►
From YouTube: CNCF TOC Meeting - 2019-07-02
Description
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
A
C
C
D
B
C
D
A
C
C
B
I'll
just
quickly
see
if
he
closes
for
cute
Conn
North
America
on
July
2nd.
So
if
you're
interested,
please
get
your
Thaksin
we're
doing
pretty
well
in
sponsorship.
So
if
you're
interning
sponsoring
please
reach
out
to
us,
we've
had
a
huge
influx
in
for
some
co-located
events,
so
we're
doing
our
best
to
kind
of
accommodate
that.
Please
get
your
request
sooner
sooner
than
later
other
than
that
yeah
go
ahead.
Do.
B
Yeah
I'm
still
jet-lagged
from
China
July,
its
Walt.
The
link
is
there
for
the
CFP
next
up
is
you
know:
we've
been
doing
these
conference
transparency
reports
for
all
of
our
events
moving
forward
after
the
TSE
requested
them,
so
they
go
to
the
next
slide.
Taylor,
it's
online
available,
there's
a
PDF
and
web
site
that
basic
kind
of
breaks
down.
You
know
number
attendance,
number
of
companies,
attendees
percentage
of
end
users
or
spenders,
etc,
etc.
So
it's
fairly
tailed
so
feel
free
to
come
through
it.
B
F
B
E
F
E
Could
be
a
bug,
if
that's
the
case,
you
certainly
should
be
able
to
submit
two
from
the
the
same
account
and
you
can
reach
out
on
slack
or
by
email,
if
you're
having
trouble
doing
that,
but
just
as
an
FYI,
we
don't
actually
care
whether
you
submit
it
or
a
co-speaker
submits
it
we're
not
tracking
by
who
submitted
it.
It's
it's
who
the.
G
D
G
D
C
C
H
That's
right:
we
have
two
coders
right
now
and
we're
looking
to
have
Aaron
as
the
third,
and
we
already
have
a
couple
of
tech
leads.
Actually
we
have
three
tech
leads
and
we're
looking
to
to
add.
Brad
and
Lewis,
as
tech
leads
to
four
the
sort
of
various
projects
that
we're
looking
to
to
engage
your
neck
next.
C
I
B
B
C
J
Been
shared
with
everybody
who
is
on
the
app
delivery,
sig
mailing
list
with
everybody
who
responded
to
say
they
were
interested
in
being
in
the
in
the
conversation
when
we
advertised
it
a
few
weeks
ago.
That's
about
40
people,
I
think
so.
If
you're
listening
to
this
call
go
look
at
the
sikh
mailing
list
which
you
should
be
on
and
if
you're
not
on
an
email,
a
me
and
me
and
michelle.
J
C
J
K
C
K
I
I
It's
it's
called
core
and
applied
architecture,
so
it's
it's
basically
kubernetes
and
and
applied
architectures
of
kubernetes
and
and
I
was
just
to
be
clear.
I
was
just
offering
to
kind
of
kick
start
the
process
of
drafting
the
Charter
and
goals
etc,
and
and
trying
to
solicit
some
interesting
people
to
serve
on
now.
That's.
I
C
C
J
C
L
Well,
thanks
Liz
yeah,
so
what
we've
done
is
we've
set
up
a
process
by
which
we
take
a
project
at
for
the
moment,
we've
really
looked
at
a
few
security
projects
and
gone
and
provided
a
lot
of
security
information
in
context
at
a
high
level.
This
is
not
meant
to
be
to
take
the
place
of
an
audit,
but
is
meant
to
tell
you
things
like
what
is
the
system
designed
to
do?
Where
are
the
gotchas?
That,
where
are
the
things
that,
if
you
configure
it,
you
should
think
about
it?
L
What
sort
of
protection
should
you
expect
to
get
when
this
is
used?
Is
the
project
developed
in
a
in
a
way
that
makes
sense,
or
you
know,
are
you
likely
to
find
a
lot
of
problems
with
it?
Things
like
this,
so
this
is
meant
to
be
helpful
for
anyone
who
might
sort
of
adopt
it
and
also
meant
to
let
the
TOC
and
others
go
and
look
at
this
and
try
to
decide.
L
Is
this
the
kind
of
project
that,
from
a
security
standpoint
we
want
to
have,
you
know,
be
admitted
into
the
CNC
F
you're
not
trying
to
go
through
and
you
know
actually
go
through
and
say:
aha,
we
found
a
buffer
overflow
here
or
we
found
this
issue
there.
There
would
be
a
later
assessment
by
here,
53
trail
of
bits
or
whomever
else,
the
TSE
contracts
out
to
find
those
types
of
issues.
Next
slide,
please
and
really,
as
I
said
before,
there's
there's
two
main
audiences
here:
we're
really
trying
to
answer
these
sorts
of
questions.
L
You
know
from
the
CMC
f
end-user
standpoint
to
help
help
you
figure
out
what
the
you
know,
what
security
properties
you
get
by
using
a
project
and
how
to
set
it
up
correctly
and
then
the
TOC
to
understand
things
about.
You
know
where
maybe
gaps
are
at
in
the
TLC's
landscape?
How
do
we
improve
existing
projects?
And
so
on?
To
this
point,
we've
gone
through
and
done.
L
Several
assessments
there's
a
very
long
and
painful
assessment
that
the
in
toto
project
that
went
through
as
they
it
was
the
first
project
to
be
assessed.
So
we
kind
of
rewrote
the
rules.
I
don't
know
three
or
four
times
as
it
went
through
the
process.
Oba
is
mostly
through
the
process.
We
just
need
to
do
a
little
bit
to
sync
up
and
declare
them
final.
Key
cloak
and
Falco
have
expressed
a
lot
of
interest
and
I
know
spiffy
aspire
and
others
are
also
I.
Think
ready
for
a
refresher
for
this.
H
L
Like
to
think
a
lot
of
the
the
people
that
have
gone
and
participated
in
this,
this,
you
know
Sarah
Allen,
just
in
Cormac,
Brandon
and
Brandon
long
and
a
bunch
of
other
people
that
I'm
going
to
be
embarrassed,
that
I've
forgotten
that
have
started
with
the
bar
and,
if
you're
interested
in
participating.
Please
come
join
us
and
join
our
meeting
from
Wednesday
at
11:00
a.m.
Eastern
Time,
whatever
that
is
in
your
time
zone
and
we
love
to
have
you
participate
so
I'm
confused.
L
L
The
process
for
recommending
that,
because
I
don't
think,
we've
dusted,
not
I
mean
maybe
I
missed
the
meeting
or
the
or
the
email
list.
But
where
did
that
list
come
from
of
projects?
We
had
some
initial
conversation
and
Liz
and
others
who
know
this
should
really
step
in,
but
we
had
some
initial
conversation
and
we
were
told
these
seem
like
good
projects
like
I
think
when
the
sig
was
formed.
L
There's
like
these
are
these
five
projects
that
should
be
part
of
it,
and
that
was
tough,
spiffy,
spire,
falco
opa
and
something
else
it's
st
or
something
else,
I
forget
one,
but
something
else
that
I'm
forgetting
and
then
the
spiffy
spire
assessment
that
I
did
before
that.
Any
of
this
was
set
up
was
kind
of
used
as
the
model.
So
we
said
we
don't
need
to
do
them.
First,
tuff
has
had
a
lot
of
assessment.
Thank
you,
and
so
then
we
went
and
said.
L
Opa
would
be
a
good
thing
and
in
toto
when
in
toto
was
going
to
come
up
for
vote
in
the
TOC,
there
was
a
discussion
about.
Why?
Don't
you
be
the
first
one
for
this
process?
So
we
would
expect
there
to
be
a
more
formal
way
to
do
this
in
the
future,
and
we're
also
need
to
have
a
discussion
about.
Should
these
be
things
that
are
refreshed
annually?
Is
every
project
supposed
to
go
through
this
so
that
we
would
look
at
Prometheus
which
no
other
projects
like
that
or
what
the
process
should
be?
L
Yeah
I
just
want
to
make
sure
that
you
know
we
we
put
effort
into
the
things
that
you
know
are
CNCs
projects
first
or
are
well
on
their
way
towards
a
boat
and
so
I
think
you
know.
Definitely
you
know
there's
been
discussions
about
some
of
the
other
projects
you
mentioned,
but
but
they're
not
really
right
now.
So
there's
answer
and
I
ever
heard.
T
quote
there
specifically
and
I
know
that
you
know
we've
seen
presentations
but
I,
don't
know
of
any
formal
submission.
Keep
look
to
the
to
the
to
the
CNC
f.
L
A
A
A
We
want
to
refine
that
project
at
the
beginning
we
were
you
know
we
had
these
two
queued
up
in
toto
on
request
of
the
TOC
and
then
OPA,
because
it
was
the
one
in
this
list
that
hadn't
had
an
audit
or
some
kind
of
prior
review,
and
they
were
involved
in
the
group
and
so
so
basically
we're
a
little
ad
Hawking
it
right
now,
so
that
we
have
some
in
the
queue
and
completely
welcome
whatever
process
is
appropriate
for
that.
Prioritization
I
mean.
L
One
of
the
things
that
I
think
you
know
we've
been
talking
about
across
the
TOC
is
getting
a
more
sort
of
structured
sort
of
flow
chart
in
terms
of
how
projects
come
in
different
stages
and
I.
Think
it'd
be
interesting
to
look
at
this
through
that
lens
and
so
again,
so
that
we
move
from
this
sort
of
ad
hoc
a
lot
of
one-on-one
conversations
and
then
something
comes
up
to
a
vote.
There's
a
bunch
of
stuff
that
gets
started
beforehand
more
like
okay.
L
A
L
A
C
Think
one
thing
that's
quite
interesting
in
the
discussion
of
the
flow
chart
here:
the
flow
for
projects
in
general.
It's
that
SIG's
security
makes
sense
to
review
security
related
projects
and
also
makes
sense
to
review
non
security
related
projects
that
may
need
to
be
operated
in
a
secure
way
where
I
think
other
six
there's
a
more
kind
of
clear.
C
L
I'd
also
argue
that
really
for
any
project,
you
at
least
want
to
know
that
you
shouldn't
operate
it
in
context,
X
or
context,
Y
and
so
I
think
there's
at
least
some
argument
to
be
made
that
that
pretty
much
every
project
should
go
through
this.
If,
for
no
other
reason
to
say
like
this
is
wildly
insecure,
if
you
use
it
in
situations
a
B
and
C,
so
don't
do
that.
A
Yeah,
a
lot
of
what
we're
finding
is
that
the
assessment
process
is
a
matter
of
be
saying.
Oh
maybe
you
want
to
put
this
up
in
your
documentation
that
things
that
the
project
maintainer
z--
might
think
are
clear
and
obvious
to
everyone
are
actually
a
well-kept
secret
from
a
user's
perspective,
because
projects
aren't
aware
of
how
users
perceive
them
versus
how
they
think
of
themselves.
I.
A
Coming
up
is
the
in
toto
presentation,
which
includes
its
security
assessments,
so
this
was
very
much
like
right
before
you're
about
to
hear
sample
assessments.
So
that's
the
first
one.
We
anticipate
that
it
is
like
we've
been
through
in
like
four
to
six
iterations
on
it
so
and
it
is
not
perfect
by
any
means.
So
that
is
the
first
of
five
that
you
will
hear
and
then
we
welcome
feedback
on
the
format,
the
content,
all
the
things.
C
F
L
I
was
yeah,
so
I
think
that
the
way
to
look
at
it
is
when
you
get
an
actual
security
audit
and
you
read
it.
It's
typically
a
very
dense
document
where
they've
gone
and
they've
said
they've
pinpointed
particular
things
that
they
say
are
vulnerabilities
in
a
project
a
lot
of
times.
The
the
assessment
is
more
meant
to
provide
high-level
guidance
about
how
to
use
something
and
the
way
to
do
it
in
the
way
the
system
is
intended
to
be
done.
L
So
in
assessment
will
do
things
like
help
to
guide
the
auditors
about
what
to
look
at
and
talk
about,
scoping
and
resources,
whereas
the
audits
that
you
go
through
typically
try
to
pinpoint
vulnerabilities,
and
so
there's
a
few
examples
of
that.
You
can
see
this
if
you
look
at,
for
instance,
a
lot
of
the
audits,
the
tough
project
just
had
by
different
groups
or
audits
that
you
know
other
teams
you
have
projects
of
cad
there's
a
focus
on
there
is
vulnerability,
was
severely.
L
Why
and
then
that's
probably
been
fixed
three
weeks
later,
but
that
doesn't
tell
you
you
know
when
you
deploy
it,
you
should
think
about
doing
it
way.
X
way
why
this
is
the
secure
way
to
do
it,
which
is
more
of
the
assessment
process,
so
I
just
want
to
call
it
in
the
chat.
Somebody's
saying
you
know
overlap
between
okay.
So
that's
what
you
just
answer
it,
but
then
Clinton
also
had
his
hand
up
I
want
to
make
sure
that
yeah.
I
I
just
had
a
quick
question
about
so
so
there
was
originally
a
request
from
the
TOC
to
produce
like
a
white
paper
and
and
I
think
there
was
some
debate
about
whether
that
was
a
good
idea
or
not,
but
but
either
way
it
seems
useful
before
going
and
doing
a
bunch
of
assessments
to
at
least
agree
on
some
basic
ground
rules.
You
know
terminology,
you
know
these
are
the
general
approaches
to
you
know
the
following
categories
of
cloud
native
security:
there's
key
rotation:
this
is
what
it
means
these
are.
I
A
So,
just
as
a
before
we,
the
cig
ever
got
in
place
audits
were
happening.
So
a
lot
of
this
is
there's
activities
that
are
happening,
and
you
know
that
are
needed
for
projects
you
know
kind
of
for
the
projects
to
meet
needs
of
the
projects
and
so
well.
The
process
that
we're
following
is
to
do
the
activities
that
the
experts
within
the
group
know
how
to
do
and
have
that
informed
the
vocabulary.
So
one
of
the
reasons
that
this
in
toto
project
took
so
long
was
getting
to
alignment
on
what
this
assessment
is.
A
How
is
it
different
from
the
audit?
How
are
these
you
know,
volunteers
from
various
companies?
You
know
what's
an
appropriate
role
for
them
to
take,
given
that
this
isn't
their
full-time
job
and
how
is
that
different
and
and
with
the
knowledge,
sharing
and
education
aspect
of
the
cig?
How
do
you
know
how
to
how
to
how
does
that
color
this
process,
and
so
it
might.
I
A
As
I
was
about
to
say,
the
scope
of
check
cloud
sig
security,
which
was
just
formed
two
months
ago,
is
specified
in
the
Charter
and
we're
working
on
a
road
map
which
we
anticipate
will
include
the
white
paper.
That
was
much
discussed
many
moons
ago,
and
if
this
security
assessment
was
just
prioritized
ahead
of
the
completion
of
that
white
paper,
and
so
it
might
be
appropriate
for
us
to
schedule
presentation
of
the
roadmap.
You
know
as
that
gets
put
together,
so
that
the
TOC
can
give
feedback
on
that.
A
But
yes,
we
do
want
to
do
that
and
we're
taking
a
bottoms-up
approach,
and
so
you
can
see
the
security
assessments
there's
a
lot
of
vocabulary
that
is
being
used
there.
But
security
also
includes
policy
and
compliance
and
a
number
of
aspects
that
need
more
discussion
in
order
to
get
to
alignment
about
what
the
group
is
comfortable.
Putting
forth
yeah.
L
And
I
would
also
like
to
jump
in
and
say
that
in
these
verse
five
assessments,
we
are
trying
to
be
quite
clear
about
defining
things
that
we
think
are
unexpected
for
for
readers.
There's
a
stupid
question
phase
that
the
person
leading
the
security
audit
does
where
they
expressly
try
to
make
sure
that
there's
meaningful
definitions
for
any
terms
that
they
think
a
reader
might
not
understand
so.
But
we
haven't
formalized
this
process.
This
would
I
think
make
sense
for
us
to
talk
about
once.
C
It
is
in
the
Charter
that
one
of
the
things
that
six
security
will
do
is
educational
resources,
which
include
things
like
common
vocabulary
to
talk
about
and
understand
cloud
nation
security.
So
I
think
it's
it's
documents.
It
is
part
of
the
Charter,
but
I
don't
think
it
has
to
be
done
in
you
know
the
precise
order,
those
laid
out
and
charter
and
I
think
the
fact
that
there
are
people
volunteering
to
do
security
assessments
is
really
really
valuable.
A
So
I
think
that
that's
still
in
process
like
we
so
Justin
Carmack
reviewed
all
of
the
audits
and
we're
trying
to
figure
out
what
is
our
role
with
that
and
you
know,
but
I
I
think
that
I
think
it
would
fall
under
six
security
to
coordinate
with
the
auditors,
but
that
isn't
a
separate,
CN
CF
process.
So
we
would
love
to
see
feedback
about.
You
know
how
to
engage
I
assumed
it
that
it
was
a
matter
of
logistics
and
that
it
would
fall
under
our.
A
I,
don't
expect
that
the
use
cases
and
personas
covers
the
questions.
It's
just
I'm
trying
to
illustrate
the
bottoms-up
approach,
so
I'll
drop
in
a
few
links.
We've
developed
some
resources
and
then
you
know
and
I'll
point
to
and
then
we'll
come
back
with
a
timeline
on
the
white
paper
and
the
other
things
mentioned
in
the
Charter
Quentin.
Does
that
address
your
concern?
It.
I
Does
answer
the
question
which
it
sounds
like
the
answer
is
there
is
not
a
complete
body
of
information
that
I
was
requesting
and
I
just
wanted
to
point
out
this.
This
is
being
requested
over
and
over
from
that
group,
which
previously
was
called
a
working
group,
and
it's
now
called
the
six
for
over
a
year
now,
actually.
A
I'd
like
to
correct
you,
we
were
not.
We
proposed
to
be
a
working
group
and
the
request
was
not
clearly
presented
to
the
whole
group
and
the
priorities
were
not
clear.
So
I
think
there
was
some
miscommunication
between
JJ.
Who
was
one
of
my
co-chairs
and
myself
I.
Don't
know
if
he's
on
the
call,
and
so
there
were
things
were
prioritized
differently,
because
we
got
many
different
requests
from
the
TOC
and
we
weren't
formally
involved
with
the
CNC
up
until
a
couple
of
months
ago.
A
N
There's
a
lot
lot
of
different
ways
in
which
we
can
actually
slice
security
like
if
you
want
to
layer
security
in
terms
of
functionally
it's
going
to
look
a
lot
different
if
you're
gonna
layer
it
structurally
it's
going
to
look
a
lot
different.
If
you
want
to
layer
it
based
off
of
Associated
project,
it's
going
to
look
a
lot
different,
but
to
even
basically
to
address
what
makes
sense
and
how
we
can
actually
make
sense
of
this
to
the
end-users.
N
A
lot
of
lot
of
use
cases
needed
to
be
understood
and
I
think
we
spent
a
lot
of
time
collecting
and
gathering
use
cases
this
coming
up
with
a
white
paper.
That's
like
functionally
narrow
will
be
easier,
but
for
something
like
security,
it's
it's
going
to
take
some
time
and
once
you
have
something,
then
I'd
want
it
to
be
a
little
bit
more
meaningful
in
terms
of
like
how
we
can
iterate
on
it
right.
So
that's
a
long-winded
answer
short
turnaround.
N
A
Fact,
the
policy
working
group
subgroup
is
working
on
a
much
more
implementation,
focused
policy
white
paper,
whereas
the
white
paper
that
JJ
is
referring
to
and
Quinton's
referring
to
is
more
the
security
landscape
and
the
terms
and
all
the
different
parts
of
security.
So
it'll
be
more
of
an
overview
like
one
of
the
things
that
we've
struggled
with
us
who's
the
audience
for
the
white
paper
and
that
we
can
get
a
lot
of
input
from
the
TOC
on
that.
A
One
of
the
categories,
and
so
so
that's
where
I
think
we
could
still
use
some
participation
of
the
TOC
in
validating
our
assumptions
about
who
is
that
audience
and
one
thing
we've
talked
about
is:
could
we
get
a
few
people
who
are
from
the
end-user
community
who
are
representative
of
the
audience
to
validate
the
white
paper
so
that
they,
you
know
we
could
have
reviewers?
Who
are
outside
of
our
group?
Who
could
say?
Yes,
this
is
useful
content,
because
we
want
to
produce
something
that
is
valuable
to
the
audience.
C
Okay,
so
Joe
and
I
are
the
kind
of
liaisons
to
seek
security,
so
I
think
I
would
make
your
quest
to
the
other
members
of
the
TOC
that
if
you
have
particular
concerns
about
what
sig
Security's
focusing
on
you
know,
let's
discuss
that
and
try
and
come
up
with
a
coherent
message
to
the
team
there
or.
C
C
Thank
you
very
much,
Justina
Sarah.
Thank
you
all
right.
Moving
on
to
the
question
of
archiving
rocket
and
we
bring
this
up
a
month
or
two
ago
already
so
I,
don't
think
it's
a
surprise
to
anybody,
but
Chris
has
now
created
the
formal
request
to
do
the
archiving
process.
Do
you
want
us
to
say
something
around
that
crazy
yeah.
B
Sure
I
mean
we
discussed
this
last
time,
I
think
about
a
month
ago,
and
you
know
I
think
we
kind
of
decided
to
not.
You
know
necessarily
rushed
and
kind
of
you
know,
given
that
it's
our
first
archival
project,
let's
take
a
little
bit
slow.
So
you
know
I've
had
some
private
conversations
with
the
rocket
team.
I
filed
a
public
issue,
kind
of
notifying
them
publicly
that
we
attend
to
do
this.
You
know
per
our
process
they're
supposed
to
have
essentially
two
weeks.
B
J
B
Correct,
like
that
nope
that
is
no
problem
but
I.
Think
from
like,
like
a
toc
perspective
like
we
archived
it,
because
this
project
is
maybe
inactive
or
doesn't
reflect
the
value
blah
blah
blah.
There's
there's
that
that
I'd
rather
see
come
from
the
TOC
than
necessarily
staff.
If
that
makes
sense,
so
the
technical
commentary,
what
format.
L
Might
have
missed
it
is
there
as
part
of
our
communication,
sort
of
like
talking
about
how
projects
can
get
on
archived
or
adopted
elsewhere,
or
what
have
you
because
I
think
that
that'll
help
but
feel
sort
of
less
final
in
case
somebody
makes
the
wrong
call
and
I
know
like
in
the
past.
We've
said:
oh
well,
the
TLC
or
you
know
the
LF
can
decide
to
do
this
stuff,
but
maybe
having
at
something
that's
clear.
There
will
help
soften
this
a
little
bit
for
folks
going.
J
Into
the
LF
is
not
the
end
of
the
road
for
the
project,
it
just
means
that
it's
no
longer
part
of
the
care
native
tent
for
the
time
being
and
I
think
what
looked
about
before
was
the
idea
that
a
project
could
be
revived.
I
mean
there
are
many
people
who
who
use
rocket.
Who
may
not
have
noticed
this
and
might
come
in
there's
also
people
who've
spoken
on
Twitter
I,
see
Chris
here
from
kinfolk
took
at
it
in
their
in
me
on
the
slide,
for
example,
right.
L
L
B
B
I
mean
basically
outside
of
these
schedule
for
the
community
presentations.
I.
Think
the
important
question
ask
is
I.
Think
it's
it's
it's
hard
to
say
no,
always
right
and
and
trying
to
find
projects
that
you
may
want
to
say
no
to
here
and
and
do
it
at
some
time
in
the
in
the
coming
weeks
with
would
be
good.
You
know
we're.
We
seem
to
have
an
uptick
of
interest
now
of
projects
wanting
to
come
in
I.
B
Don't
know
whether
it's
a
seasonal
thing,
but
you
know
we
have
quite
a
lot
of
projects
in
the
backlog
right
now.
So
I
don't
know
if
thoughts
of
you
know
how
you
go
about
this,
but
I
just
wanted
to
kind
of
raise
awareness
and
make
sure
everyone's
kind
of
on
the
same
page
of
what's
on
the
backlog
right
now,
my.
B
C
And
I
think
also
just
referring
to
Joe's
comment
earlier.
This
is
one
of
the
reasons
why
we
need
a
clearer
sort
of
flowchart
of
what
the
process
is.
This
is
something
that,
as
the
TRC
we
discussed
privately
and
we
have
some
volunteers,
I
can't
remember
who
those
volunteers
are
I,
think
that's
Brendan
and
that's
who
draw
off
the
flowcharts,
because
we
need
to
get
on
top
of
this.
C
C
P
B
Generally,
I
think
the
legwork
of
doing
a
formal
proposal
to
PR
and
starting
from
there
and
kind
of
deferring
to
the
TOC,
whether
you
know
hey,
maybe
there's
two
media
sponsors
or
they
want
to
see
a
presentation
and
so
on
is
I.
Think.
Is
it
better
path
than
just
asking
for
a
presentation
and
puts
a
little
bit
more
legwork?
Okay,
so.
P
We
should
probably
update
that
in
as
part
of
the
sandbox
requirements,
so
it's
more
succinct
and
then
I'd
be
happy
to
put
together
an
example
PR
what
we
expect
as
part
of
that,
if,
if
that
would
be
helpful,
I
just
I
seem
to
kind
of
get
a
lot
of
these
questions
and
it's
not
necessarily
intuitive.
If
you're
a
brand
new
project
come
home
to
one
to
present,
I
think.
C
P
I
Yeah
that,
but
due
diligence
is,
is
a
bit
very
good
with
respect
to
the
different
categories,
so
it
gives
general
guidelines
for
how
to
look
at
a
project
and
how
to
evaluate
it,
but
it
doesn't
it's
not
very
good
at
distinguishing
between
these
things
have
to
be
there
for
a
graduated
project.
These
things
for
a
sandbox,
these
things
for
incubation
etcetera.
Perhaps
it's
worth
refreshing
that
document
in
that
context.
Well,.
P
And
I
think
it
changed
Quentin.
If
you
remember
right,
because
we
did
used
to
do
due
diligence
even
on
sandbox
and
then
we
had
so
many
projects,
it
just
wasn't
scalable.
So
then
we
said
well
we're
not
going
to
do
due
diligence
we're
just
going
to
do
presentations,
so
yeah
I
think
if
we
split
it
out
into
the
categories
and
kind
of
loose
requirements,
at
least
for
each,
it
would
give
a
better
set
of
guidelines
for
the
TOC.
That's
consistent
for
every
project
coming
in.
C
All
right,
I
think
we
can
all
take
this
as
a
bit
of
a
kick
to
take
a
look
at
the
backlog.
Issues
see
whether
there
are
and
I
think
TSE
members,
let's
all
try
to
communicate
with
each
other.
Whether
there
are
some
projects
here
that
we
do
or
don't
you
know
if
we
have
objections
to
a
particular
or
concerns
about
any
of
these
backlog
projects.
Let's
share
those
concerns
so
that
we
can
start
saying.
No,
because
I
think
this
is
one
of
the
problems
here.
We
need
to
say
no
to
some
projects.
P
Unless
I'm
saying
no
to
some
does
there
need
to
be
a
reevaluation,
then,
after
we're
finally
done
with
the
backlog,
to
go
back
and
based
on
some
new
set
of
standards,
say
no
or
say
you
have
to
come
up
to
this
next
level.
I,
just
I'm,
I
fear,
there's
a
inconsistency
just
based
on
the
number
of
projects
coming
in
the
changing
of
the
TOC,
the
changing
and
the
policies
that
someone
who
did
it
a
year
ago
compared
to
now
isn't
judged
by
the
same.
You
know
set
of
rules.
C
C
General
guidelines
on,
for
example,
this
project.
We
know
we're
saying
no
to
it,
because
you're
not
prepared
to
move
it
to
a
license
that
the
TNC
vlinn,
which
you
know,
that
would
be
a
very
clear
reason.
Why
we'd
say
no,
and
we
should
probably
come
up
with
a
few
more
of
those
reasons
why
we
why
we
would
say
no
and
why
we
do
say
no.
When
we.
A
C
C
Yeah
also
I'm
seeing
yeah
okay.
So
a
couple
of
comments
coming
up
here
so
Lee
was
pointing
out
that
the
requirement
to
present
is
listed
in
the
sandbox
process
and,
to
my
mind
we
should
have
that
presentation
before
TRC
sponsors
actually
commit
to
sponsorship,
because
otherwise,
how
do
we
hear
about
objections.
K
L
So
one
thing
that
I
think
it's
worth
updating
the
larger
community
on
is
the
the
TOC
got
together
and
one
of
the
things
we
talked
about
is
just
creating
more
communication
about
as
project
start
engaging
with
the
TOC
across
the
different
TOC
members.
So
one
of
the
things
that
we're
doing
that,
if
you
talk
to
any
of
us
about
a
project
becoming
a
sandbox
or
incubating
project,
we
just
want
we're.
L
Gonna
share
that
information
across
the
TLC
as
soon
as
possible,
just
to
make
sure
everybody's
on
the
same
page,
because
I
think
that
you
know
things
can
get
pretty
confusing.
When
there's
a
lot
of
one-on-one
conversations-
and
we
don't
want,
you
know
somebody
in
the
TOC
having
a
concern
and
then
somebody
else
committing
to
a
sandbox
project
without
having
a
chance
to
really
have
these
things
talked
through.
C
A
And
we're
kind
of
making
up
the
stig
process
as
we
go
along,
but
we'd
actually
anticipated
that
we
would
present
our
roadmap
before
presenting
a
security
assessment,
something
because
in
todos,
been
waiting
for
like
six
months
to
actually
do
their
presentation
and
proposal
to
this
TOC.
We
kind
of
did
things
out
of
ordering
probably
should've
acknowledged
that
I.