►
From YouTube: CNCF TOC Meeting 2022-04-19
Description
CNCF TOC Meeting 2022-04-19
A
A
Yes,
that
sounds
great
awesome.
All
right,
yeah
now
carry
about
care
about
your
day,
we'll
give
everybody
a
few
moments
to
be
able
to
come
on
in,
and
then
you
know
rock
and
roll.
A
All
right
we've
got
25
folks
in
the
line
and
two
minutes
passed.
I
know
we're
probably
going
to
need
most
of
the
time
today.
So
dims
your
show,
handing
to
you.
B
Yeah
hi,
everyone
today
is
april
19th,
and
this
is
the
meeting
for
the
cncftoc
you're
all
here.
So
you
don't
need
that
members
here
today
will
take
a
note
of
the
people
who
are
here
and
what
not
today
we'll
be
mainly
talking
about
flux
and
their
application
for
graduation
next
slide.
Please
so.
C
A
Cornelia
actually
gave
regrets
mattis
also
regrets
and
we'll
give
harry
a
few
more
minutes
to
be
able
to
come
on.
In
so.
B
C
Yeah,
maybe
myself
and
michael
so
here
is
the
the
full
text
of
our
regulation
application.
C
So
we've
been
in
incubation,
since
I
think
more
than
a
year
now
and
we've
been
working
through.
Basically
all
the
check
boxes
we
we
needed
to
tick,
we've
had
a
governance
process,
for
I
think
one
half
years
now
it's
been
working
well
for
us,
we
have
quite
a
few
people
from
we've
worked
who
who
maintain
flux,
but
we
also
have
from
from
other
organizations.
C
We
completed
the
security
audit
and
we
fixed
all
the
issues
they
found
and
and
security
also
has
like
a
big,
has
been
a
big
focus.
Lately,
we've
also
been
writing
quite
a
bit
about
it,
and
adoption
has
also
gone
up
quite
a
bit.
We've
seen
bigger
and
bigger
deployments
everywhere,.
C
E
Yeah,
so
there's
really
one
major
change
on
the
technical
side,
which
is
that
flux
was
a
version
one
when
it
went
into
sandbox
or
around
that
time,
and
then
I
think,
since
incubation
we've
been
developing
a
version
two
which
is
the
same
idea
but
modernizes
all
the
apis
and
so
on,
so
that
they
work
with
things
like
custom,
resource
definitions
and
kubernetes
which
didn't
exist
when
we
created
flux
version
one.
E
So
that's
quite
a
big
change
that
resulted
in
sort
of
a
leap
in
interest
from
especially
from
vendors
who
were
building
things
on
top
of
flux.
So
we've
seen
there's
kind
of
two
aspects:
flux.
There
is
the
bit
you
can
build
on
top
of,
and
then
there
is
the
end
user
bit,
which
I
mean
they're
actually
mostly
the
same
bits,
but
it's
two
different
types
to
use
it
and
both
of
those
have,
I
think,
seen
a
sort
of
leap
in
adoption.
Since
we
started
flux
too,.
B
Okay,
thank
you.
So
to
start
off,
are
there
any
poc
members
that
would
like
to
ask
some
questions
or
I
I
can
get
started
too.
I
see
richie,
you
are
here
and
you
have
the
video
on.
Would
you
like
to
ask
something?
B
A
B
Yeah
so
I
I
can
get
started
harry
while
you
settle
down
and
then
you
can,
you
know
start
asking
the
questions:
okay,
yep,
okay.
So
so
I
wanted
to
ask
you
about
the
governance
process
that
you
mentioned.
How
has
it
been
working
and
has
there
been,
you
know,
diversification
of
the
companies?
You
know
what
stage
you
are
in
at
this
point.
C
So
basically,
we
defined
roles
in
the
project,
so
we
have
maintainers
contributors.
All
of
this
needed
to
be
spelled
out
and
basically
all
the
processes
are
on
github.
So
we
have
voting
and
let
me
check
so
we
have
people
from
crowdstrike,
d2iq,
microsoft,
nexcel,
tetrad
zenith.
So
it's
a
it's
a
couple
of
other
companies
who
are
involved
who
are
involved
in
the
project
as
maintainers
as
well.
B
C
But
I
don't
think
we've
we've
used
it
at
all.
Lately
it
was
mostly
just
michael.
Maybe
you
can
remind
me
what
it's
there
for
or
what
it
was
there
for.
I
think
it's
for.
I
don't
know.
E
Yeah
kind
of
the
governance
in
flux
is
very
deliberately
and
consensus
oriented,
so
actually
it
is
less
about
having
a
sort
of
you
know
ultimate
authority
to
tiebreak,
as
it
is
about
just
making
sure
that
people
are
following
the
rules.
That's
why
it's
sort
of
oversight
rather
than
you
know
the
accounts
of
that
council
of
elders.
It's
in
a
way,
it's
sort
of
a
transitional
thing,
and
it
can.
E
It
can
really
go
away
once
we
have
figured
out
what
should
replace
it,
which
might
be
something
like
you
know,
a
steering
committee
that
sort
of
thing
yeah.
It's
just
a
lot
to
do.
B
Yeah
we
used
that
exact
same
model
in
kubernetes
there
was
a
bootstrap
committee.
There
was
an
expiry
date
on
it
and
before
the
expiry
date,
we
elected
a
fresh
set
of
people
and
they
are
the
ones
you
know
serving
from
that
point
onwards.
B
E
E
There
has
been
a
bit
of
talk,
but
most
of
its
private
opportunities
to
for
everyone
to
talk,
not
that
many,
you
know
except
asynchronously
on
slack
and
so
on.
Possibly
the
kubercon
one
coming
up
or
one
after
might
be
a
good
opportunity.
I
know
there
is
a
kind
of
breakout
room
being
planned
daniel
is
that
right.
C
E
E
B
Yeah,
that
sounds
like
a
really
good.
I
idea
and
a
plan,
and
I
let
other
people
ask
questions
and
then
we
can
come
back
to
it
a
little
bit
katie
did
you
have
any
questions.
F
Not
yet,
actually
I
missed
the
first
half
of
the
meeting,
unfortunately,
because
of
some
of
my
some
issues,
but
I
will
I'll
get
back
by
the
end.
B
Yeah
so
dawn
on
chat
says:
please
come
by
the
governance
working
group.
They
meet
on
a
thursday
one
thursday
a
month.
So
please
join
them
and
ask
you
know
what
are
the
various
combinations
that
are
possible
and
you
know
how
to
go
around
go
about
setting
up
something
that
will
work
for
you,
okay,
so
the
other
question
I
had
about
reading
through
the
materials
was
at
one
point.
There
was
some
discussion
about
the
collaboration
cooperation
with
argo
city
folks.
I
know
they
were.
B
There
was
some
set
of
meetings
and
then
there
was
an
agreement
to
good
separate
ways.
Has
there
been
any
follow-ups
on
you
know
some
overlap
or
some
sharing
of
technical,
stuff
or
components?
You
know
in
the
recent
past.
E
The
short
answer,
and
which
is
also
the
long
answer,
is
no,
it
hasn't
been.
We
are
kind
of
still
in
touch
individually
with
people
work
on
argo,
cd
and
there's
a
bit
of
coopetation
there.
I
think,
but
no,
we
had
no
kind
of
official
or
formal.
G
There
was
during
last
kubecon
myself
and
one
of
the
other
flux,
maintainers
or
one
of
the
other
people
from
the
flux
team
chatted
with
the
argo
developers,
their
booths
weren't
that
far
apart
and
and
the
idea
was
hey
now
that
now
that
flux
2
has
been
made
to
be
componentized
really.
Ultimately,
what
my
understanding
is?
G
I
wasn't
around
at
that
time
when
the
initial
plan
was
made,
but
but
the
idea
of
how
flux
is
going
to
be
refactored
to
to
play
well
with
other
projects,
as,
for
example,
argo
has
already
happened
in
flux
too,
just
in
a
different
way.
As
michael
said,
we
have
a.
We
have
a
note
about
what
the
status
is
of
that
inside
the
flux
stocks.
For
those
who
remember
that
earlier
plan,
they
only
they
were
interested.
G
It's
I
also
spoke
with
dan
from
code
just
because
they
put
they
put
a
lot
of
energy
behind
argo
as
well
and
the
acuity
folks,
and
so
they
were
very
interested
in
that,
especially
because
there
are
a
lot
of
bugs
in
in
our
go
and
a
lot
of
feature,
requests
that
are
already
finished
in
flux
and
the
argo
ui
is
something
that
people
like
the
most.
G
So
the
thought
was
why
don't
we
just
combine
the
two,
and
the
only
other
update
is
that
chan,
one
of
the
other
flux
maintainers,
has
created
a
project
called
the
flux
subsystem
for
argo,
that
that
does
just
that.
So
it
doesn't
have
white
adoption
yet,
but
that's
something
to
look
out
for
and
a
lot.
A
lot
of
folks
are
excited
about
that.
B
Thank
you
for
that
answer,
and
I
hope,
if
you
didn't,
hurt
your
throat
too
much
there
yeah.
How
do
you
do
you
have
a
set
of
questions
to
ask
the
dean.
H
Yeah,
I
think
my
main
question
is
around
what
is
the
current
adoption
of
the
flux
portrait?
Maybe
you
have
mentioned
this
in
a
meeting,
so
I
missed
that
part.
But
what
I'm
curious
about
is
what
about
the
end
user
adoption,
specifically
basically,
for
example,
besides
the
club
right
besides
the
cloud
providers
or
vendors,
so
how?
How
is
adoption
and
the
other
side.
I
Daniel
do
you
want
me
to
jump
in
oh
hi,
I'm
tommo,
I'm
in
the
I
run
the
developer
experience
team
here
at
weaveworks
and
we
work
closely
with
our
community.
I
So
some
of
our
most
exciting
recent
adopters
that
daniel
has
just
shared
in
the
link
include
sap,
ring
central
volvo
and
then
we've
had
other
companies
like
soul
cycle
in
there,
like
some
of
the
more
recognizable,
let's
say
like
consumer
names,
as
well
as
more
and
more
people
who
add
themselves
not
only
on
the
flux
side,
but
on
the
flagger
side,
which
is
you
know,
now
a
sub
project
of
flux.
And
so
it's
been
exciting
to
work
with
more
and
more
companies
who
have
added
themselves.
And
then
you
know.
I
Unfortunately,
we
work
with
very
large
financial
corporations
who
are
not
allowed
to
add
themselves,
but
it's
pretty
exciting
of
what
they're
doing,
with
both
flux
and
flagger
and
developing
those
areas,
and
you.
A
I
C
I
Yeah
and
I'll
add
to
that
we've
been,
you
know:
we've
designed
flux
to
obviously
protect
people's
privacy,
and
you
know
people
can
just
download-
and
it's
it's
my
job
to
have
that
very
difficult
monthly
task
of
trying
to
capture
metrics
and
trying
to
sort
of
connect
that
to
how
many
human
beings
are
using.
So
we've
been
starting
to
interview
our
community
members
to
get
a
better
sense
of
that,
and
already
some
of
the
first
people,
we've
talked
to
would
say
like
well.
G
I
F
Yes,
so
considering
that
I
joined
late,
this
question
might
have
been
answered,
so
I'm
just
gonna
ask
just
to
make
sure
that
I
could
that
got
that
covered
for
myself.
The
first
question
is
looking
at
the
maintainers
list
and
the
contributor
list.
There
are
maintainers
but
they're,
quite
singular
per
organization,
which
means,
if
they
no
longer
are
in
the
organization
or
they
no
longer
want
to
participate,
that
entire
work
cannot
be
listed
as
a
maintainer.
F
So
my
question
is:
are
there
any
plans
to
expand
the
maintainers
and
contributors
from
these
orgs
and
not
have
just
singular
contributors?
This
is
one
and
then
I'm
going
to
put
my
other
question.
E
F
So,
like
I'm
looking
through
for
your
proposal
here
for
graduation,
so,
for
example,
from
due
to
iq,
you
have
like
one
maintainer
from
microsoft:
it's
one
maintainer!
So
if
they
decide
not
to
be
there
any
longer
like
it's
pretty
much
one
organization
less,
which
you
know
you
can
consider
as
a
commuter
like
a
strong
commuter.
E
Yeah
so
kind
of
two,
a
two-part
response
to
that
one
is
that
there
are
projects
which
which
are
driven
by
a
single
company
and-
and
that
is
balanced
by
perhaps
governance,
by
having
a
sort
of
user
committee
where
which
whether
the
company
is
not
represented,
and
so
the
governance
kind
of,
has
checks
and
balances
to
make
sure
that
you
know,
even
though
the
maintainers
are
from
a
single
company
or
have
a
very
strong
representation
from
a
single
company.
E
Actually
it's
driven
by
the
community.
So
that's
part
number
one.
The
second
part
is
that,
yes,
we
would
love
to
have
more
sort
of
organizational
contributors
or
and
or
maintainers,
so
that
succession
is
sort
of
less
of
a
risk
if
you
like,
if
we
had
a
magic
wand,
that's
probably
the
first
wish,
but
it's
quite
difficult,
being
a
sort
of
maybe
mid-sized
project
to
get
organizations
on
board,
because
it's
quite
an
investment
for
people.
E
You
know
that
probably
means
that
organization
has
to
dedicate
a
certain
number
of
developers
and
there's
just
not
that
many
places
you
know
willing
to
make
that
investment.
So
what
we
get
is
is
more
like
places
that
don't
necessarily
want
to
make
a
strategic
strategic
investment,
but
do
recognize
that
their
interests
lie
in
the
direction
of
helping
with
flux.
So,
therefore,
a
particular
individual
gets
to
spend
some
of
their
time
being
a
maintainer.
B
So
the
other
one,
the
twist
to
this
michael,
is:
is
there
another
role
which
is
not
like
a
maintainer,
but
you
know
a
reviewer.
If
you
have
a
role
like
that,
then
you
could
possibly
have
like
somebody
who
is
just
getting
into
the
community
who
is
looking
at
stuff
and
make
them
a
reviewer
first.
B
So
at
least
you
have
like
a
person
with
a
role
and
then
you
can
have
like
a
contributor
ladder
at
that
point
and
say:
hey
you
start
off
as
a
general
community
member
we'll
add
you
to
the
github
org
and
then
you
become
a
reviewer
and
then
you
become
approved
maintainer
like
so
have.
If
you
have
some
kind
of
ladder
system
there,
at
least
you
will.
You
will
set
up
a
pipeline
of
folks
that
you
could
pull
on
next
right.
E
Yeah,
we
do
in
fact
have
a
contributor
ladder,
and
there
is
a
contributor
named
contributor
role
that
it's
a
very
sort
of
lightweight
process
to
become
a
contributor,
and
you
get
to
be
part
of
the
organization
and
you
get
some
sort
of
triage.
I
think
what
you
mean
by
reviewer
kind
of
fairly
light
responsibilities,
but
you
know
you're
part
of
the
project,
so
we
do
have
that.
That
doesn't
mean
that
people
sort
of
you
know.
E
I
think
that
helps
a
bit
because
it
sort
of
makes
that
slope
a
bit
more
gradual
right,
but
it
doesn't
solve
the
essential
problem,
which
is
that
it's
still
investment
of
someone's
time
or
organization's
resources
to
to
even
get
on
that
ladder
right
that
someone
has
to
ask
their
boss.
Can
I
spend
time
on
this
effectively
yeah?
So
I
think
it
probably
has
helped
a
bit,
I'm
sure,
there's
lots
of
other
stuff.
E
We
could
do
to
help
that
more
and
there's
also
quite
a
step
from
being
contributed
to
a
maintainer
nonetheless,
with
with
sort
of
not
much
in
between.
F
Yes,
another
question
I
had
was
you're
mentioning
here
that
you
have
a
solid
roadmap
and
you're
mentioning
that
you
want
to
maybe
work
more
in
security
multi-tenancy.
Would
it
be
possible
to
share
like
a
roadmap
or
more
details,
rather
than
just
kind
of
a
few
pointers
for
us
to
see
like
what's
next
for
this
project
and
what's
going
to
be
considered
to
be
done
well
pretty
much
in
the
next
year
or
so.
B
So
that's
like
a
follow-up.
You
know
you
can
speak
to
it
too
if
you
michael
or
daniel,
if
you
want
to,
but
you
know
we're
looking
for
some
more
information
when
you
update
the
pr
next.
E
I
think
daniel
probably
knows
a
bit
more
about
this
than
I
do,
because
he
helps
maintain
some
of
those
pages,
but
the
roadmap
as
it
stands
is.
The
milestones
are
not
so
much
features
as
they
are
sort
of
stages
of
maturity.
So
you
know
the
sort
of
big
thing
that
was
passed
was
was
being
having
parity
with
flux
v1
in
in
flux,
v2.
That
was
a
while
ago.
The
next
big
one
is
having
a
ga
release
of
flux
v2.
E
We
have
had
a
push
on
security
stuff,
I'm
not
sure
whether
that's
represented
in
road
maps
for
the
are
published,
as
opposed
to
more
sort
of
internal
project
board
type
stuff
which
are
not
actually
internal
they're,
also
public,
just
not,
as
pointed
to
as
the
road
maps
on
the
website
daniel
is
there
other
road
map
material.
C
Yes,
I
just
shared
some
of
the
projects
project
boards,
we're
using
so
there's
the
sorry.
The
roadmap
document
we
shared
in
the
application
and
the
other
ones
are
just
more
detailed,
so
one
view
is
which
I
shared
is
basically
for
the
next
releases.
F
Understood,
listen,
so
yeah
go
ahead.
I
have
another
question:
if
that's
okay,
so
this
is
more
like
forward-looking
as
well
based
on
the
on
the
road
map
and
the
next
work
you
want
to
do
for
flux,
but
so
far.
Well,
we
know
that
flux
is
composed
of
multiple
components
and
we
had
this
kind
of
projects
previously
as
well.
F
For
example,
the
operator
eight
sdk
it
had
like
three
standalone
projects
and
they
actually
made
more
sense
for
them
to
go
their
separate
ways
towards
the
incubation
and
graduation.
Do
you
envisage
any
of
these
components
to
take
it
off
by
itself?
F
But
do
you
see
all
of
this
still
part
of
the
flux
project
and
very
kind
of
I
would
like
to
use
the
monolith,
but,
like
you
know
like,
in
that
perspective,
do
you
perceive
all
these
components
to
be
part
of
the
same
monolith
to
make
everything
work,
or
do
you
envisage
some
of
these
to
maybe
take
over
by
itself.
E
There's
kind
of
two
bits
aspects
to
that:
there's
the
sort
of
political
aspect
or
social
aspect.
Isn't
there
and
then
there's
the
technical
aspect
so
technically
they're
all
quite
strongly
coupled
and
the
so
they
mostly
sort
of
make
sense
all
together.
The
bits
and
and
people
can.
E
Third
parties
can
can
kind
of
use
components
individually
and
they
do,
but
in
terms
of
them
use
a
you
know,
boxed
product.
It
is
all
the
bits
at
once
really
socially,
it
tends
to
be
mostly
all
the
same
people
so
there
there
isn't
really
there's
not
really
different,
separate
constituencies.
If
you
like
the,
if
there
is
an
exception
to
both
of
those
things
it's
flagged,
but
that
actually
moved
in
the
other
direction.
E
It
was
a
separate
project
and
then
it
came
into
flux
as
a
sub-project,
and
so
it
seems
less
likely
that
it'll
sort
of
break
away
again,
it's
not
quite
as
coupled,
technically
speaking
with
the
other
bits
and
it
is
sort
of
has
its
own
aspects
of
community
and
so
on
that
are
not.
E
Shared
with
the
rest
of
phlox,
but
broadly
it's
more
like
the
motion
tends
to
be
coming
together
rather
than
splitting.
Apart
for
the
foreseeable
future,
I
think.
B
So
let
me
ask
you
a
follow-up
on
the
flagger
itself.
What
was
the
kind
of
thinking
or
process
that
you
had
in
place
through
the
governance
work,
to
make
the
decision
of
inviting
flagger
as
a
subproject
of
flux?
And
how
did
it
look
like,
like
you
know?
I
Could
take
a
I
could
take
a
high
level
stab.
Unfortunately,
stefan
who
created
flagger
had
to
get
pulled
away
this
week
and
and
can't
be
here
to
answer
that
question,
but
a
very
high
level.
I
But
we
wanted
to
make
sure
that
so
originally
stefan
did
design
flagger
with
flux
in
mind.
So
we
have
both
a
commitment
to
ensure
that
it
continues
to
support
other
tools.
While
we
also
felt
that
it
made
sense
to
make
it
part
of
the
flux
project,
because
we
wanted
to
ensure
that
there
was
also
a
path
that
was
optimized
for
people
who
use
flagger
and
flux
together,
because
that's
how
it
was
originally
designed.
I
So
that
was
the
just
very
basic
high
level
logic
of
thinking
that
it
made
it
made
sense
to
have
them
be
a
single
project
as
opposed
to
you
know,
having
flagger,
be
it's
it's
standalone
thing.
So
that's
a
very
basic.
B
I
totally
get
that
part.
It's
just
the
you
know.
If
you
are
talking
about
an
open
community
and
open
design
and
open
discussions,
and
things
like
that
there
has
to
be.
You
know
things
written
down.
Things
done,
async
voting,
perhaps
right
for
the
governance
to
actually
work
right
in
a
repeatable
fashion,
where,
if
there
is
another
component
that
is
coming
in
then,
would
you
do
exactly
the
same
set
of
steps?
Or
would
you
like
you
know,
change
what
you're
doing
right?
That's
part
of
the
governance.
B
I
know
that
you,
you
recently
started
writing
down
design
documents
for
things
you
know,
but
I
don't
think
that
was
there
when
the
flagger
stuff
came
in.
So
that's
why
I'm
poking
at
it.
You
know
where
the
decisions
and
behind
the
scenes-
or
there
was
ample-
you
know,
discussion
in
public
forums
where
people
could
climb
in
on
things
yeah.
We.
C
Did
we
discussed
this
in
the
in
the
flux
meeting
for
for
a
longer
time,
and
at
the
time
it
was
stefan
and
takeshi
at
tetrad?
It's
also
a
flagger
maintainer.
They
talked
about
this
behind
the
scenes
is
as
well,
and
the
idea
was
also
to
rebase
flagger,
on
top
of
the
flux
controllers,
so,
for
example,
to
use
the
notification
controller
for
doing
all
the
notification
things
that
work
is
slowly
ongoing
in
the
process.
It's
a
bigger
chunk
of
work,
but
it
it
just
felt
like
it.
C
It
made
sense
and
we
had
like
a
long
this
or
request
for
comment
period,
and
everyone
was
on
board.
I
think
all
the
flex
maintainers
set
off
on
this,
so
that
was
at
least
at
least
three
or
four
months
in
the
in
the
making.
B
Yeah
so
scott
says
exactly
it
was
discussed
multiple
times
in
the
community
meeting.
So
that's
good.
So
basically
I'm
asking
that,
because,
typically
what
happens
is
like
when
you
end
up
you
know
taking
decisions
like
that.
You
end
up
codifying
so
next
time,
it's
easier
to
do
the
same
set
of
things
right
like
that.
That's
how
we
grow
the
governance
and
like
make
sure
that
you
know
the
best
practices
are
captured
so
next
time
you
it's
easier
getting
through
the
process.
So
that's
a
new
team.
C
Like
one
big
question
was
also
for
whenever
there
was
some
experimentation
going
on
somewhere,
the
question
was:
do
we
really
want
this
in
flux
cd?
Are
we
really
going
to
maintain
this?
So
that's
why
we
also
created
the
flux,
cd
community
organization,
where
we
have
some
projects
that
people
started
working
on
that
still
need
to
be
tried
and
tested
before
they
can
before
we
say:
okay,
we're
going
to
support
this.
E
F
Yeah
kind
of
changing
the
subjects
as
well
so
another
thing
which
again
just
for
visibility,
and
you
know
kind
of
seeing
the
the
progress
there
have
been
a
bunch
of
to
do
items
from
the
incubation
that
you've
mentioned
that
has
been
addressed.
Do
you
have
a
list
of
them
that
we
can
actually
easily
check?
That's
gonna,
be
very
cool
or,
if
you
know
anything
on
top
of
on
top
of
your
head,
that
you
can
kind
of
list
now,
that's
gonna
be
helpful
too.
Give.
C
Me
a
moment
and
I'll
find
it.
I
know
one
we
haven't
done
yet
the
ask
was
to
move
the
flagger
website
under
under
the
flux
website
to
move
the
documentation
there
and
that's
not
quite
done
yet.
So
that's
one
I
know
of
but
I'll
find
the
list
for
you.
B
Thanks
katie
for
that
question,
I
know
dave
just
joined
dave.
If
you
wanted
to
ask
some
questions
right
away,
please
do,
or
you
know,
we'll
continue
the
conversations
that
we've
been
having.
J
Yeah,
I
guess,
keep
going
I'm
just
jumping
from
other
meetings.
I
have
to
like
pull
up
my
notes
and
everything.
If
there's
stuff
I
have
stuff,
I
ask
I'll
jump
in
a
bit
later
right
now,
I'm
super
unprepared.
B
No
worries
harry
did
you
have
any
other
questions
or
anybody
else
on
the
call
I
spot
listed?
Who
was
there
when
we
did
the
incubation
portion.
D
I
wrote
down
a
quick
question:
it
was
more
to
like
for
for
for
writing
down.
Is
there
any
like
relevant
dependency
on
a
project
that
would
be
at
a
lower
sustainability
level
than
what
is
expected
for
graduation
in
cncf?
Something
you
would
depend
on
that
would
need
to
be
there
for
flux
to
to
operate
properly.
B
G
B
It
or
are
there
any
dependencies
outside
of
the
flux
repositories
that
flux
heavily
depends
upon,
but
it
is
underfunded.
E
Right,
I
see
so
kind
of
risks
of
those
being
abandoned
or
yeah.
So
there's
three
I
can
think
of
off
the
top
of
my
head,
not
that
don't
necessarily
have
those
risks,
but
you
might
be
able
to
judge
for
yourself.
So
there's
two
get
libraries
that
flux
depends
on
one's
pure,
go
implementation
and
one's
bindings
to
let's
get
to.
E
Those,
I
think,
seem
pretty
stable
and
just
sort
of
chug
along,
but
you
know
you
sort
of
never
know.
What's
going
on
behind
the
scenes,
the
other
one
I
can
think
of
is
sops,
which
is
we're
not
totally
sure
what
the
story
is
there,
that
mozilla
sort
of
has
changed,
bought
it
funds
recently
and
that's
a
mozilla
funded
project.
I
think
there
are
plans,
or
at
least
wishes
afoot,
to
try
and
find
another
home
for
it
or
to
somehow
keep
it
going.
E
Those
are
the
three
that
I
can
train
things
that
I
can
think
of
that
kind
of
fit
that
description.
Other
dependencies
are
things
like
helm,
which
I
think
it
does
not
fit
that
description.
There's
not
that
many
there's
not
that
many
kind
of
large
difficult
to
reproduce
dependencies.
Those
are
the
ones
I
can
think
of.
B
Yeah
scott,
please
go
ahead.
G
Yes,
just
the
one
update
on
sops
is
that
there's
been
some
meetings
with
the
mozilla
team
very
recently,
and
I'm
not
sure
michael.
If
you
saw
this
because
it
was
very
very
recent
so
but
but
the
the
the
understanding
now
is
that
mozilla
corp
will
keep
supporting
sops.
Basically,
sops
is
not
dead.
G
Mozilla
work
will
keep
supporting
stops
for
one
year
and
welcomes
new
maintainers
aj
will
be
the
lead
maintainer,
I'm
just
reading
from
my
notes
now,
but
I'm
trying
to
update
you
will
be
the
lead,
maintainer
and
hopes
to
keep
making
releases,
but
the
releases
will
be
how
to
maintain
and
improve
pace
for
now.
So
you
know
at
the
moment
there
will
not
be
big
feature
development
until
the
maintainers
grow
in
number
and
time
commitment.
G
Yeah-
and
there
was
some
discussion
about
you
know
whether
or
not
they
may
want
to
donate
some
stuff
or
like
just
open
that
discussion,
but
they
they
are
not
considering
that
at
this
moment,.
B
We
have,
they
have
to
have
a
sense
that
you
know,
flux
will
be
around
and
the
things
that
flux
depends
on
are
going
to
be
around,
so
they
can
depend
on
on
that.
Matt
you've
raised
your
hands
a
couple
of
times.
Please
go
go
ahead,
oh.
K
Yeah,
sorry,
I
went
from
a
phone
to
a
monitor,
so
I
just
raised
my
hand
once
so.
I'm
super
thrilled
to
see
all
this,
given
that
many
organizations
are
basing
their
compliance
strategies
around
adopting
git
ops
with
a
combination
of
automation,
so
robots
do
all
the
things
and
the
normative
cases
are
are
have
compliance
generate
documentation
generated?
Is
there
any?
K
Can
you
speak
to
the
road
map
around
how
tooling,
either
observability
tooling
compliance
tooling
auditing
tooling,
can,
in
a
consistent,
open
way,
get
sort
of
the
record
if
you
will
of
all
of
the
deployments
and
their
specifics,
so
that
there
can
be
an
open
standard
sort
of
like
open
telemetry
is,
for
you
know,
metrics
logs
and
traces
that
that
can
foster
an
ecosystem
of
vendors
that
can
provide
differentiated
solutions
to
different
market
segments.
K
You
know,
given
the
adoption
of
flux
and
the
momentum,
you
know
what
are
the
plans
to
either
surface
that
or
are
there
any
plans
to
propose
or
work
on
it
on
an
open
standard
for
for
what
just
the
data
format
is
sort
of
like
open
metrics
is
to
you
know,
metrics,
where
it's
just
a
wire
format.
So
that
people
can
integrate,
but
it
doesn't
get
into
implementation
or
workflows
or
things
like
that,
it's
just
data,
so
is
there
any
sort
of
standard
like
that
planned
or
what
are
the
projects?
K
Thoughts
about
that
as
it
as
it
eyes?
Graduation,
then,
really,
you
know
increasing
this
momentum
around
good
ops
in
general,
as
realized
by
flux,
as
the
actor.
E
I
think
that
that's
a
really
interesting
question
and
I
think
well
to
my
knowledge,
there's
not
at
least
not
out
in
the
public
discussion
about
exactly
that
thing.
Flux
does
have
a
few
kind
of
observability
surfaces
if
you
like.
One
of
them
is
that
it
uses
custom
resources,
so
you
can
go
look
at
those
to
see
the
status
of
things
it
exports
prometheus
metrics,
which
is
not
a
generic
standard,
but
it
is
fairly
widely
adopted
and
it
sends
notifications
to
things
like
slack
pager
duty.
E
Whatever
none
of
those
things
you
know
the
schemas
and
and
formats
metrics
are
not
standardized.
I
think
I
would
expect
that
to
go
something
like
perhaps
the
open,
git
ops
group
would
come
up
with
schemas
and
metrics
and
so
on
and
then
flux
would
implement.
You
know
adopt
those
or
adapt
scott.
Can
you
speak
to
that
or
type
to
that.
G
Yes,
I
I
was
just
to
keep
it
short.
I
was
just
going
to
say
that
that
I
pasted
the
timeline
again
katie
for
your
question,
because
I
just
sorry
I
took
a
moment.
I
just
saw
your
question
in
chat
and
also
what
you
had
asked
earlier
liz.
So
I
think
the
the
most
important
thing
is.
G
Basically,
in
short,
I'm
responsible
for
making
sure
that
the
community
is
aware
of
this,
that
people
have
an
adequate
time
period
and
though
I
and
also
the
entire
flux
team
is,
is
very
cognizant
of
making
sure
that
all
of
the
steps
needed
to
upgrade
are
are
as
seamless
as
possible.
That's
our
major
goal.
G
Oh
right,
oh
that's
great
yeah,
but
in
any
case
kingdom
has
said
that
the
has
been
giving
updates
too
on
on
the
flux,
v1
support
requests
and
a
very
large
number
of
those
mostly
are
about
how
to
upgrade
to
v2
and
what
problems
are
solved
by
by
upgrading.
B
Got
it
emily,
do
you
wanna.
L
Voice
please,
so
I
didn't
really
have
a
ton
of
questions
so,
first
off
I
wanna
give
kudos
to
the
group
for
making
it
very
transparent,
their
tracking
and
completion
of
the
recommendations
from
the
audit.
It
looks
like
you
all,
have
come
pretty
close
to
closing
nearly
everything
out
and
for
those
items
that
aren't
closed.
You
have
a
lot
of
things
in
flight
with
some
looks
like
some
active
discussion
or
pointers.
E
The
recommendation
was
made
by
the
auditors
adalogix,
and
that
was
actually
something
I
mean.
We
spent
quite
a
lot
of
time
discussing
their
recommendation
after
they've
kind
of
made
them
to
better
understand
them,
and
I
think
the
the
specific
recommendation
recommendation
uses
the
security
tag
as
an
example
of
someone
we
might
engage
with
and
with
the
other
examples
being
independent
security,
researchers
and
consultants,
and
we.
E
Like
to
engage
with
security
tag,
I
think
it's
something
that
we'd
have
to
kind
of
have
an
ongoing
like
build.
An
ongoing
relationship
with.
We
haven't
been
sure
exactly
how
to
engage
with
security
tag.
They
are
a
really
busy
group
yeah.
E
We
we
have
a
maintainer
polo,
who
I
think
sort
of
has
you
know
and
in
there
and
may
be
able
to
help
us
out
with
that,
but
yeah,
that's
something
we
would
still
like
to
do
it
see
we
weren't
sure
on
what
terms
we
would
we
do
that,
because
it
wasn't
quite
how
other
projects
engage
with
them.
We
don't
quite
have
the
same.
We
didn't
have
an
established
relationship
to
go
in
with
we'd
still
like
to
do
that
and.
C
I
think
the
suggestion
was
so.
The
audit
was
sort
of
comprised
of
three
parts.
The
first
one
was
around
fuzzing.
Then
there
was
a
code
review
and
when
we
talked
to
adologics
in
the
in
the
very
in
the
very
beginning
they
said,
is
there
anything
else?
You
would
like
us
to
to
review
or
cover
for
you,
and
there
was
one
proposal
we
we
started
putting
together
around
around
multi-tenancy
and
they
reviewed
this
and
it
wasn't
quite
a
real
proposal.
It
was.
C
It
was
more
in
a
draft
idea
and-
and
I
think
that's
where
the
ask
came
from
said-
like
you-
need
a
proper
rfc
pro
process
and
talk
to
the
security
tag
and
since
then
we've
implemented
the
rfc
process,
but
we
yeah.
As
michael
said,
we
haven't
reached
out
to
the
security
tech
about
about
this
year.
That's
at
least.
E
My
yeah,
that's
that's
what
I
was
sort
of
stumbling
over
it
towards
the
end.
There
was
that
the
recommendation
was
kind
of
attached
to
a
particular
design
how
to
improve
it,
and
when
we
looked
at
it
that
didn't
that
wasn't
really
how
people
engaged
with
the
security
tag
was
not
about
necessarily
specific
designs,
improving
those.
L
So
I
would
recommend,
then,
that
engaging
with
the
security
tag,
specifically
their
security
pals
program
to
assist
in
that
multi-tenancy
review,
would
be
beneficial.
They
do
have
a
path
for
that.
You
can
file
an
issue
with
the
group
or
you
can
drop
a
line
in
the
slack
channel
and
see
see
what
they're
recommending
right
now,
but
the
security
pal
is
more
of
a
direct
engagement
specifically
for
a
scoped
effort.
B
You
very
much
so
I
do
have
a
follow-up
on
what
emily
was
asking,
which
is.
B
So
is
the
is
the
security
process
well
defined
in
terms
of
you
know.
Here
is
the
incoming
queue
here
is
how
you
put
something
in
which
is
private,
that
the
team
will
look
at
and
who
is
responsible
for
doing
the
initial
triage
and
then
engaging
with
the
people
that
are
opening
that
are
talking
about
a
security
vulnerability
and
then
getting
other
people
to
work
on
the
bug
itself
or
a
patch
or
a
workaround,
and
then
the
cv
process
at
the
end.
Is
this
all
documented?
L
Hey
dems,
I
can
jump
in
real,
quick
looking
over
their
documentation.
Their
security
process
is
actually
fairly
well
defined
and
relatively
robust.
They
have
their
existing
process
on
vulnerability,
reporting
and
management.
They
don't
have
a
ton
of
details
on
the
assignment
of
bug,
fixes
and
vulnerability
fixes,
which
is
normal
for
most
projects
as
long
as
they
have
a
defined
process
and
a
way
to
report,
it
they're
good
they've
identified
the
individuals
as
well
as
their
fingerprints
associated
with
it.
B
If
you're
happy,
I'm
happy
for
sure,
let's
see
if
paulo
got
back
in,
if
you
wanted
to
add
something.
B
No,
I
don't
see
him
here
yet.
Okay
opening
the
floor
again,
any
other
questions
from
anyone.
B
Going
once
going
twice
going,
thrice!
Okay,
so
was
this
helpful?
Did
this
the
lines
of
questioning
that
you
heard
today?
Is
it
helpful
for
you
to
make
up
your
mind
and,
like
add
more
things
to
either
you
know
the
the
pr
proposal
itself
or
you
know
how
you
would
do
other
things
between
now
and
when
you
graduate.
E
The
question
is
that
a
question
for
us
yeah
yeah:
it's
definitely
some
very
good
specific
advice
and
also,
I
think,
there's
some
reasonably
clear
sort
of
areas
of
concern.
You
know,
for
instance,
dependency
risk
which
kind
of
point
to
maybe
at
least
being
able
to
write
about
those
things
and
say
you
know
here
is
the
plan.
I
think
we
have
some
there's
always
more
stuff.
E
You
can
do,
of
course,
but
yeah
certainly
lots
of
things
to
think
about,
and
maybe
some
stuff
we
can
incorporate
in
the
proposal
as
well.
G
So
and
and
my
just-
I
had
just
sent
some
text
that
I
don't
want
to
read
out
loud
yeah,
that
quote
to
that
question
after
a
short
chat
with
hida
one
of
the
other
maintainers
over
text.
So
I
hope
that's
helpful
to
those
asking
about
dependencies.
G
For
example,
you
know
controller
runtime
is
you
know,
kubernetes
controller
runtime,
ga,
it's
not,
but
kubernetes
depends
on
it
and
so
exactly
right.
B
B
Going
once
going
twice,
I
think
we
can
call
it
a
wrap
unless
okay,
so
thanks
a
lot
for
everybody
for
your
time
and
hope
we
continue
the
conversation.
I
know
you're
looking
for
a
sponsor
for
for
this
and
that
that's
the
you
know
the
biggest
ask
from
you
all.
I
think
so
amy
did
you
have
any
any
thoughts
here.
A
What
we've
done
before
in
the
past
is
like
a
sponsor
kind
of
like
shows
up
in
the
meeting
here.
I'm
not
really
seeing
that
and-
and
I
feel
like
there's
a
lot
of
like
open
questions
around
in
here.
Normally
we
would
say
come
back
and
reapply
in
six
months
which,
for
you
all,
would
be
september.
Does
that
give
you
a
long
enough
time
to
be
able
to
like
work
through
some
of
these
issues?
I
If
I
can
jump
in,
I
mean
I'd
be
interested
to
see
if
people
have
the
same
impression
of
it
being
pretty
open-ended,
because
we
feel,
especially
with
the
security
audit
and
all
the
steps
we
went
through
and
are
you
know,
we
feel
a
fairly
robust
application?
I
I
guess
I
want
to
understand.
I
mean
we.
We
would
prefer
not
to
delay
another
six
months.
You
know,
we've
put
all
these
pieces
together
and
we
have
people.
We've
had
people
sort
of
share
their
thoughts
on
sponsorship,
so
I
don't
feel
like
there's
going
to
be
a
delay
on
confirming
the
actual
person.
We've
got
quite
a
few
candidates,
so
you
know
unless
there's
some
kind
of
strong
opinion.
We
definitely
would
not
want
to
put
this
out
another
six
months.
E
Yeah,
I
would
say
one
one
thing
that
doesn't
necessarily
come
through
very
strongly
when
people
are
asking
questions
is,
is
you
know
what
what
the
stakes
are?
So
the
sort
of
you
know
question
about
dependencies,
for
instance,
are
the
stakes
that
you
know.
If
that's
a
problem,
then
no
we
have
to.
We
have
to
go
back
and
rethink,
or
is
that
just
we
need
this
information?
We
just
need
to
know
that
something
is
in
place.
You've
thought
about
it,
so
I
don't
know
how
we
can
come
by
that
information
about.
E
You
know
what
the
actual
stakes
are
with
some
of
these
questions.
Is
it
going
to
stop?
Is
it
going
to
be
like
a
veto
kind
of
situation
or
not.
B
These
are
all
questions
that
we
would
end
up
asking
when
you
start
doing
the
due
diligence
doc,
so
you
know
where
you
would
end
up
identifying.
Okay,
these
are
the
things
that
are
risks,
but
we
are
not
currently
working
on
it
on
some
of
these
specific
things,
but
other
things
we
feel
are
the
team
feels
that
it
is
something
that
they
need
to
deal
with
quickly,
so
we
are
going
to
like
pull
in
a
few
people
to
to
work
on
something.
B
So
at
this
point,
I
think
we
we
probably
have
three
people
three
liaisons
to
sig,
app
delivery,
matt
and
cornelia
and
harry.
I
think
I
would
give
them
first
whack
at
being
a
sponsor
harry.
Did
you
have
any
thoughts
here
today,
or
do
you
want
to
take
some
time
to
think
about
all
the
discussion
here.
G
B
Okay,
so
you
need
some
time
to
think
about
it.
Got
it
scott,
you
had
you,
have
your
hands
right
raised.
G
Yes,
just
on
this
on
this
one
topic,
I
think
it
one
thing
that
was
fairly
unclear
was
the
triage
process.
I
know
that
folks
are
busy
as
well.
That's
that's
another
thing,
but
it
was
not
clear
to
me.
I
I
think
when
I
had,
I
had
just
informally
asked
matt
farina,
for
example,
because
he
had
just
joined
the
doc,
and
I
guess
I
was
not
able
to
make
today,
but
but
what
he
had
transmitted
back
was
that
you
know
hey.
G
We
should
probably
stop
asking
you
folks,
you
know
and
then
totally
you
know
whatever
is
best
of
course,
but
that
he
had
mentioned
that
there
that
there
was
identified
a
gap
in
the
in
the
new
triage
process
and
at
least
in
documenting
for
for
folks
outside
of
toc.
G
You
know
like
what
what
we
can
expect
and
what
we
should
do
to
help
that,
even
if
that
means
just
backing
off,
is
there
anything
around?
You
know
real
fast
has
a
slight
interject,
a
slight
aside.
I
I
don't
know
if
there
are
any
open,
they're,
open,
amy,
I'm
not
sure.
If
they're
still
in
the
open
questions,
I
I
believe
the
only
ones
that
felt
somewhat
open
to
me
until
we
answered
them
in
text
was
the
dependencies
one
and
that's
been
fairly
well
answered.
G
The
you
know
which
which
maintainers
are.
How
broadly
are
organizations
represented-
and
I
don't
know
I
think
daniel
had
mentioned
this
twice,
but
just
as
a
just
to
make
sure
there
are
now
maintainers
from
seven
seven
seven
organizations,
including
one
an
independent
person.
So
that's
was
one
of
the
biggest
tasks
during
incubation,
and
so
so
I
think
my
last
question
around
that
with
those
caveats
is
we're.
G
Sorry
with
that
quick
interjection
is,
is:
is
there
anything
else,
yeah
anything
else
that
we
we
either
should
should
expect
differently,
or
maybe
could
do
to
help
with
that
with
that
triage
process,
or
you
know
kind
of.
Where
are
we
with
that?
Yeah.
B
Yeah,
so
you
started
off
with
the
pr
with
the
set
of
questions
that
we
asked
and
then
you
came
well
prepared
to
this
meeting
and
you
answered
all
the
questions
that
we
raised
so
now.
It
is
up
to
us
to
find
somebody
to
work
with
you
or
come
back
to
you
with
a
clear
set
of
asks.
B
If
we
want
to
change
the
date
to
come
back
so
that
that
so
you
need,
you
should
be
hearing
from
us,
hopefully
quickly.
G
Got
it
okay
and
also
just
to
be
very
transparent
about
this
there's
there's
not,
of
course
we
want
to
to
do
this
and
what
thomas
said
is
you
know?
Yes,
we
don't
want
to
to
postpone
another
six
months,
especially
because
I
don't
know
that
there's
anything
we
would
need
to
do
within
those
six
months,
except
just
keep
going
as
a
project.
I
I
think
the
main
thing.
G
The
main
reason
I'm
asking
is
not
to
put
pressure
on
anyone,
but
just
because
I
know
that
kubecon
is
coming
up
and
we
just
I
would
we
would
love
us
at
least
a
project
to
to
simply
be
prepared
to
to
do
the
right
things
if
that
were
if
that
were
the
case,
so
we're
we're
right
now
still
doing
that
kind
of
preparation,
work
just
in
case
yeah,
but
yeah,
that's
it.
Thank
you
very
much.
B
Yeah
we
hear
you
loud
and
clear.
So
personally,
you,
if
you
ask
me
to
give
you
something
to
work
on
right
away
right
now,
would
be
that
you
know
bootstrap
committee
turning
into
steering.
B
I
would
want
that
written
down
and
like
an
expiry
date
put
on
and
a
plan
published
for
everybody
to
be,
you
know
expect
what
is
coming
down
the
line
so
to
say
right,
because
that
was
kind
of
fishy
washy
a
little
bit
and
also
you
know
we
were
talking
about
the
process
for
the
flagger
coming
in,
and
you
know
there
was.
B
It
wasn't
very
clear
that
there
was
a
solid
process
that
was
written
down
that
was
followed
during
that
decision
making.
So,
from
the
governor's
point
of
view,
I
would
look
at
those
two
today.
Justin
is
not
here,
usually
justin
and
emily
tag
team
on
the
security
side
of
things.
So
you
know
we
probably
have
to
give
them
a
chance
to
ask
some
questions
on
the
on
the
pr
itself.