►
From YouTube: May 30, 2003 - Ortelius General Community Meeting
Description
Get an update from both the Ortelius Outreach and Architecture meetings. This meeting includes info on the #Emporous project, CDCON 2023, Open Source Summit 2023 and OpenSSF Days 2023.
A
A
Steve
Taylor
will
be
presenting
that
we
have
submitted
an
abstract
and
same
I,
went
ahead
and
responded
to
Roxanne
with
who
should
attend,
so
that
should
be
all
set
up
and
it's
scheduled
I
believe
for
June,
22nd
and
it'll
be
a
little
over
an
hour.
Long
and
Steve
will
go
through
the
different
tools
that
we've
been
using
with
ortilius
talk
about
how
to
implement
scorecard
and
some
other
activities
that
he
has
done
for
both
deploy.
A
A
A
We
usually
take
the
entire
month
of
August.
We
have
no
meetings
and
that
might
be
a
good
idea.
Maybe
we
just
do.
We
could
probably
not
do
the
community
meeting
and
just
do
the
Outreach
and
the
we
could
probably
be
doing
a
Once,
An
Outreach
meeting
once
a
month,
but
I
think
the
architecture
meetings
might
have
to
heat
up
because
we
have
a
lot
to
do
around
emporis.
D
Brad
online
with
August
CD,
it
was
the
three
of
us
right,
so
Brad
is
starting
I'm,
just
letting
you
know
that
Brad
has
starting
to
engage
with
us
on
in
that
and
that
side
of
things
and
he
fixed
some
stuff
there
and
he's
gonna
have
another
session
of
this.
When
he's
got
time
that
we
couldn't
have
a
proper
session
because
he
had
to
fix
stuff
took
him
like
four
hours,
he
said.
E
Yeah
and
after
that,
the
integration
that
we
that
we
walked
upon
right
on
on
the
backstage
that
is
working,
so
we
were
like
able
to
see
all
the
services
spots
and
across
multiple
groups
in
the
backstage
environment
that
is
up
and
running
right
now,
yeah
on
the
plug-in
side,
Brad
said
like
he
would
need
a
couple
of
you
know
like
he
would.
He
would
like
identify
like
what
is
the
requirement
and
how
these
flows
work
in
artillery
side
so
that
he
can
code
Implement
those
things
in
a
similar
way.
F
And
then,
on
my
side,
we've
been
trying
to
get
the
infrastructure
in
place
for
all
the
new
microservices,
so
ukarsh
and
Arvin
have
been
working
on
that,
and
so
hopefully
we'll
get
that
all
sorted
out
this
week,
we're
kind
of
moving
towards
the
direction
of
reusable
workflows
that
allow
us
to
make
changes
in
one
place
instead
of
multiple
places.
So
that's
happening
on
that
front
I.
My
to-do
list
is
still
to
go
out
and
add
the
bounties
to
the
new
issues.
F
So
if
anybody's
interested
in
that,
let
me
know
what
they're
trying
to
do
is
they're
trying
to
the
project
the
Project's
kind
of
stalled,
and
what
we
need
to
do
is
kind
of
rework
that
from
a
bootstrap
governing
board
to
an
official
governing
board
and
then
kind
of
reworked
the
code
base
on
that
front.
The
interesting
thing
is
the
there
may
be
a
a
close
fit
between
the
Persia
project
and
emporis.
F
F
F
G
F
F
D
F
Those
are
like
the
standing
meetings
and,
like
I,
said
the
Project's
kind
of
stalled
and
we
got
to
rework
things
and
that's
part
of
the
the
what
we
got
going
on
so
Steven
Shin
from
jfrog
reached
out
to
me
last
Friday
trying
to
restart
the
project
and
in
order
to
do
that,
we
have
to
rework
the
the
governing
board.
Part.
D
F
F
F
You,
you
know
right
now,
there's
search
capability
capabilities
for
like
Docker
images,
but
the
work
that
Andy
and
his
team
have
done,
allows
you
to
search
and
find
like
jar
files,
for
example,
so
any
type
of
artifact.
So
that
will
be
one
of
those
things
that
we'll
be
able
to
leverage
on
that
front
and
that
was
kind
of.
If
you
look
at
some
of
the
Imports
architecture
documents
and
and
design,
they
talk
about
adding
other
artifacts
like
jars
and
npms
and
stuff
like
that
into
the
artifact
registry.
F
G
F
Goaling
program
that
we
can
spin
up-
and
you
know
basically
build
this
distributed
Network
pretty
easily.
Now
there
there's
other
pieces.
So
that's
just
like
the
artifact
side
and
then
on.
The
build
side
is
where
you
take.
You
take
this
the
same
code
from
the
same
git
commit,
and
you
build
it
like
on
six
machines
to
be
able
to
come
up
with
to
say
that
you've
created
the
same
artifact
from
the
same
code,
so
basically
making
sure
that
nobody's
hacking
a
a
single
build
machine
at
that
level.
F
F
F
A
F
F
F
F
It
was
kind
of
the
goal
with
the
new
version
of
artelius,
and
then
we
can
start
adding
on
more
coding
functionality
in
the
front
end
at
that
level.
So
one
of
the
things
that
we
ended
up
doing
on
the
the
current
version
of
artillius
is
we've
kind
of
been
back
ending
in
all
the
security
stuff
and
it's
just
been
taking
much
longer.
So
if
we
can
kind
of
from
that
experience
implement
it
into
version,
11
right
off
the
bat
I
think
it'll
save
us
a
lot
of
time.
F
F
F
I
don't
know
yet.
Originally
the
Persia
team
was
going
to
write
their
own
blockchain
implementation
using
I,
think
ethereum
and
a
bunch
of
rust,
lib,
P2P,
libraries
and
stuff
like
that,
and
it
just
got
overly
complicated
the
the
distribution
of
the
blocks
and
stuff
like
that.
So
that
part
is
up
in
the
air
on
how
we
can
easily
do
the
blockchain
and
get
it
distributed
across
all
the
nodes.
F
F
F
F
The
xrpl
will
kind
of
take
care
of
the
consensus
behind
the
scenes
for
us
from
what
I've
seen
you
know
like
in
your
the
work
that
you've
done
in
cars,
but
I
have
to
look
at
if
xrpl
could
be
used
for
Persia
as
well.
Here's
one
of
the
interesting
things
with
xrpl
is
it's
based
on
proof
of
consensus,
instead
of
like
proof
of
stake
or
all
any
of
the
other
ones.
C
F
F
C
F
Yes,
it
sure
just
well
what
what
will
happen
on
the
the
Dependable
side
is,
it
should
create
a
PR
and
then
you
go
and
approve
and
merge
the
pr
and
that
would
go
ahead
and
kick
off
a
new
build
of
the
docker
images
and
those
Docker
images
will
have
their
corresponding
Helm
charts
and
the
helm
charts
actually
get
published
as
a
release.
So
that
is
correct,
so
it's
actually
the
helm
Tarts,
because
the
home
chart
actually
has
the
Val
the
the
the
build
tag
inside
of
it.
F
So
that's
how
we
tie
all
the
helm.
Charts
in
the
images
together
is
through
the
the
release.
Now
one
when
that
that
a
a
microservice
finishes,
building
and
the
home
charts
are
updated.
We
actually
go
back
up
and
update
the
the
the
parent
home
charts
accordingly.
So
we
do
get
a
lot
of
releases
but
they're
they're,
technically
correct,
because
if
let's
say
you
have
a
one
of
the
dependent
Bots
doesn't
go
through
correctly
and
the
build
fails.
F
G
F
Yeah,
it's
it's
just
the
nature
of
how
the
microservices
are
are
kind
of
put
together
and
what
we'll
need
to
do
is
when
you,
when
you
go
and
deploy
something.
Let's
say
we
deploy
a.
We
pick
a
a
home
chart,
a
version
of
the
parent
chart
to
deploy
that
gets
deployed
and
then
on.
On
the
back
end
side
from
the
cluster
side,
we
went
on
to
no
recognize
that
these
components
were
deployed,
and
this
is
the
version
of
the
application
that
was
actually
released.
F
So
the
there's
some
stuff
that
we
need
to
to
kind
of
cross-reference
on
the
deployment
side
right
now,
we're
really
not
deploying
anything
anywhere
yet
and
hopefully,
with
Brad's
changes
to
Argo.
That
will
be
able
to
get
some
automated
deployments
over
to
Azure
in
place
because
we
have
all
the
Automation
in
place
to
where
we
create
the
parent
Helm
chart
and
all
that
stuff
and
all
those
releases
it
goes
out
to
artifact
Hub
and
everything
looks
good
on
that
front.
B
So
Steve
just
a
final
question
from
my
side:
I
I
want.
We
have
to
present
our
amorphous
stuff
into
sixth
over
one
of
the
six
door
call.
So
if
I,
if
I
plan
this
up
like
if
I
try
to
set
some
talk
with
the
six-store
community,
so
I
want
to
pres,
we
can
jump
this
amorphous
stuff
into
some
of
their
Community
call.
I
think
it's
currently
happening
it
at
10,
A.M,
Pacific,
Time,
on
Wednesday.
F
Yeah
I,
don't
I,
we
we
haven't
implemented
any
anything
with
Sig
store.
Yet
so
I
can't
really
talk
about
what
how
that
whole.
You
know
what
we're
doing
with
Sig
store
and
any
of
that
at
this
point.
So
that
is
one
of
the
things
that
we
need
to
enable
in
our
devops
pipeline
is
when
we
do
our
Docker
builds
and
our
home
charts
that
they
actually
get
signed
with
cosine,
but
we're
not
quite
there
yet
there's
some
Key
Management
that
we
need
to
figure
out
on
that
front.
F
B
F
B
I
think
like
I
think
it
would
be
a
valuable
effort
if,
if
they
Morpher
somehow
integrate
with
some
of
the
functionality
with
six
store
tooling,
the
reason
I'm
saying
is
because
the
six
door,
tooling
is
integrated
very
well
with
policy
engines
like
Ivano,
and
then
flux
is
also
integrating
with
six
store
tooling.
By
signing
the
oci
artifact,
if
amorphous
become
a
part
of
it,
I
think
it
would
be.
It
I
think
this
gave
us
a
lot
of
opportunity
to
go
on
different
places
as
well,
so
that
is
currently
my
thinking
is
so
we
have.
B
B
So
I
think
there's
some
of
the
stuff
is
already
been
happening,
but
this
is
the
announcement
from
Ms
Builder.
The
Azure
has
this
concept
called
Azure
confidential
containers
or
Azure
confidential
Computing
Azure
confidential
Computing.
They
announced
in
Ms
build
and
this
product
is
actually
being
developed
by
red
hat
and
Alibaba.
I
guess
and
there
is
a
company
called
who
is
actually
developing.
This
Tool
is
very
difficult
to
pronounce
his
company's
name
but
I
think
it's
called
province.
B
F
F
So
if
there's
an
oci
registry
out
there
and
the
spec
has
been
updated
to
handle
associating
the
signing
to
the
artifact,
that's
where
so,
somebody
else
has
to
do
that
and
then
we'll
be
the
the
the
consumer
of
it.
So,
for
example,
build
kit
allows
you
to
when
you
do,
a
Docker
built
like
Docker,
build
X
will
enable
you
can
enable
Flags
to
do
signing
and
acceptations,
and
that
information
produces
a
bunch
of
other
files
that
we
need.
F
That
need
to
be
that
eventually
end
up
in
the
oci
registry
and
then
for
us,
it's
just
a
cross
reference
to
to
those.
So
it'll
actually
be
more
of
an
ortillas
thing
than
an
imporce
thing,
and
we
have
that
in
the
spec
kind
of
in
our
design,
to
track
the
signatures
and
being
able
to.
We
have
a
couple
microservices
that
will,
you
can
say,
validate.
F
We
have
a
validation
microservice,
for
example,
that
would
take
the
information
that
we
have
about
the
the
signing
and
go
and
actually
do
the
the
verification
with
the
the
keys
and
everything
to
say
yes,
this.
This
thing
that
you
are
referring
to
is
signed
and
we
validated
the
keys
on
the
back
end.
So
so
that
part
is
there.
B
B
Yes,
absolutely
absolutely
like
I
think
we
can
talk
more
on
the
Discord
as
well,
but
I'm.
Thinking
like
we
have
to
integrate
ourselves
with
some
of
the
most
used
Tooling
in
the
either
on
the
supply
chain.
Security
side
so
from
as
far
as
I
know,
I
might
be
wrong,
but
the
way
I
see
the
community
is
building
and
the
stuff
is
happening
is
more
and
more
tooling
is
actually
integrating
with
six
door.
B
Two
link,
so
amorphous
can
give
us
opportunity
to
present
ourselves
in
more
Central
stage
around
supply
chain
security,
but
I
think
we
need
to
find
how
we
can
integrate
some
of
their
stuff
or
how
we
can
actually
end
up
in
a
position
that
we
can
convince
them
to
use
our
stuff
in
their
tooling
as
well.
I
think
there
is
two
roadmap
you
can
follow,
but
there's
a
potential
of
being
in
this
ecosystem.