►
From YouTube: GitLab 13.9 Kickoff - Manage
Description
Matt, Haris, and Larissa talk about what's ahead for Manage in 13.9.
- Manage:Compliance - 0:24
- Manage:Import - 11:04
- Manage:Optimize - 19:45
Agenda and issue links available at https://docs.google.com/document/u/1/d/e/2PACX-1vRnN91k9Rx1AyF8cIQga3KGFpjkI-sheTB16Jg-4e8fO3snZas2Th4hJC5C5wKIrNWbzr8aYDjI-T7-/pub
A
Hey
everyone,
I'm
jeremy
watson,
joined
by
harris,
matt
and
larissa
we're
here
to
talk
about.
What's
ahead
for
the
manage
stage
in
139,
releasing
february
22nd
melissa,
ushikov
of
the
access
group
will
be
doing
her
own
video,
but
without
further
ado
matt.
What's
ahead
for
compliance,
take
it
away,
sir.
B
Thanks
jeremy,
so
let
me
share
my
screen,
so
there's
several
things
that
we've
been
refining
for
some
time
that
I'm
pretty
excited
about
the
first
is
the
we've
been
in
the
process
of
making
the
compliance
frameworks
customizable?
Previously
they
were
these.
B
So
one
of
the
issues
for
13.9
is
adding
this
input
field.
That's
a
terrible
backdrop,
but
it's
an
input
field
where
somebody
when
they
create
one
of
these
compliance
frameworks
can
say
any
project
that
uses
this
framework.
I
want
it
to
point
to
this
compliance
yaml,
that's
centrally
managed
somewhere
by
my
compliance
or
security
team
and
then
once
that's
set.
Then
in
the
project
we'll
see
in
the
the
ci
cd
settings,
this
read
only
field
for
visibility
for
maintainers
and
such
where
that
pipeline
configuration
is
coming
from.
B
The
other
thing
is
we're
making
the
that
particular
setting
the
application
of
the
compliance
framework
only
available
or
editable
by
group
owners,
so
in
13
8,
which
is
likely
to
slip
into
the
first
part
of
13.9,
is
where
we're
introducing
that
only
group
owners
can
modify
the
setting
and
this
issue,
I'm
showing
specifically
addresses
the
user
experience
to
that,
because
the
mvc
is
to
basically
remove
the
setting
entirely.
B
So
the
follow-on
iteration
is
to
show
the
setting
again
but
to
make
it
read-only
and
explain
why
it's
read-only
to
non-owners
for
transparency
as
to
why
it's
behaving
that
way.
B
But
this
would
essentially
address
the
concerns
around
separation
of
duties
and
in
terms
of
who
can
apply
the
the
controls
and
who's
bound
by
them,
but
just
the
general
security
posture
or
compliance
posture
of
the
project,
because
only
certain
individuals
be
able
to
modify
that
the
other
one
is
adding
a
project
level
setting
to
require
a
issue
from
jira
be
linked
to
a
merge
request.
This
this
behavior
doesn't
really
exist
today
in
terms
of
enforcement.
B
But
if
you
have
a
jury
integration,
you
can
associate
the
ticket
by
adding
a
title
or
description
element
or
content
that
links
to
the
name
of
the
jared
ticket.
But
here
what
we're
doing
is
we're
starting
down
the
path
to
say
at
a
project
level
we're
going
to
require
that
this
relationship
or
this
link
exists
before
the
mr
can
be
merged,
and
this
is
coming
about
from
the
need
for
organizations
to
have
documented
change
management
processes.
So
when
a
ship
when
a
change
is
being
shipped,
you
have
to
know
why.
B
B
Oh
that's
just
close
up
and
then
the
let's
see
another
one
is
we're
adding
option
enforcement
for
ssh
keys
to
self-manage
for
now
we'll
follow
that
on
for
sas
customers
as
well.
But
the
rationale
here
is
that
we
introduced
an
expiration
policy
for
personal
access
tokens
and
then
we
also
added
a
toggle
there.
That
says
you
can
have
this
enforcement
be
programmatic,
but
some
organizations
find
that
very
disruptive.
B
I
tend
to
agree
with
that
and
so
there's
a
toggle
to
make
that
enforcement
optional.
So
the
instance
admin
would
still
be
notified
that
a
credential
has
expired
and
they
can
take
action
through
things
like
the
credential
inventory,
where
you
can
revoke
or
delete
credentials,
but
it
wouldn't
necessarily
be
immediately
disruptive
to
the
end
user.
Who
you
know
may
not
know,
may
not
have
the
time
or
just
something
like
that.
So
it
gives
a
little
bit
more
flexibility
to
credential
management
and
the
last
one
is.
B
We
are
in
the
process
of
bringing
merger
quest
approval
rules
to
the
group
level,
but
it's
going
to
take
us
some
time
because
it's
a
lot
a
lot
of
work
involved
there
and
so
in
13
9
we're
expecting
to
complete
one
of
the
the
iterations
which
is
to
move
the
add
or
which
is
to
add
the
prevent
approval
of
merge
request
by
merge
request,
author
checkbox
to
the
group
level,
and
this
will
be
behind
a
feature
flag
until
we've
been
able
to
pull
all
of
these
settings
to
the
group
level.
B
So
it's
available
if
that
reduced
functionality
is
valuable,
but
until
the
holistic
experience
is
there
we'll
be
slowly
iterating
behind
that
feature
flag.
So
I
think
that
pretty
much
sums
up
the
the
major
parts
of
39
for
compliance.
Any
questions.
A
That's
awesome,
matt,
there's
so
many
great
compliance
changes
there
that
are
going
to
be
super
valuable
for
for
a
lot
of
our
customers.
I'm
always
I'm
still
really
impressed
by
the
by
the
great
work
on
tying
ci
to
compliance
frameworks.
I
know
we've
been
iterating
on
compliance
frameworks
for
quite
a
while,
and
I
think
it's
a
it's
a
great
idea
to
tie
that
to
ci
in
the
way
that
you're
done.
A
I'm
really
curious,
though,
if
I'm
a
developer-
and
I
am
working
in
a
project
that
has
a
mandated
compliance
pipeline
based
off
of
the
compliance
pipeline
location
feature
you
just
described
about.
Can
I
write
like
additional
ci
rules
to
run
on
top
of
that?
How
does
that
work
or
my
hands
kind
of
tied
by?
What's
by
that
external
pipeline.
B
Yeah,
that's
a
great
question,
so
the
answer
is
yes:
a
developer
can
write
additional
jobs
or
add
additional
stages.
Even
the
centrally
managed
pipeline
would
just
provide
a
baseline
so
that
the
security
or
compliance
team
can
say.
I
want
to
control
these
these
jobs
or
stages
that
have
to
run
and
in
this
particular
order,
which
makes
it
uneditable
or
unmodifiable
by
the
the
local
project
users,
including
developers
and
maintainers.
B
A
A
That's
awesome,
that's
awesome,
that's
so
cool!
I
love
that
feature.
The
other
question
I
had
was
about
project
setting
to
require
jira
ticket
association.
I
totally
get
the
need,
for
this
makes
a
ton
of
sense.
A
My
question
was,
I
wonder:
like
did
we
ever
consider
tying
that
requirement
to
get
lab
issues
instead
and
my
idea
was,
I
don't
know
what
the
status
of
our
our
integration
plans
are
with
jira,
but
if
we
made
that
generic
so
that
you
just
said,
we've
tied
to
an
issue
and
then
a
user
can
use
whatever
external,
whatever
tools
that
they
want
to
in
order
to
create
the
issue,
and
so
it
doesn't
have
a
hard
requirement
into
jira.
Do
you
ever
consider
that,
like
what
do
you
think
about
that.
B
Yeah
we've
considered
it,
I
think,
there's
the
primary
motivation
for
starting
here.
First,
at
least,
is
that
there's
a
lot
of
customer
demand
for
it,
so
we're
trying
to
solve
what
I
locally
refer
to
as
fires.
We
have
large
customers
who
have
upcoming
audits,
or
maybe
just
had
an
audit
where
this
became
problematic
for
them,
and
so
this
was
the
fastest
way
we
could
deliver
the
value
to
them
and
jira
seems
to
be
the
the
service
that's
used
most
at
least
in
the
customers
we
spoke
to.
B
I
do
think
a
generic
integration
or
a
relationship
makes
more
sense,
but
I
think
this
buys
us
the
time
to
work
towards
that
and
probably
iterate
on
this
existing
feature,
and
it
also
helps
that
the
jira
integration
already
existed
so
we're
just
leveraging
that
existing
work,
rather
than
you
know,
creating
something
else
that
would
be
more
work.
C
Yes,
so
the
requirements
that
you're
adding
such
as
the
jared
ticket
requirement-
I
assume
those
are
all
just
disabled
by
default-
is
that
accurate.
B
B
I
think
that
makes
sense,
though,
because
organizations
are
going
to
say
yes,
I
want
that
enabled,
but
it
is
disruptive
which
I
think
is
generally
contrary
to
our
philosophy
at
gitlab
to
not
impede
developers,
so
I
think
it
would
make
sense
to
have
it
toggled
off
by
default,
but
a
lot
of
the
customers
make
that
change,
but
I
don't
know
I
I
also
know
we
have
principles
to
be
on
by
default.
So
jeremy,
I
don't
know
if
you
or
harris
or
lewis
anyone
has
an
opinion
or
thought
there
yeah.
I
I'd.
C
Say
that
you
know
on
by
default
a
feature
that
expands
your
abilities,
but
something
that
actually
restricts
your
ability
for
from
doing
something
which
is
a
lot
of
the
compliance
stuff.
I
would
I
would.
I
would
actually
even
state
that
that's
our
posture
is
that
you
know
these
are
things
that
you
can
restrict
on
your
own,
but
we
probably
shouldn't
come
out
with
a
blank
instance
that
has
all
the
restrictions
on,
because
that'd
be
really
hard
to
unwind
or
use
or
learn.
B
Yeah,
I
I
agree
with
you
and
I
think,
that's
or
I
know
that's
also
a
large
motivation
behind
the
compliance
framework.
So
we
were
trying
to
like
the
base
premise.
B
There
was
to
reduce
the
blast
radius
of
these
controls
so
like
with
the
compliance
pipeline,
it
shouldn't
apply
to
every
single
project
in
an
instance
because
or
a
top-level
group,
because
it
just
shouldn't
like
not
all
projects
are
sensitive
or
regulated
and
so
same
with
this
is
I'm
sure
not
all
projects
are
regulated,
and
so
we
have
an
iterative
issue
to
bring
this
to
the
group
level,
because
we
know
that
it
needs
to
be
there
at
some
point
and
now
that
the
jury
integration
is
also
supported
at
the
group
and
instance
level.
B
It
aligns
with
that
paradigm
as
well
and
so
we'll
we'll
probably
eventually
tie
these
into
the
frameworks
at
some
point
to
be
able
to
reduce
that
blast
radius
and
stay
with
that
premise
of
not
being
disruptive.
If
we
don't
have
to
be.
A
Cool
awesome
thanks
a
lot
matt
harris
over
to
you.
C
Cool,
thank
you.
Let
me
share
my
screen
and
tell
you
all
about
what
imports
planning
to
do
for
13.9,
so
we're
going
to
do
kind
of
more
of
the
same.
In
a
way
I've
been
talking
about
the
group
migration
for
a
couple
milestones
now
and
we're
currently
marching
towards
achieving
parody
with.
I
just
wanna
make
sure
you
can
see
my
screen
being
shared
right.
B
C
For
the
reason
I
had
the
green
boundary
around
it,
so
the
next,
the
next
up
in
in
our
search
for
in
our
like
quest
for
parity
with
the
current
group
export
import,
is
completing
the
epics
migration.
So
in
the
mvc
we
have
some
of
the
basic
fields
of
epics
being
migrated
such
as
title
description
state,
but
none
of
the
relationships.
So
things
like
labels,
comments
notes
are
not
being
migrated
over.
C
So
to
complete
this,
we
have
identified
about
seven
different
issues
that
all
roll
up
to
the
epic
completion,
epic,
and
we
expect
to
make
a
good
dent
in
that
feature.
In
139,
we
should
be
able
to
get
through
at
least
a
half
if
net,
if
not
a
little
bit
more
than
a
half
of
of
the
issues.
C
In
thirteen
nine
and
at
the
end
of
this
we
will
have,
we
will
have
the
ability
to
migrate,
not
just
the
group,
but
also
all
the
epics
and
everything
associated
with
the
epics,
underneath
that
and
and
that
that's
gonna,
be
it's
gonna,
get
really
close
to
the
parity
with
the
current
group
export
import
and
on
the
other
side,
I've
been
kind
of
thinking
and
discussing
how
we,
how
we
would
or
whether
we
would
be
able
to
maybe
deprecate
the
current
file
based
group
export
import
or
at
least
reduce
the
maintenance
on
it.
C
Given
that
we
have
a
solution
that
might
be
able
to
do
the
same
job,
so
that's
that's
the
primary
goal
for
13.9.
In
addition
to
that,
we
are
going
to
be
paying
attention
to
the
usability
of
the
same
features.
So,
on
the
front
side,
we
are
looking
to
add
the
pagination
for
the
group
migration
list,
I'm
showing
a
screenshot
of
what
that
list
sort
of
looks
like
right
now,
and
there
is
no
way
to
to
get
to
the
second
page
or
to
paginate.
C
So
we're
looking
to
first
implement
a
standard
pagination
that
we
have
on
a
lot
of
our
other
lists,
but
we're
also
gonna.
That's
that's!
What's
coming
in
thirteen
nine
and
but
at
the
same
time
we're
also
looking
to
expand
that
feature
with
something
that
we're
gonna
really
need
in
order
to
scale
this
experience
to
users
who
may
have
hundreds
or
thousands
of
different
groups
that
they
need
to
migrate.
C
So,
in
addition
to
creating
the
the
regular
pagination,
their
regular
pagination
feature
we're
looking
to
also
provide
the
ability
to
select
the
size
of
the
page,
which
is
something
that
a
lot
of
lists
out
there
have
and
something
users
are
used
to
and
expect
to
have.
And
for
us
it's
always
going
to
be
a
must,
because
having
just
20
per
page
means
that
we
still
are
not
going
to
be
able
to
do.
A
lot
of
you
know.
C
Large
or
bulk
imports
at
the
same
time,
because
it's
still
going
to
have
to
be
a
20
20
groups
per
per
click.
Currently
I
think
so.
This
is
just
a
an
illustration
of
what
that
might
look
like.
I
think
our
choices
for
the
page
might
be
more
like
20,
50
and
100..
C
100
is
something
that
we
currently
have
as
a
limit
in
graphql
for
for
a
lot
of
our
api
calls.
So
we
won't
be
able
to
get
past
that,
but
we
should
have
the
ability
to
show
a
hundred
of
something
in
the
list
if
the
user
chooses
to
do
so
if
they
have
real
estate
on
their
on
the
screen.
C
So
that's
how
we're
gonna
look
to
improve
the
current
pagination
and
we
are,
I
believe,
the
first
ones
to
do
this,
so
this
will
then
become
available
for
other
places
that
show
lists
to
sort
of
take
advantage
of
that
ability
to
to
select
page
size.
C
I
don't
have
a
great
screenshot
for
this,
but
if,
if
you
imagine
on
this
page,
if
I
click
the
import,
the
status
does
not
automatically
refresh
you're
stuck
on
that
page
and
having
to
like
manually
refresh
the
page
to
see
if
the
import
has
completed
or
not
and
that's
something
that
that
we're
gonna
have
to
you
know
fix.
C
Finally,
I
have
two
instrumentation
issues
that
we're
going
to
be
playing.
One
is
getting
to
a
single
usage
metric
for
the
project
import
gmail,
so
we
can
have
one
number
to
track
for
the
group
monthly,
active
users
count
and
once
that's
completed,
we're
going
to
make
sure
that
our
counts,
which
are
currently
not
accurate,
become
more
accurate.
C
So
our
count
our
counters
for
usage
of
each
one
of
the
imports.
I'm
not
talking
about
users
in
this
case
we're
talking
about
just
how
many
imports
were
triggered.
C
The
calculation
is
off
and
we're
gonna
make
sure
that
we
update
these,
and
this
will
also
give
us
the
ability
to
finally
then
see
the
usage
for
importers
from
from
self
self-managed
instances.
Currently,
we
have
that
for
sas
only
and
this
this
this
issue
will
finally
clean
that
up
and
make
it
so
that
we
can
get
the
same
kind
of
data
from
self-managed.
C
I
believe,
that's
all.
I
had
questions.
A
I'm
still
typing,
I
wanted
to
just
say
thanks
for
prioritizing
the
instrumentation,
I'm
really
excited
to
see
our
dashboards
all
built
out.
You
know
you
talked
about
completing
epics
migration.
Are
there
any
other
objects
that
you
feel
like?
We
need
to
kind
of
think
about
after
epics,
or
is
that
kind
of
the
main
thing
that's
kind
of
standing
between
feature
parity
with
the
existing
future.
C
So
it's
a
great
question:
epics
is
really
the
the
big
one
and
the
most
probably
gonna
take
the
most
time
to
get
done.
But
in
addition
to
that,
we
have
some
usability
issues
that
we
would
need
to
get
take,
take
care
of
and,
for
example,
our
ability
to
not
just
pick
a
top
level
group,
but
also
be
able
to
pick
a
subgroup
and
migrate
as
well,
which
is
something
that
you
currently
can
do
with
project
export
with
group
export
import.
C
But
in
our
case
we're
only
allowing
you
to
pick
a
single
top
group
for
exports,
so
getting
to
some
of
that
and
then
finally
migrating
labels,
that
are
the
group
level,
migrating
milestones,
iterations,
badges
and
boards.
So
all
of
those
things
that
are
currently
included
in
the
group
export
import,
we
should
be
able
we
will
need
to
have
in
order
to
achieve
that
parity.
C
That
said,
I
believe
the
epics
one
is
going
to
be
a
largest
and
also
be
kind
of
the
first
one
where
we
get
to
that
complete.
You
know
everything
is
now
working
state
and
should
hopefully
then
make
it
easier
for
us
to
migrate.
Some
of
the
smaller
objects
yeah.
A
It
makes
total
sense.
I
assume
boards,
which
you
mentioned,
is
also
a
really
important
one,
that
we'll
we'll
probably
need
to
think
about
afterwards,
but
great
yeah
epics
have
always
been
a
challenge,
so
this
will
be.
This
is
super
exciting.
D
D
First
up,
we
have
a
little
bit
more
work
to
do
on
the
user
availability
work,
so
we
added
a
busy
indicator
recently,
and
so
the
way
that
works
is,
if
you
click
into
your
name
and
edit
status
you
can
select
busy
and
that
room
that
appears
in
a
number
of
different
places
throughout
the
ui.
So,
for
example,
you
can
see
here
that
I
have
it
set.
If
I
scroll
down
to
my
name
in
the
comments
and
hover
over
my
name,
I
can
see
that
I'm
busy.
D
D
And
the
user's
name,
pops
up
you'll,
see
busy
next
to
the
user's
name.
So
that
will
make
it
really
obvious.
When
you're
trying
to
assign
an
mr
that
the
person
is
currently
at
full
capacity.
D
D
Next
up,
we
have
some
work
that
carried
over
from
13
8
for
value
stream
analytics,
so
we've
been
working
on
migrating
to
this
horizontal
navigation
and
we
will
be
removing
this
vertical
navigation.
We
still
have
a
bit
more
work
to
do
on
that,
so
we're
hoping
to
wrap
that
up
in
13.9
and
also
switch
this
view
to
a
table
which
will
allow
us
to
do
more
things
like
sorting
on
that
table.
D
We
had
added
the
ability
to
add
a
new
segment
in
this
table,
so
this
is
a
an
adoption
table
that
shows
you
the
features
that
your
teams
have
adopted.
The
gitlab
features
we
added
a
segment
selector
which
allows
you
to
combine
projects
and
groups,
but
there
was
some
concern
that
this
adds
too
much
complexity,
given
that
we
already
have
the
concept
of
groups
and
projects-
and
this
would
be
another
concept,
so
we're
actually
flipping
that
to
groups.
D
So
this
in
this
table,
you'll
be
able
to
add
groups
rather
than
create
this
concept
of
segments,
so
we'll
be
working
on
switching
to
more
of
a
group
focus
in
13
9
and
then
beyond.
13
9
we're
going
to
start
looking
at
how
we
can
make
this
adoption
table
available
at
the
group
level.
D
D
We've
already
done
the
back
end
work
for
this,
so
it's
just
a
matter
of
adding
it
to
the
front
end,
and
this
will
show
based
on
the
filters
that
you've
set
here
and
the
time
range
that
you've
specified
how
long
on
average
it
takes
from
the
time
an
mr
is
open
until
it's
merged
also
on
merge
requests,
we're
going
to
add
another
filter
option.
D
So
one
thing
that
we've
found
at
get
lab
is
that
sometimes
we
want
to
look
at
these
metrics
but
exclude
the
contributions
made
from
external
contributors,
community
members
and
so
we're
going
to
add
a
filter
that
will
allow
you
to
do
that
either
by
saying
does
not
equal
contributor,
which
is
a
label
that
we
use
or
by
based
on
the
access
level
that
the
user
has.
So
you
could
specify
minimum
of
a
developer
level
and
that
would
exclude
any
guest
contributions
so
that
you
can
see
what
your
internal
teams
are
delivering.
D
Thank
you.
I'm
gonna
stop
sharing
and
flip
over
to
questions.
A
Yeah,
I
just
had
a
few
comments.
I
think
the
first
one
was
to
say
just
thank
you
for
pivoting
on
the
adoption
report.
I
think
that
there's
a
lot
of
small
changes
there
that
are
gonna
address
some
of
the
concerns
and
I'm
really
excited
to
see
that
feature
at
the
group
level
as
you
pivot.
I
think
just
keep
in
mind
where
the
future
of
that
feature
is
going
because
the
current
report,
with
the
you
know
the
the
the
boolean
the
filled
in
dots.
A
We
want
to
move
beyond
that
eventually,
so
it's
important
that
we
kind
of
like
keep
that
in
mind
what
future
visualizations
we
want
to
make
sure
we're
not
we're.
Keeping
that
in
mind,
as
we
kind
of
like
lay
the
foundation
for
this
at
the
group
level.
A
The
other
thing
is
to
say
just
thanks
a
lot
on
to
for
focusing
on
usability
like
you
were
talking
about
the
busy
status
and
it's
like
a
general
comment,
because
I
can
see
usability
as
like
a
focus
on
all
the
things
everyone
is
working
on
like
harris.
You
talked
about.
You
know
the
pagination
and
some
thought
that
you
went
into
there
to
make
sure
it's
a
great
feature.
A
Matt
you're
like
very
thoughtful
about
the
user
experience
with
the
compliance
frameworks,
and
I
think
that,
like
the
busy
status
that
you
talked
about
larissa,
it's
not
directly
related
to
like
our
immediate
goals
that
we
kind
of
have
shifted
towards.
But
it's
still
like
a
great
addition.
It's
going
to
make
the
product
more
lovable.
So
thank
you
all
for
focusing
usability
and
then
I'm
really
excited
to
see
the
mr
analytics
improvements.
A
So
please
consider,
as
that
gets
built
out,
continuing
to
drive
internal
adoption
of
that
telling
you
know
making
sure
you're
talking
about
this
and
with
engineering
leadership
and
making
sure
that
we're
getting
feedback
from
folks
to
make
sure
that
this
is
something
that
we
can
start
using
internally,
because
I
think
that
we've
still
get
to
get
like
a
ton
of
traction
with
this
feature.
But
people
are
excited
about
where
it's
going
so
great
stuff.
D
I
think
I
think,
there's
a
lot
more.
We
can
do
on
the
internal
adoption
as
we
get
closer
to
meeting
the
needs
yeah.
So
that's
a
great
point.
Thank
you.
A
At
one
point,
our
goal
was
to
get
all
to
remove
the
need
to
have
any
engineering
productivity
charts
in
sci-sense
and
to
have
them
all
embedded
in
the
handbook,
so
that
still
is
like
a
worthy
goal.
A
It,
I
still
think
devops
reports
is
the
most
valuable
and
highest
roi
feature
that
we
have,
but
I
think
that
that's
also
like
an
interesting
goal
to
keep
in
mind,
for
maybe
this
year
to
say:
hey,
how
can
we
pull
as
many
of
those
engineering
productivity,
charts
out
of
size
sense
and
into
the
handbook,
so
you
can
just
embed
them
correctly.
I
think
it'd
be
pretty
cool.
C
I'm
all
I'm
very
excited
about
just
using
all
analytics
features,
not
just
monthly.
So
there's
a
please
consider
just
using
me
if
you
feel
like
there's
anything
that
you
know
we
could
get
value
out
of
at
I'd
like
to
try
it
and
give
you
feedback
on
it.
So
just
you
know
use.