►
From YouTube: CNCF Security TAG Supply Chain WG 2021-09-09
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
B
I
I
am
well
for
a
change.
I
think
I
finally
wrapped
up
two
big
writing
commitments.
This
week,
which
I've
freed
myself
up.
B
I
can
also
talk
about
those
things
we
we
handed
in
the
manuscript
for
a
sequel
to
the
phoenix
project,
we're
centered
on
security
and
governance,
called
investments
unlimited,
it's
like
a
spin-off
of
parts
unlimited,
but
an
investment
firm
and
the
other
one
is
with
the
dod
they're
they're
working
on
a
very
much
like
the
dev
set
ups
guide,
but
like
ecosystem
reference
guide
for
kubernetes,
and
that's
pretty
soon
to
get
a
signature
for
an
authorizing
officer,
so
quite
relieved.
A
C
Think
a
few
of
the
other
folks
who
were
some
of
the
google
folks,
I
think,
are-
are
busy
with
that
salsa
thing
that
they
hinted
at
so
I
think
we
might
have
might
mostly
be
us.
C
Yeah,
okay,
cool
you're,
the
fan
sure
so
obviously
still
working
on
the
dock
here
wanted
to
kind
of
go
around
see
if
folks
had
updates
concerns,
etc
from
the
stuff
that
they
they're
doing.
C
I
guess
we
can
go
around
I'll,
just
tag,
somebody
the
first
person
who
shows
up
on
my
list
or
actually
I'll,
give
my
update,
and
then
we
can
go
around
so
for
for
me,
I
haven't
had
a
whole
lot
of
time
to
actually
look
at
the
doc
too
much
over
the
past
week,
trying
to
get
some
of
the
stuff
for
kubecon,
some
of
my
other
stuff
for
kubecon
done
one
of
the
things
that
looking
at
the
dock
that
I
think
we
need
to
sort
of
split
up
or
the
big
thing
that
I
want
to
take
a
closer
look
at
in
the
next
day
or
two
is
the
build
stuff
again.
C
I
have
some
concerns
based
on
some
stuff.
I've
seen
just
sort
of
playing
around
with
with
some
of
the
the
tools
in
the
ecosystem
around
enforcing
build
images
that
the
build
images
themselves
should
be
signed.
So
I'm
going
to
write
up
some
stuff
about
that
and
yeah,
that's
really
about
it.
For
me,
matt
matt,
I
think
you
might
might
not
be
on
mute.
C
A
Yeah
sure
so
I
I
think
a
couple
of
days
back,
I
took
a
complete
pass
and
just
to
see
the
structure,
I
think
it's
looking
good.
I
added
some
section
on
the
pipeline
definition
and
the
metadata
document.
There
was
some
confusion
around.
There
was
some
section
written
around
metadata
chain.
I
didn't
know
what
exactly
that
was
and
do
we
need
to
add
it
in
there
or
we
just
cover
it
in
the
media
document.
A
Apart
from
that
yeah,
there
are
a
few
sections
that
I'm
trying
to
basically
make
some
updates,
specifically
in
around
the
dependencies
and
the
input
to
the
build
stage
that
when
we
get
the
dependencies
we
tag
them,
we
make
sure
they
are
updated
and
everything
so
I'll
make
those
changes
today
and
yeah.
I
think
that's
pretty
much
what
I
had
but
overall,
I
think
it
is
looking
good
structure.
E
Hi,
so
I,
similarly
I
was
doing
some
work
on
the
inputs
and
output
sections
and
I'm
looking
now
at
some
of
the
comments
that
are
in
there
and
I
will
circle
back
to
some
of
those
later
and
then
I
just
sort
of
added
additional
comments
throughout
the
document.
When
I
did
a
read
through,
I
think
the
main
thing
that
I
saw
echoing
a
little
bit
of
what
michael
was
saying,
though,
perhaps
in
a
slightly
different
direction.
E
Is
there
were
a
couple
of
steps
in
the
the
let's
see,
I'm
looking
at
the
at
the
build
pipeline
steps
itself
or
the
stages
of
the
secure
software
factory
that
it
seemed
to
me.
There
were
a
couple
of
those
that
were
either
encompassing
too
much
and
maybe
need
to
be
broken
up
or
were
maybe
redundant
of
things
that
we've
talked
about
in
other
parts
of
the
paper,
so
that
was
sort
of
the
main
thing
that
I've
flagged
and
I'm
going
to
circle
back
to
again
to
see.
E
If
I
can
rework
a
little
bit
of
that
next
person
that
I
see
is
brandon.
D
All
right
yeah
this
past
week,
I
did
not
get
a
chance
to
go
through
the
document,
but
today
my
plan
is
to
actually
do
a
full
pass
top
to
bomb
through
everything
and
just
throw
comments
wherever
they
may
be
appropriate
and
then
otherwise,
I
think
the
artifact
repository
stuff
I
saw
that
got
pulled
in
and
if
there
are
any
changes
over
there
they
need.
I
can
add
those
if
we
need
to
next
up
on.
My
list
is
random.
B
D
D
F
As
I
have
not
participated
at
all,
I
have
continued
with
my
extensive
program
of
non-participation
and
so
far
I
have
done
nothing
and
planned
to
do
nothing,
I'm
not
sure
who's.
Next,
on
my
list,
four
four,
seven,
five,
four,
two
three
one
triple
nine:
hey.
B
Jax
we
we
minimally
crossed
paths
when
you
were
here
at
vmware,
but
I
did
hear
that
you're
we're
quite
a
big
proponent
of
concourse.
So.
B
We
have
strived
to
provide
reference
tooling,
where
we
believe
a
solution
is
the
most
mature
or
the
most
feature
complete,
but
we
also
want
to
suggest,
like
hey
here,
are
some
suitable
alternatives
that
that
come
close
sounds
like
you
have
a
lot
of
experience
and
like
good
discernment
and
judgment
to
to
like
be
able
to
look
at
that
if
you're
looking
for
something
to
do
well,
obviously
you
do
whatever
you
want
to
do,
but
have
a
look
through
the
doc
and
see
what
stan
status
is
missing.
B
We
could
we
could
benefit
from
review
at
this
point
and,
as
I
said,
if,
if
you
see
room
for
well
this,
this
is
leaning
towards
like
a
particular
framework
or
lean
towards
some
way
to
think
about
the
problem
that
it's
not
quite
generalized
or
abstract
enough.
We
want
to
provide
people
choice
for
as
much
as
we
can.
F
I
don't
know
when
I'll
get
to
it,
but
I
will
make
a
pass
through
at
some
point
trademark.
F
Well,
I
mean
at
the
moment
mostly
I've
been
doing
some
strategic
lurking.
There's
there's
a
lot
of
sort
of
standing
around
the
grove
at
the
academy
holding
our
chins
and
saying
the
security
thing.
What
are
we
doing
at
shopify,
which
is
not
to
imply
that
there
isn't
a
lot
of
thinking
and
action
on
security,
but
there's
always
more
to
do.
B
B
Them
there
yeah,
so
so
we
could
write
up
like
hey
if,
if
you're
building
towards
this
like
here
are
some
other
things
you
may
you
may
want
to
consider
do
down
the
line
that
are
going
to
be
more
like
idiomatic
or
more
like
extensible
or
yeah.
My
brain
hasn't
turned
on
for
for
the
day,
but
I
think
it's
it's.
F
It's
almost
friday,
yeah.
I
hear
that.
I
don't
know
how
much
time
I
have
to
devote
to
conquest
as
much
as
those
on
a
call
who
know
me
know
that
I
have
just
like
a
big
heart-shaped
face
for
it
at
shopify.
The
the
tool
of
choices
build
kite,
which
I
don't
know
as
well,
but
it's
a
very
heavy
heavily
in
use
very
large,
build
system.
B
A
Hi
yeah,
so
I
haven't
had
a
lot
of
time
this
week
to
look
at
the
document.
I
think
I've
been
meeting
to
take
another
complete
pass.
I
think,
like
a
couple
other
folks,
just
to
see
how
it
all
fit
together
is
anything
else
missing
or
that
I
can
add
so
yeah
and
I
can
pass
it
off
to
see
who
hasn't
gone.
I
think
I.
H
A
Here
sure
I
took
a
look
at
a
couple
of
things.
I
was
taking
a
look
at
the
metadata
documents
section
and
I
also
see
that
the
policy
management
stuff
was
merged
by
andreas.
I
I
was
also
looking
at
the
little
edition
that
that
I
think
there
was
about
a
paragraph
edition
by
aratna
that
that
also
made
a
lot
of
sense
to
me.
I
also
want
to
take
a
full
pass
of
the
document
before
this
weekend
or
early
next
week,
essentially
before
we
chat
next
week.
So
I
think
that's
mostly
it
for
me.
B
G
Hey,
I
can
introduce
myself
so
I'm
dialing
in
for
my
first
time,
wasn't
really
sure
exactly
what
to
expect.
I'm
matt
moore
I've
been
in
the
container
tool
space
for
what
feels
like
a
very
very
long
time
and
I'm
looking
to
get
involved.
So
it's
nice
to
meet
everyone.
B
I
I
I
can
jump
in
for
myself,
david
wheeler.
I
actually
work
for
the
linux
foundation.
My
title
is
director
of
open
source
supply
chain
security,
but
I
have
too
many
things
I'm
supposed
to
all
be
involved
in,
and
so
this
is
one
of
those
I
I
want
to
get
involved,
but
I
have
had
limited
time
so
I'm
trying
to
just
do
it
anyway.
So
so
I
want
to
get
involved
and
at
least
try
to
keep
up.
What's
going
on.
Oh.
J
J
Was
that
for
david
yeah
david?
Thank
you
looking
forward
to
that.
So
I
did
add
some
comments
to
the
policy
management
section.
I
I
mean
there
is
a
diagram
that
we
can
add
as
well.
I
was
thinking
about
that.
I
might
suggest
that
and
then
we
can
decide
whether
or
not
we
want
to
keep
that
diagram
because,
as
part
of
the
policy
management
working
group
we
are,
we
have
just
drafted
a
paper
which
talks
about
how
we
can
enforce
these
controls
through
policies.
J
So
I
want
to
take
some
of
those
concepts
and
introduce
here
as
well
in
the
supply
chain,
security
and
reference
architecture,
then
I
also
added
scope
for
admission
controller.
I
know
marina
and
myself.
We
were
supposed
to
provide
scope,
statement
there
and
marina.
Please
take
a
look,
and
let
me
know
if
you
agree
with
that
or
any
changes
that
need
to
be
right.
There.
J
B
You
were
saying
about
missing
diagrams
I'm
going
to
try
to
take
a
stab
at
some
illustrations,
try
to
stencil
things,
so
we
can
kind
of
compose
things.
I
do
feel
that
we're
blocked
in
some
areas,
because
we
don't
have
a
picture
to
talk
to
yet
or
or
the
pictures
are-
are
a
little
bit
from
from
different
places.
B
So
there's
that
speaking
about
keys
and
certificates,
I
actually
went
in
last
night
and
broke
those
down
into
two
separate
categories.
I
I
think,
like
lumping
signing
keys
with
like
workload,
identities
has
has
created
a
lot
of
confusing
confusion
like
I.
I
want
to
bring
up
for
discussion
if,
if
we
want
to
break
it
out
like
discrete
function
of
well
cryptographic,
material
serves
one
function.
B
If
it's
securing
enter
service
communication
and
identifying
the
subjects
of
of
the
software
factory,
and
then
there
is
also
cryptographic
material
within
the
assembly
line
or
conveyor
belt
for
for
the
functionaries
and
the
key
material
to
check
for
the
validity
or
whether
these
have
been
rotated
at
a
later
point
in
time.
E
I
do
think
it
makes
sense,
maybe
to
separate
them
when
the
distinction
is
between
material,
that's
being
used
as
credentials
in
some
form
and
material
that
is
being
used
in
some
other
way,
which
I
think
you've
kind
of
you've
established
in
a
way
you
split
this
out,
so
I
think
that's
you
know
for
like
signing,
or
what
have
you
so
that
that
I
think
is
helpful.
B
F
E
Yeah,
I
think
that
was
because
those
were
being
grouped
with
the
outputs
which
we
haven't
really
made.
B
Okay,
so
it
should
still
have
have
the
mansion
and
and
the
outputs
I'll
I'll
fix
that
like
good
to
call
it
beforehand.
I
think
it
will.
It
would
also
be
interesting
if,
if
we
do
talk
about
spiffy
federation,
how
you
could
like
actually
just
point
two
factories
to
like
their
public
api,
endpoints
and
and
have
that
exchange
happen
automatically
and
well.
A
D
D
B
D
It
it
kind
of
goes
back
to
like
the
tough
version,
one
trust
on
first
use.
It's
you
know,
trust
whatever
you
just
received
the
first
time,
which
means
you
know,
especially
for
the
ephemeral
nodes.
You
just
trust
everything,
because
there
is
no,
you
know
second
use,
and
then,
in
that
case,
and
so
we
want
to
be
careful
that
we
don't
set
up
that
scenario
here.
B
Yeah
we're
like
with
aws
keys,
presumably
through
throughout
oidc
federation,
if,
like
any
aws
services,
are,
are
in
the
mix
you
could
do
like.
I
am
roll
bindings
to
split
the
ids
and
such
yeah.
Let's,
let's
think
hard
about
this
one
I'll
I'll,
take
the
first
pass
since
I
I
started
like
do
some
surgery
on
it
already
cool
yeah,
michael
back
to
you.
That's
that's
the
round
of
updates.
Okay,
yeah.
C
Yeah,
so
one
thing
I
actually
that's,
that's,
I
think,
a
little
related,
something
that
I
think
we
need
to
to
think
about.
How
one
thing
I
think,
that's
in
scope
that
I
don't
think
we've
really
talked
about
that
much
and
something
that
I've
been
poking
around
with
a
bit
lately
is
admission
control
for
the
software
factory
itself
right
to
enforce
that
only
signed
images
are
being
run
inside
the
software
factory
and
those
sorts
of
things
like
almost
like
you
know.
C
We
don't
need
to
go
too
deep
into
the
details
on.
You
know
where
you're
rooting,
your
trust
per
se,
but
we
do
need
to
essentially
say
hey.
Look
if
you're
running
builds,
you
need
to
make
sure
that
those
builds
themselves
like
the
containers
that
are
running
those
builds
are
signed
because
otherwise
you
end
up
in
a
you
know
a
pretty
bad
situation
and
like,
in
fact,
actually
one
of
the
things
I'm
going
to
be
demoing
at
kubecon
is
like
showing
hey.
Without
that
sort
of
thing
I
can
get
techton
in
toto,
etc.
C
I
can
get
it
to
sign
whatever
I
want
and
so
just
need
to
make
sure
like.
I
think
we
need
to
to
sort
of
see
we
need
to
make
sure
that
sort
of
is
highlighted
that
you
know
you
need
to
make
sure
that
whatever
you're
running
inside
of
the
software
factory
itself
is
is
signed
and
has
gone
through
some
sort
of
validation
process.
Otherwise
it's
not.
You
know.
A
Yeah
so
michael,
I
think
in
the
pipeline
definition
section.
I
added
this-
that
all
the
pipelines
should
be
basically
whatever
you
are
executing
they
should
be
signed.
That
includes
the
definition
themselves
and
whatever
images
that
you
are
using
to
execute
those
those
should
be
signed,
so
we
can
basically
say
or
whatever
pipeline
you
are
executing,
maybe
take
an
arcade
of
actions.
C
Cool
yeah,
then
I
think
we
just
need
to
hook
it
back
into
the
admission
control
work
just
so
that
it
it
becomes
clear
that
we're
also
saying
hey,
you
know,
there's
the
emission
controller
for
what's
going
to
be
the
artifacts
that
we're
running
in
production
and
then
there's
also
like
largely,
I
think,
they're
almost
identical,
because
I
think
to
some
extent
you
know
the
the
software
factory
we're
almost
saying.
C
Like
hey,
you
know
you
need
some
level
of
software
factory
for
the
software
factory,
but
just
you
know,
we
just
need
to
make
sure
that
we're
explicit
about
it.
A
B
A
G
So
you're
talking
about
admitting
what
I
mean,
there's
the
actual
execution
steps
which
I
completely
agree
need
to
be
signed
and
whatnot.
What
other
things
are
you
talking
about.
B
G
A
G
So
I
had
a
comment
in
here
about
getting
comment
access.
Should
I
just
request
access
or
is
there
a
group
I
should
join
rather
than
pestering
someone
with
my.
A
C
B
H
Yeah
so
not
related
to
white
paper
but
related
to
the
group.
So,
and
this
is
working
on
the
secure
software
development
framework,
they
approach
us
the
chance
to
kind
of
take
the
posture
make
sure
that
we
don't
have
any
conflicts
with
what
they're
doing
with
the
white
papers
and
things
like
that.
So
it's
not
up
for
public
comment
yet
so,
just
quick
update
the
chairs
will
be
going
through
just
making
sure
that
everything's
coherent.
H
A
H
Yeah,
so
so
they
already
they
kind
of
sent
us
something.
So
we
are
doing
the
work
instead
of
them
so
yeah,
based
on
what
we've
read
and
what
we've
written
for
the
white
paper.
You
know
emily
and
myself
right
now,
we'll
we'll
do
some
we'll
do
some
work
there.
You
know.
H
B
Hey
matt
feel
free
to
go
for
editor
axis.
Like
one
thing
we've
tried.
Try
to
do
is
like
keep
comments
to
a
minimum
like
the
document
is
fairly
drafty.
No
one
is
super
attached
to
anything,
that's
been
written,
so
if
you
find
something
that
it'll
be
easier
to
edit,
then
like
try
to
write
up
a
comment
like
get
people
to
rewrite
it
just
go
for
it.
If
you
feel
you
can
express
it
better
or
like
it
lacks
clarity.
A
C
Yeah,
no,
that
sounds
good
to
me.
B
A
B
C
Yeah
so
I
mean
the
original
piece
might
have
been
written
by
me,
but
then
sort
of
reworded,
so
I'm
trying
to
make
sure
I'm
understanding
the
the
context
here.
C
Yeah,
I'm
I'm
not
exactly
sure,
what's
meant
by
yeah.
No,
I
didn't.
I
didn't
write
that
piece,
but
with
that
said,
I
think
that
there's
probably
valid
stuff
in
there.
Regarding
yeah,
I
don't.
I
don't
think
that
that
area
like
having
it
there
makes
a
whole
lot
of
sense.
Like
that
specific
comment,
I
do
think
that
at
some
level
we
want
to
include
metadata
regarding
like
hey
this.
We
assume
you
know
that
this
build
we're
signing
that
this
build
is,
you
know,
was
built
hermetically
or
something
like
that.
C
D
D
Yeah
in
the
distribution
group,
we
one
of
the
questions
we
were
asking
is
what
what
is
the?
What
are
the
artifacts
and
we
are
coming
up
with
container
images
any
metadata
on
that
arbitrary
blobs,
potentially
binaries.
You
know
if
you're
outputting
things
like
charge,
something
like
that:
the
build
logs
signatures,
s-bombs
attestation
certificates-
maybe
even
like
helm,
charts
stuff
like
that.
So
do
we
want
to
capture
some
of
that
in
here.
A
Yeah,
I
think
the
that's
important
right,
because
build
artifact
is
not
only
image.
As
microsoft
are
saying,
it
includes
others
as
well.
I
think
it
we
have
input
output,
sections
right.
We
can
capture
all
those
potential
output.
In
that
section
there.
I
Maybe
this
is
just
a
knit,
but
this
seems
to
say
that
artifacts
are
built
by
the
build
environment
only
after
testing.
That
seems
a
little
odd
aren't.
Sometimes
you
testing
the
build
artifacts
if
you're,
not.
C
I
I
think
that
there
is,
depending
on
how
you've
you've
set
it
up.
I
think
that
there's
definitely
a
way
to
word
it
so
that
it
comes
off
like
the
final
signed.
Artifact
should
only
be
done
after
all
the
testing
and
everything
else,
but
yeah.
I
I
agree
that
right
now,
yeah
it.
It
reads
a
little
weird.
I
C
Oh
also
something
that
I
think
like,
and
I
don't
think
is
necessarily
super
clear,
just
to
kind
of
go
back
to
some
of
the
other
stuff
we
were
talking
about
before,
but
it's
something
that
we
need
to
sort
of
consider
to
when
thinking
about
sort
of
like
that
bottom
turtle,
problem
and-
and
so
on,
is
sort
of
you
know
the
the
thoughts
on
you
know
where,
where
to
root
trust,
I
think
a
lot
of
the
rooting
of
trust
should
be
left
up
to
the
implementer
where,
where
they
feel
comfortable
with
it
with
that
said,
I
think
we
need
to
be
sort
of
clear
about
some
of
it.
C
C
A
C
C
Yeah,
but
just
as
a
reminder,
I
think
and
correct
me
if
I'm
wrong,
but
I
I
think
we
sort
of
more
or
less
agreed
that,
if
possible,
we
should
refer
to
other
definitions
than
to
sort
of
redefine
any
of
the
terms.
So
if
there
is
sort
of
a
you
know,
existing
cncf,
docs
or
or
similar
around,
you
know
this
is
what
a
reproducible
build
is.
This
is
what
a
hermetic
build
is
we
should
just
sort
of
have
a
footnote
inside
it.
I
D
C
Yeah
sorry
yeah
anything
in
the
in
in
the
community.
B
C
Yeah,
I
think
I
think,
there's
like
two
parts.
One
is
like
you
know,
or
actually
there's
multiple
parts,
but
it's
not
just
necessarily
the
keys
per
se,
but
it's
also
stuff
like
as
an
example
right
when
building.
Let's
say,
let's
say,
I'm
building
a
go
app
right.
C
I
want
to
make
sure
that
whatever
I'm
like
my
compiler
or
my
image
that
contains
my
compiler
itself
is
signed
and
that
I
can
trust
it
in
some
way,
because
otherwise,
if
I'm
building
a
container
right
and
and
it
turns
out,
I'm
not
using
a
signed
image
and
somebody's
come
in
and
you
know
swap
that
out
with
a
a
bad
builder
right-
and
I
don't
have
some
mechanism
to
to
validate
where
that
builder
came
from
and
I'm
just
picking
it
up.
My
secure
software
factory
is
just
picking
it
up.
C
Yeah
exactly-
and
I
I
think
just
making
like,
even
if
we
we
don't
necessarily
have
an
opinion
on
exactly
how
deep
you
go
there
right.
Like
you
know,
I
I
don't
think
we're
going
to
suggest
that
you
know
on
on
day
zero
that
you
know
you're
you're,
bootstrapping
your
linux
from
scratch
right.
You
know,
with
a
with
a
minimal
compiler
that
you've
written
by
hand,
I
don't
think
we're
we're
necessarily
saying
that,
but
we
might
want
to
sort
of
say,
hey
look.
C
These
are
things
that
you
still
need
to
consider
and
whatever
the
the
end
user
of
this
thing
needs
to
think
about
what
they're
comfortable
with
as
being
that,
where
they're
rooting
that
trust.
I
All
right
so
for
definitions.
For
the
moment,
I'm
I'm
just
going
to
slip
in
some
text
suggested
text
in
the
supply
software
supply
chain
section,
with
references
to
definitions
for
hermetic
and
reproducible
feel
free
to
move
around
or
whatever,
but.
B
I
Well,
I
I,
I
think,
what
they
mean
by
the
for
for
matt
on
the
hermetic
is
generally
before
you
know
you
you,
you
generally
can't
do
any
builds
that
are
hermetic
without
first
getting
the
data.
I
G
I
G
I
The
data
from
a
source
making
sure
that
you
know
that
it's
what
exactly
it
is
and
then
you
do
the
rest
of
it
within
a
network
jail.
G
So,
to
give
a
little
background
for
why
I
started
to
re
reason
about
this
distinction.
Was
you
know,
I'm
gonna,
I'm
gonna
use
the
dirty
bazel
word.
That's
who
you
know
in
the
google
days
right,
the
mono
repo
was
hermetic
right,
like
you
had
the
full
source
laid
out
and
there
was
no
network
access.
There
was
was
no
fetching
external
dependencies.
Everything
was
in
tree
right
and
so
proper
network
jail
basil
introduced
this
idea
of
workspace
where
they
wanted
you
to
like.
G
Have
these
immutable
external
references
and
if
once
that
was
realized
right,
the
build
could
execute
hermetically.
But-
and
you
know,
for
reproducibility,
and
when
I
use
these
immutable
references
and
the
reason
I
make
the
distinction
is:
if
that
thing
is
referenced,
immutable,
immutably
and
the
service
goes
down.
You
can't
or
it's
you
know,
taken
down.
G
You
can't
necessarily
reproduce
the
build
anymore
right,
because
you
don't
necessarily
have
all
the
assets
in
tree,
and
so
you
know
it
is
sort
of
hermetic
in
the
sense
that
if
the
network
is
available,
you
will
only
get
the
environment.
You
expect,
because
you
know
you're
referencing
it
by
hashes
and
verifying
checksums
and
whatnot.
So
if
the,
if
the
network
fetch
were
to
complete
you
know
it's
the
equivalent
of.
I
I
I
Is
that
for
a
lot
of
folks
they're,
you
know,
hey,
you
must
have
a
copy
of
the
internet
available
is
not
a
reasonable
condition.
If
you're,
not
google,
if
you're,
google,
that's
a
perfectly
reasonable
condition,
I
got
it.
E
I
G
Well,
I
mean
just
what
you've
blessed
right.
I
mean
you,
don't
necessarily
want
to
allow
your
developers
to
have
access
to
every
dev
every
you
know
package
that's
available
on
the
internet
right
so
but
yeah
ack
right.
I
I
I
get
that
it's
very
nitpicky,
but
like
looking
at
that
definition
right
like
that.
That
feels
like
a
very
basal
definition,
not
a
very
blaze
definition.
If
you
know
I
I
get
that
it's
nuanced
and
very
nitpicky,
but.
I
I
I
did
pick
picking
insecurity
yeah
but
yeah,
but
I
think
that
it's
a
fair
issue
and-
and
I
I
I
think,
a
lot
of
you
already
were-
I
look
very
much-
hey
risks,
trade-offs.
I'd
rather
have
the
full
copies.
If
I
can't
get
the
full,
if
I
can't
afford
to
get
the
full
copies
I'd
rather
at
least
have
a
an
immutable
reference.
I
So
you
know-
and
you
know
what
can
I
back
off
to
given
money
available
money
resources
available,
but
I
think
that's
not
a
not
not
a
nitpick
in
the
sense
that
it's
important
when
the
network
goes
down.
I
All
right,
so
I'm
going
to
try
to
I'm
going
to
copy
in
the
salsa
definite
and
then
maybe
we
need
to
note.
The
whole
network
goes
down.
I
C
Along
those
lines,
do
we
want
to
write
anything
about
like
because
when
it
comes
to
some
of
this
hermetic
stuff,
a
lot
of
it
really
comes
down
to
sort
of
yeah
figuring
out
your
dependency
tree
and
actually
enforcing
that
you
know
you're
pulling
in
only
what
you
expected
and
it
sounds
like
there
might
be.
You
know
several
levels
of
being
able
to
sort
of
accomplish
this,
whether
it's
hermetic
versus
pseudo-hermetic
and
so
on,
and
I
know
that
there's
you
know.
C
I
know
I
name
drop
nyx
a
lot,
but
I
know
that
they-
they
have
an
interesting
mechanism,
for
you
know
doing
some
of
these
sorts
of
things
by
literally
building
everything,
starting
from
largely
scratch
and
then
enforcing
that
you
know
they
have
essentially
just
a
build
definitions.
All
the
way
down
the
chain.
I
That
that
sounds
like
bootstrappable
builds,
which
some
folks
are
working
on,
but
that's
I
I'm
not
so
sure
a
lot
of
people
are
willing
to
take
that
step
today.
I'd
love
to
see
that
long-term,
but
I
don't
think
that's.
C
Sure
and-
and
I
think
the
way
that
nick
sort
of
handles
a
lot
of
that
is
saying,
hey
we're
we're
giving
you
the
definitions
of
all
the
builds.
So
if
you
wanted
to,
you
could
rebuild
everything
from
scratch,
but
we
also
provide
a
cache.
That's
you
know,
cryptographically
signed
and
most
of
the
packages
in
it
are
reproducible
in
some
fashion
in
order
to
sit
or
say,
hey
like
you,
don't
necessarily
need
to
be
hermetic
across
the
board,
because
we
can
kind
of
guarantee
that
you
know
this
is
the
output.
I
All
right,
I
I
tried
to
slip
in
some
definitions
near
the
beginning,
because
I
think
those
are
important
if
we're
going
to
talk
about
them
and
it
also
connects
the
stock
with
other
docs
that
people
are
working,
which
I
think
would
be
a
good
thing.
I
I'm
trying
to
work
between
groups
that
don't
talk
to
each
other.
Very
often,
I'm
hoping
to
try
to
work
to
fix
that.
I
There
we
go
so
does
this,
so
at
least
I've
slipped
in
some
definitions.
Hopefully
that
helps
with
links.
If
you
I
don't
know
what
your
reference
it
doesn't
look
like.
You
have
a
particular
format
for
references,
so
it's
something
hyperlinks
and
hopefully
that
helps.
B
We've
all
been
generally
thinking
about
kubecon
as
as
a
general
date
to
have
a
public
draft.
We're
probably
gonna
have
to
pick
up
quite
a
bit
in
order
to
do
that.
B
H
E
H
Yeah,
I
think
the
part
of
the
motivation
of
like
having
something
in
coupon
is
to
like
get
more
folks
away
off
the
wall
as
well
and
just
get
some
others
to
help
out
with
the
implementation
as
well
yeah.
So
we
draw
the
line.
B
I
Let's
see
here,
the
the
the
open
ssf
is
planning
to
announce.
Its
reorg,
which
is
reorg,
is
probably
not
really
fair.
It's
been
long
planned,
but
that's
not
really
a
document
per
se,
it's
much
more
of
a
they
because
it
started
during
a
pandemic.
They
decided
to
not
have
funding
for
members,
but
they
always
intended
to
switch
to
that
and
when
they
do
they'll
have
a
lot
more
funding.
Hey,
that's
great!
I'm
I'm
glad
that
they're
gonna
have
more
funding
and
be
able
to
do
a
lot
more
things.
I
It's
not
really
a
document
I
mean
you.
B
I
I
I
C
So
yeah
well,
so
I
think
on
that
note
like
on
that
end,
I
know
that,
for
the
doc
we
were
trying
to
see,
since
you
know,
salsa
seems
like
a
pretty
reasonable
framework
to
at
least
cite
in
there
as
well
of
saying
hey,
you
know
what
one
of
the
things
I
think
we
would
love
to
be
able
to
do
right
with
the
architecture,
maybe
not
for
the
first
draft,
but
is
to
be
able
to
say
assuming
your
artifacts.
C
C
C
Does
this
protect
me
against
a
solar
winds
attack
and
against
what
sort
of
what
sort
of
sophistication
of
actor
right
like
you
know?
What
is
this
actually
doing
for
me.
C
Yeah,
I
mean
I,
I
think
you
know
as
as
an
end
user.
I
know
one
of
the
things
that
is
really
important
for
us
right
like
we're
not
selling
software
per
se.
Outside
of
you
know
online
banking
and
that
kind
of
thing,
but
you
know
we're
not
you
know,
and
for
us
a
lot
of
it's
like.
We
just
want
people
to
tell
us
like
hey.
Does
this
protect
me
from
you
know
becoming
you
know
a
solar
winds
like?
C
Does
this
protect
my
like
protect
my
internal
software
from
you
know
getting
compromised
and
how
like
they
want
to
understand
those
sorts
of
things,
obviously
adopting
something
like
a
framework
where
we
can
just
sort
of
point
to
hey.
This
is
the
framework
the
framework
describes.
How
all
that's
done
that
that's
good.
If
not,
then
we
just
need
to
be
very
explicit
about.
You
know
the
sorts
of
attacks.
This
mitigates
well.
C
B
G
I
was
just
like,
I
think
I
think
it
makes
a
lot
of
sense
to
present
the
complete
architecture
right
but
like
it
will
be
complicated
to
you,
know,
check
all
the
boxes
and
you
know
hitting
salsa
level.
Four
is
much
more
complicated
than
hitting
a
lower
level
right.
So
understanding
you
know
what
protections
you
give
up
by
dropping
pieces
of
the
architecture
and
you
know
making
informed
choices
about
the
attacks.
You
potentially
open
yourself
up
to
and
whatnot,
and
you
know
it.
G
I
don't
know
I
I
I
like
that.
I
like
associating
it
with
something
like
you
know.
This
is
needed
needed
for
salsa
level.
Four,
because
you
can
sort
of
go
over
and
salsa
has
you
know
the
picture
with
all
of
the
components
of
the
supply
chain,
and
you
know,
attacks
that
have
gone
after
each
piece
of
those
different
things
right.
So
you
know
you
can.
Potentially
you
know
use
that
to
sort
of
figure
out
what
what
protections
you'd
lose.
G
If
you
were
to
decide
not
to
do
a
or
b
or
c-
and
you
know
you
could
also
potentially
cross-reference
with
you
know,
these
types
of
things
tend
to
line
up
as
being
requirements,
for
you
know:
compliance
certification,
a
b,
c
d,
whatever
right
pick,
your
favorite,
you
know
compliance
that
imposes
things
on
the
the
process
right,
fedramp,
pci,
dss,
you
know
socks
whatever.
B
A
B
D
Yeah,
the
other
one
I've
been
thinking
about
is
it
even
if
you
do
something
like
a
reproducible
build
and
you
verify
the
whole
thing
is
identical
on
both
sides
a
lot
of
times.
We
still
fan
that
into
a
single
signing
step
than
signs
that
are
in
fact
released
to
the
public,
and
so
thinking
through
the
process
in
my
head
doesn't
make
sense
to
you
know:
have
this
fully
two
pads
all
the
way
to
the
end
customer.
C
There's
there's
a
tool
that
does
that
for
for
nick's
builds
called
trustics.
I
think
that
they
do
some
pretty
cool
stuff
where
actually
they
use
trillion.
Whatever
the
the
google
sort
of
merkle
tree
thing,
it's
it's
pretty
neat.
I
I
think
that
that's
something
to
take
a
look.
I
conceptually
take
a
look
at.
A
C
We
no,
but
I
I
do
think
well,
I
think
we
kind
of
just
say
metadata
store
in
here,
because
we're
trying
to
I
don't
know
if.
A
C
Anything
else
I
know
we're
already
a
few
minutes
over.
C
Yeah,
so
one
thing
actually
quickly,
I
wanted
to
sort
of
add
and
I've
been
sort
of
mucking
about
this
for
just
my
own
personal
stuff,
but
I'm
starting
to
build
a
set
of
like
test
cases
for
like
hey.
This
is
what
a
compromise
supply
chain
looks
like.
Will
the
system
sort
of
detect
it
you
know,
will
will
whatever
we're
building
detected
and
it's
still
quite
early
right
now,
all
it
does.
C
Is
it
it
just
handles
the
the
bad
builder
use
case
and
shows
the
need
for
like
signed
builders
and
and
enforcing
that
you're
trusting
your
builder
but
yeah.
I
think
that's
at
some
point.
I
think
we
need
to
start
thinking
about,
like
maybe
as
a
next
step
test
cases,
for
this
sort
of
thing
to
sort
of
show.
Like
hey,
you
know,
here's
a
reference
implementation
of
this
thing.
C
G
Thanks
everyone:
it's
nice
meeting,
everyone,
sorry
for
the
hot
mic
at
the
beginning,.