►
From YouTube: [REC] Key Meeting - Engineering (Public Stream)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
And
this
is
the
january
2021
engineering
key
review,
so
we're
covering
development,
quality
security
and
ux
metrics
support
and
infra
have
their
own
keys
key
reviews
so
that
in
the
agenda
it
looks
as
though
craig
has
the
first
question
number
five.
B
There's
less
of
a
question
yeah,
I'm
here
hello,
it
was
less
of
a
question.
It
was
more.
I
just
I
wanted
to
congratulate
the
team
on
completing
the
sock,
2
type
2
audit-
I
I
know
how
important
that
is
for
our
business,
so
just
wanted
to
give
a
shout
out
to
the
team.
I
saw
that
in
the
company
slack
channel
so
congrats.
A
Yeah,
it
was
a
big
big
win
by
security
department,
compliance
sub
department,
julia
and
and
all
her
team
and
for
context
about
90
of
of
initial
filings
have
findings
in
them,
and
ours
came
back
entirely
clean
on
the
first
shot.
So
I
was
really
well
well
executed
and
obviously
lots
of
prep
and
stuff
went
into
it.
A
And
jonathan,
do
you
want
to
say
more
said
as
a
or
said
you
can
voice
over
your
5c
yeah.
D
D
E
Yeah,
so
we
have
a
press
release
going
out
on
the
fourth
of
february,
which
is
yeah,
maybe
two
weeks
it'll
be
yeah.
No,
we
got
connected
with
the
external
coms
team
and
put
something
together,
real
nice
and
yeah
we're
going
to
add
a
bunch
of
stuff
we're
going
to
do
some
blogging
on
it.
E
Obviously,
it's
a
it's
a
piece
of
the
it's
a
permanent
piece
of
collateral
for
our
external
facing
customer
packages
that
our
sales
team
has
access
to
and
yeah
I
mean
we
definitely
have
to
play
with
that
logo
right.
A
lot
of
companies
like
to
put
all
those
certification
logos
on
their
pages,
just
gotta
find
the
right
place
for
it,
but
we're
definitely
gonna
do
that.
So.
D
E
Yeah,
no,
we
can
definitely
do
both
and
we
got
both
at
the
same
time,
which
is
also
unusual
by
the
way.
So
I
think
it's
really
great
to
to
know
that.
Not
only
do
we
have
a
sock,
two
type,
two,
no
findings
first
shot,
but
we
also
did
the
sock
three
at
the
same
time,
and
that
is
really
uncommon.
I
mean
I
it's
almost
unheard
of.
Most
companies
will
do
the
sock,
2
type
1,
the
sock,
2
type
2,
then
the
sock
3,
another
6
or
12
months
later,
when.
D
When
your
department
and
the
rest
said
like
hey
we're
just
going
to
do
everything
at
the
same
time,
just
wait
a
little
bit
longer
and
we'll
get
everything
I
was
like,
oh
against
the
iteration
value.
This
is
just
oh
no.
This
is,
but
I
I'm
very
glad
I
defer
to
the
dries-
and
this
is.
E
E
A
And
how
about
internal
communication,
like
I
know,
you're
you're
speaking
at
sco?
Do
we
I'm
sure,
there's
sales
people
that,
like
didn't
see
the
slack
messaging
company,
fyi
and
they're
they're
waiting
for
this?
What
are
we
going
to
do
internally
to
make
sure
they're
all
empowered
with
the
the
right
information.
E
Yeah,
I
have
a
sales
presentation
tomorrow
as
a
matter
of
fact,
so
I've
met
with
all
of
the
regional
directors
in
the
u.s.
No
all
the
regional
directors,
including
outside
the
us.
Over
the
last
week,
I've
been
shared
with
them,
the
sac
three
or
the
soc.
Sorry,
the
sock
two,
the
stock
two
is
also
part
of
the
security
assurance
package,
so
they've
all
been
advised
of
that.
I
have
a
presentation
tomorrow
and
we're
presenting
at
sco
and
the
slack
message
cool.
A
E
Yeah
the
great
thing
about
stock
3
is:
it
doesn't
require
nda
right
so,
like
it's
just
publicly
available,
so
you
can
go
to
amazon
and
find
their
soc3.
You
can
go
to
whoever
and
find
their
stock
3.
same
here
like
they.
Customers
can
get
it.
People
interested
in
git
lab
that
doesn't
reach
out
to
a
sales
team.
You
know
just
investigating
or
researching
gitlab
can
find
their
sock
3..
It's
all
publicly
available
the
sock
two.
E
The
reason
it
requires
some
sort
of
confidentiality
agreement
is
because
that
has
actual
prescriptive
internal
controls
of
how
we're
like
protecting
ourselves.
So
you
can
see
that
there's
some
power
there
on
how
to
formulate
attacks
against
gitlab
if
it
was
in
the
wrong
hands.
A
Cool
well
congrats
again
to
thank
you
and
julia
and
everybody
on
the
team.
Please
pass
that
along
so
sid
you've
got
number
six.
D
Yeah-
and
this
is
more
for
the
shadows-
I
think
christie
followed
the
instructions
to
a
t
with
the
countdown.
The
problem
is,
you
can't
really
predict
when
the
youtube
thing
will
go,
so
I
made
the
wrong
instructions,
so
maybe
we
should
change
it
into
public
stream
in
about
five
seconds.
Please
start
talking
as
soon
as
you
see
the
icon
in
the
top
left
corner
and
zoom,
or
something
like
that.
A
F
D
Thanks,
I
think
at
some
point
I
requested
a
metric,
I'm
not
sure
I
made
it
a
key
metric
of
number
of
people
with
access
to
the
production
database.
I
can't
find
it
in
the
key
metrics.
We
might
have
not
made
it
a
key
metric
and
mek
has
answers.
C
Yes,
just
helping
out
here,
we
did
capture
this
in
an
issue
and
I
believe
he
completed
it.
Steve
maybe
can
talk
more
on
this
regard.
G
I
can
yes,
and
I'm
just
grabbing
the
link
here
to
to
that.
If
you,
if
you
look
here,
we
actually
talked
about
this
morning
in
the
infrastructure
key
meeting,
we
have
this
production
risk
index,
which
is
a
way
for
us
to
not
only
report
on
the
access
to
the
rails
console,
but
also
what
we
want
to
do
is
look
at
a
an
overall
perspective
of
many
of
these
different
access
areas
where
we
have
risk
so
rails,
console
database
access
groups,
access
to
our
cloud
service
provider
consoles.
G
You
know,
shell
access
goes
on
and
on
and
on
and
so
right
now
we
have
a
start
of
this.
This
is
very
much
a
minimum,
viable
thing
and
we're
going
to
continue
to
iterate
on
it,
both
in
adding
new
sources
and
then
also
in
the
waiting-
and
I
commented
this
morning
like
the
waiting
that
we
have
right
now
on.
This
is
like
it's
totally
like
back
of
a
napkin.
We
just
started
with
some
general
waiting.
D
Yeah,
I
I
think
it's
already
pretty
complex,
so
I'm
I'm
not
complaining
about
the
the
mvc
state
or
anything
else.
You
just
don't
see
in
the
definition
how
you
measure
it
there's
an
index,
but
I
it
doesn't
say
how
how
that
index
is
calculated.
G
Yeah,
that's
it
that's
what
so
I'll
take
an
action
item
and
we'll,
I
think,
we'll
just
add
it
right,
I'm
trying
to
think
we
could.
We
can
add
it
within
the
the
dashboard
and
size
sense,
but
it's
probably
better
if
we
just
add
it
right
now,.
D
G
G
I'd
have
to,
I
have
to
remember
what
it
is,
but
let
me
let
me
see
if
I
go
to
the
issue,
if
I
have
it
in
there
right
now,
oh
here
it
is
so
for
right
now
we
have
four
items
in
there.
We
have
root
level
system
access.
G
We
have
production
database,
read,
write
access,
we
have
rails,
console
and
cabana
access
and
for
those
we
just
gave
relative
weighting
for
each
one
of
them,
with
root
access,
being
20
production,
database
being
18
rails,
being
14
and
kibana
being
eight
and
again
those
were
just
a
starting
point,
and
so
we
take
each
of
those.
And
so
if
there
are,
you
know
three
users,
of
course,
there's
more
than
three,
but
three
users
with
root
access.
Each
one
of
those
is
20,
that's
a
score
of
60..
G
Add
them
all
up
across
that,
and
then
we
divide
by
the
number
of
team
members
in
the
company,
because
some
of
these
things
are
company-wide
and
so
like,
for
example,
when
we
put
some
better
access,
controls
in
front
of,
for
example,
cabana
will
drastically
reduce
that
number,
but
it'll
still
be
divided
by
the
number
of
team
members.
So
that's
where
our
we'll
see
a
good
inflection
point
in
that
thanks.
D
D
Maybe
we
can
add
the
three
lines
or
something
or
maybe
I
would
like
one
line,
the
the
number
of
people
with
access
to
the
red
data
or
rails,
whatever
you're
you're
measuring,
but
I
would
love
that
line
as
well.
If
you
want
to
add
the
other
line
with
kibana
access
and
stuff,
like
that,
that's
fine,
but
I
I'm
I'm,
I'm
very
worried
about
that
and
I'd
like
to
see
the
actual
data,
because
I
find
it.
Although
I
agree
the
index
is
the
right
way
to
do
that.
I
find
it
hard
to
reason.
G
Yeah,
what
do
you
think
about
the
the
alternative
to
that
of
so
I'll
create
a
dashboard
that
has
not
only
the
index
chart
there,
but
has
some
of
the
other
source
item
charts?
I
guess
oh.
D
G
B
A
And
steve
no
reason
to
apologize
for
the
back
of
the
napkin
stuff.
If
it's
minimal
viable,
that's
something
we
celebrate,
we
don't.
We
don't
have
to
apologize
for
minimal,
viable
iterations.
The
first
step
to
a
car
is
the
skateboard.
D
And
actually,
you
should
apologize
that
you
just
didn't
do
a
skateboard,
because
the
simpler
version
would
have
been
just
the
red
data
and
just
account,
so
you
already
did
more
than
expected,
but,
like
we
saw
with
the
sock
compliance,
sometimes
it's
a
it's
a
great
thing
to
go
for
something
bigger
right
out
of
the
box.
So,
okay,
it's
all
good.
D
Welcome
thanks
and
thanks,
I
guess
steve
and
mack
that
this
data
is
there
and
the
follow-up
on
that
suggestion
was
so
good,
really
appreciate.
It.
A
Do
we
think
of
this
as
a
this
should
be
like
we're
talking
about
an
infrastructure
thing
in
the
engineering
queue
review,
which
is
everything
but
infrastructure
and
support?
This
is
a
security
thing,
should
it
be
in
the
security
family
of
kpi?
Should
it
be
at
my
level,
because
it's
that
important?
Where
do
we
want
to
place
this.
G
I
think,
at
least
from
my
perspective-
and
I
think
at
least
for
now,
I'm
happy
to
have
it
in
infrastructure.
I
mean,
if
anyone
feels
has
a
strong
opinion
else,
where
I'm
happy
to
move
it
too,
but
I'm
fine
for
being
in
infrastructure,
at
least
for
now.
H
I
feel
like
it's
an
infrastructure
because
you
own
the
access
and,
if
you're
going
to
prevent,
say
like
let's
say
you
said
well,
I
want
to
pull
out
more
of
development
or
even
you
know,
I
think
I
think
I'm
hoping
we're
down
to
like
two
or
three,
but
you
know
you
know
we
said
we
are
going
to
go
down
on
that
you'd
be
the
owner
of
that.
So
it
feels
like
it's
still
an
infrastructure,
metric
yeah.
G
A
Don't
know
if
it's
the
right
place,
that's
fine!
I
it's
it's
just
we
have
a
separate,
infra
key
review
and
it
keeps
leaking
out
into
here
as
well
as
support
metrics.
So
I
kind
of
want
to
roll
forward
on
that
and
go
back
to
my
idea
of
like
we're
kind
of
at
the
level
where
all
six
of
my
departments
could
have
their
own
key
review
versus
trying
to
lump
one
in
here
and
we
keep
we
keep
crossing
wires
and
stuff
so
I'll
I'll.
Take
that
offline
and
figure
out.
A
If,
if
we
can't
like
security's,
got
a
lot
of
important
stuff,
we
could
spend
30
minutes
on
that
every
month
or
eight
weeks
or
something
like
that,
and
that
might
be
a
better
solution
to
it.
So
I'll
propose
something.
A
Luckily,
we
always
run
under
time
here,
so
I
don't
mind
spending
the
time
on
something
important,
even
if
it's,
if
it's
outside
the
charter,
this
meeting,
that's
okay,
so
then
eight
said.
F
I
think
it's
because
your
heart
wants
what
I
want,
which
is
for
it
to
go
up.
No,
unfortunately,
not
yet.
We
are
right
now
running
the
q4
survey,
so
we
don't
know
what
our
q4
number
is
yet,
but
we
should
have
that
within
the
next
couple
of
weeks
before
the
new
quarter
starts
so
that'll
tell
us
a
little
bit
more
and
that'll
also
give
us
an
indication
of
what
our
q1
okr
should
be.
Oh.
A
Yeah,
it's
small
change,
but
the
target
is
currently
listed
as
75,
so
it
needs
directionality,
meaning
above
75,
because
some
charts
do
go
down
to
the
right
and
that's
okay
and
then
also
it's
unitless
and
I
think
that's
okay,
like
you
know,
alpha
and
physics
is
unitless.
That's
okay,
but
it
looks
like
we're
just
missing
unit,
because
there's
many
other
kpis
where
we
know
we
have
to
add
units.
So
if
we
just
call
out
no
units
like
it's
explicit,
then
we
know
we're
done.
This
is
the
right
thing.
A
B
B
A
I'll
share
my
screen
since
I'm
driving,
I
think
it's
meantime
remediation
sorry,
quality.
B
Yeah,
I
really
like
how
you
know
we
switched
the
pivots.
We
got
p1
p2,
measured
separately.
I've
taken
a
second
to
load
here,
but
you
know
I
really,
you
know
it
tells
the
story
well,
and
it
gives
me
a
sense
of
how
we're
doing
so.
B
If
you
remember,
we
were
having
the
conversation
about
whether
we
should
pivot
it
on
bug
open
date,
first,
but
closed
date.
We
landed
on
bug
close
date,
which
gives
a
much
more
accurate
view
of
you
know
how
we're
doing
in
terms
of
getting
stuff.
D
C
I'm
gonna
say
thank
you
credit
to
the
team
and
we
still
the
team
and
my
counterparts,
the
leaders
as
well.
We
have
a
lot
of
room
to
improve.
I
I
feel
like
you're,
all
very
generous,
because
s2
is,
is
going
up
and
I'm
getting
thanks.
So
there's
a
lot
of
room
to
improve,
still
and
we're
taking
this
to
to
our
q1
0krs
to
improve
with
the
counterparts.
Thank
you,
you're
getting.
D
H
So
mac-
and
I
discussed
this
yesterday
in
our
101-
and
these
are
the
overall
graphs
we're
going
to
focus
on
two
specific
teams
create
and
a
ci,
essentially
to
look
at
these
and
and
figure
out
how
best
to
make
sure
we're
driving
this
down
and
working
with
product
to
get
the
right
prioritization.
H
The
first
teams
we're
picking
because
they're
the
most
impactful
we
actually
are
doing
group
by
group,
and
we
felt
like
it's
best
to
start
with
the
most
impactful
groups,
regardless
of
where
they
are.
The
other
thing
to
note
here
is
one
thing
we
don't
show
is
the
open
bugs.
So
that's
one
thing
that
we
got
to
do
a
little
more
digging
on
the
data
just
for
full
transparency
because,
like
for
instance,
you
could
have
a
bug
that
just
sits
out
and
it
doesn't
ever
get
closed.
H
H
A
C
D
Okay,
cool
so
zooming
out
a
little
bit,
we're
probably
one
of
the
very
few
software
companies
at
our
scale
that
publishes
their
s2
closing
time
publicly.
It's
it's
quite
a
sight
and
I'm
very
proud
of
everyone
being
so
comfortable.
Having
that
data
public
and
discussing
this
openly.
A
All
right
does
anyone
have
a
number
10
on
the
agenda.
It's
currently
blank.