►
From YouTube: GitLab Package Vision and Roadmap 2023
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello,
I'm
Tim
I'm,
the
PM
for
the
package
stage
and
today
I
wanted
to
spend
about
10
minutes,
just
highlighting
the
vision
and
direction
for
2023..
As
a
reminder,
our
three-year
vision
is
to
be
the
single
source
of
Truth
for
storing
and
distributing
dependencies
for
every
single
gitlab
customer.
We
believe
that
doing
this,
you
can
improve
developer
experience,
save
money
on
licensing
costs
and
maintenance
costs
just
to
re-highlight
the
value
of
gitlab
package.
By
centralizing
everything
you
can
reduce
context.
Switching
you
could
deploy
code
faster.
A
We
can
help
you
to
be
more
efficient
by
simplifying
authentication
and
authorization
and
then
also
more
secure
and
compliant
by
ensuring
you
are
testing
where
your
developers
are
and
that
any
known
vulnerabilities
are
addressed
as
soon
as
possible.
Thank
you.
The
next
sheet
is
kind
of
a
fact
sheet
of
the
different
product.
The
different
features
that
the
package
stage
has
I
won't
go
through
each
one,
but
each
of
these
links
to
the
documentation
and
you
could
read
more
about
how
they
work
and
how
to
use
them
so
back
to
the
three-year
strategy.
A
How
do
we
achieve
to
get
every?
How
do
we
help
all
of
our
customers
to
migrate
to
git
lab
well
to
start
in
2023,
we'll
focus
on
small
to
mid-sized
organizations?
For
that
we'll
ensure
that
gitlab
hosted
repositories,
work
seamlessly
at
scale
will
make
it
easier
to
migrate
to
gitlab
from
other
package
Registries
using
gitlab
Pipelines,
we'll
also
improve
the
interoperability
between
package
and
other
stages
at
gitlab,
specifically
in
2023,
we'll
heavily
focus
on
verify,
release
and
secure
in
2024,
we'll
start
to
help
large
Enterprises
migrate
off
of
artifactory.
A
To
do
this,
there's
a
few
key
hurdles
that
we'll
need
to
deliver.
The
first
is
the
dependency
proxy
working
with
any
external
container
registry,
not
just
Docker
Hub.
The
second
is
virtual
Registries
to
manage
all
the
different
external
package
repositories
you
may
have
and
then
also
delivering
a
lovable
experience
for
developers
and
administrators.
A
As
we
start
to
look
at
Enterprises,
larger
Enterprises,
it
becomes
more
important
to
measure
things
like
how
often
is
a
package
used
and
in
which
projects,
and
by
whom,
so
starting
to
deliver
that
experience
for
the
for
the
the
Enterprise
will
be
a
key
feature
in
2024
and
in
2025
we'll
shift
our
Focus.
Even
more
towards
security
and
compliance,
so
we'll
give
you
the
ability
to
verify
package
Integrity
from
one
place.
You
can
filter
Upstream
packages
to
include
only
approved
packages
or
just
delay,
updates
from
packages
that
have
been
recently
updated
under
suspicious
circumstances.
A
So
for
2023,
what
are
the
big
projects
that
we're
trying
to
move
forward?
The
First
theme
is
really
just
driving
monthly
active
users
for
the
stage
and
on
that
note,
there's
three
projects
that
I'd
like
to
highlight.
The
first
is
gitlab
workflows,
which
is
an
event
based
trigger
for
pipelines.
A
So,
for
instance,
you
could
run
a
pipeline
when
your
packet
automatically
run
a
pipeline
when
your
package
or
container
image
has
been
updated
to
run
Security
checks
or
compliance
checks,
or
any
of
anything
else
that
you
would
need
a
pipeline
for
we'll
also
make
it
easier
to
import
packages
from
artifact
or
sonotype,
using
gitlab
pipelines
for
all
of
our
GA
supported
formats
and
we're
also
adding
container
registry
monthly,
active
users.
Although
this
may
not
sound
graded
from
a
user
perspective.
A
On
the
second
theme
is
really
reducing
costs
and
for
this,
what
we'll
work
on
is
adding
data
transfer
controls
and
limits
for
the
container
and
package
Registries.
So
you
can
be
sure
that
you're,
not
that
you
don't
have
one
project
or
one
pipeline.
That's
accidentally
transferring
thousands
of
terabytes
of
data
every
month,
we'll
continue
on
the
cleanup
policies
for
the
for
the
package
registry,
we'll
continue
to
add
more
rules
and
on
the
security
and
compliance.
We'll
begin
to
add
sign
the
ability
to
sign
images
with
cosine.
A
A
We'll
work
through
these
in
priority
order
for
all
of
our
GA
formats
for
npm,
Maven,
Python,
nuget
and
terraform.
The
dependency
firewall
is
also
the
security
and
compliance
feature.
I
was
talking
about
where
you
can
filter
Upstream
dependencies.
You
can
think
of
of
this
as
jfrog's
x-ray
or
sonotypes
dependency
firewall.
A
This
is
an
important
feature,
especially
in
light
of
a
lot
of
the
dependency
confusion
and
type
of
squatting
attacks
in
the
past
year
for
the
container
industry,
I
didn't
mention
it
in
the
boulders
for
2023,
but
it
is
certainly
there
I
think
it
just
may
not
be
released
by
the
end
of
the
year,
but
the
self-managed
rollout
of
the
next-gen
container
registry.
This
will
come
with
performance
improvements,
online
garbage
collection
and
a
ton
of
new
features
that
will
only
be
available
in
this
version
of
the
registry.
A
We
are
going
to
do
a
long
overdue
UI
overhaul
of
the
container
registry,
UI
and
I
think
it's
also
worth
highlighting
for
the
dependency
proxy
that
will
expand
the
functionality
to
support
caching
images,
not
just
from
Docker
Hub,
but
from
any
container
registry,
including
Amazon
or
Google,
and
on
the
infrastructure
registry.
We
have
several
small
but
key
features,
adding
deploy,
token
support
and
adding
group
level
support.
I
do
think
we'll
be
able
to
sneak
these
in
2023,
and
we
also
have
several
cross-stage
research
topics
that
I
link
here.
A
Finally,
just
some
highlights
from
2022
we
launched
the
next-gen
container
registry
on.com,
which
included
huge
cost
savings
and
many
performance
improvements,
including
a
200x
performance
Improvement
of
the
of
the
cleanup
policies
we
updated,
the
docker
node
or
the
container
registry
notification
system.
This
will
allow
us
to
power
to
get
lab
workflows
for
the
container
registry
in
the
future.
A
I'm
confident
and
excited
because
the
package
stage
has
a
vibrant
and
active
community
of
contributors,
we're
investing
in
the
team
and
will
continue
to
grow
and
we're
already
delivering
a
highly
available
reliable
product
and
the
best
part
is.
We
have
engaged
customers
that
need
these
services
and-
and
these
features
thanks
for
tuning
in.
If
you
have
any
questions,
you
can
ping
me
in
the
issues
and
I'll
look
forward
to
talking
to
you.
There.