►
From YouTube: Package Group Conversation
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
And
I
was
typing
and
I
had
the
first
question
hit
him
I'll,
just
verbalize
it
and
then
I'll
type
it
as
after
I'm
revising
it.
I
was
reading
about
the
dependency
proxy
MVC
awesome
work
great.
To
see
that
out,
there
seems
like
the
benefits
for
customers
are
primarily
around
like
there's
a
security
concern
about
I.
Don't
want
to
have
to
be
having
outbound
connections
from
myitlab
server,
as
well
as
a
speed
concern
and
I'm
wondering
if
you've
gotten
any
early
feedback
from
customers
about
whether
those
what
kind
of
improvements
they've
been
seeing.
A
Now
that
they've
been
using
the
dependent
party
feature
not
yet
the
MVC
of
the
dependency
proxy
is
currently
with
it
limited
to
self
installed
instances
that
are
using
Puma,
it's
not
approved
yet
for
unicorn.
So
it's
kind
of
people
who
are
using
it
only
in
custom
installs,
but
for
now
the
main
benefit
is
speed
because
it
will
download
the
blobs
for
the
images
for
use
for
future
use.
We
haven't
added
any
of
the
security
features,
yet
so
no
no
early
customer
feedback,
but
we're
hoping
to
get
that
in
the
coming
months.
A
B
A
That's
that's
a
great
question
so
for
me,
the
first
thing
that
we
need
to
clear
up
is:
we
have
some
critical
issues
around
our
NPM
registry
that
are
blocking
JavaScript
developers
from
using
it.
We
have
we're
having
issues
with
authentication
and
we
currently
don't
support
subgroups,
which
is
a
big
problem
for
a
lot
of
our
enterprise
customers,
so
sort
of
solving
those
problems
they're
a
little
bit
smaller,
but
they're
important.
A
We
definitely
have
active
JavaScript
community
on
gitlab
and
then
a
big
area
of
that
we're
investing
in
is
the
container
registry,
so
the
container
registry
has
been
around
for
a
couple
of
years.
It
works
really.
Well,
it's
our
most
used
product
in
the
packaged
stage.
Our
most
used
feature,
but
it's
limited
in
what
it
could
do
in
terms
of
we
can't
run
inline
garbage
collection.
We
really
want
to
add
retention
and
expiration
policies
to
help
admins
and
maintainer
x'
manage
their
storage
usage
and
lower
the
cost
of
git
lab.
Overall.
A
That
includes
foreget
lab
comm
by
the
way,
and
then
we
want
to
add
in
nicer
UI
features,
so
we
could
make
the
UI
more
usable
for
large
teams,
things
like
sorting
and
filtering
and
search,
for
instance,
beyond
that,
there's
also
outside
that
beyond.
There's
also,
this
need
to
be
adding
a
net
new
package
manager
integration
so
right
now
we're
working
on
Conan,
which
is
a
c
plus
c
and
c++
package
manager
that
will
hopefully
be
released
in
12:1,
and
we
are
doing
some
user
research
around.
A
C
Muted
was
looking
for
the
epic
learning
that
in
the
dark
yeah,
it's
not
really
a
question,
but
I
wonder
if
there
are
some
discussions
with
the
PM's,
you
know
team
to
synchronize
on
the
languages
or
the
package
managers
to
make
sure
that,
for
example,
if
we
say
we
support
NPM,
we
support
in
p.m.
for
the
dependencies,
the
package
manager
and
upon
that
and
that,
instead
of
getting
completely,
you
know,
not
aligned
features
on
this
language.
It's
like
each
managers
that
make
sense
I.
A
Think
it's
a
great
idea:
it's
not
something
that
I've
done
yet,
but
I
I'll.
Take
that
as
a
note
as
a
follow-up
item,
because
I
do
think.
That's
really
important
that
we're
telling
one
story
to
our
prospects
and
to
our
customers
that
we
support
NPM,
it's
supported
throughout
the
product.
I
could
follow
up
on
that
and
make
sure
that
we
that
we're
moving
in
that
direction.
A
A
A
Let
me
caveat
this
by
saying:
I
haven't
actually
seen
their
product,
yet
I
signed
up
for
the
beta,
but
I'm
haven't
been
invited
yet,
but
it
seems
like
what
they've
done
is
they've
added
an
extra
layer
to
github
search
where
you
could
search
for
packages
or
dependencies
by
language,
so
I
could
search
for
Alpine,
for
instance,
and
it'll
show
up
once
you're
on
the
specific
package.
They
have
on
that
page,
some
history
about
that
specific
package
where
it
came
from
how
many
versions
it's
it's
been
bumped
and
you
can
it'll.
A
They
have
actually
commands
for
install
this
into
my
NPM
registry
or
into
my
maven
repository,
and
you
install
specific
packages
there.
It's
not
the
same
as
what
we're
doing,
which
is
saying
you
will
have
a
project
specific
registry
or
that
you
can
push
and
pull
packages
from
as
a
team
they've
taken
this
stance
that
or
this
opinion
that
ninety
from
their
research
96%
of
external
dependencies
are
downloaded.
A
Not
built
by
development
teams,
so
I
thought
that
was
an
interesting
take
I've
seen
I
haven't
conducted
probably
the
same
level
of
research
that
they
have,
but
from
what
I'm,
seeing
it's
about
60
40,
60
percent,
being
the
packages
that
or
dependencies
that
are
built
by
the
actual
development
team
and
40
percent
that
are
grabbed
from
external
sources.
So
I
think
we
need
to
that's
something
sort
of
a
difference
in
opinion
that
we
need
to
validate,
but
I
am
impressed
by
their
velocity
in
which
they've
added
languages.
A
A
D
I
think
so
far
we've
been
pulling
up
a
little
bit
slowly.
It
feels
like,
although
I
think
we
actually
have
to
a
really
good
start,
I
think
we're
finding
in
terms
of
hiring
we've,
been
able
to
make
use
of
an
existing
pipeline
that
the
organization
had
in
place,
which
is
extremely
helpful,
I
think
the
sort
of
Buddy
Program
in
terms
of
my
onboarding
as
I
came
on
after
Tim
Tim
was
out
really
core
member,
which
was
which
was
good
for
a
product
organization.
D
Obviously
it
was,
it
was
good
to
be
onboard
and
have
a
buddy
in
Darby
for
a
game
a
little
help.
Just
at
a
personal
level.
Those
sort
of
things
are
really
helpful
in
terms
of
getting
up
to
speed,
quickly.
I
think
the
fastboot
program
might
be
helpful
and-
and
that's
been
really
good
value,
I
think
for
other
teams
and
being
able
to
do
that,
which
is
a
program
that
allows
us
to
sort
of
put
everyone
together
and
it's
something
I'm
thinking
about
making
a
case
for
I.
D
Think
some
of
the
struggles
we've
had
is
just
the
way
that
our
team
has
been
started
up
has
been
sort
of
without
the
domain
expertise
in
the
team,
which
seems
to
be
sort
of
more
of
a
common
pattern,
with
the
way
that
teams
get
spun
up
at
gitlab
as
far
as
I've
been
able
to
determine.
So
that
would
be
people
who
are
like
me,
Nomar
and
Camille,
and
obviously
disease,
not
in
you
know,
in
anyone's
team,
but
in
everyone's
team.
So
some
of
the
domain
expertise
has
been
a
little
bit.
D
It's
it's.
It's
a
look,
I
think
it's
some
ways,
it's
more
difficult
to
have
those
people,
not
in
a
team,
but
you
know
that
all
of
those
people
have
been
so
generous
with
their
time.
I'm
so
I
feel
like
this
is
a
model
that
can
actually
work,
but
we're
still
in
the
process
of
onboarding.
Our
first
back-end
engineer
who's.
You
know
a
month
in
or
thereabout
and
he's
doing
great
work
and
we're
really
excited
to
have
everyone
on
the
team,
so
I
think
in
terms
of
best
practices.
D
I
feel
like,
if
we're
starting
a
team
up
from
like
from
nothing
having
those
people
who
are
the
domain
experts
in
those
particular
areas
that
that
team
is
just
meant
to
cover
making
sure
they're
aware
that
there
will
be
obviously
expectations
on
their
time
and
everyone's
been
awesome.
So
there's
no
there's
no
problem
there
and
then
sort
of
maybe
having
a
clear
idea
of
what
our
sort
of
primary
goal
is.
D
As
a
team
is
really
helpful
and
our
big
focus
as
as
Tim's
put
so
well
as
thin
around
the
sort
of
a
couple
of
maturity,
things
with
the
package
registries
and
then
the
container
registry
is
a
huge
priority.
Just
given
the
the
impact
it's
having
on
on
your
level
comments
and
some
of
our
large
on-premise
customers,
I,
don't
know.
If
answers
your
question.
Yeah.
A
It
does
you
started
off
saying
that
you
thought
it
was
going
slow,
I,
guess
I
in
my
mind,
if
you
told
me
in
February
or
something
that
we'd
have
a
10
person
packaged
team
by
September,
which
is
what
this
slide
says,
we
would
have
new
team
members.
Starting
I
would
think
that
would
be
a
success,
so
I
consider
it
as
such.
Yeah.
D
E
Can
have
a
couple
thoughts
if
you
want
me
to
interject
about
hiring
specifically,
which
is
you
know.
We
have
obviously
the
pipeline
program
which
helps
a
lot
for
directing
a
talent,
particular
areas
of
focus,
so
I
think
that
helps
a
lot
for,
particularly
for
folks
that
are
interested,
not
necessarily
in
a
particular
area,
but
we're
just
getting
into
get
lab
from
a
development
perspective
and
I
think
that's
helped
the
hiring
program.
A
lot
I
think
it's
important
to
recognize
that
you
know
our
pipeline
capability
in
our
hiring
process
has
really
come
to.
E
You
know
that
I
would
I,
don't
know,
have
this
six,
but
I
would
guess
it's
somewhere
in
that
30
to
60
range
before
30
to
60
days,
maybe
even
60,
to
90
days
before
we
really
see
any
effect
associated
with
it.
So
you
have
to
be
very
cognizant
of
the
fact
that
you
know
we
have
an
effective
way
to
hire
folks,
but
it
does
take
time
to
adjust
and
associate
with
that.
E
So
if
you're
using
lagging
indicators,
just
expect
that
that's
not
going
to
be
an
immediate
fix
to
a
problem,
this
kind
of
might
might
take
on
from
up
hiring
for
effective
way
to
do
it,
but
we
have
been
higher.
You
know
hiring
effectively,
it's
just
it's
a
volume
thing,
not
a
knot
of
loss
that
a
latency
thing
at
this
point,
yeah.
A
E
A
C
And
I
apologize
for
the
lazy
equations,
probably
somewhere
in
the
vision
but
I
redone
right
now,
I
wonder
if
we
have
something
in
your
plans
to
add
security
features
for
the
dependency
proxy
I'm
thinking
features
similar
to
what
artifactory
is
doing
because
I've
never
seen
a
customer
support
is
not
using
Alta
Factory
and
they
have
some
needs
to
isolate
their
s
DMC
from
the
outside,
so
they
had
target
network
and
don't
want
to
be
able
to
download
anything
outside
of
the
network.
That
means
it's
not
really
a
proxy.
C
It's
a
proxy
that
will
also
filter
out
what
are
the
approved
dependencies
there
and
Marc
told
us
to
think
big
so
from
there
we
can
go
a
lot
further
than
that.
We
can
imagine,
for
example,
scanning
these
dependencies
on
a
regular
basis.
We
can
imagine
notifying
all
the
teams
if
one
of
the
dependency
that
has
been
approved
and
developed
locally
has
been
updated
so
that
the
wall
company
knows
that
the
new
version
is
available
and
what
are
the
changes?
C
A
They're
they're
loose
plans
now
because
we're
not
actively
working
on
it.
The
first
thing
will
be
to
just
expand,
support
and
roll
out
broad
support
of
the
dependency
proxy
in
the
product.
So
I
mentioned,
you
know
making
sure
that
it
works
with
unicorn
web
servers
and
that
we
add
authentication
once
we
have
that
and
it's
working
one
of
the
more
advanced
security
features
we'll
add
in
is
an
approved
and
banned
list
of
packages
I'm.
C
A
C
A
F
A
Are
you
talking
to
some
customers
who
have
they're
using
terabytes
many
terabytes
of
storage
for
their
container
registries,
so
giving
them
tools
to
one
relieve
that
pain
and
shrink
it
down
to
a
more
reasonable
amount
and
then
to
manage
it
programmatically
with
retention
and
expiration
policies?
Cool.
Thank
you
no
problem.
A
The
original
question
was
on
slide.
Six,
which
is
most
important.
I
could
talk
to
that
quick
too.
Just
to
say
we're
actively
working
on
Conan
and
nougat
is
the
dotnet
package
manager
is
our
highest
three
most
requested
package
manager,
integration
and
talking
to
a
few
users
about
what
they
would
like
to
do
with
that
and
what
their
expectations
would
be.
A
After
that,
you
know
we
have
a
use
case
for
rubygems
internally,
so
I
like
the
idea
of
enabling
our
own
company
dog
food
and
to
use
our
product.
So
that
would
be
great.
But
so
you
know
there's
this
recent
announcement
yesterday
from
Azure
DevOps
that
they're
supporting
helm,
charts
within
their
container
registry
and
I
just
had
a
conversation
with
it
seems
like
that
might
be
something
we
can
support
with
less
effort.