►
From YouTube: CNCF TOC Meeting 2021-02-16
Description
CNCF TOC Meeting 2021-02-16
A
B
B
C
C
C
E
A
D
F
G
I
F
D
F
F
A
J
A
D
J
D
Okay,
I
think.
Historically,
when
the
rule
rules
were
drawn
up
there,
there
needs
to
be
at
least
one
liaison.
I
think
that
having
two
has
actually
turned
out
to
be
quite
a
good
thing
for
kind
of
you
know:
redundancy
high
availability,
a
bit
of
handover
between
one.
You
know
you're
unlikely
to
lose
both
liaisons
at
once.
D
F
F
D
I'll
mute
myself,
that's
great!
Thank
you
cornelia.
I
can
see
a
lot
of
sense
in
you
having
a
relationship
with
that
delivery.
That
does
make
a
lot
of
sense.
Any.
The
other
thing
we
should
bear
in
mind
is
that
we
will
be
appointing
one
more
person
to
the
toc.
There's
the
tsa
appointed
seat
when
michelle's
seat
expires.
Amy.
Do
you
have
to
hand
when
that
happens.
J
D
Yeah,
so
it's
next
month
so
yeah
we
if
we
don't
have
to
press
gang
anybody
into
being
a
liaison.
If
we,
you
know
when
that
person
joins,
I'm
wondering
cornelia.
If
we
could,
at
least
temporarily,
have
you
take
on
observability
as
well,
just
as
a
sort
of
so
that
if
there
was
some
urgent
need
or
if
anybody
else
wanted
to
take
that
on
as
well
from
the
tic
folks.
F
Yeah,
I
mean
I'd
love
to
have
somebody
who
does
their
day
in
day
out
on
observability.
If
they
want
to
be
the
main
one
and
then
I
can
do
app
delivery
but
observability,
you
know,
there's
definitely
connection
and
an
interest
from
my
side
even
to
my
day
job.
So
I'm
more
than
happy
to
do
sick
observability
until
somebody
better
qualified
comes
along.
D
I
think
that's
a
really
great
point.
We
should,
I
don't
know
if
we
have
a
definition
of
what
happens
when
a
sig
co-chair
becomes
a
toc
member
kind
of
makes
sense
to
me
that,
well
that
that
might
mean
there
would
be
a
good
signalism,
but
I
think
it
probably
means
that
the
sig
should
appoint
a
new
chair.
In
that
case,.
E
K
Yeah,
I
think
that
makes
a
lot
of
sense
because
it
gives
people
new
people
an
opportunity
to
do
things
on
the
sick,
and
I
think,
having
having
a
pipeline
of
people
who
have
been
through
those
roles
is
really
helpful.
As
I
mean,
as
we
found
with
security,
finding
new
people
takes
a
bit
of
time.
It's
good
to
have
that
process
happen
more
often,
and
it's
it's
really
great-
that
people
move
from
six
to
tse.
D
All
right,
so
in
that
case,
if
you
are
a
sig
chair
who's
here
and
you,
you
know
that
one
of
your
co-chairs
has
has
moved
up
to
becoming
a
tfc
member.
Now
would
be
a
good
time
to
start
thinking
about
candidates
for
your
for
being
co-chairs
on
your
six
all
right.
So
probably
it
makes
sense
for
sard
and
or
erin
to
be
the
liaison
for
storage.
L
D
L
D
D
M
D
K
We
basically
said
that
it
gives
people
an
opportunity
to
step
up
and
work
in
the
seg
and
the
I
mean
we
have
the
liaison
role
and
I
think
it's
a
really
good
path
for
people
to.
I
mean
it's
really
nice
to
see
so
many
people
moving
from
working
on
steak
to
being
on
trc,
but
by
giving
more
people
opportunity
to
rotate.
I
think
one
of
the
things
we
found
on
security
was
that
succession.
We
hadn't
really
thought
about
succession,
and
you
remember
as
much,
and
it
was
really
we
had
some
people
with.
K
D
D
Okay.
I
guess
I'm
wondering
whether,
if,
if
we
have
a
sig
that
is
struggling
to
kind
of
staff,
its
roles,
its
chair
positions
and
its
tech
lead
positions.
What
can
we
do
to
sort
of
help
backfill
that
yeah,
I'm
not
sure
that
the
solution
is
to
not
kind
of
promote
people
on?
I
feel
like
the
solution
is
to
try
and
figure
out
how
we
can
expand.
That
pool
of
people.
N
E
D
D
I
definitely
think
that
you
know
toc
members
can
and
should
be
as
involved
as
they
want
as
members
of
six,
if
if
they
have
the
time
and
capacity
to
do
that,
I'm
definitely
not.
I
don't
think
anybody's
saying
they
shouldn't
be
involved
in
six.
I
think
it's
more
just
trying
to
spread
out
the
the
responsibilities
and
and
give
the
opportunities
for
roles
to
more
people.
If
we
can
yeah.
O
I
don't
know
if
my
it
might
be
a
good
idea
for
the
sick,
contributor
strategy,
sick
to
help
out
and
maybe
reach
out
to
more
places.
So
so
we
get
more
people
involved
and
people
more
trying
to
get
into
those
roles
of
sick,
chair
and
tech
leads
so
I'd
like
to.
So
it
would
be
great
to
hear
anything
any
thoughts
from
the
sick
contributor
strategy
if
they
have
any.
P
P
So,
like
I
think,
if
we
can
do
some
outreach
and
even
like
blog
posts
like
sort
of
featuring
you
all
and
interviews,
and
talking
about
like
your
road
maps
and
stuff,
like
that,
I
think
that
would
get
people
excited
to
hear
about
like
what
you
like
what
you
want
to
see.
As
far
as
like
the
future
of
your
groups,
I
think
that
could
be
a
good,
a
good
first
step.
H
I'm
also
curious
whether
this
is
sarah
allen
from
sig
security,
whether
the
the
cigs
that
are
having
trouble
finding
people
to
step
up
into
leadership
roles.
Is
it
that
people
aren't
like
your?
Are
your
meetings
like?
Do
you
have
very
few
people
at
all
involved
in
the
community
and
say,
or
is
it
that
there's
a
lot
of
people
who
will
show
up
at
a
meeting
or
participate
in
some
way,
but
don't
want
to
take
on
a
leadership
role,
because
those
are
very
different
problems
to
solve.
M
M
H
H
I
don't
know-
maybe
you're
already
doing
some
of
these
things,
but
it
might
be
worth
talking
again
about
that
stuff,
because
I
think
that
hearing
that
about
sig
security
strikes
me
that
it's
not
an
outreach
thing
so
much
as
a
fostering
the
group
for
perhaps-
and
you
might
also
consider
bringing
people
to
the
outside.
That's
how
we
all
got
here
right.
D
D
F
Now
there's
another
thought
that
I
keep
having,
which
is
that
I
think
that
maybe
for
some
individuals
they
feel
like
they,
the
the
work
that
they
would
put
into
the
sig
would
be.
You
know,
personal
time
work,
and
I
wonder
if
there's
anything
that
we
can
do
to
help
individuals
who
are
interested,
sell
their
employers
on
the
value
to
their
employer
of
them
participating
more
significantly.
F
O
O
In
so
I
mean
it's
kind
of
difficult,
because
every
business
is
different
right,
but
but
if
you
can
find
like
some
common
ground
that
says
well,
if
people
contribute
more
to
open
source
and
they
take
on
these
leadership
roles,
they
can
make
these
projects
more
successful.
And
then
the
company
can
use
these
as
end
users,
for
example,
I'm
talking
about
end
users,
and
then
you
know
the
the
projects
will
be
more
sustainable.
F
It
feels
a
little
bit
like
you
know,
making
the
argument
for
open
source,
but
maybe
we
can,
you
know,
tailor
it
a
little
bit
more
specifically
to
okay.
You
know,
even
if
you,
as
a
company,
understand
the
overall
value
of
open
source,
here's
what's
in
it
for
you,
if
you
have
individuals
that
are
more,
you
know
actively
engaged
rather
than
just
yeah,
we'll
continue
to
just
ride
on
the
coattails
of
this
open
source
movement.
D
O
D
F
My
initial
thought
was
that
a
lot
of
people
when
they
hear
contributor,
think
code
and
they
think,
oh
well,
I
don't
have
the
cycles
to
you
know
be
issuing
prs
against
this,
but
even
just
having
helping
them
recognize
that
contribute
contribution
doesn't
just
mean
code.
As
you
just
said,
liz
I
think,
is
really
key.
F
D
D
D
O
O
You
know
confusion,
maybe
in
some
communities-
and
you
know
what
is
this-
I
mean-
I
think
I've
gotten
some
of
that
in
the
past
for
sick
run
runtime.
You
know
people
asking
what
what
does
second
one
time
do
and
or
how's
that
different
from
kubernetes
or
the
sixth
and
kubernetes
so
yeah
so
yeah
any
any
thoughts
on
that.
D
H
So
I
feel
like
we
just
like
cigs
just
got
created
and
when
they
were
created
they
were
like
the
likeness
to
kubernetes.
Cigs
was
strongly
advocated
for
and
it
could
be
that
after
you
know
it's
settled
in
then
you
know
that's
that
changes
people's
perspective
on
it,
but
I
feel,
like
people
are
just
starting
to
hear
about
sig
security,
even
within
the
cncf,
and
you
know
unless,
like
I
don't
know
to
me
it
doesn't.
I
didn't
love
the
title.
H
D
D
D
H
D
H
J
I
J
D
D
J
F
F
I
think
that
there's
an
awful
lot
of
people
who
aren't
going
to
go
into
the
issue,
but
we'll
just
get
the
email
and
can
get
a
sense
of
what's
going
on
with
a
vote
and
see
the
discussion,
and
so
I
do
feel
like
there's
a
little
something
lost
if
we
go
over
to
the
issues,
because
there
are
people
who,
like
I
said,
they
aren't
going
to
go
into
github
all
the
time
and
look
at
oh
we're
voting
on
something.
Let
me
see
what
people
are
voting
on.
F
D
Dims
has
put
in
the
chat
about
people
can
subscribe
to
github
notifications.
I
think
actually
that's
a
a
really
interesting
point
that
you
probably
don't
want
to
subscribe
to
all
the
github
notifications
in
toc,
because
it
covers
gazillion
repos
and,
as
we've
seen
from
that
toc
slack
channel,
like
any
actual
discussion,
gets
lost
in
the
noise.
D
D
D
A
J
J
A
O
J
D
Security,
I
think
this
is
not
something
we're
going
to
want
to.
You
know
close
today,
but
you
know
supply
chain
security
being
a
huge
concern
and
we
want
to
make
sure
that
the
cncf
projects
are,
you
know
as
secure
as
they
can
be,
and
you
know
don't
contain
vulnerabilities,
there's
work
going
on
within
the
linux
foundation
to
kind
of
enable
some
vulnerability
scanning
and
so
on,
for
the
projects
which
I
think
security
have
been
looking
at
and
I
think
it's
not
a
completed.
H
H
Do
they
have
a
process
for,
and
you
know
what
we'll
typically
do
is
we'll
write
up
issues
if
they
don't
have
it
and
we'll
coach
people
who
are
have
less
less
big
teams
who
have
experience
with
security
and
you
know
or
help
spread
the
word
if
they
need
more
participants
and
the
group
itself
is
good
at
you
know,
people
are
like,
oh,
I
could
help
with
that
right.
So
it's
not
like
we
have.
You
know
everybody
willing
to
raise
their
hand,
but
it
you
know
it's
a
good
exchange
of
information.
D
D
B
So
this
might
have
changed,
but
at
least
back
then
we
had
to
have
a
like.
There
was
an
explicit
thing
around
having
a
process
about
having
an
email
address
where
people
can
send
stuff
to,
and
I
think
the
first
review,
which
cncf
sponsored
happened
before
graduation
to
basically
avoid
having
a
major
thing
pop
off
up
right
after
graduation.
So
I
think
that
was
even
part
of
the
gradation
project
process
back
then,
but
that
might
be.
D
B
D
O
So
I
have
a
question
about
that,
so
that
would
mean
more
like
a
process
like
an
automated
process
for
security
checks
on
an
ongoing
basis,
something
that
would
raise
the
awareness
of
the
security
in
the
project,
and
you
know,
and
once
it's
graduated
then
other
people
know
that
okay,
this
is
secure
all
right
and
would
also
having
like
some
sort
of
badge.
Help
too,
like
a
security
batch
and
a
yearly
security
badge
help.
I
think
it.
O
D
Yes,
I
think,
as
josh
says,
that
there
is
already
the
cii
badge
and
the
back
the
cii
badge
does
is
supposed
to
cover
this.
I
just
feel
like
so
a
lot
of
the
cii
stuff
is
project
self,
declaring
that
they
do
a
thing,
and
I
think
we
should
be
a
little
bit
more
explicit
as
part
of
the
assessment.
Just
saying,
okay,
you
know,
have
you
got
a
clear
security
process
and
I
don't
think
it
has
to
be
automated.
I
think
it
it's
more
about
saying
if
this
project
has
cves,
how
do
we
deal
with
it?
D
D
O
D
H
D
M
H
I
think
I
think
it's
important,
I
I
would
say
most
projects
already
have
it.
It's
maybe
not
surfaced
or
documented.
Sometimes
it's
like
it's
different
for
projects.
You
know
like
a
lot
of
times,
we've
been
like.
Well,
maybe
you
should
put
that
in
the
readme,
but
like
they're
like
oh
yeah,
we
have
a
process,
so
you
know
like
I
I
would
advocate
for
liz.
H
B
The
only
thing
which,
in
my
experience,
can
be
an
undue
burden
is,
if
you
put
timing
constraints
on
things,
so
you
say
you
have
to
reply
in
x,
amount
of
time
or
maybe
even
have
a
qualified
reply
in
x
amount
of
time.
That's
something
which
I
don't
think
should
be
put
on.
Incubated
projects,
but
beyond
that,
just
having
a
process
defined
and
easy
to
find
is
absolutely
par
for
the
course.
D
And
and
to
be
clear,
I
don't
think
we
should
be
telling
projects
what
the
process
should
be
like
if
they
want
to
put
in,
like
some
kind
of
time
frames
or
whatever
great
that's
up
to
them.
If
they
want
to
say
you
have
to
report
it
by,
I
don't
know
semaphore,
that's
kind
of
you
know,
but
by
calling
aaron's
phone
number
it's
a
security
process
exactly.
D
M
Then
why
go
through
it?
I
guess
I
mean
I
guess
graduation
should
be
like
you
have
everything
perfectly
aligned
and
it
has
our
stamp
of
approval.
There's
still
a
possibility,
though,
hopefully
slim,
that
a
project
doesn't
go
from
incubation
incubation
to
graduation.
So
are
we
saying
what
would
this
provide
to
people
that
we
don't
have
today?
I
guess
is
what
I'm
asking
if
we
moved
it
to
incubation
more
confidence
in
the
project,
more
confidence
in
the
security.
Does
it
really
change
anything.
B
The
one
important
property
of
this
is
that
there
is
a
defined
non-public
way
of
having
direct
contact
to
the
developers.
That
is
the
one
thing
which
is
actually
different.
If
you
have
a
process,
because
if
you
just
have
issues
mailing
list,
blah
blah
blah,
you
need
to
reach
out,
you
need
to
say
hey.
I
want
to
talk
about
this.
Where
can
I
reach
you
privately?
D
O
D
D
H
Well,
I
mean,
I
think
it
would
be
a
kindness
to
the
people
outside
like
if
we
had
this
at
the
incubation
level,
and
we
made
sure
that
you
know
we
swept
through
and
made
sure
all
the
projects
were
compliant,
but
we're
not
saying
how
to
do
it.
Then
every
project
is
going
to
be
a
little
different
and
if
you're
using
multiple
cncf
projects
we
know
like
I,
we
actually
had
somebody
from
the
government
be
like
can't.
We
just
tell
cncf
that
there's
a
security
issue
with
one
of
their
projects
right.
H
We
didn't
pick
it
up
at
that
time
because
we
were
like
not
the
highest
priority,
but
but
I
think
that's
one
of
the
it
would
it's.
How
much
are
we
serving
our
own
community
versus?
How
much
are
we
like
from
a
security
perspective?
You
don't
use
exclusively
cncf
projects
in
the
wild
right,
and
so
it's
just
would
be
a
facility
like.
I
think
it's
a
minor
detail
that
would
come
after
we
did
this,
provided
that
it
goes
through.
D
D
I
feel
like
yeah,
that
might
maybe
that's
a
a
next
level
thing
we
can
talk
about
and
maybe
think
about
whether
that
could
be
staffed
by
you
know
somebody
at
the
cncf,
even
if
what
they're
doing
is
turning
that
message,
you
know
redirecting
that
message
to
the
appropriate
maintainers
but
yeah.
That
feels
like
a
level
more
than
I
was
necessarily
thinking
of
for
this.
D
A
P
I
saved
it
for
last
because
it's
about
a
party
called
maintainer
circle
just
kidding
it's
not
necessarily
a
party,
but
anyway
we
had
our
third
maintainer
circle.
Recently
jerome
came
on
and
talked
and
gave
a
little
accidental
evangelist
talk
and
we
did
breakouts
and
I
just
wanted
to
let
everybody
know
to
get
the
word
out
to
the
projects
we
still
have
people
coming
in
that
are.
Like
I
didn't
know,
this
was
a
thing,
but
anyway,
so
yeah,
please
get
the
word
out.