►
From YouTube: SIG-Security Meeting, 2019-9-18
Description
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
A
B
C
D
C
C
B
B
A
C
B
A
Presented
tough
for
graduation
and
TFC
meeting
yesterday,
they
had
actually
surprisingly
many
questions
about
obtain
related
to
that
I'm
also
going
to
be
giving
a
talk
at
a
kubernetes
meetup
in
New
York
City
about
six
security
later
this
month,
so
I
don't
yet
really
know
what
else
they
other
than
the
sorts
of
things
that
were
said
during
the
intro
and
deep
dive.
Six
security
meetings
at
the
last
big
scene,
CF
event.
So
if
anyone
has
suggestions,
feel
free
to
reach
out
to
me
and
I
can
try
to
work
them
into
my
talk.
D
Yeah,
so
I
was
just
going
true
last
week,
a
bunch
of
issues
and
pr's.
It
seems
like
identified.
Two
of
them
seem
like
they're
ready.
Probably
if
we
had
some
time
today,
we
can
discuss
a
little
bit.
Maybe
read
some
merging
them
in
also
I
open
a
proposal
to
update
the
initial
landing
page
I
want
to
get
some
feedback
on.
D
B
E
Hi
there
yeah,
my
name
is
Bruce
McAfee
I
work
at
Trend,
Micro
I
am
the
dev
manager,
so
I
run
a
couple
of
teams
that
do
container
security.
One
for
static,
you
know
docker
image
scanning
and
one
for
container
runtime
protection
and
yeah.
So
Trend
Micro
is
just
interested
in
you
know,
kind
of
getting
getting
involved
with
CN
CF
a
little
more
and
yeah.
So
we
just
like
to
know
you
know
what
initiatives
are
out
there
and
and
yeah
contribute.
If
we
can.
B
All
right,
thank
you.
I'm
the
next
person
I
mean
I,
don't
have
anything
significant
to
update.
It's
been
a
little
bit
since
I've
been
able
to
attend
and
I'm
in
the
process
of
changing
my
role,
so
that
I'll
have
more
time
to
attend
regularly.
So
it's
a
little
bit
slow
going,
but
hopefully
soon
that'll
start
to
flip.
For
me
mark
here
up
next.
F
Everybody
nothing
too
much
new
here,
I'm
gonna
promote
my
my
talk.
I'll
put
this
into
the
chat,
I'm
gonna
be
in
Washington.
Unless
my
company
talks
me
out
of
going
to
talk
about
dev
sack,
ops
and
in
particular
the
use
of
ontology,
is
to
support
that
only
messing
it
in
this
context,
because
I
steal
some
good
ideas
from
other
people
in
this
meeting.
So
it's
it
for
me.
Thank.
G
G
B
G
Yeah,
that's
one
of
the
topics
and
the
other
one
is
I've
shown
interest
before
in
the
statements
in
to
participate
in
a
assessment,
I
saw
that
in
one
PR,
which
which
is
already
merged,
I
am
as
one
of
the
volunteers
for
the
Falco
assistants.
If
there
is
any
information
for
deadlines
or
where,
when
are
we
going
to
start
and
so
on,
how
it
would
be
interesting
for
me.
G
C
I'll
take
a
look
at
it
and
follow
up
with
any
additional
information
that
I
could
get
on
there.
This
is
AJ.
Thank.
A
And
I
think
in
general,
we're
we're
basically
ready
to
start
assuming
you
know,
but
I
think
we're
also
still
trying
to
get
the
full
cadre
of
people
from
RN
to
do
the
assessment
and
on
our
side,
so
I
can
prod
and
try
to
make
that
happen
a
little
faster.
But
those
on
the
call
that
are
interested
should
also
jump
in
did.
A
Think
my
understanding
is,
is
that
Sarah's
reaching
out
to
to
Liz
and
others,
but
when
we
were
given
an
initial
list
of
projects
to
look
at
Falco
was
on
it.
So
it
would
be
I
think
very
strange
for
them
to
say
here's
the
list
of
five
projects.
We
want
you
to
look
at
and
then
for
us
to
come
and
say:
okay,
well,
we're
starting
on
the
you
know,
a
third
project
from
that
list
and
them
to
say
whoa.
C
C
C
As
far
as
this
topic
is
concerned,
I
just
wanted
to
bring
it
to
team's
attention
that
there
has
been
some
confusion
in
terms
of
how
the
how
we
become
projects
per
review
and
we
are
going
to.
We
are
seeking
clarification
with
journalists
on
that
to
basically
have
clear
guidelines
in
terms
of
like
how
we
pick
projects
mainly
around
like
the
ones
that
are
in
CN
CF.
It's
pretty
clear,
the
ones
that
are
coming
in
to
CN
CF
should
it
go
to
TOC.
C
C
Yeah-
and
there
is
a
bit
powered
or
not
a
new
kit-
the
policy
working
groups
artifacts
into
our
repo,
so
I
will
work
with
them
offline
to
basically
merge
all
that
talk
in.
So
it
will
be
useful
for
the
rest
of
the
team
to
be
able
to
discover
those
dogs
in
our
repo
there's,
an
existing
pl
that
I'm
working
on
that
I
think
Sarah
commented.
Alright,
I
will
be
working
on
working
on
working
on
that
which
people
are
I'll,
be
happy
people
jump
in
and
comment
on
that
as
well.
There
is
any
comments
on
that.
I
B
H
B
A
We
would
like
there
to
be
four
ish
reviewers,
and
so,
if
we
had
a
situation
where
there's
three
who
really
know
a
project
well
and
have
done
assessments
before
we
probably
go
ahead,
and
if
we
have
people
that
want
to
kind
of
learn
and
cut
their
teeth
and
having
five
or
maybe
even
six
is
sort
of
okay.
But
at
least
right
now
we're
looking
at
something
on
the
order
of
four
okay.
B
G
Because,
currently
I'm
I
I
don't
have
a
lot
of
experience
with
Falco
specific
specifically,
but
I
am
in
the
assessment.
Is
that
the
problem
or
like
I
I
could
spend
time
to
get
in
and
get
to
know
the
project
and
that's
why
I'm
asking
for
the
start
up
of
the
assessments?
But
if
that's
a
problem,
I
don't
know.
K
K
You
know
a
little
bit
of
time
coming
up
to
speed
on
the
project,
either
by
my
methodology,
code
review
or
by
operationally
installing
and
playing
around
with
it,
just
to
get
to
have
been
that
said,
I'm
I'm
attending
a
system,
training
event
Thursday
in
San,
Francisco,
I'm,
happy
to
give
a
dump
and
I
can
contribute
here
or
contribute
it
somewhere
offline
for
those
who
want
to
review
that
material.
So
that
might
be
also
a
useful
resource.
B
Yes,
let's
hold
off
on
any
further
Falco
questions,
because
we
do
have
an
agenda
item
for
it
later.
So,
if
there's
more,
that
needs
to
be
discussed,
we
can
talk
about
it
when
we
get
to
that.
The
next
item
on
the
agenda
is
to
do
a
check-in
with
any
partner,
SIG's
or
working
groups
that
are
here
today.
So
is
anybody
here
from
kubernetes
to
go?
Who
would
like
to
have
an
update
or
the
policy
working
group,
the
security
audit
working
group
or
the
NIST
big
data
working
group?
That's.
C
Sure
I
think
I
did
early
on
in
the
college.
I
think
there
is
a
PR,
that's
pending
yeah,
so
there's
a
peer
that
spending
that
I'm
reviewing
and
then
I'm
gonna
work
with
our
to
merge
all
the
artifacts
that
they
have
in
Google
Docs
into
our
people,
so
that
it's
discoverable
by
people,
so
they
have
they've
done
evidence
and
really
good
work
in
terms
of
producing
a
policy
white
paper.
C
L
B
C
B
D
So
there
was
like
one
of
the
two
piers
I
found,
which
seemed
like
they
seemed
mostly
completed.
I
think
just
one
additional
set
of
eyes,
so
one
the
first
one
is
for
the
IG
sure.
Maybe
I'll
share
my
screen
and
then
we
can
think
about
that.
D
K
D
It
looks
good
I
reviewed
it.
Those
good
JJ
Oz,
because
you're
the
owner
of
the
file
I,
think
if
you
have
any
comments
on
that
o
people
on
this
call
when
I
review
it
I'm
thinking
that,
maybe
we
can
look
at
trying
to
merge
this
soon
because
it's
been
open
for
a
while
and
I.
Don't
think,
there's
any
additional
unresolved
comments
on
this.
D
So
this
was
basically
I,
think
the
the
this
came
from
a
discussion
within
Google
and
also
within
another.
A
few
organizations
said
this
is
that
point
implementer,
which
is
really
in
charge
of
setting
out
all
the
connected
platforms,
and
then
each
individual
clusters
has
his
own
operators,
so
so
Christian
did
at
one
of
these,
and
also
based
on
his
feedback
from
speaking
to
a
few
internal
folks
at
Google,
I.
Think
it's
pretty
much
similar
to
the
rest
of
the
document,
with
a
focus
on
really
creating
the
high
level
policies
for
every
individual
cluster.
D
C
I
can
take
a
look
at
it
after
this
call.
If
the
tendon
thing
is,
if
there
is
enough
reviews
in
me
about
address
the
comments
on
that,
I
would
just
wait
for
a
day.
This
is
good
work,
so
I
would
just
push
it
merge
it
and
when
you're,
okay,
let
me
know:
if
you
expect
comments
from
any
specific
person,
then
we
can
try
to
tag
them
and
then
see
if
we
could
get
comments,
but
otherwise
I
would
just
go
ahead
and
merge
it.
Okay,.
D
B
D
D
Aaron
Zollman:
let's
see
it
on
the
attendee
list,
I
think
he's
here,
so
yeah
I
think
the
general
consensus.
The
last
time
we
discussed
this
is
a
lot
of
the
changes
are
good
and
I
think
we
should
keep
it
so
I
may
be.
The
thing
we
should
do
now
is
we
can
pretty
much
this
and
then
I'll
create
a
new
PR
from
this
with.
D
B
D
B
B
Maybe
it
makes
sense
to
just
touch
base
again
on
this
one
at
the
next
meeting,
so
that
if
people
want
to
provide
feedback
on
the
PR
that
you
open,
there's
an
opportunity
for
them
to
get
that
link
at
the
meeting
and
add
their
comments
rather
than
getting
merged
in
the
next
couple
of
days.
Does
that
make
sense,
yeah.
D
B
D
Yeah
didn't
that's
me
against
okay,
yeah,
so
I
was
thinking
about
just
reorganizing
the
Rigby
page.
If
you
have
any
feedback
all
seeking
the
the
main
things
thinking
about
is
to
move
the
meeting
times
up
and
provide
the
link
to
the
the
meeting
documents
with
the
meet
the
meeting
time
and
also
to
add
a
new
section
for
new
members,
because
we
have
the
new
edition
for
the
new
members
page.
So
I
think
we
can
also
add
that
in.
D
K
L
Understand
yeah
I
created
most
of
that
read
me:
I
wondered
now
that
we're
on
such
a
regular
cadence
and
we
have
kind
of
a
core
meeting
doc.
How
useful
it
is
to
maintain
that
list
of
meeting
dates.
You
know
that,
as
we
were
establishing
ourselves
and
trying
to
line
folks
to
our
cadence,
you
know
I
I
thought
was
really
important
and
was
a
you
know,
one
of
the
ways
that
would
signal.
L
Why
are
we
having
a
meeting
if
we're
not
having
a
meeting,
let's
go
online
there,
but
now
that
we're,
you
know
fully
realized
CN
CF
sig
yeah
we
meet
every
week
at
this
time,
and
these
are
the
meeting
notes
so
that
that's
section
where
we
made
in
the
history
of
our
meetings.
Many
may
not
have
you
know
the
same
meaning
now
yeah.
F
F
B
L
B
L
D
M
Is
Amy
I'll
step
in
for
a
moment
here
it's
sometimes
helpful
to
be
able
to
find
things
like
much
further
back.
They
say,
like
you
know,
three
years
from
now,
we
might
actually
want
some
of
this
information.
I
can't
come
up
with
the
reason
exactly
right
now,
but
I
also
can't
see
a
reason
being
able
to
get
rid
of
it.
We
already
have
it.
L
L
M
L
G
B
B
The
last
item
that
we
have
on
the
agenda
is
about
the
Falco
security
assessment,
so
there's
some
conversation
that
started
about
that
a
little
bit
ago.
If
we
want
to
pick
up
or
I'm,
not
sure
what
specifically
we
want
to
cover
about
that.
But
I'll
leave
that
to
the
people
who
would
like
to
talk
about
it.
K
I,
don't
have
a
particular
I
didn't
put
the
agenda
item
on,
but
I'm
happy
to
just
brief
hasn't
been
much
change
from
last
week.
Other
than
as
I
noted,
we
created
a
an
issue
to
track
status
and
Kristen
Kristen
over
replied
that
she
is
in
contact
with
the
team
to
try
to
assess
when
they
would
be
ready
and
propose
a
date
to
start,
but
don't
have
that
date
as
again.
L
F
L
Check-Ins
discussion
around
privatization
and
guidance
from
the
TOC,
so
you
know
I
present
the
guidance
from
the
our
TOC
representatives
is,
you
know,
keep
on
going
document
your
process
and
no
objections,
so
they're
not
blocking
us,
but
we
haven't,
you
know
yet
fully
ratified.
You
know
the
coordinated
expression
of
you
know
how
we
manage
and
triage
that.
But
you
know
steady
state
everyone's
happy
with
that,
and
you
know
the
only
sort
of
overarching
guidance
that
we
have
there
is
you
know:
preference
to
CNCs
projects.
K
K
K
L
So
III
think
we
may
be
conflating
two
different
types
of
security
assessments
and
how
this
the
TOC
is.
Gonna
manage
that
right.
You
know,
there's
at
a
certain
level.
You
know
a
full
compliance
security
review
that
projects
have
to
go
through.
You
know
the
assessment
is,
is
not
a
replacement
for
that,
though.
L
F
L
G
Well,
I
I
bring
this
up
before
and
I
hope.
That's
I
am
not
annoying
or
something,
but
I
saw
that
I
saw
that
I'm
in
a
security.
The
viewer
of
Falco
and
I'm
accepted
to
the
security
viewer
from
one
of
the
peers,
which
was
merge
merged
and
in
this
PR
the
idea
of
observer
or
internal
role
was
removed,
removed
it's
hard
to
say,
but
we
discuss.
We
discussed
that
it's
a
useful
thing
to
have
and
I
wanted
to
ask
may
be
broadly
again.
Do
you
guys
think
this
is?
G
G
G
G
D
G
C
So,
in
the
role
clarification
itself,
we
are
working
through
to
create
a
little
bit
more
clarity
with
more
roles,
considering
the
amount
of
work
that
coming
our
way,
it
will
be
useful
to
partition
work.
So
the
short
answer
to
that
is
it's
a
work
in
progress
or
be
happy
to
hear
your
inputs
and
feedback
in
terms
of
how
to
structure
that,
then
we
would
be
happy
to
collaborate
on
that.
C
G
C
C
G
B
C
B
Security,
reviewers
and
other
members
of
the
sig
participating
and
security
reviewers
links
to
another
document
that
defines
that
role
and
the
required
qualifications.
So
that
may
be
a
useful
resource
to.
We
doesn't
just
say
that
that's
a
static
document
I
think
you
know
if
there's
things
that
merit
revising
in
that
that's
something
that
the
group
would
be
open
to.
I.
L
L
You
know
hasn't
sort
of
gotten
the
optimal
state
having
and-
and
you
know,
the
the
the
the
Delta
between
an
observer
and
an
intern.
For
me
as
an
observer
is
an
individual
that
is
going
to
watch,
they're,
gonna,
learn
and
they're
going
to
be
autonomous.
An
intern
is
someone
who
is
your
basically
apprentice,
and
if
you
have
an
intern
or
someone
who
you
know
coming
and
joining
learning
the
system,
then
you
know
the
the
core
working
team.
L
You
know
has
to
make
a
commitment
to
ensure
that
individual
is
doing
effective
work
and
they
have,
to
you
know
kind
of
double
their
efforts.
Doing
the
assessment
working
through
that
and
making
sure
that
the
new
individual
is
getting
up
to
speed.
So
you
know
conflating
those
two
concepts
may
be
slowing
down
the
abyss.
Discussion.
G
L
I
think
there's
more
gonna
be
more
willingness
right
now
to
embrace
observers,
and
you
know
someone
who's
going
this
debate.
The
bet
that
is
also
starting
with
that
observer
state
could
be
a
great
way
to
you
know
then
get
invited
to
participate
and
have
someone
you
know
take
on
mentorship
capacity
to
ensure
that
the
new
participant
is
able
to
be
a
reactive,
innocent
learning.
J
This
week,
I
just
have
a
very
basic
questions
on
this
I've
been
looking
at
this
and
hearing
all
this
comments,
analysis
and
all
those
things.
The
question
that
I
have,
in
my
mind,
is
at
the
end
of
the
security
assessment:
complete
completion.
Rather
what
would
they
do
with
that?
What
what
is
the
actual
benefit
out
of
that
thing,
and
what's
the
motivation
for
them
to
go
through
this.
J
I
didn't
peddle
them
into
silence,
everybody
buy,
but
just
basically
asking
just
you
know,
let's
say:
I'm
an
ABC
company
and
I'm
working
on
some
security
product
and
I
do
have
a
serious
interest
into
the
to
be
combined
with
the
native.
You
know,
cloud
native
applications
as
such
and
so
forth,
I
go
through
this
and
is
there
a
certificate
that
are
going
to
be
dude?
That
is
gonna,
be
you
know
recognizable
in
the
industrial
community
in
some
ways,
or
is
that
some
sort
of
it?
J
B
I'm
just
noticing
that
Justin
isn't
on
the
call
anymore
TK
I
feel
like
he
probably
is.
Maybe
the
person
who
is
best
suited
to
respond
to
this
question,
so
it
might
be
worth
waiting
till
next
week
to
raise
it.
When
he's
on
the
call,
because
he's
officially
the
facilitator
for
these
security
assessments.
B
L
Yeah
and
I,
just
you
know,
touch
on
the
high
level.
It's
yeah
yeah,
we're
serving
the
CNC
f,
that
sort
of
official
capacity,
we're
a
you,
know,
an
expertise,
body
and
a
issuing
body
or
an
entity
that
you
know
can
back
and
validate
things
at
a
certain
level.
So
the
CNC
F
does
have
some
programs
that
it
is
able
to.
You
know,
provide
access
station
about.
K
L
God,
the
the
gold
silver
status
of
the
projects
right
yeah
I
mean
you
can
become
a
member
of
the
since
the
up
with
your
project.
So
you
know
this
is
project
based
and
corporate
based
and
I.
Don't
know
that
beyond
kubernetes
certification,
right,
there's
the
kubernetes
certification
project
that
the
CAF
has
developed
any
other.
J
Good,
oh
I'm,
sorry,
I
just
footing.
That
was
a
good
question,
but
on
the
follow
up
and
what
I
was
thinking
is
so
that
means
there
was
no
actual
agreement
through
our
TOC,
for
example,
with
the
CN
CF,
that
our
security
assessment
will
be
somehow
linked
with
those
certification
process.
The
CNC
follows
at
this
point:
I.
L
J
L
K
F
J
Then
would
you
agree
that
at
least
we
being
as
a
authorized
working
group
on
the
security
under
CN
CF,
we
should
be
aiming
for
at
some
point.
I
don't
know
when
we
should
be
aiming
for
to
become
some
sort
of
a
aggradation
type
of
body
that
which
either
in
doses
certain
guidelines
or
provides
some
sort
of
a
certification
as
such
on
behalf
CN
CF,
so
that
there
is
motivation
in
the
industry
to
participate
in
this
type
of
assessment
process
or
to
be
evaluated
through
our
process.
The
first.
L
Part,
yes,
the
the
first
part
of
like
ratifying
the
criteria.
Yes,
you
know
becoming
a
an
entity
that
you
know.
Does
that
work,
that's
work,
that's
you
know
and
I
fundamentally
believe
that
individuals
participating
that
should
get
compensated
for
that
work
and
that
we
should
not
have
that.
Be
you
know
a
product
of
you
know
an
expert
forum
like
this.
J
K
Like
to
speak
to
that
volunteered
without
any
expectation
of
compensation,
knowing
that
it
would
require
having
paid
for
security
reviews
in
the
past
having
been
compensated
for
security
reviews
in
the
past,
knowing
the
amount
of
work
soberly
involved,
I
felt
that
it
was
an
important
contribution
to
the
open
source
community.
So
my
expectation
was
far
more
motivated
around
putting
forth
a
process
that
was
part
of
the
CN
CF
community
as
securing
the
infrastructure
and
the
projects
at
CN.
Cf
puts
their.
F
K
Can
I
can
take
my
commercial
product
and
I
can
go
hire
a
firm
to
do
code,
reviews
and
security
design
reviews
or
to
write
code
or
to
review
code
etc,
but
I
can
also
choose
open-source
and
I
can
choose
to
a
community
that
that's
that
open-source
so
I.
My
my
expectation
was
that
the
assessment
work
we
are
doing.
If
not
a
you
know,
a
seal
of
approval
or
a
you
know.
K
J
J
Thing
that
could
be
wrong,
but
I
think
there
is
being
compensated.
Volunteer
problem
may
not
be
in
that
position
to
make
that
kind
of
commitment.
I
mean
I,
mean
kudos
to
you
and
and
many
others.
I
had
volunteered.
Also
myself
and
many
things,
but
I
kind
of
tend
to
feel
that
it
is
difficult
to
enforce,
is
a
time
commitment
or
an
effort
commitment
with
a
specific
hard
date
to
get
something
done
on
those
type
of
things.
But
it's
a
very
good,
noble
effort.
J
There
is
no
question
but
I'm
not
taking
any
credits
away
from
the
folks
that
are
want
to
do
it
in
am
also
participate.
I'm
just
wondering
what
we
should
be
doing
in
here,
I
think
what
I'm
hearing
from
Dan
is
that
we
don't
have
a
lot
making
of
it
meant,
but
we're
encouraging
I
guess
to
we're
supporting.
L
L
You
know
and
the
the
false
CN
CF
products
have
certain
security
requirements.
Those
who
have
gone
through
that
process
have
seen
that,
and
especially
the
triangulations,
that
of
individuals
that
are
in
our
community
who
happen
to
also
be
security
experts.
You
know
they
understand
that
that
you
know
commercial
computer
security
assessment
and
the
ecosystem,
participation
and
involvement
that
is
intrinsic
and
open
source.
L
You
know
don't
necessarily
overlap,
and
you
know
I
see
the
effort
that
we're
putting
in
place.
You
know
serving
that
gap
that
is
open
source
and
supporting
a
secure
by
default
community
and
helping
ensure
that
those
individuals,
you
know,
have
actually
vetted
understand
what
the
challenges
are
and
understand.
You
know
they're
connecting
into
an
ecosystem
and
are
not
like
most
commercial
efforts.
J
L
I
feel
that's
what
we're
working
words.
You
know,
since
this
is
you
know
an
evolving
ecosystem.
I,
don't
know
that
that
is
well
defined
and,
as
we've
collaborated
with
other
more
institutional
bodies,
you
know
that
personal
assessment
has
only
been
reinforced.
You
know,
and
that
goes
back
to
my
defense
work
in
the
early
2000.
K
The
things
that
were
submitted
that
weren't
actually
present
by
by
accident
or
by
omission
and
and
some
things
that
were
in
fact
incorrect,
so
I
should
self-assessment,
is
and
having
a
guideline
like
the
CII
has
is
a
useful
prerequisite
but
I
think
having
an
active
assessment
adds
value
above
and
beyond
that,
and
whether
that's
compensated
or
voluntary
or
or
not,
I
think
for
it
to
have
any
benefit
and
I'm
speaking
in
the
Bennet,
the
kind
of
the
practical
benefit
down
of
you
know.
A
project
has
limited
cycles.
K
There
may
be
a
commercial
entity
behind
it
that
may
be
project
management.
Man
they've
got
to
make
a
time
because
we
allocate
resources
to
this
thing
and
if
they
don't
have
a
concrete
connection
to
the
CNC
have
to
do
this
thing.
It
might
be
a
theoretical
value
in
the
security
sense,
but
is
it
a
practical
value
if
they
then
also
have
to
go
through
some
other
fraud
process
that
somewhere
local
looks?
But
that's
that's.
K
J
And
we're
reaching
to
the
end,
obviously
just
quickly,
though,
and
whenever
you
do
something
as
an
independent
body,
you,
it's
not
a
casual
things.
I
think
there
is
a
responsibility
of
reliability
as
well.
I
mean
you
take
so
certain
kind
of
responsibility
to
stand
behind
that
statement
assessment,
and
it's
not
clear
to
me
how
we
are
doing
it.