►
From YouTube: CNCF TOC Meeting 2021-02-16
Description
CNCF TOC Meeting 2021-02-16
A
B
B
C
C
C
E
A
D
F
G
I
F
I
can
tell
you
which
one
I'd
pick
any
day
of
the
week.
The
former
I
think
we
all
should
mlk
day
is,
is
far
less
observed
than
president's
day.
I
think
that's
wrong.
C
In
austin
have
no
power
or
inter-written
power
today
and
yesterday
as
well,
so
we'll
see
how
it
goes.
D
F
F
A
J
A
A
And
amy
will
load
out
markov,
who
is
here
with
us.
D
Yeah,
so
one
thing
that
we
will
need
to
sort
out
is
toc
liaison,
so
I
thought
it
might
be
a
good
idea.
We've
had
a
little
bit
of
a
chat
about
that
amongst
ourselves,
which
I'm
just
going
to
try
and
bring
up.
J
D
Okay,
I
think.
Historically,
when
the
rule
rules
were
drawn
up
there,
there
needs
to
be
at
least
one
liaison.
I
think
that
having
two
has
actually
turned
out
to
be
quite
a
good
thing
for
kind
of
you
know:
redundancy
high
availability,
a
bit
of
handover
between
one.
You
know
you're
unlikely
to
lose
both
liaisons
at
once.
D
So
I
guess
from
the
toc
folks
who
are
here,
I
see
one
or
two:
do
we
have
one
or
two
it's
more
than
one
or
two?
I
see
quite
a
few
of
you.
Do
we
have
any
volunteers
or
people
who
had
already
mentioned
being
a
liaison.
F
F
To
be
disgusted
also,
given
that
there
are
none
down
on
observability,
I
would
also
be
willing
to
do
one
or
the
other.
I
don't
think
I
can
do
both,
but
I'd
be
willing
to
be
sick
observability.
If
that's
where
the
greater
need
is
at
the
moment.
D
I'll
mute
myself,
that's
great!
Thank
you
cornelia.
I
can
see
a
lot
of
sense
in
you
having
a
relationship
with
that
delivery.
That
does
make
a
lot
of
sense.
Any.
The
other
thing
we
should
bear
in
mind
is
that
we
will
be
appointing
one
more
person
to
the
toc.
There's
the
tsa
appointed
seat
when
michelle's
seat
expires.
Amy.
Do
you
have
to
hand
when
that
happens.
J
D
Yeah,
so
it's
next
month
so
yeah
we
if
we
don't
have
to
press
gang
anybody
into
being
a
liaison.
If
we,
you
know
when
that
person
joins,
I'm
wondering
cornelia.
If
we
could,
at
least
temporarily,
have
you
take
on
observability
as
well,
just
as
a
sort
of
so
that
if
there
was
some
urgent
need
or
if
anybody
else
wanted
to
take
that
on
as
well
from
the
tic
folks.
F
Yeah,
I
mean
I'd
love
to
have
somebody
who
does
their
day
in
day
out
on
observability.
If
they
want
to
be
the
main
one
and
then
I
can
do
app
delivery
but
observability,
you
know,
there's
definitely
connection
and
an
interest
from
my
side
even
to
my
day
job.
So
I'm
more
than
happy
to
do
sick
observability
until
somebody
better
qualified
comes
along.
K
I
think
he's
still
technically
the
co-chair
and
not
the
liaison,
which
is
a
seems,
a
little
weird
and
I'm
sure
we
could
move
him
from
one
to
the
other.
D
I
think
that's
a
really
great
point.
We
should,
I
don't
know
if
we
have
a
definition
of
what
happens
when
a
sig
co-chair
becomes
a
toc
member
kind
of
makes
sense
to
me
that,
well
that
that
might
mean
there
would
be
a
good
signalism,
but
I
think
it
probably
means
that
the
sig
should
appoint
a
new
chair.
In
that
case,.
E
Yeah
aaron
is
co-chair
of
storage
and
saad
used
to
be
a
tech
lead,
so
they
would
be
either
either
side
or
iron
or
boat
could
be
great.
It's
liaisons
because
they
already
know
the
landscape
pretty
well.
D
K
Yeah,
I
think
that
makes
a
lot
of
sense
because
it
gives
people
new
people
an
opportunity
to
do
things
on
the
sick,
and
I
think,
having
having
a
pipeline
of
people
who
have
been
through
those
roles
is
really
helpful.
As
I
mean,
as
we
found
with
security,
finding
new
people
takes
a
bit
of
time.
It's
good
to
have
that
process
happen
more
often,
and
it's
it's
really
great-
that
people
move
from
six
to
tse.
D
All
right,
so
in
that
case,
if
you
are
a
sig
chair
who's
here
and
you,
you
know
that
one
of
your
co-chairs
has
has
moved
up
to
becoming
a
tfc
member.
Now
would
be
a
good
time
to
start
thinking
about
candidates
for
your
for
being
co-chairs
on
your
six
all
right.
So
probably
it
makes
sense
for
sard
and
or
erin
to
be
the
liaison
for
storage.
L
D
L
Couldn't
share
it
with
you,
I
mean,
like
I
said
in
our
earlier
conversation,
I'm
not
necessarily
working
in
network
a
lot,
but
I'm
happy
to
share
that
with
someone
and
I'll
have
trouble
making
all
the
meetings.
So
I
definitely
would
need
to
share
it
with
someone,
but
maybe
between
the
two
of
us.
D
D
It's
fine
you're
here,
it's
great
wonderful,
so
I've
written
some
notes
here
that
says:
errands
storage,
possibly
also
sad
here-
guess
not
cornelia
on
app
delivery,
hopefully
a
second
on
observability
dave
and
myself
doing
network,
and
then
I
think
that
means
at
least
everything
is
sort
of
at
least
partially
covered
temporarily.
D
Okay,
I
think
that's
probably
everything
we
need
about
sig.
D
Liaisons,
so
we
have
kind
of
open
floor
time
for
anyone
to
raise
anything.
They
would
like
to
raise
sure.
M
I
have
something
so
I
think
maybe
before
I
joined
liz,
you
said
you
thought
maybe
the
toc
members
shouldn't
be
co-chairs
of
sigs
anymore.
Is
there?
Can
we
discuss
why
that
is
sure.
D
K
We
basically
said
that
it
gives
people
an
opportunity
to
step
up
and
work
in
the
seg
and
the
I
mean
we
have
the
liaison
role
and
I
think
it's
a
really
good
path
for
people
to.
I
mean
it's
really
nice
to
see
so
many
people
moving
from
working
on
steak
to
being
on
trc,
but
by
giving
more
people
opportunity
to
rotate.
I
think
one
of
the
things
we
found
on
security
was
that
succession.
We
hadn't
really
thought
about
succession,
and
you
remember
as
much,
and
it
was
really
we
had
some
people
with.
K
M
M
D
D
Okay.
I
guess
I'm
wondering
whether,
if,
if
we
have
a
sig
that
is
struggling
to
kind
of
staff,
its
roles,
its
chair
positions
and
its
tech
lead
positions.
What
can
we
do
to
sort
of
help
backfill
that
yeah,
I'm
not
sure
that
the
solution
is
to
not
kind
of
promote
people
on?
I
feel
like
the
solution
is
to
try
and
figure
out
how
we
can
expand.
That
pool
of
people.
N
E
Just
a
short
sort
of
echo
of
what
aaron
just
mentioned
it.
It
would
be
good
if
we
had
a
little
bit
of
flexibility,
even
if
it
was
for
a
temporary
basis,
not
to
not
to
kind
of
lose
aaron
as
a
coach.
D
D
I
definitely
think
that
you
know
toc
members
can
and
should
be
as
involved
as
they
want
as
members
of
six,
if
if
they
have
the
time
and
capacity
to
do
that,
I'm
definitely
not.
I
don't
think
anybody's
saying
they
shouldn't
be
involved
in
six.
I
think
it's
more
just
trying
to
spread
out
the
the
responsibilities
and
and
give
the
opportunities
for
roles
to
more
people.
If
we
can
yeah.
D
O
So
I
got
one
topic
so
and
fact
that
maybe
some
six
are
having
a
hard
time
trying
to
find
more
contributors
or
more
people
to
become
sick
chairs.
O
I
don't
know
if
my
it
might
be
a
good
idea
for
the
sick,
contributor
strategy,
sick
to
help
out
and
maybe
reach
out
to
more
places.
So
so
we
get
more
people
involved
and
people
more
trying
to
get
into
those
roles
of
sick,
chair
and
tech
leads
so
I'd
like
to.
So
it
would
be
great
to
hear
anything
any
thoughts
from
the
sick
contributor
strategy
if
they
have
any.
P
P
I
don't
think
the
community
at
large
knows
a
lot
of
work
that
is
done
within
the
cigs
unless
they've
produced
like
white
papers
or
something,
and
to
be
very
explicit
with
your
needs,
I've
found
in
open
source
that
when
we
say
you
know,
hey
we're
looking
for
contributors,
it's
ambiguous
and
no
one
has
the
time
for
that.
P
So,
like
I
think,
if
we
can
do
some
outreach
and
even
like
blog
posts
like
sort
of
featuring
you
all
and
interviews,
and
talking
about
like
your
road
maps
and
stuff,
like
that,
I
think
that
would
get
people
excited
to
hear
about
like
what
you
like
what
you
want
to
see.
As
far
as
like
the
future
of
your
groups,
I
think
that
could
be
a
good,
a
good
first
step.
H
I'm
also
curious
whether
this
is
sarah
allen
from
sig
security,
whether
the
the
cigs
that
are
having
trouble
finding
people
to
step
up
into
leadership
roles.
Is
it
that
people
aren't
like
your?
Are
your
meetings
like?
Do
you
have
very
few
people
at
all
involved
in
the
community
and
say,
or
is
it
that
there's
a
lot
of
people
who
will
show
up
at
a
meeting
or
participate
in
some
way,
but
don't
want
to
take
on
a
leadership
role,
because
those
are
very
different
problems
to
solve.
M
Well,
for
storage,
in
particular,
plenty
of
people
participate,
but
they
don't
have
time
to
put
in
the
work
to
do
you
know
the
tech
lead
roles
or
or
to
lead
meetings
they
just
it's
just
a
time
thing.
They
don't
want
to
step
up
into
that
role,
necessarily.
M
H
H
I
don't
know-
maybe
you're
already
doing
some
of
these
things,
but
it
might
be
worth
talking
again
about
that
stuff,
because
I
think
that
hearing
that
about
sig
security
strikes
me
that
it's
not
an
outreach
thing
so
much
as
a
fostering
the
group
for
perhaps-
and
you
might
also
consider
bringing
people
to
the
outside.
That's
how
we
all
got
here
right.
D
D
F
Now
there's
another
thought
that
I
keep
having,
which
is
that
I
think
that
maybe
for
some
individuals
they
feel
like
they,
the
the
work
that
they
would
put
into
the
sig
would
be.
You
know,
personal
time
work,
and
I
wonder
if
there's
anything
that
we
can
do
to
help
individuals
who
are
interested,
sell
their
employers
on
the
value
to
their
employer
of
them
participating
more
significantly.
F
O
Yeah
I
I
think
that
would
be
really
helpful,
but
I
think
it.
It
would
also
be
helpful
to
tie
some
of
these
things
to
the
business
of
the
different
companies
or
or
or
see
how
that's
valuable
to
yeah
the
bottom
line
of
the
whatever
company
the
individuals
are
working.
O
In
so
I
mean
it's
kind
of
difficult,
because
every
business
is
different
right,
but
but
if
you
can
find
like
some
common
ground
that
says
well,
if
people
contribute
more
to
open
source
and
they
take
on
these
leadership
roles,
they
can
make
these
projects
more
successful.
And
then
the
company
can
use
these
as
end
users,
for
example,
I'm
talking
about
end
users,
and
then
you
know
the
the
projects
will
be
more
sustainable.
O
You
know
and
then,
over
the
long
run,
we
you
know
the
whatever
the
business
will
be
more
successful,
because
maybe
all
the
systems
are
running
on
top
of
these
open
source
projects
right
and
and
then,
if
they
go
down
or
if
they
fail,
then
the
business
fails.
F
It
feels
a
little
bit
like
you
know,
making
the
argument
for
open
source,
but
maybe
we
can,
you
know,
tailor
it
a
little
bit
more
specifically
to
okay.
You
know,
even
if
you,
as
a
company,
understand
the
overall
value
of
open
source,
here's
what's
in
it
for
you,
if
you
have
individuals
that
are
more,
you
know
actively
engaged
rather
than
just
yeah,
we'll
continue
to
just
ride
on
the
coattails
of
this
open
source
movement.
D
O
D
That
you're
bringing
to
the
community
this
does
seem
like
a
really
good
topic
for
a
blog
post.
I
think
yeah
yeah.
I.
F
Thought
I
I
forgot,
I've
forgotten
the
name,
I'm
looking
the
individual
who
made
the
really
great
point
about
contributor
when
you
were
speaking
initially.
F
My
initial
thought
was
that
a
lot
of
people
when
they
hear
contributor,
think
code
and
they
think,
oh
well,
I
don't
have
the
cycles
to
you
know
be
issuing
prs
against
this,
but
even
just
having
helping
them
recognize
that
contribute
contribution
doesn't
just
mean
code.
As
you
just
said,
liz
I
think,
is
really
key.
F
D
D
D
Before
I
throw
in
ideas,
does
anyone
else
have
anything
that
they
wanted
to
bring
to
the
open
floor.
O
I
have
one
more
thing,
so
I
think
there
was
an
issue
open
on
renaming
the
six.
O
Has
there
any
been
any
traction
on
that
or
so
I
think
the
initial
thought
was,
you
know
not
to
to
make
him
not
to
be
confused
with
kubernetes
right.
So
then,
then
you
know
it
generates.
O
You
know
confusion,
maybe
in
some
communities-
and
you
know
what
is
this-
I
mean-
I
think
I've
gotten
some
of
that
in
the
past
for
sick
run
runtime.
You
know
people
asking
what
what
does
second
one
time
do
and
or
how's
that
different
from
kubernetes
or
the
sixth
and
kubernetes
so
yeah
so
yeah
any
any
thoughts
on
that.
D
H
So
I
feel
like
we
just
like
cigs
just
got
created
and
when
they
were
created
they
were
like
the
likeness
to
kubernetes.
Cigs
was
strongly
advocated
for
and
it
could
be
that
after
you
know
it's
settled
in
then
you
know
that's
that
changes
people's
perspective
on
it,
but
I
feel,
like
people
are
just
starting
to
hear
about
sig
security,
even
within
the
cncf,
and
you
know
unless,
like
I
don't
know
to
me
it
doesn't.
I
didn't
love
the
title.
H
To
begin
with,
I
really
thought
working
group
was
fine,
so
I'd
just
be
a
proponent
of
like
let's
not
rename
things,
but
that's
just
me.
That's
just
one
opinion.
D
100
know
that
it
is
causing
confusion
constantly.
I
I
josh
has
just
said
that
or
was
it
josh
yes
saying
cncfc
network,
not
kubernetes,
sig
network?
I
have
the
same
thing
with
sig
security
yeah.
We
have
26
security
yeah.
D
D
H
D
H
Just
I
don't
think
tag
says
the
same
thing
at
all.
It
seems
to
redefine
what
the
sig
is
like.
Who
are
we
advising
I'm?
Just
I
don't.
It
didn't
resonate
with
me,
and
maybe
somebody
can
speak
more
about
why.
J
I
P
Through
white
papers
and
guidance,
guidelines
and
advice.
D
Today,
any
other
ideas
that
people
want
to
throw
out
there
alternative
to
tag.
D
All
right,
wonderful,
have
we
got
enough
people
to
vote
on
this
amy.
J
I
think
so,
and
I
really
really
really
want
to
be
able
to
do
this
in
the
issue
and
instead,
as
I
come
back,
so
I
will
put
the
issue
over
into
the
chat
as
well
as
being
able
to
put
it
on
the
public
meeting
notes.
Okay,
so
do
you
want
us
to
plus
one
that?
Is
she
please?
D
D
J
F
F
I
think
that
there's
an
awful
lot
of
people
who
aren't
going
to
go
into
the
issue,
but
we'll
just
get
the
email
and
can
get
a
sense
of
what's
going
on
with
a
vote
and
see
the
discussion,
and
so
I
do
feel
like
there's
a
little
something
lost
if
we
go
over
to
the
issues,
because
there
are
people
who,
like
I
said,
they
aren't
going
to
go
into
github
all
the
time
and
look
at
oh
we're
voting
on
something.
Let
me
see
what
people
are
voting
on.
F
D
Dims
has
put
in
the
chat
about
people
can
subscribe
to
github
notifications.
I
think
actually
that's
a
a
really
interesting
point
that
you
probably
don't
want
to
subscribe
to
all
the
github
notifications
in
toc,
because
it
covers
gazillion
repos
and,
as
we've
seen
from
that
toc
slack
channel,
like
any
actual
discussion,
gets
lost
in
the
noise.
D
We
don't
have
too
many
issues
on
github
for
the
ones
we
have
about.
I
think
the
real
key
thing
here
is
making
sure
that
people
know
the
issue.
Is
there,
so
they
can
see
it
and
they
can
comment
on
it
and
yeah
create
a
label
for
it.
D
Okay,
I
feel
like
this
is
sufficiently.
You
know
there
might
be
some
details
here
that
maybe
we
should
write
it
up
into
a
proposal
before
we
actually
just
say
yeah.
Let's
move
everything
to
github.
So
would
anybody
like
to
volunteer
to
write
a
proposal
for
that.
D
Amy,
is
it
something
that
you
could
potentially
write
up
iris.
D
A
J
Ever
I
can
work
with.
I
can
work
with
them.
Paris
on
this
one,
that's
fine
it!
It
should
be
pretty
straightforward
when
we
actually
put
it
down
into
paper.
J
A
O
J
I
have
also
put
a
note
onto
the
the
toc
issue
for
rename,
noting
that
alex
has
proposed
renaming
for
technical
advisory
group,
and
then
people
can
come
in
and
vote
in
there.
J
Amy,
can
you
say
it
again?
I
wanted
to
be
able
to
make
sure
that
we
were
documenting
like
here's
who
actually
proposed
the
the
rename
and
the
issue
is
updated.
That
was
all.
D
All
right,
one
other
thing
that
has
come
up
actually
kind
of
came
up
today
was.
D
Security,
I
think
this
is
not
something
we're
going
to
want
to.
You
know
close
today,
but
you
know
supply
chain
security
being
a
huge
concern
and
we
want
to
make
sure
that
the
cncf
projects
are,
you
know
as
secure
as
they
can
be,
and
you
know
don't
contain
vulnerabilities,
there's
work
going
on
within
the
linux
foundation
to
kind
of
enable
some
vulnerability
scanning
and
so
on,
for
the
projects
which
I
think
security
have
been
looking
at
and
I
think
it's
not
a
completed.
H
This
might
be
related
to
I
mean
we
do
that
through
the
security
assessments,
and
you
know
like
one
of
the
things
we
audit
we
look
at
is:
do
they
actually
have
a
security
team?
Do
they
have
somebody?
H
Do
they
have
a
process
for,
and
you
know
what
we'll
typically
do
is
we'll
write
up
issues
if
they
don't
have
it
and
we'll
coach
people
who
are
have
less
less
big
teams
who
have
experience
with
security
and
you
know
or
help
spread
the
word
if
they
need
more
participants
and
the
group
itself
is
good
at
you
know,
people
are
like,
oh,
I
could
help
with
that
right.
So
it's
not
like
we
have.
You
know
everybody
willing
to
raise
their
hand,
but
it
you
know
it's
a
good
exchange
of
information.
H
So
what
we,
you
know,
we're
sort
of
jumping
the
gun
here,
but
we
have
we're
working
through
a
retrospective
on
the
process
and
then
what
comes
next
is
alignment
with
the
the
stages
of
the
project,
so
that
may
answer
this
help
answer
this
question,
but
I
think
certainly
graduated
projects
should
have
a
process
for
handling
security
issues.
D
So
the
assessment
work
that
the
sig
security
are
doing
to
help
a
project.
I
guess
maybe
we
need
a
a
more.
D
B
So
this
might
have
changed,
but
at
least
back
then
we
had
to
have
a
like.
There
was
an
explicit
thing
around
having
a
process
about
having
an
email
address
where
people
can
send
stuff
to,
and
I
think
the
first
review,
which
cncf
sponsored
happened
before
graduation
to
basically
avoid
having
a
major
thing
pop
off
up
right
after
graduation.
So
I
think
that
was
even
part
of
the
gradation
project
process
back
then,
but
that
might
be.
D
B
D
O
So
I
have
a
question
about
that,
so
that
would
mean
more
like
a
process
like
an
automated
process
for
security
checks
on
an
ongoing
basis,
something
that
would
raise
the
awareness
of
the
security
in
the
project,
and
you
know,
and
once
it's
graduated
then
other
people
know
that
okay,
this
is
secure
all
right
and
would
also
having
like
some
sort
of
badge.
Help
too,
like
a
security
batch
and
a
yearly
security
badge
help.
I
think
it.
O
You
are
racing
this
because
of
some
of
the
stuff
that
has
happened
like
with
the
solarwinds
hack
and
then
yeah.
So
people
want
to
have
when
they're,
using
an
open
source
project.
They
want
to
make
sure
that
yeah
it
it
doesn't
have
any
security
holes.
D
Yes,
I
think,
as
josh
says,
that
there
is
already
the
cii
badge
and
the
back
the
cii
badge
does
is
supposed
to
cover
this.
I
just
feel
like
so
a
lot
of
the
cii
stuff
is
project
self,
declaring
that
they
do
a
thing,
and
I
think
we
should
be
a
little
bit
more
explicit
as
part
of
the
assessment.
Just
saying,
okay,
you
know,
have
you
got
a
clear
security
process
and
I
don't
think
it
has
to
be
automated.
I
think
it
it's
more
about
saying
if
this
project
has
cves,
how
do
we
deal
with
it?
D
D
O
D
H
D
M
H
I
think
I
think
it's
important,
I
I
would
say
most
projects
already
have
it.
It's
maybe
not
surfaced
or
documented.
Sometimes
it's
like
it's
different
for
projects.
You
know
like
a
lot
of
times,
we've
been
like.
Well,
maybe
you
should
put
that
in
the
readme,
but
like
they're
like
oh
yeah,
we
have
a
process,
so
you
know
like
I
I
would
advocate
for
liz.
H
B
The
only
thing
which,
in
my
experience,
can
be
an
undue
burden
is,
if
you
put
timing
constraints
on
things,
so
you
say
you
have
to
reply
in
x,
amount
of
time
or
maybe
even
have
a
qualified
reply
in
x
amount
of
time.
That's
something
which
I
don't
think
should
be
put
on.
Incubated
projects,
but
beyond
that,
just
having
a
process
defined
and
easy
to
find
is
absolutely
par
for
the
course.
D
And
and
to
be
clear,
I
don't
think
we
should
be
telling
projects
what
the
process
should
be
like
if
they
want
to
put
in,
like
some
kind
of
time
frames
or
whatever
great
that's
up
to
them.
If
they
want
to
say
you
have
to
report
it
by,
I
don't
know
semaphore,
that's
kind
of
you
know,
but
by
calling
aaron's
phone
number
it's
a
security
process
exactly.
D
That's
the
apple
security
hotline
right
yeah,
it's
so,
but
more
just
saying
that
they
have
to
have
some
documented
process,
we're
not
necessarily
going
to
make
a
judgment
on
what
the
process
is,
just
that
it
should
be.
There
then.
M
Then
why
go
through
it?
I
guess
I
mean
I
guess
graduation
should
be
like
you
have
everything
perfectly
aligned
and
it
has
our
stamp
of
approval.
There's
still
a
possibility,
though,
hopefully
slim,
that
a
project
doesn't
go
from
incubation
incubation
to
graduation.
So
are
we
saying
what
would
this
provide
to
people
that
we
don't
have
today?
I
guess
is
what
I'm
asking
if
we
moved
it
to
incubation
more
confidence
in
the
project,
more
confidence
in
the
security.
Does
it
really
change
anything.
B
The
one
important
property
of
this
is
that
there
is
a
defined
non-public
way
of
having
direct
contact
to
the
developers.
That
is
the
one
thing
which
is
actually
different.
If
you
have
a
process,
because
if
you
just
have
issues
mailing
list,
blah
blah
blah,
you
need
to
reach
out,
you
need
to
say
hey.
I
want
to
talk
about
this.
Where
can
I
reach
you
privately?
D
O
D
D
H
Well,
I
mean,
I
think
it
would
be
a
kindness
to
the
people
outside
like
if
we
had
this
at
the
incubation
level,
and
we
made
sure
that
you
know
we
swept
through
and
made
sure
all
the
projects
were
compliant,
but
we're
not
saying
how
to
do
it.
Then
every
project
is
going
to
be
a
little
different
and
if
you're
using
multiple
cncf
projects
we
know
like
I,
we
actually
had
somebody
from
the
government
be
like
can't.
We
just
tell
cncf
that
there's
a
security
issue
with
one
of
their
projects
right.
H
We
didn't
pick
it
up
at
that
time
because
we
were
like
not
the
highest
priority,
but
but
I
think
that's
one
of
the
it
would
it's.
How
much
are
we
serving
our
own
community
versus?
How
much
are
we
like
from
a
security
perspective?
You
don't
use
exclusively
cncf
projects
in
the
wild
right,
and
so
it's
just
would
be
a
facility
like.
I
think
it's
a
minor
detail
that
would
come
after
we
did
this,
provided
that
it
goes
through.
D
Josh,
just
suggesting
that
having
a
backstop
security
addressed
at
cncf
level
would
help
projects.
D
I
feel
like
yeah,
that
might
maybe
that's
a
a
next
level
thing
we
can
talk
about
and
maybe
think
about
whether
that
could
be
staffed
by
you
know
somebody
at
the
cncf,
even
if
what
they're
doing
is
turning
that
message,
you
know
redirecting
that
message
to
the
appropriate
maintainers
but
yeah.
That
feels
like
a
level
more
than
I
was
necessarily
thinking
of
for
this.
D
A
All
right,
we
have
about
five
more
minutes
left.
Anybody
else
got
anything.
They
would
like
to
raise
say.
Add.
P
I
saved
it
for
last
because
it's
about
a
party
called
maintainer
circle
just
kidding
it's
not
necessarily
a
party,
but
anyway
we
had
our
third
maintainer
circle.
Recently
jerome
came
on
and
talked
and
gave
a
little
accidental
evangelist
talk
and
we
did
breakouts
and
I
just
wanted
to
let
everybody
know
to
get
the
word
out
to
the
projects
we
still
have
people
coming
in
that
are.
Like
I
didn't
know,
this
was
a
thing,
but
anyway,
so
yeah,
please
get
the
word
out.
P
The
next
maintainer
circle
will
be,
I
think,
in
three
weeks
three
to
four
weeks,
but
we
always
post
in
the
maintainer
circle
channel
on
slack
and
of
course,
amy
will
get
the
note
out
to
the
maintainers
list
as
well,
but
the
next
session
will
be
with
sarah
novotny
and
she
will
talk
about
values
and
principles
and
why
it's
good
for
you
and
your
project
and
how
to
change
those
and
it'll
be
really
cool
and
also
we
are
up
for
other
suggestions.