►
From YouTube: 2019 10 29 Web IDE Jobs To Be Done (JTBD)
Description
Editor Group
Web IDE
A
A
C
I
wanted
to
have
one
thing,
which
is
thanks
by
the
way,
thanks
for
putting
this
together,
Marcella
really
like
the
jobs
to
be
done
framework.
So
in
this
in
this
job
story,
the
goal
is
pretty
clear,
like
I
want
to
try
it
out,
I
want
to
demo
it
and
not
every
project
on
the
open
source
or
anything
has
a
demo
of
the
product
running
right.
They
usually
have
steps
to
make
it
run,
but
they
don't
have
a
demo
running
because
that's
resource
intensive,
so
I
totally
get
at
this
point.
C
C
C
So
that
thing
about
checking
out
the
code
and
running
all
the
installation,
steps
for
some
projects
are
slim
and
that
they're
super
quick,
so
they're
probably
harder
to
get
any
advantage
on
because
I
mean,
if
you
take
me,
if
it
takes
me,
two
minutes
to
get
that
set
up
in
my
local,
then
it's
hard
to
get
better
than
that,
but
for
larger
projects
like
rails
in
an
other
Python
and
stuff
I
have
to
set
up
Postgres
or
something
like
that.
Then
I'm,
definitely
not
gonna.
Do
that
for
every
project.
I
want
to
try
so.
A
Basically,
garlic
and
in
this
regard,
I
don't
want
to
dive
into
discussions.
I
just
want
to
sort
of
make
up
my
mind
and
like
to
realize
what
what
this
is
supposed
to
look
like
and
behave
like,
but
Andrea.
You
mentioned
a
really
really
important
point,
like
all
the
projects
are
different.
There
are
JavaScript
projects,
there
are
no
projects,
there
are
rails
projects.
C
That's
what
I
mean
yeah?
What
friend
has
been
mentioning
another,
and
some
venues
is
like
you'd-
have
a
file
so
that
the
author
would
customize
that
file
instead
of
like
just
having
to
read
me
with
the
steps
here
right.
Oh
yeah,
mole
with
the
steps
to
get
that
set
up
in
an
environment
right
friend
got
it
with.
D
A
D
Like
to
point
something-
because
maybe
it's
because
of
my
background,
but
most
of
the
projects
are
usually
try
or
test
our
libraries,
so
I
mean
I,
don't
remember
any
recent
real
project
I
have
I
wanted
to
try.
So
what
do
we
doing?
These
kind
of
scenarios
in
which
we
are
all
suggesting,
rubygems
or
Jes
libraries
can.
B
D
D
B
B
What
is
the
when
you
open,
rales
console
well,
I,
guess
my
first
book.
Let
me
back
up
sure:
do
you
need
to
install
it
into
the
get
lab
project?
Is
that
because
you're
testing
it
for
something
in
get
lab,
or
are
you
installing
it
in
the
get
lab
project?
Because
there's
data
in
an
environment
there
that
has
like
stuff
that
you
can
like
use
the
gym
against.
D
Both
both
I
mean
sometimes
it's,
because
our
data
base
is
quite
heavy
and
I
want
to
try
these
data
base
stuff,
but
you
can
use
that
in
a
regular
race
console.
You
can
just
require
the
gem
and
try,
so
the
usually
do
not
really
need
to
add
it
to
the
gemfile.
If
you
ask
more,
if
this
year
did
you
do
it
that
way,.
A
It's
very
hard
to
do
this,
and
it's
up
to
the
author
to
the
project
author
to
decide
whether
he
wants
to
demo
it
or
not
right
since
this,
the
burden
of
setting
this
up
lies
on
the
on
the
package
or
project,
or
so
he
made
my
he
or
she
might
decide
just
okay,
I,
don't
want
this
to
be
demoed,
and
it's
it's
technically
like
that,
and
then
then
just
showing
the
readme
that,
in
order
to
test
this,
you
need
to
check
this
out.
Clones
yeah.
D
B
Right,
it's
so
is
the
is
the
benefit
there.
They're
like
so
right,
the
so
I
can,
or
so
whatever
right.
That
last
fragment
is
that
it
benefit
in
there,
for
you
of
I
can
test
a
library
without
impacting
XYZ
existing
environments.
Is
that
like
what
the
benefit
would
be?
If
you
had
like
a
web
IDE
to
do
this
or
is.
E
D
F
G
G
C
One
more
thing
here
in
this
conversation,
I
think
it's
useful
to
highlight
is
that
some
of
the
times
the
environment
on
which
the
project
should
be
tested
is
specified
by
the
author.
Sometimes
the
user
wants
to
like,
for
instance,
if
I'm,
if
I
have
a
project
that
is
fully
running,
then
I'd
probably
be
it's
easy
for
me
to
specify
it
right.
A
That
that's
that's
the
question.
I
put
there
I
didn't
work
like
ask
hit,
but
the
point
is
like:
if
we
are
talking
about
contributing
to
the
project,
then
usually
at
least
I-
don't
do
this
I,
don't
check
the
demo.
What
I
want
to
contribute
like
things
like
activity
of
the
project,
the
number
of
maintainer
x'.
A
These
things
play
much
like
much
higher
row
like
priority
for
me,
because
apparently,
if
I
decided
to
take
a
look
at
this
project
and
maybe
contribute
to
this,
this
means
that
I
have
already
had
the
experience
with
this
project
before
getting
to
it
to
contribute.
That's
the
main
point.
This
is
the
this:
the
scenarios
of
using
the
package
and
contributing
to
package.
These
two
are
completely
different
things
I
think.
G
A
I
can
do
first
of
all
I
I'm,
not
in
you,
I'm,
not
new
to
this
project,
if
I
have
the
wish
to
contribute
and
evaluate
my
sort
of
ability
to
contribute
to
this
project.
This
means
that
I
have
already
had
experience
with
this
project.
I,
don't
need
it
to
be
demo'd
to
me.
I
want
to
see
how
welcome
my
contribution
might
be
means.
How
actively
developed
this
project
is.
A
How
many
maintains
how
how
often
are
the
releases
so
these
things
so
that
my
contribution
we
need
to
sort
of
be
berlet
laying
down
in
some
some
dark
corner.
So
these
things
are
playing
much
more
much
higher
role
for
me
and
also
like
like
if
we
talk
about
popularity
of
a
project
like
stars
up
for
the
project,
these
things
play
a
huge
role
for
me,
but
demoing.
It
I'm
in
nearly
99%
of
the
cases,
if
not
hundred
percent,
of
the
cases
I'm
already
familiar
with
the
project
when
I,
when
I'm
willing
to
contribute
to
it.
G
A
Depends
on
the
projects
some
projects,
some
open
source
projects
that
I
contributed
to
require
me
I,
even
before
I
make.
My
first
contribution
required
me
to
sign
some
agreements,
even
though
there
they
were
open
source.
So
that
was
that's
the
first
step
that
has
nothing
to
do
with
it
code
right,
but
when
it
comes
to
the
code,
I
still
had
to
check
out
the
code
and
look
around
and
play
with
it,
because
technically
the
when
it
comes
to
the
contribution
I
want
to
try
something
that
is
not
in
the
project.
A
B
D
Have
one
failing
the
story,
for
example
real,
quick
about
that
with
rains
I
mean
in
in
brains,
you
can
you
can
test,
run
the
specs
with
r-spec
or
winters
or
other
gems,
so
sometimes
I
had
problems
unloading,
those
related
camps,
those
dependencies,
so
I
couldn't
run
the
specs
myself
locally,
so
I
commit
things.
I
push
them
and
I
waited
for
CI
to
run
the
specs
for
me,
because
I
couldn't
locally
so
I
rely
on
this
UN
CI
slower.
But
it's
the
use
case.
D
F
Some
things
that
happened
to
is
some
of
those
development
scripts
are
like
built
for,
like
maybe
all
their
development
team
is
on
Windows
or
or
different
OS
than
when
I'm
working
on
so
sometimes,
even
though
hey
I
can
technically
run
this
everywhere.
The
development
side
is
like
really
just
specify
towards
one
environment,
and
you
know
people
take
contributions
for
hey.
How
can
we
cross
platform
this
when
we
only
look
at
some
of
these
like
wise?
When
we're
answering
the?
F
Why
question
and
some
of
the
problems
people
run
into
contributing
I
know
that
get
lab
and
the
GDK
is
kind
of
in
a
special
box,
but
we
do
have
a
lot
of
contributors
and
we
I
think
we
can
look
at
their
motivations
and
kind
of
glean
from
the
kind
of
abstract.
That's
other
projects
and
the
construe.
The
concept
I
see
a
lot,
so
I
see
a
surprising
number
of
contribute
contributions
that
don't
have
the
GDK
set
up
and
they're
kind
of
just
eyeballing
it
or
I.
Guess
they.
F
F
So
one
thing
that
will
happen
and
I
think
a
lot
of
these
contributors,
they're,
probably
users
of
gitlab
and
they
see
bugs
and
they
want
to
fix
it
and
I.
Think
that
happens.
That's
probably
I'm
just
totally
coming
up
this
number
in
my
head,
but
that's
got
to
be
close
to
33%,
of
the
reasons
why
people
are
open-source
contributing,
is
I'm
using
this,
but
I'm,
seeing
bugs
and
I
want
to
fix
it
and
I'm
running
it
locally.
F
So
I
kind
of
can
test
tell
like
what's
going
on
here,
but
it
gives
me
just
enough
so
that
hey
I
don't
have
to
set
up
the
whole
dev
environment.
Locally
I
can
kind
of
blind
patch
it
and
then
trust
that
one
of
the
maintainer
can
actually
run
any
tests.
If
it's
good
I
think
that
that
workflow
happens
a
lot,
but.
F
The
GDK
is
interesting
and
yeah.
A
lot
of
I.
Think
contributors
feel
like
it's
a
it's
a
pain
to
set
up,
but
I
see
a
lot
of
contributors.
Do
things
where
they're
just
running
off
of
tests
like
they
don't
know.
So
we
need
the
whole
thing
running.
They'll
just
run
like
controllers
that
work
off
of
our
specs,
so
they
need
the
whole
stack
running
or,
if
I'm
doing
front-end
like
we
just
work
off
of
our
front-end
tests.
F
So,
if
someone's
willing
to
wanting
to
contribute
they're
gonna
find
a
way
to
contribute
one
way
or
another,
and
people
that
are
using
the
product
want
to
fix
bugs
other
people,
just
kind
of
want
to
put
it
on
their
resume
or
online
portfolio
if
hey
I've
contributed,
and
that
means
a
lot
to
them
and
they're
kind
of
willing
to
do
that
one
way
or
another.
This
has
been
my
experience
so.
F
Yeah
we
have
that
we
have
we
experienced
that
internally.
We
have,
you,
know
lots
of
people,
you
know
I,
don't
think
I
have
my
runner
working
right
now
and
lots
of
people
are
doing
development
locally
front
front
is
looking
at
me
like
come
on
Paul.
We
set
this
up
together,
I'm
have
it
working
locally,
but
I
know
and,
as
I
view,
other
people's
on
Mars,
like
they
have
other
environments
that
I'm
like
I'm,
not
gonna,
set
this
up.
F
I'm
just
gonna
trust
them
to
run
it
so
ya,
know
and
I
want
to
try
to
and
I
like
what
Marcel
saying
about
not
getting
to
couple
to
get
labs
world's
here
when
we
try
to
solve
this
problem,
but
I
do
think
some
of
our
human
motivations
still
apply
outside
of
good
lab
sidenote
while
I
have
you
guys
attention.
While
we
talk
about
like
container
izing,
these
environments
and
I
brought
up
hey.
F
This
is
a
big
deal
for
like
native
stuff,
because
native
dependencies
aren't
locally
scoped
like
node
modules
or
rubygems,
there's
a
huge
caveat
to
native
dependencies,
and
that's
the
processor
that
dependency
was
built
on
there's
a
whole
there's
whole.
There's
whole
companies
that,
even
though
something's
containerized
I
could
still
be
using
a
dependency
that
just
doesn't
even
work
on
my
machine
because
natively
it
was
compiled
under
a
different
processor.
F
B
B
I
tried
to
synthesize
that
first
part
of
the
discussion
into
to
see
there,
so
maybe
that
kind
of
captures
I
think
like
the
value
of
that,
and
maybe
it
needs
to
be
more
explicit
to
to
something
that's
more
global
but
I
think
that's
what
they're
I
am
I'm
super
interested
in
code
review
because
I
know
all
of
you
do
a
significant
amount
of
code
review
and
maintain
review
so
I'd
like
to
shift
to
that.
If
we
can
I
do
want
to
get
to
security
to
you.
G
Yeah,
maybe
I
can
give
a
quick
intro
why
I
actually
added
code
with
you,
this
topic
came
up
when
I
showed
a
couple
of
other
designers
around.
What's
going
to
happen
with
the
web,
ID
and
Pedro
Goosen
source
code
mentioned
that
one
thing
that
comes
up
very
often
in
code
review
is
that
navigating
code
on
our
own
home
page
is
a
big
pain
for
them.
A
couple
of
people
already
in
different
research
issues
have
provided
feedback
around
if
I
could
see
all
of
them
this
like
directly
in
my
local
IDE,
but
there
will
be
awesome.
G
That
would
make
things
so
much
easier
and
so
I
saw
a
potential
potential
advantage
or
improvement
if
we
could
actually
enable
them
to
switch
to
the
saya
or
whatever
other
web
IDE.
To
do
this
kind
of
code
review
and
to
see
these
kinds
of
changes
in
them.
So
I
know
that
we
have
actually
a
maintainer
here,
who
probably
does
a
lot
of
code
review,
so
maybe
Paul?
Do
you
want
to
give
some
insight
into
like
how
this
currently
works?
G
F
F
So
why
my
code,
review
process
and
I
think
if
every
reviewer
is
gonna
be
a
little
different,
but
my
code
review
process
is
95%
of
the
time.
I
check
it
out
locally
I,
look
at
the
files
and
the
lines
that
have
changed
from
using
the
M
R
diff,
but
I
kind
of
have
to
see
it
in
the
scope
of
the
whole
file
and
everything
else
is
going
on.
So
I
look
at
what's
changed
and
I
actually
see
it.
F
F
F
I'll
make
a
suggest
to
change
locally
and
I'll
even
make
a
commit
locally
and
I'll,
create
patch
files
and
patches
off
of
that
and
add
those
as
common,
so
I
also
I
want
to
see
what
was
the
review,
but
I
also
want
to
see
what
are
my
suggestions
on
top
of
it,
because
I
want
to
try
to
reduce
as
much
back
and
forth
as
possible.
I
don't
want
to
give
them
give
a
contributor
something
that's
gonna
break.
F
So
there's
a
lot
of
it's
a
lot
of
queueing
and
just
running
the
the
actual
thing
we're
fixing
locally,
but
also
understanding
the
whole
change
in
the
scope
of
everything
is
huge.
I
use,
I
use
grab
all
the
time
for
like.
If
we
deleted
a
function,
I
always
check.
Did
we
actually
remove
all
of
our
references
to
this
and
I
have
to
grab
on
our
file
all
the
time
we
don't
even
have
we
don't
have
this
anywhere
in
good
lab
we're
natively
I
can
just
grab
on
a
regex.
F
C
Have
a
point
is
I
think
it's
one
of
the
things
that
that
might
be
behind,
and
this
is
probably
speculation.
But
one
of
the
one
of
the
feedback
that
Marcel
just
highlighted
from
the
source
code
is
that
people
usually
prefer
to
just
look
at
the
code
in
their
local
environment.
And
they
look
like
these,
and
one
of
the
things
is
exactly
what
that
you
have
native
tools
at
your
disposal
and
not
just
that.
C
You
have
your
own
wealth
of
plugins
and
extensions
that
you're
used
to
so
you're
reviewing
the
code,
the
way
you
usually
author,
it
and
that's
much
more
comfortable
than
the
generic
UI,
and
you
just
describe
some
one
of
the
feature
which
is
like
a
regular
expression
search
on
the
whole
code
base.
That's
a
feature
that
you
have
locally
in
your
tool
set,
which
also
happens
to
be
the
terminal.
B
D
D
So
the
problem
I
have,
for
example,
with
database
reviews,
is
that
I
have
to
my
to
perform
migrations
locally.
My
database
is
going
to
change,
then
I
forget
to
rollback.
Oh
I
have
to
go
to
a
different,
much
request,
and
my
local
database
is
in
a
dissonance.
A
very
French
state,
sometimes
and
I
have
to
recipe,
because
I
can
I
can
even
I
can
even
update
my
local
environment
in
master.
After.
B
So
I
think
the
benefit
that
we're
trying
to
like
on
the
code
review
side
right,
like
the
clear
benefit,
would
be
like
if
you
could
launch
something
closer
or
something
closer
to
your
local
environment,
with
the
tools
that
you
mean
like
and
maybe
there's
a
baseline
of
like
tooling,
that
you
need
that.
We're
not
aware
of
that
would
be
helpful
to
understand
if
you
could
launch
like
an
online
version
of
that.
B
D
So,
for
me
it
would
be,
it
would
be
better
to
have
it
to
have
isolated
spaces
for
four
different
reviews.
Also
it's
in
another
another
one
of
the
other
points
that
sometimes
when
we
upgrade
gitlab,
it's
really
difficult
to
go
back
to
a
different
to
a
previous
version,
for
example
for
security
parties
or
any
other
stuff.
It's
really
difficult
to
go
back
so
sometimes
I
have
had
travels
to
roll.
D
B
And
is
that
do
you
run
into
that
primarily
and
I
know
that's
kind
of
jumping
ahead
to
security,
but
that
is
the
to
me.
That's
like
the
key
thing
that
we
can
do
with
security
like
to
me.
Security's,
like
the
easiest
use
case
to
describe,
because
basically
I
can
give
you
a
version
at
whatever,
especially
when
you
talk
about
dependencies
right
like
if
you
have
dependencies
and
those
old
versions
that
are
pinned
to
older
versions.
You.
B
Versions
of
the
dependencies,
not
whatever
you've
now
upgraded
to
in
the
latest,
right
and
I,
think
that's
the
or,
if
you're
fixing
security
holes
in
those
dependencies,
you
need
them
at
that
version
right
to
be
able
to
deal
with
that.
Some
a
security
feels
like
a
very
obvious
and
easy
one.
Assuming
we
can
get
environments
set
up
correctly
to
like
deal
with
those
pin
versions,
yeah.
D
I
mean
exactly
other
alergies
cases
when
you
have
to
debug
a
back
a
problem.
I
mean
we
have
several.
We
have
some
sort
of
issues
in
which
our
users
say:
hey
I
have
this
bag
and
my
version
is
ten
point:
Ochs,
okay,
so
it's
quite
far
from
our
current
version,
so
I
have
to
start
debugging.
First
I
try
in
the
in
there
in
the
current
version,
but
sometimes
I
have
to
go
to
a
previous
version
in
order
to
start
debugging
the
code
in
order
to
see
where
or
how
the
Baggies
is
created.
A
Yeah
I
have
I
had
a
similar
problem
several
times
when
I
had
to
figure
out
when
the
regression
has
been
introduced,
and
it's
really
really
not
that
trivial
to
get
to
some
like
it's
more
or
less
fine
to
go
one
version
back,
like
maybe
two,
but
there
like
the
whole
thing
just
like
that's,
not
the
reason
why
I
had
to
rebuild
completely
the
whole
GDK
a
couple
of
times
because
just
like
it
just
doesn't
work.
That's
done.
C
Can
I
ask
you
a
question
so
for
those
scenarios
where
we
do
go
back
to
those
previous
versions
say
that
we
would
set
up
a
GDK
for
11.1
version
of
gate
lab?
How
often
do
we
get
to
reuse?
That
is
that
something
from
one
time
on
one
time.
Only
because
someone
has
to
create
these
versions
right,
we
either
we
either
create
containerized
version
of
the
GDK
for
each
release.
C
A
C
A
Problem
is
that
if
we
had
it
set
up,
and
even
if
it's
used
by
any
developer
even
once,
this
will
save
these
developers
so
much
time,
like
figuring
out
how
to
roll
back
the
versions
of
GDK
and
get
lab,
then
figuring
out
that
your
database
completely
bored
and
banned
like
cleaning
up
the
whole
JDK
reinstalling.
Everything
they
stakes,
enormous
amount
of
time
and
like
having
this
free
sort
of
pre
setup
is
is
a
real
time
saver.
Even
if,
for
one
developer,.
D
C
They
have
to
keep
updated
every
time,
there's
a
push,
but
yes,
I
think
I
can
take
and
s.
We
see
that
and
the
question
is
whether
that
would
be
a
shared
environment
for
all
reviewers
or
it
would
be
one
copy
of
that
canonical
environment.
Every
time
you
want
to
use
that
you'd
spin
a
up
spin
up
a
copy
of
that
container
and
you
could
play
around
with
it
without
destroying
the
original
canonical
container.
F
Yes,
these
containers
are
kind
of
big,
like
so
I've
loaded
old,
docker
containers
of
get
lab
like
when
trying
to
figure
out
things
like
what
was
a
bug
introduced
or
like
doing
some,
some
slightly
invisible
debugging
but
they're
like
almost
a
gig
size
and
because
they're
each
have
very
different
dependency
stacks.
They
don't
really
share,
like
containers,
can
share
like
the
stack
of
other
containers,
but
these
ones
I've
noticed
when
I've
installed
two
versions
next
to
each
other.
B
The
non
get
lab
world
which
is
tough
to
abstract
yourself
from,
but
it
is
do
other
other
places.
You
work
other
people
that
you
know
that
work.
Other
places
is
the
code
review
and
security
bug,
fixes
Universal
to
development,
or
is
it
because
get
lab?
Is
such
a
giant
monolithic
app
with
like
a
GDK
that
sort
of
works
pretty
well
kind
of
I.
F
Think
I
think
you
also
have
to
keep
in
mind
like
not.
A
lot
of
development
is
product
base
like
a
lot
of
development
of
services
base
and
even
like
one-off
services.
So
there's
not
really
a
supporting
old
versions.
There's
just
always
the
latest
quote-unquote
working
version,
so
I
do
think
that
this
problem
is
definitely
gonna,
be
unique
to
product
based
development.
A
In
another
product
by
product
development,
environment
and
like
the
the
process,
the
routines
work
a
little
different.
So
it's
it's
like
three
hard
fun
to
two
similar
development
processes.
So
this
is
something,
but
this
means
that
every
every
project
will
have
their
own
sort
of
issues
with
that
or
another
side
of
review
process
and
again
it's
hard
to
serve
for
everybody.
B
It's
code
review
like
we
universal
to
all
projects,
or
no,
like
the
experience
of
needing
to
like
check
out
a
project
and
examine
it
and
or
check
out
a
branch
and
do
that
or
is
it
because
our
features
are
bigger
or
is?
Is
there
something
specific
like
what
I'm
driving
at
is
like?
We
talked
about
this
very
bit:
lab
centric
and
just
fine
I
just
want
to
make
sure
that
this
is
a
universal
pain.
No.
A
Again
again,
like
different
projects,
I've
been
working
with,
like
all
of
them,
had
different
level
of
sort
of
different
process
for
review
in
terms
of
like
people
dedicated
to
the
review
like
either
same
people
or
different
people
in
one
of
the
project,
it
was
CEO
who
always
wanted
to
review
the
code
and
obviously,
since
he
was
CEO,
he
didn't
have
enough
time.
So
he
was
just
glancing
the
code
and
like
whether
it
makes
sense
or
not.
So
the
processes
are
completely
different
than
different
companies
and
different
projects.
B
Mature
development
organizations
of
like
powers,
like
Enterprise
engineering
organizations,
maybe
or
people
doing
enterprise
software,
is
that
more
Coast
versus
like
consumer
software
right.
You
can
sometimes
be
like
I'm
thinking,
iOS
apps
right,
like
I,
think
very
rarely
like
do.
They
have
to
worry
about
someone
on
an
old
version
because
Apple
just
like
updates
those
in
the
background
and
they're
like
no,
you
should
just
be
on
the
latest,
like
that's
the
bug
fix,
whereas,
like
in
in
our
case
right,
it's
enterprise
software
and
like
telling
customer
X
to
go,
get
on
the
latest
version.
C
I
can
totally
from
that
mature
process,
mature
companies
doing
that
I've
only
seen
one
case
where
they
don't
do
code
review,
which
is
a
company
here
in
lisbon,
volkswagen
group,
where
they're
doing
extreme,
like
pair
programming,
/
designing
in
pair
product
managing
so
every
time
someone
writes
code,
they're
writing
together
with
someone
else.
So
when
they
merge
it,
it's
already
been
reviewed.
C
C
C
That's
what
I
want
to
talk
about,
because
I
think
our
security
process
is
a
little
bit
more
convoluted
because
we're
what,
when
a
public
rep
oh
by
default,
and
then
we
have
to
go
hide
under
a
rock
to
do
the
security
issues,
but
most
companies
already
have
private
repositories,
so
they
can
just
like
branch
off
a
branch
branch
off
master
and
just
fix
the
security
issues
themselves,
and
then
the
security
issues
process
is
last
scrutinized
because
they're
already
private.
So
we
just
have
to.
C
We
have
another
layer
of
complexity
there,
because
we
have
to
have
another
project.
Do
that
in
a
private
instance.
That
kind
of
thing,
but
most
companies,
I,
would
say,
would
have
already
private
grab
those
and
they
do
just
fix
them.
That's
my
experience!
So
far,
I
don't
know
if
anyone
else
has
others.
The
chair
did
to
share.
B
E
C
B
F
There's
we
we
have
here
this
category
security.
One
thing
I'm
really
interested
in
as
if
I
was
a
maintainer
or
a
contributor
is
my
actual
security
of
checking
out
code.
That
I,
don't
necessarily
trust.
So.
Security
of
this
is
on
my
local
machine,
like
I'm,
really
interested
in
container
izing,
something
that
I
don't
do
all
the
time
for
one
of
if
I'm
having
to
install
a
bunch
of
dependencies.
They
tell
me
to
use
these
third-party
version
managers
or
stuff
like
I'm.
F
Just
those
are
all
vulnerability,
vectors
and
that's
a
little
concerning,
though
containerized
environments
from
because
there's
a
huge
sell
on
secure,
containerize
environments,
one
as
a
contributor
and
then
two
as
a
reviewer
like
I'm
surprised,
I,
don't
do
this
and
I'm
surprised.
We
all
don't
do
this,
but
man
that's
a
way
to
do
remote
code
execution
is
to
push
some
malicious
code
in
the
merge
request
and
have
the
reviewer
run
it.
This
is
scary.
This
is
scary
thing,
I'm,
yeah,
I!
F
D
I
mean
if
you
train
somebody
or
summer
class
into
some
specific
topic,
you
don't
need
to
set
up
your
local
environment,
Juden
or,
for
example,
I.
Remember
my
university.
We
very
old
machines
or
we
had
to
deal
with
windows
development
and/or.
All
our
machines
were
unique
space
machines
and
you
need
to
develop
something.
You
can
use
these
contracts
environment
to
work
on
a
different
operating
system,
for
example,.
D
C
I
just
won
that
one
one
thing
the
more
we
talk
about
here,
I'm,
getting
this
sense
than
the
The
Container
izing
of
the
environment,
is
on
every
story.
We
tell
right
every
from
the
bottom
to
the
top
we've
been
talking
about
this
thing,
about
isolating
the
environment,
isolating
the
environment,
isolating
the
environment,
I
haven't
heard
so
much
us
arguing
for
container
izing.
C
What's
the
advantage
of
putting
that
in
the
cloud
in
which,
because
I
we
do
want
to
work
and
change
the
code
in
the
environment,
but
we
have
ways
to
do
that
with
our
local
tools
connecting
to
a
remote
environment
and
I,
wanted
to
make
sure
that
we
discussed
this
a
little
bit
or
at
least
think
about
this
a
little
bit
about.
What's
the
advantages
there,
why?
Why
does
that
support
my
case
of
doing
all
of
this?
C
If
I
can
just
like
change
it
locally
and
use
my
tools-
and
you
don't
have
to
worry
about
anything
and
I-
can
update
that
on
my
own
I
can
use
whatever
tool
I
want,
say
that
I,
don't
like
vs
code
anymore,
I
want
to
go
back
to
sublime.
I
can
still
use
that
if
I
can
connect
to
a
local
environment
with
my
tool,
because
anyone
has
any
ideas
or
thoughts
on
that
particular
scenario.
Advantages
of
doing
that
yeah.
C
D
D
C
B
G
Think
I
put
in
a
link
to
one
very
interesting
point
in
code
review.
They
also
just
just
I'm
just
all
about
when
Paul
talked
about
how
you
open
the
branch
in,
for
example,
Visual
Studio
code.
But
if
I
understand
correctly,
you
then
have
to
switch
back
to
the
browser
you
have
to
find
the
correct
code.
You
have
to
find
the
correct
line
to
add
a
comment.
I
can
imagine
that
this
must
be
a
big
pain,
correct.
G
F
James
Ramsey
has
had
some
really
interesting
ideas
of
using
like
push
options
to
you
into
magical
stuff.
So
there's
one
thing
we
could
deal
with
like
we
have
complete
control
the
editor.
We
can
use
some
really
fancy
like
integrating
of
lines
where
you
can
edit
and
comments
like
all
in
the
same
line
like
that'd,
be
really
crazy,
led
with
switch
options
at
being
like
this
can
be
captured
by
the
controller
and
can
parse
the
data
do
something
interesting
there.
It's
it's
feasible
that
we
could
do
a
whole
code.
B
F
B
Check
it
out
cool
sure
it
would
take
some
work,
but
I
think
there's
I,
think
yeah
I
think
the
web
IDE
to
be
able
to
do.
All
of
that
would
be
interesting
locally
as
well.
I
guess
supporting
that,
but
I
think
we
could
solve
this
in
a
browser.
Know
it's
like
more
unified
with
our
experiences
versus
how
that
might
have
to
play
in
each
kind
of
local
one
environment,
I.