and
we're
not
making
any
assurance.
We're
not
saying
anything
really
other
than
here
are
some
Docs.
B
Here
are
some
pointers.
You
judge
what
you
will
write
and
then
most
people
are
in
the
middle
somewhere
where
it's
like
well
at
the
difference.
Somebody
goes
from
sandbox
to
incubation
to
graduation.
They
have
a
different
level
of
maturity
and
we
are
saying
some
stuff
about
that,
but
that
middle
ground
and
articulating
like
helping
the
TOC
reason
about
what
is
it
that
the
kinds
of
things
right
that
may
be?
You
know
what
what
companies
want
to
hear,
what
open
source
projects
feel
comfortable
asserting?
B
B
You
know,
I,
think
that's,
that's
the
kind
of
thing
you
want
to
go
into
a
keynote
with,
because
I
think
right
now
now
there
isn't
a
unified
sense.
B
A
B
I,
don't
think
anybody
wants
a
keynote
yeah
now
we
have
a
not
sucky
process
right.
So
so
that's
where,
like
it's
really
can
we
work
with
Liz
and
Joe
and
the
prepare
our
materials
such
that
there
is
an
alignment
about
what
the
TOC
is
comfortable
serving
and
that's
I
think
that
sort
of
non-deterministic
timeline
but
I
think
the
more
that
we
are
aligned
right,
because
we
have
stakeholders
from
a
lot
of
different
companies
and
a
lot
of
different.
B
A
Yeah,
this
might
be
an
opportunity
to
engage
Sarah
Conway,
you
know,
runs
marketing
for
the
CN
CF,
aligning
with
whatever
marketing
message
there.
You
know
considering,
for
you
know,
2019
2020
and
you
know
helping
the
TOC
yeah.
You
know
understand
what
what
you
know
their
opportunities
to
influence.
That
could
be
one
of
the
ways
that
we
get
there
so
I
think
to
get
all
this
set
up
and
and
stack
in
the
right
way
to
land
that
for
kube
Khan
and
in
November
I.
A
B
B
I
So
the
most
of
the
security
audits
have
been
relatively
straightforward
and
issues
are
being
found
and
resolved
itself.
Prometheus
was
much
more
problematic
than
that,
because
it
ended
in
a
entire
disagreement
about
what
the
security
scape
for
the
project
was
between
the
Assessors
and
Prometheus,
and
the
the
compromise
has
been
a
small
documentation,
change
and
all
the
findings
from
the
report.
I
Otherwise
reject
it
and
that's
not
terribly
satisfactory
or
anything
because
they
shouldn't
be
such
a
gap
between
what
a
project
thinks
and
what
an
external
security
assess
of
things,
and
it's
definitely
a
surprise
potentially
for
users
and
I.
Think
we
need
to
find
out
more
about
I
mean
we
would
weave
some
users
surprised
about
this
news,
but
it's
that
shouldn't
be
I
mean
we
shouldn't
be
going
into
security
reviews
with
that,
much
of
a
difference
between
expectations.
A
D
D
I
mean
Prometheus
effectively
at
least
a
court
okay,
so
at
least
according
to
the
assessment
which
I'll
be,
it
was
written
by
the
Cure
53
folks
that
did
it
was
sort
of
their
take
on.
It
was
basically,
they
have
a
very
non-standard
security
model
where
they
don't
be
as
security
as
their
problem.
It's
effectively
like
the
one,
the
one
line
summary
of
what
they
effectively
said
about
Prometheus,
so
I
I
it
just
you
know.
If
we're
making
recommendations
to
the
TOC
I
would
think
we
as
a
group
would
almost
certainly
have
recommended
hey.
D
B
I
think
well,
I
think
that
we
have
to
we.
Luckily,
we
wouldn't
need
to
assess
it
for
a
year,
because
the
process
that
we've
discussed
and
it's
not
completely
written
down
I'm
working
on
getting
all
the
issues
in,
is
that
there
would
be
an
assessment
from
our
group,
which
is
not
an
audit
and
then
later,
when
they're
in
incubating
stage
there
would
be
an
audit
and
then
we
would
do
some
kind
of
yearly
refresh
where
which
may
be
as
simple
as
a
project
has
anything
changed.
Please
update
your
thing
accept
full
request
right.
B
It
could
be
very
minor
right
or
it
could
be
like.
Oh,
my
gosh
they've
completely
changed
something
right
like
let's
have
another
review
and
so
and
that
our
focus
would
be
to
make
sure
that
we've
done
that
for
all
the
things
that
provide
security
and
then
maybe
a
few
other
projects
that
we
think
are
big
security
influencers
in
some
way.
We're
set
precedent
in
some
way,
and
so
we
have
another
year
right.
B
That's
good
responsible
for
that,
but
I
think
it's
a
great
test
case,
because
part
of
this
came
up
because
I
was
saying
Justin
Cormac.
Well,
how
it's
gonna
be
its
serve
an
outlier
case,
then
it
we
would
really
have
a
disagreement.
I
think
you
know.
Maybe
we
would
flag
something
that
the
project
hadn't
considered.
Maybe
they'd
go
back
and
look
at
that
and
do
some
homework
or
we'd
say
it's
okay
for
sandbox,
but
they
should
really
put
it
on
their
roadmap
and
Justin
was
like
well
actually
and
so.
B
I
think
that
this
is
a
great
opportunity
for
us
to.
You
know
highlight
it
right.
How
would
we,
how
do
we
think
about
this
and
a
and
Justin
Campos
pointed
out?
Is
we
don't
have
to
be
we
it's
okay
for
us
to
be
divided,
it's
okay,
for
you
know.
People
within
this
group
to
say
well
actually
I
think
that's
fine.
B
As
long
as
there's
a
you
know,
appropriate
documentation
and
other
people
to
say
no,
that's
not
fine,
but
I
think
it
would
be
great
too
at
this
point
it
might
have
to
be
after
cube
con
but
like
to
schedule
a
discussion
right
where
we,
everybody
gets
a
chance
to
read
this
on
it
and
we
say
okay.
Well,
if
we
were
faced
with
this,
how
do
we
have?
What
do
we
think
as
a
group
right
or
as
individuals
as
what
are
the
trade-offs?
I
B
So
we
end
up
with
something
where
it
would
help
us
deal
with
such
a
situation
if
it
were
to
happen
again
with
another
project,
because
I
think
that's
what
we
want
to
like.
That's
what
I
want
to
have
that
we
end
up
when
we
have
completed
all
the
security
assessment
Docs
and
we've
done
five
of
these-
that
any
group
of
three
experts
could
go
through
this
without
running
into
political,
one,
landlines
or
right.
If
they
run
into
something
that
would
be,
we
would
say,
okay.
B
Well,
if
you
run
into
something
where
you
have
a
strong
disagreement
with
the
project?
Well,
then,
this
is
what
you
do
the
toxic
cochairs
or
we
bring
it
up
in
the
meeting
or
like
we
kind
of
navigate.
How
would
we
handle
such
a
situation
because
I
think
that
before
we
have
just
like?
Oh
three
random
volunteers,
go
forth.
All
of
these
dots,
it's
good
to
think
you're
like
well
what
if
it
didn't
go
smoothly
and.
I
I,
don't
think
I
mean
I,
think
the
conversations
happened
in
largely
in
private,
so
I
don't
think
it
was
about
being
defensive.
It
was
really
just
we
I
think
they
just
don't
want
that
to
being
scared,
because
they
don't
want
to
work
on
that
problem.
They
want
to
work
on
the
problem.
They
turn
ourselves
currents
which
is
about
using
metrics
effectively
and
not
about
securing
matrix,
I
guess.
A
Okay
yeah,
so
you
know
if,
if
we
can
have
a
conversation
with
the
Prometheus
team
just
to
discuss,
you
know,
how
would
we
handle
it?
What
are
the
some
of
the
things
that
we're
looking
at
and
have
a
conversation
with
them
now
that
would
give
them
potentially
a
year
before
they're
coming
to
us
right,
so
we
can
have
a
you
know,
initial
conversation
and
you
know
have
the
you
know
shared
outcome.
You
know
B.
A
What
would
you
expect,
and
you
know
when
it
comes
up
to
your
time-
and
you
know
we
can
also
look
for
opportunities
in
this,
because
we
have
tended
to
index
on
groups
that
you
know
think
of
security.
First,
we
can,
you
know,
use
this
as
an
opportunity
to
you
know,
take
the
complete
opposite
attack
where
we
have
a
group
that
is
like
not
at
all
thinking
of
that
and
look
at
ways
that
we
can.
You
know
in
our.
A
A
A
B
A
B
You
use
in
toto
right,
right
and
so
I
think
we
should
have
a
discussion
of
like
is
that
okay,
you
know,
in
that
case
I
think
we're
converging
to
it.
That
is
okay
right
like
so,
could
this
be
addressed
with
documentation
or
must
they
go
build?
Something,
or
maybe
our
group
knows
something
that
could
be
a
little
more
plug-and-play,
that
we
write.
A
I
B
A
B
G
B
Then
I
think
the
other
one
is
key
cloak,
which
seems
like
a
there're
incoming
project
that
has
requested
an
assessment
and
so
I
think
those
seem
like
ballad
next
ones,
and
then
we
just
have
to
brainstorm.
What
would
be
the
fifth
or
the
sixth
if
it
turns
out
that
goes
not
quite
ready
for
one
in
this
type
right.
B
A
So
yeah
caring
forward,
Falco,
you
know,
would
be
would
be
interesting.
You
know,
I
expect
Falco
and
Keith
cloak
to
by
the
name
sounds
like
they.
You
know
working.
You
know
in
the
security
space
and
they're
gonna
have
security,
mindedness
front
and
center.
So
look
looking
for
the
opportunities
that
we're
you
know.
Folks,
you
know
me
maybe
be
delivering
a
solution.
That's
not
you
know
security
centric.
You
know
what
would
be
good
to
begin
just
to
frame
that
discussion
with
Burmese.
It.
A
But
tackle
makes
a
lot
of
sense
and
you
know
I
think
that's
a
good
place
for
us
to
start
with
with
the
next.
You
next
assessment-
and
you
know
I-
would
expect
that
you
know
Falco.
You
know
we
would
have
both
in
toto.
You
know
the
two
assessments
in
total
and
OPA
that
we
can.
You
know,
package
up
into
presentation
that
we're
sharing
at
TOC
meeting-
and
you
know,
potentially
you
know,
list
out
the
short
list
of
of
these
five
assessments.
A
That
would
be.
You
know
something
valuable
for
the
TOC
okay.
So
we
have
an
action
item
over
the
coming
week
to
kick
off
the
presentation
you
know
just
given,
given
that
future
target
of
presenting
to
the
TOC.
What
do
you
think
if
we
anchor
our
you
know
cucumber
Barcelona
around
some
of
this
assessment
work
rather
than
you
know
rehashing
you
know.
Do
you
think
that
would
be
a
good
presentation
to
share
you
know
and
Barcelona,
and
then
you
know
follow-up
as
part
of
the
TOC
meeting,
so
we're
working
out
the
kinks
on
that.
B
I
I
think
I
mean
I'm.
I
can
definitely
I
can't
remember
exactly
how
it
fits
timing
wise
in
terms
of
the
Opera
our
sessions,
because
I
can
definitely
refer
to
I.
Definitely
what
serve
a
loading
bay.
But
if
there's,
if
I
can
point
people
a
session
is
coming
up
or
right,
rather
than
one
that
just
misses.
G
B
H
B
Join
our
team
and
then
I
think
that
we
should
we
need
to
mention,
like
the
policy
work
and
the
landscape
work
in
the
different
projects
or
the
like
intro
thing,
I
think
and
then
the
deep
dive,
justin
Kappos,
we'll
talk
about
I,
guess
the
security
assessment
stuff
and
that
Howard
is
gonna
present
something
about
policy.
Great.
I
D
A
Like
III,
don't
think
we
need
to
feel
like
we
need
to,
you
know,
create
you
know,
unique
novel
content
for
each
one
that
they're,
you
know
all
engagement
points.
You
know
this
is
one
of
the
most
visible
activities
that
we
have,
and
you
know
with
that.
The
policy
white
paper-
and
you
know
if
we
have
you
know,
I-
think
the
other
white
paper
it's
probably
too
early
to
even
you
know,
bring
it
into
the
discussion.
You
know
I.
B
A
B
We
basically
we're
if
we
can
nail
the
Charter
this
week,
which
I
think
we're
on
track,
for
at
least
our
part
of
it
will
be,
will
be
like
yeah
we're
just
responding
to
feedback,
then
JJ
can
I
can
look
in
like
kind
of
refocus
on
the
white
paper
to
the
point
it
and
then
we
can,
you
know,
get
everybody's
feedback
bones
and
outline
and
that
kind
of
scope
it
addresses
kind
of
it's
sort
of
an
analogous
to
the
Charter.
And
it's
another
way
of
looking
at
the
scope
of
the.
I
A
A
A
A
A
B
Be
really
accessible
for
people
to
know
what
it
is.
This
group
is
doing.
Who
is
leading
what
you
know
what
things
are
underway
and
have
things
in
a
state
where
they
don't
have
to
be
finished?
It
has
to
be
like.
Oh
I
could
review
that,
or
this
is
not
being
worked
on
great,
and
so,
if
we
can
think
about
ways
that
we
can
arrange
the
issues
appropriately,
tagged,
what-have-you
and
link
from
the
readme
I
think
that'd
be
great
great.
A
Good
stuff,
all
right,
well,
ask
we'll
get
you
lined
up
for
next
week.
Sarah
you
mentioned
someone
else,
might
have
a
presentation
with
that.
I
want
to
make
sure
I
land
that
in
the
agenda.
B
B
A
B
B
A
G
B
Caused
us
to
have
like
some
new
content,
this
group
hasn't
discussed
before
and
maybe
we'd
schedule
something,
but
right
now,
I
think
that
you
know
we'll
just
go
through
and
we'll
do
it
async
right,
we'll
have
you
know
we'll
have
like
little
light
sharing
here
as
long
as
there
isn't
anything
anything
that's
radically
new,
but
you
know
that
could
come
up,
but
I
think
right
now,
they've
done
the
presentation
at
least
once
probably
comes
back
and
then
I'll
surf
around
on
the
additional
material.
Great.
B
I
think
that,
like
I
think
at
least
for
starters,
we
should
give
a
whole
session
where
the
presentation
is
designed
to
kind
of
cue
up
the
conversation
and
everybody
who's
attending
is
encouraged
to
like.
We
hope
that
most,
if
not
all
of
the
group
has
read
these
so
the
doc,
the
right
after
equal,
so
that
we
all
have
a
great.