►
From YouTube: Pipeline Security team meeting APAC 2023-05-11
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
So
let
us
know
what
you
think
if,
if
it's
a
good
idea
or
not,
and
if
we
should
improve
it
second
point
is
some
new
AI
features
that
we,
the
team,
delivers
across
gitlab.
So
if
you
didn't
see
those
like,
we
shipped
quite
a
few
in
the
past
few
weeks,.
A
And
next
point
was
about
the
engineering
all
hands
that
happened
last
week
where
we
discussed
about
division
for
engineering,
and
we
CTO
discuss
about
a
new
budget
for
teams
member
to
to
meet
where
we
are
still
discussing
about
the
details
of
how
this
will
look
like.
But
apparently
we
might
be
eligible
for
like
a
500,
US
dollar
per
team
members
for
Q2.
A
If
people
want
to
to
meet
and
organize
something
so
we're
still
discussing
with
verify
if
we
might
be
able
to
do
something
together
like
depending
on
the
different
regions,
so
stay
tuned
for
more
details,
and
last
point
was
about
the
variable
AMA
that
we
hosted
on
Monday,
where
we
ask
a
bunch
of
questions
to,
for
can
Mario,
say
and
Fabio,
and
we
got
a
lot
of
answers.
A
A
All
right
for
the
discussion
topic,
one
thing
I
wanted
to
gather
feedback
on
was
on
the
issue:
templating
stuff,
where
pipeline
authoring
is
using
a
template
issue
which
I
find
it
relevant
and
consistent
with
the
work
they're
focusing
on
and
doing
so,
it's
very
clear
like
what
are
we
working
on?
Why
are
we
working
on
this
and
what
is
the
expected
result?
A
As
Albert
mentioned
on
the
given
issue,
and
when
jumping
across
different
issues
like
we
don't
need
to
read
like
all
the
different
comments
and
like
the
structure
is
the
same,
so
it
helps
the
team
to
organize
things
better
and
kind
of
differentiate
between
like
okay.
Is
this
issue
part
of
a
front-end
one,
the
backend
one?
What
are
we
waiting
on
this
one?
So
I
wanted
to
get
some
feedback
on
your
site
if
we
should
start
doing
something
like
that
for
our
team
Albert.
Do
you
want
to
verbalize
your
point.
B
Yeah
I'm,
just
wondering
I
think
we
should
add
a
section
on
like
what
do
we
expect
out
of
an
issue
like
I
think
this
can
be
either
like
business
benefits
or
any
Improvement
that
we
expect
to
get
just
so
that
we
have
an
idea
of
what
we
are
contributing
as
a
team,
rather
than
just
completing
a
task.
A
B
But
anyone
like
I
think
a
person
who
writes
the
issue
should
try
to
find
that
answer.
I
mean
that
they
may
not
have
the
answer,
but
they
have
to-
or
at
least
they
need
to
find.
A
A
So
Eric
is
not
here
so
I'll
verbalize.
This
point
with
regard
to
impact
awareness.
Will
a
sub
header
performance
consideration
be
helpful
here,
so
something
to
to
consider
when
working
on
a
new
issue
like
always
be
aware
of
like?
Could
this
decrease
performance
or
like
anything,
we
should
think
of
that
could
trying
to
create
more
incidents,
especially
with
variables,
which
is
a
hot
topic
for
CD
pipeline?
A
C
B
I
think
it's
a
little
bit
different,
usually
except
this
criteria
will
be
more
in
terms
of
behavior
like
given
something
you
do
something
you
get
something
else,
but
the
result
I
was
thinking
more
about
business
impact
specifically.
B
That
I
think
you
said
I
think
he
also
brought
up
a
great
point
like
I
think
we
should
have
some
sort
of
acceptance
criteria
in
the
issue.
Yeah.
C
B
C
C
A
E
It
yeah
it
was,
and
we
I
think
I
remember.
We
also
created
a
template
because
of
to
kind
of
improve
the
process
around
just
the
whole
workflow
Improvement
in
general,
so
yeah.
E
Yeah
it
was
it
made
it
more
organized
and
also
I.
Think
one
of
the
things
we
tried
before
was
like
having
the
implementation
table
in
the
is
it
in
the
example.
So
we
would
have
an
implementation
table
and,
like
add
there,
all
of
the
related
Mrs
if
they're
back
in
their
front
end.
Just
so
like
it's
clear
where
we
are
like,
for
example,
if
an
issue
has
spawns
like
a
lot
of
Mrs
like
it's
clear
where
we
are
at
or
what
the
progress
is
at
the
moment
from
Just
One
Look
at
the
issue.
F
D
A
E
Yeah,
the
mr1
was
usually
when
we'd
copy
it
to
the
we
would
copy
the
table
in
the
description.
It's
also
helpful
for
the
reviewer
as
well,
so
that
they
would
know
right
away.
Okay,
we're
not
doing
everything
in
one
iteration,
like
some
things
are
already
planned
for
the
future,
so
yeah
they
take
it
into
consideration.
With
the
review.
B
A
A
A
Yeah
this
one
is
more
but
like
trying
to
get
an
understanding
in
How
We,
Do
AI
at
gitlab,
so
getting
familiar
with
the
documentation
getting
familiar
with
how
we
could
build
our
own
integration
and
understanding
things
better
so
to
to
continue
training
ourselves.
Is
that
something
that
makes
sense
for
everyone.
D
A
B
Yeah,
so
if
the
focus
is
on
how
like
we
can
add
such
features,
then
is
there
a
documentation
that
we
can
use
for
that
or
is
there
a
training,
yep.
A
C
A
And
we
have
like
another
Circle
where
we're
trying
to
focus
on
the
ux
initiative
to
compete
with
GitHub
and
focusing
like
small,
quick
wins
that
we
can
achieve.
So
this
one
is
enabled
like
ux
changes
that
we
are
making
unsafe
variables
and,
like
the
others,
one
the
other
ones
are
mainly
like
teams
occurs
from
the
within
verify,
pretty
much
the
same
that
we
had
for
q1.
F
B
B
Some
of
this
could
even
be
replica
or
duplicated
across
multiple
projects,
so
I'm
talking
to
I,
think
Auto,
Junction
and
also
maybe
more
engineering
productivity
people
about
this
to
see
which
secrets
are
probably
more
suitable
to
be
pulled
out
into
a
an
external
fault
and
then
within
the
project
pipelines.
We
refer
to
these
secrets
through
the
integration
rather
than
hard
coding
or
storing
everywhere.
B
Every
token
in
each
of
the
project,
saying
an
example
would
be
something
like
I
guess,
danger
token
yeah
I
think
it
could
be
something
like
that
might
be
duplicated
across
multiple
projects,
and
they
might
be
this.
They
might
actually
be
the
same
value
so
at
least
with
the
with
what
some
of
the
benefit
could
be
more
efficiency
when
we
need
to
rotate
the
sum
of
the
tokens.
B
So
if
we
have
them
stored
separately
in
every
project,
then
that
requires
us
to
do
that
many
times
manually,
replacing
values
when
we
just
need
to
notice
a
single
token,
but
having.
B
F
Main
thing
that
I
was
just
wondering
is:
if
we
used
vault
for
things
like
tokens,
and
things
like
that
right
now,
like
the
future
plan,
someday
would
be
to
have
our
own,
so
we
would
like
our
our
own
kind
of
Secret
store,
and,
and
so
we
would,
we
would
use
Vault
for
now
and
then
in
the
future.
We'd
have
to
switch
there's.
Also,
do
you
know
about
the
secret
files
feature
that
Darby
has
been
working
on
yep?
F
That
is
something
that's
a
bit
like
evolved
and
he
was
doing
it
to
because
for
mobile
devops
you
need.
C
F
Be
another
idea
just
just
throwing
some
ideas
out
there,
that
you
know
that
there
might
be
some
other
solution,
and
maybe
that
would
be
a
dog
fooding
that
might
give
us
the
information
we
need
to
fully
develop
our
own
Secret
store.
Based
off
of
that,
perhaps
not
saying
the
idea
is
bad,
it's
just
it.
It
I
just
reviewed
his
merge
request
this
morning,
updating
all
the
talks
about
it.
So
it's
fresh
on
my
mind.
A
Definitely
good
point
Marcel
and
something
else
we
need
to
think
about
Albert
would
be
to
try
also
different
providers,
so
we
can
abstract,
like
the
different
abstraction
from
like
all
the
solution
out
there,
like
the
solution
that
we
will
put
for
build
for.
Gitlab
should
not
be
like
a
replication
of
RC
corporate.
We
should
try
to
look.
C
C
C
C
No,
no
yeah
only.
B
C
C
D
Events
like
my
idea
for
the
hackathon
was
very
straightforward
to
improve
gitlab
CI
yaml
editor
because,
like
users
like
quotes
unknownly
like
overwrite
any
predefined
variables,
and
they
would
not
be
noticed
at
all
and
that's
the
basic
idea
to
highlight
such
are.
We
writing
in
the
editor
that
that
variable
already
exists
as
a
predefined
and
Etc.
C
A
A
We
could
make
to
compete
with
GitHub
to
improve
the
variable
creation,
Edition
page,
where
we're
thinking
about
getting
rid
of
the
model
and
adding
like
a
drawer
moving
things
around
on
the
form
where
right
now
you
have
both
text
fields
and
then
you
can
decide
if
the
variable
is
masked
or
not,
and
ptk
is
proposing
to
move
this
up
in
the
form
and
a
couple
of
tweaks
on
the
form
itself
to
improve
the
experience
for
the
user,
and
this
is
so
going.
Anyone
has
question
on
this.
A
B
The
native
the
secret
manager,
yeah
5B,
okay,
yeah,
just
move
on
to
the
next
one,
so
just
repeating
the
same
feedback
that
we
used
to
have
for
visiting
run
so
500
USD
is
very
limited
for
people
in
Apex
to
actually
meet
up
like
I.
Don't
think
it's
feasible
to
travel
within
500
USD
yeah.
Just
for
consideration.