►
From YouTube: May 30, 2003 - Ortelius General Community Meeting
Description
Get an update from both the Ortelius Outreach and Architecture meetings. This meeting includes info on the #Emporous project, CDCON 2023, Open Source Summit 2023 and OpenSSF Days 2023.
A
The
Outreach
great
okay
today
is
May
30th,
and
this
is
the
general
community
meeting.
So
in
terms
of
Outreach,
we
are
working
on
two
things
at
the
moment.
One
is
a
CDF
Workshop
that
Sim
arranged
with
Steve,
and
the
topic
is
Simon's
topic
off
the
top
of
your
head.
A
Steve
Taylor
will
be
presenting
that
we
have
submitted
an
abstract
and
same
I,
went
ahead
and
responded
to
Roxanne
with
who
should
attend,
so
that
should
be
all
set
up
and
it's
scheduled
I
believe
for
June,
22nd
and
it'll
be
a
little
over
an
hour.
Long
and
Steve
will
go
through
the
different
tools
that
we've
been
using
with
ortilius
talk
about
how
to
implement
scorecard
and
some
other
activities
that
he
has
done
for
both
deploy.
A
Hub
and
ortilius
I'm,
also
working
on
a
joint
presentation
with
Tony
that,
where
we'll
submit
to
the
open
Group,
which
is
having
their
conference
in
Houston
in
November
and
Steve
and
I,
will
be
attending
at
the
end
of
October.
A
The
Linux
foundation's
Leadership
Summit
is
October
24th
through
the
26th
and
the
the
open
groups.
Summit
is
I,
believe
November.
There's
almost
the.
A
So
supply
chain
will
be
November,
1st
and
2nd,
so
we'll
be
flying
to
Monterey
and
then
I'll
probably
turn
around
and
fly
to
Houston
with
Tony.
So
that's
really
what's
on
the
books
so
far
we
do
have
I,
don't
believe
that
we
are
going
to
participate
in
summer
of
code
Google
summer
of
code
I'll.
A
Let
Steve
respond
to
that,
but
we
will
in
October
be
participating
in
the
digital
ocean
hackathon,
so
we've
sort
of
entered
since
May
is
done
and
we've
done
finished
our
cdcon
open
source,
Summit
and
open
ssf
days,
we're
sort
of
on
quiet
time
between
now
and
the
end
of
until
October
in
terms
of
attending
any
presentations.
A
We
usually
take
the
entire
month
of
August.
We
have
no
meetings
and
that
might
be
a
good
idea.
Maybe
we
just
do.
We
could
probably
not
do
the
community
meeting
and
just
do
the
Outreach
and
the
we
could
probably
be
doing
a
Once,
An
Outreach
meeting
once
a
month,
but
I
think
the
architecture
meetings
might
have
to
heat
up
because
we
have
a
lot
to
do
around
emporis.
A
So
let
me
look
at
the
calendar,
Tony
and
I'll
I'll
Implement
that
recommendation,
so
we
can
cut
down
on
the
meeting
times
until
we
start
again
in
October.
D
Brad
online
with
August
CD,
it
was
the
three
of
us
right,
so
Brad
is
starting
I'm,
just
letting
you
know
that
Brad
has
starting
to
engage
with
us
on
in
that
and
that
side
of
things
and
he
fixed
some
stuff
there
and
he's
gonna
have
another
session
of
this.
When
he's
got
time
that
we
couldn't
have
a
proper
session
because
he
had
to
fix
stuff
took
him
like
four
hours,
he
said.
E
Yeah
and
after
that,
the
integration
that
we
that
we
walked
upon
right
on
on
the
backstage
that
is
working,
so
we
were
like
able
to
see
all
the
services
spots
and
across
multiple
groups
in
the
backstage
environment
that
is
up
and
running
right
now,
yeah
on
the
plug-in
side,
Brad
said
like
he
would
need
a
couple
of
you
know
like
he
would.
He
would
like
identify
like
what
is
the
requirement
and
how
these
flows
work
in
artillery
side
so
that
he
can
code
Implement
those
things
in
a
similar
way.
F
And
that's
for
Argo
or
for
backstage
the
flows.
F
And
then,
on
my
side,
we've
been
trying
to
get
the
infrastructure
in
place
for
all
the
new
microservices,
so
ukarsh
and
Arvin
have
been
working
on
that,
and
so
hopefully
we'll
get
that
all
sorted
out
this
week,
we're
kind
of
moving
towards
the
direction
of
reusable
workflows
that
allow
us
to
make
changes
in
one
place
instead
of
multiple
places.
So
that's
happening
on
that
front
I.
My
to-do
list
is
still
to
go
out
and
add
the
bounties
to
the
new
issues.
F
I
just
haven't
had
a
chance
to
get
to
that
and
I
gotta
get
the
architecture
updated
as
well
so
I'm
behind
on
those
two
things
and
then,
if
anybody
is
interested,
the
Persia
project
is
looking
for
two
folks
to
be
on
the
governing
board.
F
So
if
anybody's
interested
in
that,
let
me
know
what
they're
trying
to
do
is
they're
trying
to
the
project
the
Project's
kind
of
stalled,
and
what
we
need
to
do
is
kind
of
rework
that
from
a
bootstrap
governing
board
to
an
official
governing
board
and
then
kind
of
reworked
the
code
base
on
that
front.
The
interesting
thing
is
the
there
may
be
a
a
close
fit
between
the
Persia
project
and
emporis.
F
F
Yeah,
it's
it
has
it's.
The
the
focus
will
be
around
there's
two
things,
an
artifact
repository
and
the
second
part
is
around
build
consensus,
so
basically
using
blockchain
to
drive
consensus
between
multiple
build
nodes.
G
F
F
D
F
Those
are
like
the
standing
meetings
and,
like
I,
said
the
Project's
kind
of
stalled
and
we
got
to
rework
things
and
that's
part
of
the
the
what
we
got
going
on
so
Steven
Shin
from
jfrog
reached
out
to
me
last
Friday
trying
to
restart
the
project
and
in
order
to
do
that,
we
have
to
rework
the
the
governing
board.
Part.
F
It
is,
and
so
their
idea
was
to
do
a
distributed
package.
Network.
F
It
was
one
part
of
it
and
the
second
part
was
the
bill
consensus
Network.
So
on
the
first
part
because
of
the
the
work
we've
been
doing,
with
emporis
and
I'm
porous
being
an
oci
registry
that
you
can
store
any
type
of
artifact
in.
F
F
F
You,
you
know
right
now,
there's
search
capability
capabilities
for
like
Docker
images,
but
the
work
that
Andy
and
his
team
have
done,
allows
you
to
search
and
find
like
jar
files,
for
example,
so
any
type
of
artifact.
So
that
will
be
one
of
those
things
that
we'll
be
able
to
leverage
on
that
front
and
that
was
kind
of.
If
you
look
at
some
of
the
Imports
architecture
documents
and
and
design,
they
talk
about
adding
other
artifacts
like
jars
and
npms
and
stuff
like
that
into
the
artifact
registry.
F
So
I
think
the
first
step
and
I
found
a
another
project
that
basically
on
the
oci
registry
side,
implements
ipfs
storage
driver.
So
it's.
G
F
Goaling
program
that
we
can
spin
up-
and
you
know
basically
build
this
distributed
Network
pretty
easily.
Now
there
there's
other
pieces.
So
that's
just
like
the
artifact
side
and
then
on.
The
build
side
is
where
you
take.
You
take
this
the
same
code
from
the
same
git
commit,
and
you
build
it
like
on
six
machines
to
be
able
to
come
up
with
to
say
that
you've
created
the
same
artifact
from
the
same
code,
so
basically
making
sure
that
nobody's
hacking
a
a
single
build
machine
at
that
level.
F
So
there
there's
going
to
be
some
work
on
that
front
and
then
the
the
blockchain
comes
into
play
where
all
the
build
nodes
have
to
come
to
consensus,
that
they
created
the
same
thing
and
added
to
the
blockchain,
so
that
that
piece
I
have
to
look
at
how
we
can
fit
that
together,
but
things
that,
like
on
the
build
side
when
the
builds
go
through
and
you
compile
that
package
or
create
that
image
that
artifact
that
we
should
be
able
to
add
in
like
automatic
s-bomb
generation
type
of
thing
as
part
of
that
process,
so
ortelius
would
then
be
able
to
consume
what
what
Perseus
creating
at
that
level.
F
So
there's
there's
this
things
are
weaving
together.
It's
still
a
little
bit
of
a
bit
of
it
up
in
the
air,
but
I
think
things
are.
Everybody
seems
to
be
marching
in
the
same
general
direction
here.
I.
F
So
right
now,
right
now
the
proposed
governing
board
is
going
to
be
Steven
Chin
from
jfrog
Johan
from
logdon
he's
in
Belgium
he's
one
of
the
guys
that
was
working
on
the
project,
then
myself
and
then
we're
looking
for
two
others.
So
Sasha
I'll
put
you
on
a
list
and.
F
Yeah,
so
that's
kind
of
the
the
game
plan
on
that
front
and
I
may
reach
out
to
like
Alex
or
cat
from
the
emperor
site
from
the
registry
side
to
see.
If
they
have
are
interested,
I
know
Andy's
too
busy.
So.
A
F
That's
what
I'm
thinking
I
gotta
where's.
F
I
think
it's
a
you
know
for
artillius.
We
have
a
lot
of
coding
to
do,
but
I
think
what
we've
been
doing.
The
last
couple
weeks
is
getting
the
infrastructure
in
place.
F
F
It
was
kind
of
the
goal
with
the
new
version
of
artelius,
and
then
we
can
start
adding
on
more
coding
functionality
in
the
front
end
at
that
level.
So
one
of
the
things
that
we
ended
up
doing
on
the
the
current
version
of
artillius
is
we've
kind
of
been
back
ending
in
all
the
security
stuff
and
it's
just
been
taking
much
longer.
So
if
we
can
kind
of
from
that
experience
implement
it
into
version,
11
right
off
the
bat
I
think
it'll
save
us
a
lot
of
time.
F
Probably
not
because
right
now
it's
written
in
Rust
and
it
does.
It
does
run
in
kubernetes
and
stuff
like
that.
But
I
think
that
code
we
need
to
throw
away
and
Implement
like
the
oci
registry
and
sitting
on
top
of
ipfs.
F
Yeah
and
being
able
to
you
know,
store
like
a
jar
file
or
you
know.
A
python
Library
into
the
oci
registry
is
going
to
be
one
of
the
the
keys
there
for
Persia
and
for
emporis.
F
I
don't
know
yet.
Originally
the
Persia
team
was
going
to
write
their
own
blockchain
implementation
using
I,
think
ethereum
and
a
bunch
of
rust,
lib,
P2P,
libraries
and
stuff
like
that,
and
it
just
got
overly
complicated
the
the
distribution
of
the
blocks
and
stuff
like
that.
So
that
part
is
up
in
the
air
on
how
we
can
easily
do
the
blockchain
and
get
it
distributed
across
all
the
nodes.
F
F
The
consensus
in
the
blockchain
and
distributing
the
blockchain
is
is
up
in
the
air
right
now.
I
just
haven't
had
time
since
Friday
to
to
figure
that
out
and
what
needs
to
happen
there.
F
You
know
like
when
we
on
the
ortelius
side,
when
we
talk
to
the
blockchain,
we're
just
using
it
for
more
historical
immutable,
Ledger
pieces
and
we're
not
really
worried
about.
You
know
consensus
and
stuff
like
that.
F
The
xrpl
will
kind
of
take
care
of
the
consensus
behind
the
scenes
for
us
from
what
I've
seen
you
know
like
in
your
the
work
that
you've
done
in
cars,
but
I
have
to
look
at
if
xrpl
could
be
used
for
Persia
as
well.
Here's
one
of
the
interesting
things
with
xrpl
is
it's
based
on
proof
of
consensus,
instead
of
like
proof
of
stake
or
all
any
of
the
other
ones.
C
F
F
It's
it
you're
you're
talking
at
least
a
year
or
two
to
get
anywhere
close
to
being
able
to
to
write
decent
code
in
it.
It's
a
funky
language.
C
F
Yes,
it
sure
just
well
what
what
will
happen
on
the
the
Dependable
side
is,
it
should
create
a
PR
and
then
you
go
and
approve
and
merge
the
pr
and
that
would
go
ahead
and
kick
off
a
new
build
of
the
docker
images
and
those
Docker
images
will
have
their
corresponding
Helm
charts
and
the
helm
charts
actually
get
published
as
a
release.
So
that
is
correct,
so
it's
actually
the
helm
Tarts,
because
the
home
chart
actually
has
the
Val
the
the
the
build
tag
inside
of
it.
F
So
that's
how
we
tie
all
the
helm.
Charts
in
the
images
together
is
through
the
the
release.
Now
one
when
that
that
a
a
microservice
finishes,
building
and
the
home
charts
are
updated.
We
actually
go
back
up
and
update
the
the
the
parent
home
charts
accordingly.
So
we
do
get
a
lot
of
releases
but
they're
they're,
technically
correct,
because
if
let's
say
you
have
a
one
of
the
dependent
Bots
doesn't
go
through
correctly
and
the
build
fails.
F
The
parent
chart
will
reflect
the
current
state
of
what
we
can
release.
So,
even
though
we
end
up
with
a
lot
of
releases,
they're
all
potential
candidates
to
be
to
be
runnable
at
that
point,.
G
F
Yeah,
it's
it's
just
the
nature
of
how
the
microservices
are
are
kind
of
put
together
and
what
we'll
need
to
do
is
when
you,
when
you
go
and
deploy
something.
Let's
say
we
deploy
a.
We
pick
a
a
home
chart,
a
version
of
the
parent
chart
to
deploy
that
gets
deployed
and
then
on.
On
the
back
end
side
from
the
cluster
side,
we
went
on
to
no
recognize
that
these
components
were
deployed,
and
this
is
the
version
of
the
application
that
was
actually
released.
F
So
the
there's
some
stuff
that
we
need
to
to
kind
of
cross-reference
on
the
deployment
side
right
now,
we're
really
not
deploying
anything
anywhere
yet
and
hopefully,
with
Brad's
changes
to
Argo.
That
will
be
able
to
get
some
automated
deployments
over
to
Azure
in
place
because
we
have
all
the
Automation
in
place
to
where
we
create
the
parent
Helm
chart
and
all
that
stuff
and
all
those
releases
it
goes
out
to
artifact
Hub
and
everything
looks
good
on
that
front.
F
B
So
Steve
just
a
final
question
from
my
side:
I
I
want.
We
have
to
present
our
amorphous
stuff
into
sixth
over
one
of
the
six
door
call.
So
if
I,
if
I
plan
this
up
like
if
I
try
to
set
some
talk
with
the
six-store
community,
so
I
want
to
pres,
we
can
jump
this
amorphous
stuff
into
some
of
their
Community
call.
I
think
it's
currently
happening
it
at
10,
A.M,
Pacific,
Time,
on
Wednesday.
F
Yeah
I,
don't
I,
we
we
haven't
implemented
any
anything
with
Sig
store.
Yet
so
I
can't
really
talk
about
what
how
that
whole.
You
know
what
we're
doing
with
Sig
store
and
any
of
that
at
this
point.
So
that
is
one
of
the
things
that
we
need
to
enable
in
our
devops
pipeline
is
when
we
do
our
Docker
builds
and
our
home
charts
that
they
actually
get
signed
with
cosine,
but
we're
not
quite
there
yet
there's
some
Key
Management
that
we
need
to
figure
out
on
that
front.
B
F
F
So
we
are
actually
signing
our
home
charts,
but
with
gpg
keys
and
not
like
cosine
at
this
point,
so
that's
just
because
the
helm
command
line
doesn't
do.
It
only
is
using
gpg
keys,
so
I
I,
it's
too
early
to
say,
Sim
on
how
things
are
going
to
be
able
to
fit
together
with
Sig
store
and
cosine.
B
I
think
like
I
think
it
would
be
a
valuable
effort
if,
if
they
Morpher
somehow
integrate
with
some
of
the
functionality
with
six
store
tooling,
the
reason
I'm
saying
is
because
the
six
door,
tooling
is
integrated
very
well
with
policy
engines
like
Ivano,
and
then
flux
is
also
integrating
with
six
store
tooling.
By
signing
the
oci
artifact,
if
amorphous
become
a
part
of
it,
I
think
it
would
be.
It
I
think
this
gave
us
a
lot
of
opportunity
to
go
on
different
places
as
well,
so
that
is
currently
my
thinking
is
so
we
have.
B
B
So
I
think
there's
some
of
the
stuff
is
already
been
happening,
but
this
is
the
announcement
from
Ms
Builder.
The
Azure
has
this
concept
called
Azure
confidential
containers
or
Azure
confidential
Computing
Azure
confidential
Computing.
They
announced
in
Ms
build
and
this
product
is
actually
being
developed
by
red
hat
and
Alibaba.
I
guess
and
there
is
a
company
called
who
is
actually
developing.
This
Tool
is
very
difficult
to
pronounce
his
company's
name
but
I
think
it's
called
province.
B
So
I
think
the
these
two
things
you
have
to
take
into
the
considered
relation
seriously
number
one
to
have
integration
with
the
confidential
containers
and
plus
for
six
totaling
I
think
six
store
stooling
is
must
for
us.
Yes,.
F
So
what
ends
up
happening
is
the
because
the
we're
talking
to
an
oci
registry
basically
is
what
emporis
is
doing.
Is.
Is
it's
this
really
isn't
an
oci
registry
itself?
It's
being
is
this
the
search
capabilities
for
an
oci
registry?
F
So
if
there's
an
oci
registry
out
there
and
the
spec
has
been
updated
to
handle
associating
the
signing
to
the
artifact,
that's
where
so,
somebody
else
has
to
do
that
and
then
we'll
be
the
the
the
consumer
of
it.
So,
for
example,
build
kit
allows
you
to
when
you
do,
a
Docker
built
like
Docker,
build
X
will
enable
you
can
enable
Flags
to
do
signing
and
acceptations,
and
that
information
produces
a
bunch
of
other
files
that
we
need.
F
That
need
to
be
that
eventually
end
up
in
the
oci
registry
and
then
for
us,
it's
just
a
cross
reference
to
to
those.
So
it'll
actually
be
more
of
an
ortillas
thing
than
an
imporce
thing,
and
we
have
that
in
the
spec
kind
of
in
our
design,
to
track
the
signatures
and
being
able
to.
We
have
a
couple
microservices
that
will,
you
can
say,
validate.
F
We
have
a
validation
microservice,
for
example,
that
would
take
the
information
that
we
have
about
the
the
signing
and
go
and
actually
do
the
the
verification
with
the
the
keys
and
everything
to
say
yes,
this.
This
thing
that
you
are
referring
to
is
signed
and
we
validated
the
keys
on
the
back
end.
So
so
that
part
is
there.
B
I'm,
just
getting
one
more
thing:
Steve
the
chain
guard
company
actually
recently
announced
I.
Think
two
three
days
ago,
the
container
image
registry
for
chain
guard
images.
F
Right
yeah,
they
we
use
those
in
in
our
stuff.
B
Yes,
absolutely
absolutely
like
I
think
we
can
talk
more
on
the
Discord
as
well,
but
I'm.
Thinking
like
we
have
to
integrate
ourselves
with
some
of
the
most
used
Tooling
in
the
either
on
the
supply
chain.
Security
side
so
from
as
far
as
I
know,
I
might
be
wrong,
but
the
way
I
see
the
community
is
building
and
the
stuff
is
happening
is
more
and
more
tooling
is
actually
integrating
with
six
door.
B
Two
link,
so
amorphous
can
give
us
opportunity
to
present
ourselves
in
more
Central
stage
around
supply
chain
security,
but
I
think
we
need
to
find
how
we
can
integrate
some
of
their
stuff
or
how
we
can
actually
end
up
in
a
position
that
we
can
convince
them
to
use
our
stuff
in
their
tooling
as
well.
I
think
there
is
two
roadmap
you
can
follow,
but
there's
a
potential
of
being
in
this
ecosystem.