►
From YouTube: GitLab 13.2 Kickoff - Manage
Description
The Product team for GitLab's Manage stage (including the Access, Compliance, and Import groups) assemble to showcase what's ahead for us in 13.2:
- Access: 0:25
- Compliance: 5:34
- Import: 11:25
Agenda and issue links are publicly available at https://docs.google.com/document/d/e/2PACX-1vRnN91k9Rx1AyF8cIQga3KGFpjkI-sheTB16Jg-4e8fO3snZas2Th4hJC5C5wKIrNWbzr8aYDjI-T7-/pub.
A
Hey
y'all
great,
to
see
you
thanks
for
joining
us
for
the
men
in
state
kickoff
for
13.2,
releasing
on
July
22nd,
I'm,
Jeremy,
Watson
I'm
joined
here
by
the
excess
compliance
and
import
product
managers
are
really
excited
to
talk
a
little
bit
about
what
is
up
next,
so
without
further
ado.
Over
to
Melissa
is
going
to
talk
a
little
bit
about
managed
access.
What
they're
working
on
32.
B
One
of
them
is
actually
an
item
that
I
talked
about
in
13:1.
Unfortunately,
we're
unable
to
talk
then,
but
just
as
a
reminder,
this
is
a
issue
to
basically
prevent
forking
outside
of
a
group,
so
in
case
a
organization
really
wants
to
keep
their
code.
Basically
in
the
realms
of
their
group,
it
will
have
the
option
to
enable
this
and
basically
what
the
model
that
they
were
following
is
that
users
get
basically
a
namespace
within
that
group,
where
they
will
now
be
42.
B
C
B
Import
to
another
big
launch
that
the
team
has
been
working
on
for
a
few
milestones
is
project
level
access
tokens.
So
basically,
what
this
allows
you
to
do
is
to
create
a
token
that
scoped
to
a
single
project,
and
it's
not
tied
to
a
user
that
can
be
used
basically
for
API
and
get
only
so
what
this
will
allow
you
to
do
is
if
you
have
automation
that
you
basically
need
to
be
not
tied
to
a
user
but
more
of
a
bot
or
that
kind
of
use
case.
B
B
C
B
And
then
another
item
that
we're
working
on
that
were
basically
building
the
foundations,
for
it
won't
be
launched
in
13,
but
in
a
couple
of
milestones
is
basically
support
for
2fa
within
the
command
line.
So
we're
building
some
foundational
items
in
this
milestone.
But
that's
something
that
you
can
look
forward
to
in
a
couple
of
milestones.
Ga.
A
Awesome
thanks
a
lot
I'm
really
happy
to
see
the
multi-factor
authentication
on
CLI
get
get
prioritized.
I
think
that
that
is
going
to
be
a
really
awesome
addition
for
our
enterprise
users,
who
can
now
make
sure
that
they
can
stay
secure
with
even
on
the
command
line,
which
is
awesome.
I
had
a
question
on
the
project
bots
NBC,
which
is
essentially
like
project
access
tokens.
As
far
as
I
understand.
C
B
A
And
so
one
thing
on
the
con
that
prevents
working
outside
a
private
group
that
the
design
showed
like
that
it
was
in
the
permissions
area
where
you
could
toggle
on
and
off
Forks
on
off,
okay
as
I
recall,
and
you
had
a
drop-down.
So
can
you
like
select
the
group
that
you
want
to
only
restrict
Forks
to
be
into
like
how
does
the
restriction
work
so.
A
It
got
it
got
it
so
that
control
gets
controlled
at
the
group
level
for
all
projects
inside
the
group
in
suburbs,
so
you
can
only
makes
total
sense,
love
it
cool
and
will
that
be
sorry?
This
is
a
more
detailed
question.
Do
you
know
if
that's
affects
existing
projects,
or
is
that
just
for
new
projects.
B
D
Thanks,
let
me
share
my
screen,
so
the
primary
focus
for
the
compliance
group
for
this
release
is
going
to
be
largely
around
refactoring.
The
audit
event
model
we
were
previously
looking
to,
or
we
were
previously
planning
what
this
would
look
like
and
how
we
were
going
to
tackle
this
problem
and
the
problem
being
that
as
the
audit
events
exist
today,
they
the
details,
are
in
a
serialized
hash
and
that's
really
difficult
and
cause
performance
issues.
D
It's
not
desirable
for
generating
things
like
audit
reports
or
just
having
the
flexibility
to
build
out
more
seamless
features,
so
we're
starting
at
work
in
13,
but
that'll
have
far-reaching
impacts
for
better
performance
and
usability
once
we've
completed
that
work,
so
just
raising
that,
because
I
think
that's
really
important
seeing
is
the
art
of
events.
Category
is
one
of
the
more
critical
ones
of
our
group,
and
this
is
a
fundamental
change.
Now
this
is
not
user
facing
necessarily.
This
is
primarily
for
us,
as
gitlab
to
then
build
better
user
facing
features.
D
The
other
area
focus
is
on
improving
the
credential
inventory
and
generally
improving
the
credential
management
of
personal
access,
tokens
and
SSH
keys.
So
the
two
that
we're
focusing
on
in
13
are
gonna,
be
highlighting,
expired
and
revoked
credentials
in
the
credential
inventory,
so
for
expired,
SSH
keys
or
personal
access.
Tokens
we'll
highlight
those
by
providing
a
status
symbol
that
lets.
D
D
So
with
this
particular
iteration,
we're
adding
the
merge
request
author
to
the
dashboard
cuz
right
now,
it
only
shows
the
approver,
and
so
that's
another
quick
way
to
see
if
there's
a
breakdown
in
separation
of
duties.
If
the
author
and
the
approver
are
the
same
person,
and
so
showing
these
two
data
points
is
a
allows
somebody
to
make
a
quick
decision
about
that.
D
B
A
Thanks
a
lot
Matt
that
looks
really
awesome.
Another
I
really
appreciate
how
iterative
like
a
lot
of
these
changes
are
where
my
understanding
is
like
the
the
compliance
stream
their
project
label
it
right
at
the
moment
it
doesn't.
It
has
no
inherent
functionality
when
you
label
a
project
with
one
of
these
clear
eyes,
but
obviously
the
needles
do
more
interesting
things
in
the
future
right
yeah.
D
Like
setting
the
label
itself
does
nothing
for
the
project,
but
we
do
have
a
feature.
Shipping
I
believe
in
13
1
that'll
allow
an
administrator
to
enable
specific,
merge,
request,
approval
rules
at
the
instance
level
and
then
scope
them
to
enforce
them
only
for
these
labeled
projects.
So
that
way,
our
blast
radius
from
this
down
to
this
and
it's
very
focused
and
targeted
on
those
alcohol
and
special
projects
that
have
compliance
requirements.
Yeah.
A
I
really
like
the
simple
status
column,
but
maybe
we
could
consider
combining
it
with
the
expired
date
column
at
some
point
and
then
they'd
be
just
like
highlight
a
date
in
like
bright
red
and
with
like
a
big
exclamation
point.
And
so
we
don't
have
to
have
an
additional
column
and
have
a
bunch
of
whitespace
they're.
Just
something
consider
yeah.
D
So
if
a
user
has
an
expiration
date
set
on
a
personal
or
SSH
key
and
it
expires,
it'll
highlight
orange,
yellow
if
it's
within
the
seven
days
leading
up
to
expert
expiration
and
then
it'll
highlight
red
once
it
has
expired
and
that's
probably
a
more
seamless
way,
maybe
to
approach
it,
and
it's
not
too
late,
I,
don't
think
for
this
either.
So
we
could
maybe
make
that
change
here
at
the
last
second
awesome.
A
C
You
so
the
theme
for
import
for
13-2
is
continuing
down
the
path
that
we've
set
on
multiple
different
issues:
I'm
showing
our
like
a
roadmap
board.
That
has
the
issues
in
the
previous
and
the
current
release
and
next
couple
and
there's
a
lot
of
continuation.
That
happens
here.
What
we're
going
to
be
focusing
on-
and
this
particular
release
is
for
a
first
continuing
to
add
metrics,
to
measure
the
importers
performance
so
that
we
can
fine
tune
some
of
the
improvements
that
we're
planning
to
do
for,
for
certainly
importers.
C
We
know
there
is
there's
a
lot
of
reliability
issues,
but
in
order
to
be
able
to
really
pinpoint
where
we
have
the
biggest
failures,
we're
gonna
need
to
get
more
data.
So
we're
you
as
we're
delivering
further
features
were
also
trying
to
get
some
of
that
data
bubbled
up,
so
that
we
can
make
better
decisions
for
for
where
to
invest.
Next,
along
the
same
lines,
we
are
also
continuing
to
improve
the
the
translations
and
how
much
time
we
invest
in
having
translations
regularly
merged
in.
So
we
have
due
to
the
feedback
from
the
community.
C
We
have
committed
to
do
at
least
once
a
month
to
emergence
of
translations
from
the
crowding
tool,
and
we've
been
doing
that.
So
we
are
continuing
on
that
and
learning
a
lot
from
it
so
that
we
can
automate
the
this
process
fully
and
be
able
to
do
translation
merges
on
any
kind
of
Cadmus.
We
pick
because
it
will
be
fully
automatic.
Currently,
there
are
several
manual
steps
and
one
of
the
important
manual
steps
is
really
related
to
sanitizing
the
translations
and
making
sure
that
there
aren't
any
kind
of
attack
vectors
in
those
translations
for
us.
C
So
that's
where
them!
This
is
one
of
the
issues
that
we're
going
to
take
in
in
13,
and
it
has
to
do
with
text
annotate,
soon
sanitizing
text
and
making
sure
that
we
can
automate
fully
those
translations
coming
across
really
fast.
In
addition
to
that,
we
are
burning
down
the
bugs
and
security
issues.
C
You
know
the
reason
for
that
is
to
continue
focusing
on
performance,
stability
and
ease
of
use.
We
have
seen
you
know.
This
is
just
one
data
point,
so
that's
not
trend
yet,
but
we
actually
had
seen
a
slowdown
in
the
number
of
bugs
that
we
get
off
the
flavor,
that
this
importer
doesn't
work
or
that
other
importer
breaks
so
that
the
the
it
seems
like
some
of
it,
some
of
it
starting
to
pay
off.
C
C
In
addition
to
that,
security
is
really
important
and
we
have
a
backlog,
secure
issues.
We
are
on
top
of
the
p1
and
p2
s,
but
now
we
need
to
start
burning
through
the
p3
and
and
then
get
closer
to
our
as
allies
for
those
for
those
issues.
So
in
this
particular
release,
we
are
taking
on
two
security
bugs
that
were
laid
to
import
and
addition
to
that
we're
taking
a
security
bug
from
access
as
well.
You
know
tell
burndown
backlog
I,
believe
that
is
kind
of
the
flavor
for
for
the
milestone
for
import.
A
C
Say
with
this
issue
that
we're
taking
in
13,
we
should
be
able,
once
that's
taken
care
of,
we
should
be
able
to
then
finally
attack
this
larger
issue
of
sanitizing
translations.
That
is
the
biggest
hurdle.
That's
ahead
of
us
past
that
there
are
just
some
changes
to
some
of
the
great
tasks,
some
of
the
scripts
that
we
have,
but
really
no
the
large
issues
in
order
to
make
this
happen.
So
I
believe
we
are
fairly
close
and
maybe
two
milestones
away
from
it.
A
C
Well,
maybe
not
more
complications
that
three
or
four
different
issues
that
need
to
get
closed
and
with
with
the
priority
that
we're
putting
on
internationalization.
We
are
trying
to
really
focus
on
importers
while
paying
someone
fish
and
internationalization
and
getting
that
closer
to
where
it
needs
to
be
so
I
guess
if
we
were
to
put
more
focus
on
it,
we
probably
could
get
another
faster
but
think
it
was
very
important
for
us
to
get
on
top
of
all
of
our
importers
issues
at
the
same
time.