►
From YouTube: CD Foundation TOC Meeting - June 6, 2023
Description
For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/
A
B
But
then
it's
easy
enough
for
us
to
to
boot.
It
yeah
exactly
eject
it
from
it's.
There
I've
I've
seen
it
in
other
cases
where
people
use
it
as
a
way
to
do
audio
to
video
or
audio
recording.
But
it's
easy
to
just
say:
I
see
somebody
who's
running.
The
meeting
can
eject
them,
so
Andre
I,
assume
that
would
have
to
be
you.
C
C
Okay,
it's
four
past:
it's
probably
a
good
time
to
get
started.
Hopefully
you
can
hear
me
and
see
my
screen
and
yeah.
Okay,
so
welcome
everyone
to
this
evening.
C
C
Agenda
but
yeah,
so
as
a
updates,
the
nomination
period
ended
on
Monday
June
14th,
so
we
received
candidates
from
five
other
projects.
City
Event
series.
C
Thank
you.
Thank
you.
Next,
chief
writing.
Persia,
yes
and
I
see
a
question
there
and
they
wanted
to
be
like
up.
So
there
is
a
comment
from
Oleg
to
propose
mark,
but
there's
no
actual
nomination
there
in
the
issue.
Yes,
so
it's
not
clear
to
me
what
was
intention.
It
was
just
a
misunderstanding.
Miscommunication
and
what's
happened
here.
It
was
intention
anymore.
C
B
Well-
and
that
may
have
been
the
intention
but
I
think
as
As
a
matter
of
fairness
and
the
rules.
If
nominations
have
closed
June
5th,
then
then
that
proposed
nomination
is
not
a
nomination,
so
so
I
think
I
think
it's
we
just
have
to
say:
Okay
it'll
have
to
wait
till
next
year
before
I
can
be
nominated.
E
B
B
C
E
Yes,
so
the
intent
was
to
nominate.
We
got
three
votes
in
the
mailing
list,
I
believe
plus
some
discussions
in
the
chat.
What
blocked
us
I
believe
that
yeah
last
week
there
should
have
been
a
governance
meeting
where
you
would
have
signed
it
off,
but
here
there
was
no
meeting,
at
least
in
my
calendar
and
I
guess
we
diverted.
Basically,
we
just
fell
between
the
cracks
right.
E
So,
in
my
opinion,
from
the
community
size,
we
don't
have
a
strong
consensus,
but
we
definitely
have
the
majority
of
the
government
Imports
supported
that
idea.
So
I
think
that
we
could
proceed
with
Mark's
nomination.
I.
Think
I
should
apologize
for
that,
because
I
should
have
identified
that
we
have
a
formal
vote
until
the
deadline.
E
We
don't
have
too
many
eliminations
anyway,
so
I
think
it
would
be
reasonable
to
press
it.
C
C
So
we
we
do
have
nominations
for
not
all
of
the
project,
though
so,
but
but
I
don't
see
any
one
opposed,
but
I
don't
know
if
people
think
we
need
to
all
the
formal
votes.
Otherwise,
I
think
for
me,
because
it's
like
specifying.
D
Yeah,
if
we
need
a
motion,
I
can
do
that
just
to
make
it
formal
for
the
meeting
minutes
so
I
motion
that
we
accept
the
nomination
for
Mark,
based
on
the
intent
listed
in
the
get
issue.
C
Thanks
even
Lisa,
so
that's
very
built
on
that
than
any
one
in
favor
please
a
year.
A
C
E
Upstanding
remote,
well
I
kind
of
abstained
representative.
C
Okay,
so
would
you
be
in
a
position
then,
to
submit
the
illumination
to
the
issue
today.
B
B
C
Okay,
so
thanks
everyone,
so
we
then
one
next
random
mini,
so
we
didn't
receive.
Unfortunately,
Academy.
C
H
Yeah
I
can
quickly
introduce
topic.
You
know
there
has
been
discussions
within
to
see
I.
Think
last
part
of
last
year
around
having
Vice
chair
Deputy,
chair
culture
set
up
for
the
technology.
To
help
with
the
concert
committee
is
and
then
I
believe
Tracy,
you
wrote
the
wording
for
the
close
7f
and
we
work
with
the
legal
LF
legal
I
believe
we
took
it,
as
is
maybe
legal
made.
C
Great
thanks,
fancy
I
guess
the
question
to
the
group
is,
then:
when
do
we
want
to
help
the
election?
C
C
Okay
sounds
like
to
know:
okay,
so
I'll
I
create
an
issue
that
we
can
follow
up
once
this
election
is
finished
to
start
the
other
elections,
foreign.
C
C
C
I'm
not
sure
if
there
are
members
from
the
different
sponsor
from
the
different
they
want
to
provide
some
updates
on
this
one
perspective,
interest
group
or
any
other
proposal
are
we.
We
run
this.
F
G
What
we
went
about
because
it
it
is,
it's
not
a
CDF
Sig,
but
it
is
touching
a
cncf
Sig,
which
is
the
artifact
Sig.
D
Yes,
so
the
quick
update
on
that
is,
they
are
in
the
process
of
forming
an
official
artifact,
Sig
governance
stocks
and
there's
been
folks
from
artillius
emporis.
G
D
Interesting,
how
there's
crossover
between
all
the
the
different
foundations.
G
D
And
they're
they're
looking
at
mainly
oci
registry
standards
so
and
how
they
can
expand
the
use
of
oci,
so
that
definitely
is
going
to
come
into
play
with
on
the
pipeline
side.
When
you
do
when
you
publish
artifacts
and
consume
artifacts,
this
is
going
to
come
into
play.
C
Yeah,
that
seems
very
right
about
also
for,
like
a
good
form
to
to
bring
up
City
events
and
interoperability,
and
thanks.
F
F
We
lost
one
of
our
chairs,
I'm,
currently
still
co-chairing
that
Justin
Abrams
stepped
down,
and
we
started
an
election
for
another
chair
and
I
nominated
to
DC
he's
pretty
engaged
with
this
sig
as
well.
So
in
our
next
meeting,
we'll
consider
all
nominations
and
move
forward
with
that
to
get
a
second
co-chair.
But
at
our
last
meeting
we
discussed
you
know
what
we
need
to
do
to
get
more
engagement
and
although
we
have
our
mailing
list,
our
mailing
list
is
for
people
who
already
know
about
us.
F
So
we're
considering
you
know
what
to
do
to
basically
Market
the
Sig
outside
of
the
existing
community
and
draw
some
more
folks
in.
So
we
discussed
some
ideas
around
that
at
the
last
meeting,
and
then
we
have
a
plan
to
basically
reintroduce
the
Sig,
because
there
were
quite
a
few
that
started
in
the
beginning
that
have
dropped
off
and
I
kind
of
think.
We
need
a
revamp
and
a
reintroduction.
F
We
do
understand.
There's
going
to
be
vacations
and
stuff
this
summer
we
usually
take
some
time
off,
so
we
discussed
targeting
August
3rd
for
a
relaunch
of
the
interoperability
Sig
involved
in
that
we
have
a
white
paper
that
is
in
progress,
and
we
have
a
few
names
of
people
that
we
want
to
get
engaged
in
that
and
to
be
able
to
communicate
that
process
that
those
updates
over
the
mailing
list-
yeah
I,
think
that's
about
it.
For
that.
F
That
is
one
topic
we'd
like
to
discuss
another
one
is
visualizations
among
all
of
the
components
of
a
delivery
process,
and
then
we
want
more
engagement
from
the
community
on
what
others
might
care
about.
So
that's
our
goal
with
trying
to
get
more
engaged.
F
F
I
think
their
last
meeting
was
in
March
and
have
not
had
one
since
so
I
contacted
the
chairs
of
that
Sig
and
both
of
them
told
me
that
the
Sig
seemed
to
have
moved
in
a
direction
that
neither
of
them
were
interested
in
going
so
they
both
you
know,
did
some
re-prioritization
and
decided
that
it
might
be
time
to
get
new
leadership
for
that
Sig.
We
might
be
in
a
position
where
we
need
to
relaunch
that
one
as
well.
If
they're
still
interest
in
the
community.
F
Something
I'd
like
to
do
is:
go
through.
You
know
their
meeting
notes
go
through
some
of
their
meetings
and
see
what
what
changed
I
know
the
whole
industry
kind
of
is
under
pressure
for
reducing
obligations
and
re-prioritizing,
so
that
might
be
some
of
it,
but
it
seemed
like
there
were
a
lot
of
topics
that
were
still
pretty
interesting.
That
were
being
discussed,
so
I
would
hate
to
see
us.
You
know
just
put
this
thing
aside.
I
think
we
should
at
least
try
to
revive
it.
If
we
can.
E
But
it's
also
rather
dormant
at
the
moment,
but
so
was
Alex
Jones
and
other
yeah.
The
name
of
other
technical
leads
that
they
were
interested
in
collaborating
in
the
CDF.
First
time
we
met,
so
maybe
it
could
be
actually
a
way
to
match
two
or
three
active
seats.
Well,
not
so
active
six
to
one
active.
D
And
I'm
wondering
if
the
that
we'll
need
to
look
into
us
but
I
wonder
if
a
game
plan
would
be
to
get
the
people
that
are
still
participating
in
the
this
supply
chain,
Sig
to
have
them
go
and
move
over
to
the
other
organ
other
foundations,
supply
chain,
cigs
and
kind
of
just
pull
things
back
to
us
from
those
other
organizations
and
kind
of
like
I.
Don't
know
if
disband
this
one,
but
you
know
kind
of
I,
don't
know,
maybe
shrink
it.
I,
don't
know
what
the
exact
word
would
be.
G
Well,
I
think
the
most
logical
thing
to
do-
and
this
is
I'll-
have
this
discussion
again
when
we
get
to
the
next
topic
under
the
open
ssf.
But
it
feels
to
me
like
we
need
representation
in
the
open
ssf
and
we
need
representation
in
cncf.
The
cncf
just
wrote
their
what
they
call
it.
The
secure
software
Factory
white
paper,
I,
don't
know
if
anybody
from
our
supply
chain
was
involved
in
that,
but
maybe
what
the
way
we
we
re
invigorate.
G
This
is
we've
that
supply
chain
group
should
be
co-mingling
with
both
the
cncf
and
the
openssf
projects,
as
opposed
to
trying
to
start
their
own,
and
then
we
would.
They
would
be
able
to
continue
making
sure
that
we
are
part
of
the
conversation,
because
in
what's
what
I'm,
seeing
in
both
the
cncf
and
the
open
ssf,
the
CDF
has
not
even
remembered.
G
C
Well,
I
I
was
going
to
say
that
I
think
it's
a.
It
will
still
be
worth
what
Melissa
was
mentioning
to
go
through
the
topics
that
the
supply
chain
working
group
is
working
on
so
that
at
least
we
have
an
idea
of
what
the
topics
are,
and
we
want
to
talk
to
other
groups
see
if
those
topics
could
be
of
interest.
Those
groups,
because
I
think
the
the
openness
is.
C
Might
be
specifically
looking
at
things
from
a
security
department
of
view,
I'm
not
sure.
That's.
D
G
Yes,
they
have
a
kind
of
a
view
that
they
must
be
smartly
opinionated
and
very
accurately
Define.
What
tools
you
should
use
in
the
process.
D
H
Maybe
if
I
can
add
something
to
this,
because
I
was
a
person
proposed
the
software
supply
chain,
six
I
think
it
was
January
2012
and
then,
after
changing
employment,
I
had
to
step
down
end
of
last
year.
The
reason
why
we
proposed
this
sick
last
year
was
exactly
what
Tracy
Steve
you
were
talking
about.
Like
you
know,
cncf
talks
about
security,
cicd
comes
up
during
their
conversations.
H
Open
SF
talks
about
security,
icicd
comes
up
as
part
of
their
conversations,
but
what
I
felt
at
that
point
in
time
to
get
with
few
others
was
that
there
wasn't
enough
focusing
on
cicd
aspects
of
software
supply
chain
security
like
if
you
look
at
Optimus
self
efforts
around.
You
know
different
phases
within
a
typical
pipeline.
H
If
we
look
at
the
version
two,
we
made
some
contributions
there
around
Apple
made
are,
and
we
had
been
working
with
Mike
liberman
and
others
around
the
Fresca,
which
is
like,
which
was
like
software
figure
software
Factory.
So
that
was
the
history
of
the
Sig.
It
wasn't
to
duplicate
their
first
steps.
The
other
communities
and
contributors
are
putting
it
in
openness
of
our
own
CNC,
but
take
part
in
the
conversations
and
Elevate
CDF
to
become
you
know
part
of
those
conversations.
Well,
that
was
the
intention,
not
the
application,
but
just
fill
the
missing
pieces.
G
And
I
feel
like
that.
That
could
be
continue
to
be
the
focus
of
that
group.
But
to
do
so,
they
need
to
that
group
really
has
to
start
co-mingling
with
both
the
cncf
in
their
in
their
supply
chain
efforts
and
the
especially
the
open,
ssf.
D
I
know
it's
a
lot
of
extra
work,
but
it
could
could
could
help
bridge
the
gap
that
we're
running
into
or.
G
It's
at
the
bottom
you
know,
I
have
worked
on.
The
events
of
working
group
is
Andrea
and
Amanda
from
the
very
beginning,
I've
kind
of
been
their
their
their
Champion
when
I
look
at
what
the
open
ssf
is
trying
to
do
in
their
Sterling
tool
tool
chain
are
now
what
they're
calling
their.
What
was
it
just
recently,
the
security
tool
belt
it
is
in
direct.
G
The
message
is
exactly
opposite
from
what
we're
trying
to
to
to
build
in
terms
of
the
events.
I
have
brought
up
in
the
open,
ssf
tool
belt.
I
have
brought
up
events,
and
there
are
people
who
are
very
interested
in
it.
G
We
recently
put
together.
Everybody
should
know
this.
This.
The
events
team
put
together
a
white
paper
for
cdcon.
That
white
paper
is
out.
There
I've
been
pushing
it
out
socially
networking
it
wherever
I.
Can
we
really
need
to
get
the
word
out
about
events
from
from
the
perspective
of
what
is
the
CDF
really
really
focused
on?
G
What
are
we
really
really
trying
to
solve
and
that
interoperability
issue
is
impacting
now
the
open
ssf,
which
is
why
they're
saying
well
we're
just
going
to
build
a
big,
tent
and
suggest
certain
tools,
so
we
don't
have
to
deal
with
interoperability,
I
and
there's
there's
funds
available
within
the
open
ssf,
including
funds
around
Alpha
Omega
project,
which
one
in
the
alpha
major
Omega
project.
G
The
effort
is
to
standardize
open
source
Tools
around
a
certain
that
basically
the
tool
belt,
and
then
everybody
else
has
to
follow
that
kind
of
model,
the
Omega
side
of
the
house.
This
is
a
place
where
we
really
could
create
the
CD
events
process
and
use
them
as
our
adopter
and
that's
I
really
believe.
That's
what
we
should
focus
on
I,
don't
know
how
to
go
about
doing
it.
G
The
only
thing
I
can
say
is
I
keep
talking
about
it,
but
if
we
look
at
why
why
we
exist,
we
exist
to
make
the
CD
process
better
and
faster
and
more
secure.
That's
what
we've
said
for
from
the
very
beginning.
Cd
events
does
that
that's
our
way
of
getting
there
and
the
team
has
made
some
really
great
progress
on
vocabulary.
Testing
vocabularies
is
pretty
complete.
G
The
Cube
shop
folks
are
going
to
be
doing
a
CDF
online
Meetup
and
we're
also
working
on
a
a
Blog
on
testing
events
with
the
folks
in
cute
shop.
So
that
is
the
name
right,
Cube
shop
and
test
Cube
or
the
test
cubes
the
project
I
get
them
test
cube
is
the
project
that
Cube
shop
is
the
company
I
think?
Is
that
right,
potty?
Okay?
G
So
we
have
we've
gotten
a
little
bit
of
momentum
around
test
events,
I
think
what
will
really
give
us
more
of
a
rocket
blast
is
if
we
can
get
the
tool
belt
to
understand
that
a
big
tent
approach
is
the
only
approach
that
we
can
take
for
solving
the
security
puzzle
and
see
the
events
and
a
vocabulary
around
those
security
events,
whether
they
be
generating
s-bombs
or
or
a
signature
or
signing,
is
what
we
really
need
to
work
with
them
on
and
to
move
forward
in
the
events
area.
G
We've
got
to
get
to
a
point
where
we
can
start
seeing
some
adoption
of
it
and
I.
Don't
know
if
we
have
an
adopter,
Dewey,
Andrea,
potentially.
C
For
City
events,
we
do
a
so
we
have
Fidelity
Fidelity.
I
G
Yeah,
but
even
the
smallest
proof
concept
and
the
smallest
adopter
will
make
a
big
difference
so
I
feel
like
we
really
need
to
do
some
hardcore
Outreach
and
pushing
on
the
open
ssf
to
consider
being
our
security
events
resource
now.
That
could
be
something
that
the
supply
chain
folks
work
on
and
work
with
at
the
open
ssf
to
get
that
done,
but
somehow
we
we
really
need
to
be
part
of
that.
Openssf
solution
see
the
events
should
be
front
and
center
to
it.
G
I
know
it's
not
what
Brian
has
perceived
in
his
mind
and
when
he's
he's
been
talking
about
the
Sterling
tool
chain
for
quite
some
time
he's
now
the
CTO
so
he's
going
to
be
focusing
on
it.
I
think
he
has
another
thought
in
mind,
but
we
need
an
opportunity.
We
really
just
need
to
get
out
there
and
start
talking
about
it
and
making
sure
that
the
that
team
who's
working
on
that
tool
that
tool
belt
understands
what
City
events
could
bring,
how
it
could
solve
some.
So
many
problems
on
that
note.
G
I
would
encourage
more
of
you
who
are
on
this
Toc
to
get
involved
in
that
that
conversation
I
think
it's
a
critical
one
for
this.
The
CDF.
G
So
we're
at
a
I
think
that
City
events
is
at
a
really
good
place.
The
security
events
will
be
a
core
reason
why
companies
would
need
to
move
to
an
event
platform
and
I
would
hope
that
the
first
project
that
could
really
really
get
involved
in
it
would
be
Jenkins,
so
I
I.
You
know
I'm
reaching
out
to
the
Jenkins
side
to
Oleg
and
Mark
to
start
getting
involved
in
that
tool,
belt
conversation
and
hear
what
they're
doing
and
make
sure
that
Jenkins
is
part
of
the
solution.
E
G
I,
don't
know
to
be
honest
again:
the
the
open
SFS
have
some
has
some
money
to
spend
on
this
when
the
as
soon
as
the
mission
is
is
confirmed,
I'll
be
sure
and
share
it
with
with
everybody
or
I'll,
send
it
to
Patsy
and
Fati
can
send
it
out.
E
Yeah
just
to
share
some
insights
when
James
was
a
question
through
graduation
process,
so
it
was
summer
2020
we
reached
out
to
open,
ssf
and
discussed
opportunities
for
having
security
audit
Etc.
There
is
some
rough
numbers
for
Jenkins
I.
Don't
have
them
right
now,
but
it
was
almost
quite
a
big
amount
of
money
to
evaluate
core
bits
of
the
project.
Basically,
the
initial
feeder
back
was
that
the
bcdf
would
need
to
found
a
fund
it,
but
yeah
I
think
it
was
three
years
ago.
E
C
G
Have
been
things
that
have
changed
at
the
open
ssf,
so
there
may
be
a
like
I
say
when
things
change,
we
have
an
opportunity
to
poke
again
and
I'm
poking
I'm
I'm,
taking
a
bigger
stick,
smoking
harder,
so
I
feel
like
that.
The
having
some
of
you
from
Jenkins
on
that
toolkit
or
that
tool
belt
discussion
would
be
pretty
important.
H
So
may
I
may
I
add
something
here.
So
I
raise
my
hand,
pups
and
you
might
have
missed
that.
So
actually,
if
you're,
having
like
when
I
say,
vcd
Foundation
has
been
having
conversations
with
Alpha
Omega
since
December
last
year.
I
believe
and
we
have
a
proposal
in
place
and
then
we
met
recently
as
Brian
mentioned
in
the
email
he
sent
as
a
response
to
Tracy
your
email
and
the
conversations
are
going
pretty
positive,
actually
and
I
actually
sent
an
email
to
a
field
community
members
and
to
make
that
proposal
more
concrete.
H
So
it's
like
as
Tracy
you
mentioned,
Omega
looks
at
one
aspect
and
Alpha
looks
at
another
aspects:
Alpha
aims
to
secure
most
widely
used,
open
source
tools,
projects
and
so
on,
like
rust,
there
are
cultivating
rust,
open,
JS,
Python
and
so
on,
and
Our
intention
is
to
have
a
collaboration
happening
between
C,
diff
and
Alpha
part
of
L4
Mega.
To
make
sure
our
projects
are
also
getting
some
kind
of
fund
to
improve
the
state
of
the
secret
of
our
projects
and
Jenkins
is
part
of
that
conversation
already.
H
But
once
we
have
that
conversation
going
on
with
the
bill
Jenkins
community
members,
then
we
will
update
the
proposal
and
get
that
conversation
going
on
with
alpha
omega
as
well.
So
this
is
happening
on
that
side,
but
not
on
technical
initiative,
collaboration
aspects
because
that's
part
also
under
the
technology
CDF
technology.
E
Yeah
thanks
a
lot.
C
Okay,
so
we
are
continuing
on
openssf
collaboration,
then,
and
we
started
this
email
prayer
discussing
about
how
to
to
cooperate
between
the
two
conditions,
one
of
the
topics
that
was
mentioned
and
how
to
to
bring
like
open,
ssf
type
of
projects
or
Technologies
to
to
CDF
and-
and
today
we
have
the
open,
SS
best
practices
badge
it's
one
of
the
requirements
for
graduation,
but
we
don't
have
anything
specific
to
open,
SSS
or
cards
open
SSS
work
as
an
automated
tool
that
aims
to
assess
from
projects
number
of
different
security
related
teachers,
including
the
open,
Assistant
practices
page
itself.
C
But
it
will
ask
much
more
so
yeah
I
think
it
would
be
interesting
if
we
could
have
maybe
someone
from
that
project
coming
to
A
CDF
technical
community
and
make
some
presentation
about
how
they
introduce
scorecards
to
existing
project,
to
adopted
those.
What
were
success
stories
or
what
were
the
issues?
So
we
can
decided
that
something
that
we
want
to
propose
through
our
CDF
projects
as
well.
D
D
It's
it's
an
interesting
thing,
because
the
scorecards
is
only
a
GitHub
action,
so
you
can't
use
it
in
tecton
or
Jenkins.
C
Okay,
does
this
sound
sounds
like
something
interesting
that
we
good
and
although
up
I
may
investigate
more
eventually
I
mean
it
would
be
interesting
for
you
to
bring
a
presentation
to
this
group,
either
from
the
open
SSA
or
from
previous.
B
C
C
I
guess
we
already
discussed
about
the
Sterling
Machine
initiative
yeah,
so
I'm
not
sure
if
there
is
a
public
meetings
and
the
calendar
today
with
so
I
I
asked
Ryan,
whether
it's
okay
for
more
people
to
join
I.
Think
if
I
would
be
personally
interested
in
joining
that
group,
but
I
think
it
would
be
good
for
everyone
who
is
interested
could
join
so
I'm,
not
sure
how
the
group
is
set
up
today.
C
A
C
Know
first
year,
any
more
information
about
that.
The
way
so
I'll
ask.
G
There
they
are
they're
opening
everyone.
There
is
a
there's
having
a
once
a
week
right
now.
They
are
just
trying
to
get
their
ducks
in
a
row
so
to
speak.
I
don't
know
if
there
is
a
public
calendar,
but
let
me
go
find
it
for
you
right
now.
We
can
put
it
in
the
meeting
notes.
G
G
Tool
chain
right
there:
it's
Tuesdays
at
9,
00
a.m,
Pacific.
G
So
that's
I,
guess
I
missed
it.
Yesterday.
Oh
wait.
Today's
Tuesday
right
it's
happening
now.
It's
happening
right.
It's
happening
at
10
o'clock,
it's
starting
in
10
minutes.
So
if
you
want
to
continue
with
this
conversation,
you
can
join
in
10
minutes,
but
it
is
on
it's
Tuesdays
at
nine
o'clock
and
they're
doing
them
weekly.
A
F
G
G
And
I
looked
on
the
open,
ssf
site
and
there's
not
a
sterling
tool
chain
working
group
advertised.
Yet
so
I.
Don't
think
that
there's
a
mailing
list
for
it
yet
I
think
yesterday,
I
was
talking
to
somebody
and
they
did
find
a
git
repo
and
maybe
a
place
that
you
could
add.
Your
name
I
got
added
because
I
was
previously
on
the
board
and
then
I
added
Steve.
G
Yeah
it'd
be
great
if
we
could
inundate
them
with
CDF
folks
because
quite
honestly,
they're
great
at
understanding
security,
but
they
don't
necessarily
understand
the
challenges
around
the
CD
pipeline.
C
Okay,
we
only
have
six
minutes
left
so
down
in
the
agenda.
I
think
we
have
some
discussion.
We
wanted
to
do
about
the
project
I'm
reviewing
criteria,
but
I
think
that
would
require
some
more
times.
So
maybe
we
schedule
that
for
for
the
next
meeting,
there
are
a
couple
of
project
updates
from
Percy
and
artelius
I.
Don't
know
who
posted
them,
yeah.
D
I
I
put
put
them
in
there,
so
the
Perseus
side
they
have
a
lot
of
the
contributors
from
jfrog
were
the
original
folks
in
the
project.
D
J
frogs
moved
around
some
of
that
staff,
so
there's
been
a
decrease
in
participation,
but
I
did
talk
to
Stephen
chin
last
week
and
what
the
plan
is
is
to
formalize
the
the
board,
we're
recruiting
a
couple
more
people
from
outside
of
jfrog
for
the
board
and
that's
going
to
give
us
the
a
new
starting
point
and
we're
going
to
be
looking
at
reworking
the
the
architecture,
because,
right
now
the
architecture
is
all
based
on
Rust
and
rust
is
there's
it's
hard
to
get
folks
to
that.
D
D
I
think
we
should
be
pretty
good
and
we'll
keep
you
a
prize.
What
happens
with
the
kind
of
like
the
the
project?
Reorg.
G
G
G
Leo,
basically,
if
we
look
at
the
relationship
between
the
open,
ssf
and
the
CDF
I
would
say,
the
open
ssf
is
like
our
ciso
officers
at
an
at
a
large
company
setting
the
compliance
standards.
The
CDF
is
the
devops
team
trying
to
implement
those
standards.
G
Let's
see
well,
we
do
should
do
a
proper.
We
don't
have
a
lot
of
time.
We
have
three
minutes.
We
should
do
a
proper
introduction
of
emporis
and
why
we
added,
in
course,
as
a
sub
project.
That
should
be
just
something
that
we
do
a
have
the
importance
team
be
introduced
and
talk
about
what
imports
is
and
why
a
universal
object
reference
that
that
concept
is
important
for
an
extended
oci
registry.
G
A
lot
of
what
the
cncf
artifact
working
group
is
is
talking
about
in
terms
of
requirements
is
what
imports
is
is
attempting
to
implement
and
why
it
made
sense
to
connect
it
to
ortilius
is
because
we
can
be
a
dashboard
to
that
oci
extended
registry
that
brings
forward
and
connects
the
versions
of
the
artifacts
to
their
security
elements.
G
Their
inventory,
where
they're
deployed
for
providing
a
broader
view
of
an
organization's
security
and
devops
profile
and
it'd,
be
great
to
have
some
time
to
let
them
poorest
folks
talk
about
what
they're
doing.
D
D
Put
the
link
to
the
dot
to
the
the
action
that
we're
using
and
then
some
of
the
output,
please
secret
kind
of
brow.
The
actions
like
you
know
call
this
action.
So
it's
pretty
useless
five
lines
of
yaml,
but
looking
at
the
output
you'll
be
able
to
kind
of
see
what
it's
trying
to
do.
C
I
G
I'd
say:
let's
put
us
down
for
imporus
for
July
and
we'll
ask
Andy
block
to
do
the
presentation.