►
Description
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
A
B
B
You
know
like.
We
make
sure
that
the
steps
that
you
say
you
did
you
actually
do,
but
you
know
just
like
if
you
go
to
a
hospital
and
a
licensed
doctor
could
go
and
I
don't
know
amputate
the
wrong
foot
or
whatever
you
know,
no
cases
that
people
have
sometimes
seen
that
happens,
but
we
make
sure
it's
not
like
somebody
pretending
to
be
a
doctor
in
there
with
the
bonesaw
operating
right.
A
It's
just
it
wasn't
immediately
clear
with
some
you
know,
probably
15
20
minutes
spent
looking
at
the
docs,
not
a
like.
We
didn't
use
it
right
that,
like
is
it
clear?
What
these
steps
actually
are
right,
like
is
the
compiler
executable
and
input
right.
The
version
of
the
compiler
is
that
is
that
how
it's
set
up?
Do
people
understand
what
is
a
step
and,
what's
in
toto.
A
Do
you
know,
of
course,
like
the
computer
could
be
compromised,
but
if
it's
installed
on
my
machine,
you
know
like
you
know
that
has
just
a
security
behind
it
and
maybe
I'm
not
worried.
But
if
it's
a
web
service
you
know
like
there's.
If
it's
a
reproducible
bill,
then
what
is
my
step
and
how
am
I
specifying
that.
C
B
So
you
can't
do
things
like,
say
this
exact
version
of
this
compiler.
With
this
hash
and
everything
like
that
has
to
be
used
in
the
system.
You
can
make
those
kind
of
statements.
You
can
also
say
things
like
a
compiler
that
you
know
so,
let's
say
for
a
moment
just
just
just
say
for
a
moment
that
you
trust
that
this
system
can
be
used
to
produce
a
single
piece
of
software
that
went
through
the
right
steps.
B
Just
just
suspend
disbelief
for
just
a
moment,
okay
believe
and
then,
since
it
can,
you
can
have
things
that
point
to
other
layouts
that
went
through
that
step.
You
can
also
say
things
like
well.
I,
don't
actually
know
what
the
correct
hash
of
GCC
is
supposed
to
be,
and
maybe
I'll
be
updating
it
more
frequently
that
I
want
to
update
my
own
layout,
but
I
can
say
that
as
long
as
the
GCC
folks,
there
in
toto
supply
chains
says
that
this
is
a
valid
version
of
GCC,
then
I
trust
them
to
know
it.
B
A
Right
but
I
guess
the
question
is:
how
do
I
know
like
how
do
I
exactly
know
that
my
I
took
I'm
doing
bills
right
I'm
doing
a
you
know,
suppose
we
use
the
simple
workflow
where
developer
checks,
encode
release
engineer
decides
to
make
a
version
change
to
kick
off
a
release.
You
know
the
we
want
to
make
sure
the
tests
can't
run
the
pass
and
the
artifacts
get
somewhere
inside
I'm.
A
So
in
the
the
artifact
gets
built
by
some
compiler.
How
do
every
time
I
run
this
right?
It's
different
code,
so
the
artifact
is
going
to
be
different.
How
do
I
know
whether
my
compiler
has
been
compromised
like
how
do
I
like
how
do
I
know
that
the
steps
like
I
couldn't
articulate
ow
in
a
specific
instance,
I
actually
know
anything
other
day,
I
trust
them
Toto,
and
it
did
some
things.
How
do
I
know
I
set
my
live
like
yeah?
How
do
you
verify
that
I've
set
this
up
correctly
and
I'm
using
intuitive
correctly.
B
Okay,
so
we
validate
what
effectively
you
tell
us
stability,
so
think
of
it.
This
way
like
how
do
you
know
that
the
aspirin
you
get
in
a
bottle
is
actually
aspirin
and
it's
not
going
to
hurt?
Well,
you
know
this
because
the
FDA
did
some
checking,
and
you
know
that
the
the
plant
went
through
a
series
of
steps,
and
you
know
that
those
procedures
were
followed
now.
B
Does
that
mean
that
somebody
working
at
the
plant
couldn't
have
gone
and
substituted
something
in
or
that
you
know
the
FDA
couldn't
have
made
a
mistake
when
drug
testing,
the
drug
and
so
on?
You
don't
know
that
you,
you
have
no
idea
what
could
happen?
Okay,
but
you
get
much
better
assurance
that
that
the
right
things
happen.
B
You
can
make
that
all
part
of
your
in
total
layout
and
have
that
all
be
verified.
Okay.
If,
on
the
other
hand,
you
don't
do
anything
like
that
and
you
just
like
compile
with
whatever
compiler
you
have
locally
and
it
uses
a
developer,
say
yeah,
you
know
whatever
compiler
I
have
on
my
laptop,
which
I
update
all
the
time.
This
compiles
it.
You
know
I'm,
fine
with
anything.
You
can
specify
that
in
in
todo
it
in
todo
isn't
meant
to
force
you
to
take
a
certain
series
of
steps
in
building
your
software.
A
D
A
What
I
do
is
I
curl,
a
random
string
uses
that's
wide
open
to
the
Internet
and
then
I
publish
on
github
that
I'm
doing
that
and
I,
but
I've
locked
down
all
my
steps,
but
what
they're
doing
is
fundamentally
flawed.
Right
I
always
have
to
take
responsibility
for
something,
and
you
have
to
define
the
edges.
It's
just
that
without
examples
that
are
realistic
and
the
answer
being
well,
you
can
do
anything.
A
B
C
Still
having
issues
scoping
this
is
this
a
in
toto
shoot
from
now
on,
say
like
you,
can
only
have
layouts
that
look
like
this
or
it
is
like.
The
document
needs
to
mention
this
examples,
or
is
this
like
because
you
thought
it
was
assigned,
so
you
can
actually
do
the
random
string.
If
you
think
that's
the
right
thing
to
think
anyway.
So.
E
A
A
There's
a
risk
right
that,
like
instead
of
saying
well
one
can
do
anything
you
figure
it
out
to
say
here
is
a
common
pattern.
Right,
I
have
C++
code
in
get
that
these
are
the
steps
that
I
want
to
do.
These
are
the
risks.
If
I
do
it
this
way
or
don't
you
know
like
you,
have
you've
got
like
details
about
supply
chain
house
right,
like
you
want
to
set
it
up.
A
A
This
is
basically
in
that
the
topic
is:
what
are
the
risks
that
a
average
programmer
like
a
better-than-average
program,
or
somebody
who
deeply
understands
their
release
pipeline
and
their
software
right
would
pick
up
in
toto,
spend
a
lot
of
time,
integrating
it
and
actually
not
significantly
change
their
security
while
making
their
release
process
more
like
that?
How
big
is
that
risk
right?
So
that's
really
the
question
right.
It's
a
it's!
It's
something
that
could
be
a
oh
well.
Dogs
need
to
be
improved
in,
like.
C
I
think
it
is
I
think
it's
a
valid
concern.
The
the
what
I'm
trying
to
figure
out
here
is.
Is
this
concern
something
that,
for
example,
we
would
like
to
have
addressed
on
write
up
or
just
something
that
you
say
hey.
You
should
improve
the
overall
state
of
the
project
by
having
this
somewhere
in
the
funella
specification
or
in
the
website.
A
A
That
the
like
the
like
to
just
scrub
through
the
right
up
to
scope
things
according
to
the
assertions
you're
making
about
us
in
total
and
the
ones
that
you're
not
and
to
clarify
like
if
reproducibility,
is
something
that
in
toto
offers.
Well
then,
what
are
the
preconditions
in
how
you
do
your
layout?
That
would
allow
you
to
do
we
reproducibility,
which
it
doesn't
have
to
all
be
addressed
in
the
write-up
right,
some
of
it.
A
F
Yeah
I
think
is
my
feeling
was:
is
it's
really
important
with
security
projects
and
let
people
know
exactly
what's
in
and
out
of
escape
in
a
really
really
clear
way,
because
people
often
assume
too
much
around
you
know
once
I've
done,
this
I
no
longer
have
to
do
anything
else,
kind
of
thing
and
so
spending
some
time
clarifying
this
is,
is
kind
of
important
users
will
misinterpret
it
because
they
are
still
asleep.
You
know
they
they've
done
that
with
with
notary
I've
seen
a
lot.
C
Okay,
yeah
I
just
wanted
to
because
I'm
taking
notes
on
this
side
and
I
wanted
to
like
make
a
a
list
of
things
that
I
need
to
work
on,
and
it
to
me
it
appears
at.
The
answer
is
both
which
you
need
to
clarify
this
on
the
on
the
write-up,
which
is
like
point
that
point
fixes,
and
then
probably
we
should
elaborate
a
little
bit
more
on
the
metadata.
F
I
think
so
I
mean
I,
think
yeah
I
mean
I.
Think
even
as
I
mean
is
I.
Think
it's
important
a
bit.
The
specification
be
is
clear
about
what
is
and
isn't
enscape,
because
what
I
will
say
and
I
mean
cases,
because
then
it
gives
people.
You
know
and
pointers
to
things
that
cover
other
relevant
pieces
are
useful
because
they,
how
do
you
understand
what
you
do
about
the
base
in
a
non
in
scape
for
this
and.
C
Right,
okay,
yeah
I'll
I
mean
I'll,
have
an
issue
either
way,
I
think
it's
always
good.
Keep
those
things
tracked,
but
it's
something
that
we
should
be
working
on
the
future.
What
we
already
have
in
the
roadmap
for
the
documentation.
In
terms
of
like
having
read
the
dog's
repository
and
having
very
much
more
grounded
content
that
people
can
just
like
to
see.
H
D
C
H
A
H
C
So
it
is
not
mandatory
to
use
to
talk.
We
we
had
some
integrators,
you
stuff
as
a
metadata
delivery
mechanism
and
to
essentially
ensure
that
layout
is
fresh.
Well,
you
can
do
it
without
develop
top,
but
the
basically
they
play
well
together
in
terms
of
the
metadata
delivery.
Now
something
that
we're
going
to
have
soon,
and
that
was
actually
something
we'll
be
working
out
with
a
data
dog
people
is
we
have
this
extensions
repository
the
Ickes
or
we
host.
H
H
C
C
Then
it
moved
on
to
so
like
a
today
to
the
mission
controller
and
it
was
stored
on
disk
and
submitted
on
the
fly.
But
all
of
those
things
can
happen
in
my
very
personal
opinion.
I
think
tuff
is
the
way
to
go,
but,
for
example,
we
cannot
mandate
Debian,
for
example,
without
tough,
just
by.
F
F
C
A
F
Us
door,
tough,
tough,
this
back
is
more
I
mean
it
does
talk
about
threat
models
to
the
store,
it
doesn't
specifically
say
much
about
the
requirements
first
of
all,
but
it
does
talk
about
compromising
things
at
the
store.
So
it's
kind
of
I
mean
notary
specifically
provides
a
store
because
is
an
operational.
C
A
F
B
C
C
H
The
specific
question
that
I
had
about
this
was
with
the
expiration
check.
I,
know
that,
like
this
update
framework,
does
some
of
these
with
the
timestamp
thing?
Is
it's
a
guarantees
that
you're
providing
like
the
the
time
check
and
expression
check?
Is
that
reliant
on
that
mechanism
Isis
in
built
within
in
Toto
itself?
It's.
F
A
That
we're
fast
was
an
example.
Wasn't
clear
to
me
was
if
I
weren't
going
to
use
Griffis?
What
would
I
do
there
or
is
it
like
like
in
it's
just
because,
like
I
know
what
Jekyll
is
I've
used?
It
I've
never
used
Griffis.
So
it
wasn't
clear
to
me
why
there
oh
this
is
just
another
extent.
It's
another
thing
my
pipeline
is
doing,
but
I
don't
think
that's
true.
It's
a
it's
actually
something
that
is
needed
by
in
toto,
but
I
could
do
something
else.
Well,
I,
don't
know
what
that
other.
F
A
I'm,
saying
is:
I
am
representative
of
the
next
person
who
wants
to
use
it
in
toto,
so
take
this
information
and
yeah
the
write-up
should
I
should
clarify
what
the
requirement
is
in
terms
of
you
know.
What's
the
threat
to
that,
but
I
think
the
other
thing
is
just
like:
it's
not
clear
how
to
use
in
toto
without
actually
losing
it
and
that's
you
know
just
data
for
you
as
a
project.
A
A
A
A
C
D
D
A
D
G
C
A
D
A
C
A
C
A
E
H
H
C
C
C
A
A
C
C
A
C
C
A
So
so
yeah
I
think
that
is
kind
of
the
set
of
our
questions.
H
H
H
H
D
A
A
C
A
Have
him
at
me
try
to
write
up
this
summary
later
this
week
and
that
can
be
done
in
parallel
with
your
I
can
just
make
assumptions
that
you
will
have
we're
writing
a
summary,
as
if
you're
the
changes
you're
about
to
make
have
already
been
done
right
behind.
We
can
run
that
by
you
and
I.
Don't
think
it
will
say
anything
contentious,
but
you
know
we
don't.
We
want
to
make
sure
that
you
have
the
opportunity
to
correct
anything.
B
A
So
that's
a
process
point
that
we
hope
and
expect
it's
not
going
to
happen
within
toto
that
we
in
fact
are
coming
to
the
same
agreement
of
how
to
articulate
its
security
posture
right
and
where
you
are
in
you
know,
yeah
some
things
you
plan
to
address
in
the
future
and
that's
fine,
and
so
we
come
up
with
some
kind
of
description
of
that
and
then
which
hopefully
we'll
have
like
a
draft
end
of
this
week.
We
know,
maybe
we
can
go
back
and
forth
quickly.
A
Maybe
we
have
to
meet
again
early
next
week
and
then
and
then
we'll
run
it
by
Joe
and
Liz
to
see
if
it
matches
what
they
want
to
send
to
the
TOC
I
mean
my
guess
is
like
after
we
all
get
to
the
one
place
of
like
this
is
a
good
description.
Then
they
probably
will
be
like
yeah.
It
looks
great
but
they
might
say
oh,
but
what
about
this
thing
and
then
what
you
know
then
we'll
regroup
but
yeah
certainly
wouldn't
want
this
done
before.
A
F
A
C
A
C
A
I
G
E
A
To
I,
like
they
actually
Justin's
accomplices,
point
of
like
having
issues
for
everything
so
I've
been
trying
to
when
I
have
questions
that
are
clearly
like
the
docs
need
to
be
improved
like
putting
things
as
issues
rather
than
you
know,
you
don't
necessary,
have
to
be
addressed
in
the
assessment,
just
a
better
question.
So
right.