►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
B
Okay,
can
anybody
hear
me
okay?
So
the
first
item
would
be
the
post
mortem
of
sassed
outage
took
place
on
23rd
of
May
because
of
my
actions
related
to
retaining
the
darker
images
for
sat
two
related
to
the
need
of
fixing
the
prior
issue
with
doctor
file.
I
will
open
my
the
very
issue
who
share
my
screen
and
will
follow.
B
B
Okay,
so
the
incident
started
from
Cynthia
has
reported
that
customers
were
experiencing
issues
while
running
the
assessed
daughter,
image
of
11.11
stable
branch.
The
problem
was
that
the
binary
could
not
be
executed
on
the
linux-based
docker
image,
for
which
it
was
actually
intended
to
be
run
at
and
after
certain
steps,
mostly
executed
by
Phillip,
who
understood
the
source
of
the
problem
and
the
source
of
the
problem
is
expressed
in
cause
section.
B
B
B
We
had
option
to
create
additional
jobs
in
pipeline
temporary
jobs,
to
rebuild
those
images
and
retake
them,
and
the
second
option
was
manually
retaken
them
rebuilding
them
and
retaking
them
and
pushing
them
manually,
because
this
was
already
a
workaround
executed
previously
for
Anand
desk.
They
say
all
of
this
is
described
in
this
release.
Issue
I
have
chosen
to
execute
the
manor
rebuilding
retaking
and
pushing
those
docker
images,
which
was
obviously
incorrect,
because
I
didn't
take
into
account
that
I
am
rebuilding
on
Mac
operating
system.
B
B
I
have
described
here
in
strategy
to
avoid
in
future,
we
should
create
either
an
automated
script
or
set
of
manual
jobs
in
CI
plan
to
avoid
running
docker,
build
manually
from
local
machines,
and
we
should
adjust
our
deployment
process
in
general
to
cases
when
we
need
to
quickly
rebuild
retag
and
republish
the
tool.
But
we
don't
want
to
create
another
tag
in
git
repository.
A
Let
me
jump
in
an
ad
here.
Thank
you
for
going
through
this,
so
we
had
an
outage,
so
the
whole
point
of
what
to
me.
What
makes
this
conversation
important
is
its
identified,
what
is
most
likely
a
gap
in
our
process
that
releases
our
tools
to
our
customers,
that
we
need
to
figure
out
how
to
close
and
close
permanently.
A
So
the
point
of
doing
this
is
number
one
to
have
a
conversation,
so
we
all
learned
what
happened,
how
it
happened
in
Cu
clear,
so
we
all
can
avoid
this
particular
flow
in
the
future
and
number
two
to
have
it
to
have
a
discussion
either
through
the
issue
or
here
or
both
about
how
we
can
improve
and
close
this
process
gap.
So
I
want
to
make
sure
I
want
to
frame
it
conversation
in
that
way
and
with
that
hold
mute,
my
mic
and
let
them
let
everybody
have
the
conversation.
A
B
To
react
to
them,
especially
for
Philips
comment
that
it's
I
guess
it's
worth,
adding
to
the
handbook
or
our
section
of
handbook,
like
secure
stage
section
that
we
should
avoid
releasing
products
out
of
the
CII
plan
by
hand.
We
should
anyway,
keep
every
stage
of
our
release
process
inside
the
pipeline
to
have
it
reviewable,
observable
and
controllable
by
team
and
by
automated
tools.
C
C
Our
secret
analyzer
has
quite
a
bit
of
issues
that
we
need
to
address
that
we
we've
repeatedly
addressed,
but
basically
we
took
an
approach
to
building
that
out,
architecting
that
that
doesn't
seem
to
be
working
well
for
our
customers,
where
we
wrap
a
couple
tools,
one
get
leaks
and
one
truffle
hog
for
analyzing
secrets
within
get
repos
architectural
II.
There's
several
other
approaches
that
other
companies
have
taken.
C
So
I
think
that
we
should
have
a
conversation
on
redeveloping
that
and
deciding
if
we
want
to
and
before
we
move
on
to
things
that
are
in
the
kind
of
the
product
vision
for
security
attack,
the
secret
detection,
whether
or
not
we're
going
to
be
getting
more
code
debt
or
whether
we
should
proceed
as
is
so
I
guess
and
that's
others
have
many
comments.
I'll
just
create
an
issue
that
we
can
follow
up
on
that,
but
I
think
it's
an
important
enough
discussion
point
to
raise
here.
D
So
I'm
kind
of
coming
in
new
to
this,
so
I
just
wanted
to
throw
out
some
thoughts.
I,
don't
know
how
we
would
typically
our
standardly
handle
situations
like
this,
but
do
we
you
know,
do
we
generally
use
purchased
tools?
Do
we
build
tools
how
you
know?
If
so,
what
sort
of
research
do
we
do
around
this
to
make
sure
that
whatever
we
are
using,
is
performant
and
meets
the
needs.
C
Yeah,
so
I'll
go
ahead
and
find
the
initial
implementation
of
this,
because
there's
a
the
parent
issue
had
a
discovery
period
where
a
number
of
other
tools
are
analyzed
and
the
tech
that
was
decided
on
was
a
combination
of
three
different
tools
which
we
wrapped
for
most
of
our
analyzers.
We
wrap
up
source
tools
that
provide
options
for
scanning,
and
then
we
either
augment
on
top
of
that
contribute
upstream
or
just
our
if
the
tools
awesome
use
it
out
of
the
gate.
So
in
the
original
proposal,
which
I'll
link
right
here.
C
Point
C
under
number
two
is
the
original
proposal
on
discovery
and
one
two,
three
four,
some
a
tools
are
evaluated
and
get
least
the
first.
It
was
actually
quite
a
good
tool.
I
think
that
the
issue
is
that,
in
our
case,
we
have
specific
needs
that
we
need
to
evaluate,
in
one
case,
do
the
nature
of
our
security
paradigm.
We
need
to
do
things
like
scan,
introduced
secrets
between
two
commits
and
rather
than
do
a
full
history
scan
and
it
gives
doing
a
full
history
scan.
C
It
requires
a
different
tool
and
so
evaluating
these
tools
in
the
context
of
our
use
cases,
and
our
needs
is
something
that
we
need
to
reconsider
and
currently
one
of
the
biggest
issues
that
I
know
that
Victor
put
a
lot
of
time
into
was
our
secrets.
Analyzer
is
climbing
out
on
our
D
live
CD
Projekt,
which
is
a
best
a
mid-sized
project,
and
if
it's
timing
out
for
our
own
tools,
then
we
can't
have
a
lot
of
faith
that
that's
not
going
to
happen
for
customers,
especially
this
large
amount
of
repos.
C
E
D
Okay
again
and
I
apologize
I,
don't
know
if
this
is
the
the
proper
form
to
take
this
on
or
not,
but
do
we,
you
know
again,
come
in
and
new?
Do
we
typically
like
to
try
to
evolve,
or
you
know,
I
I'm
trying
to
figure
out
do?
Is
it
evolution
or
revolution
right?
Do
we
evolve
the
three
tools
that
we're
using
or
do
we?
You
know
recreate.
D
E
C
Think
I'd
say
a
little
bit
of
both
and
it's
yeah
I
think
I
would
say
more
revolution
in
this
case.
Currently
we
need
to
better
evaluate
whether
the
tools
were
using
right
now
should
continue
to
be
used
or
if
we
need
to
take
a
different
approach
from
the
ground
up.
So
ideally
that
would
result
in
from
the
discovery
issue
to
reevaluate
how
far
off
the
mark
or
current
rule
is,
and
then
that
determines
whether
or
not
it's
a
refactor
or
a
replacement.
C
E
E
B
C
B
Excuse
me,
Lucas
I,
wanted
to
quickly
jump
in
and
remind
you
that
not
only
the
tool
should
be
reevaluated,
which
I
would
which
I
agree,
but
also
the
unwinding.
The
full
history
of
committing
repository
was
the
main
bottleneck
during
this
time
out
that
caused
secrets
analyzer
to
time
out
of
the
get
lepsy
codebase,
so
I
guess.
We
should
also
really
evaluate
how
we
unwind
the
git
repository
to
scan
the
folk
history
for
secrets,
I
I.
C
Think
the
irony
of
that
one
is
that
that
that
bottleneck,
that
I
think
is
we
made
prematurely,
but
it
is
going
to
be
one
of
the
features
that
we
were
playing
on:
shipping
with
secret
detection,
so
I'm,
currently
like
it
leaks.
One
of
the
underlying
tools
has
a
start
commit
it's
like.
We
can
pass
to
say
start
scanning
from
this
point
onward,
which
we
should
be
using
in
the
first
place,
but
right
now
we're
doing
the
flatten
approach.
C
So
that's
why
I
think
it
might
just
be
an
issue
of
re
implementing
what
we
have
but
again
I'm,
not
sure,
but
that's
definitely
worth
capturing
if
we
want
to
make
notes
somewhere
on
the
questioners
like.
What's
the
problem
currently
yeah.
E
I
always
say
like
don't
help
me
do
this,
but
I'm
not
confident
right
now
that
enhancing
the
enhancing
secret
detection
to
viability
is
survivable
is
our
highest
priority
right.
So
it
might
end
up
being
that
we
have
to
live
with
this
pain
for
some
time,
because
we're
not
planning
on
investing
a
significant
amount
in
further
secret
detection
until
some
later
date.
So
that's
part
of
the
defining
the
viable
getting
it
to
viable.
E
A
Okay,
I
got
a
thumbs
up,
but
I've
got
silence.
Okay,
so
Annie
put
in
a
read-only,
so
sit
I'm,
so
secure
stage
slit
is
being
applied
to
UX.
So
please
keep
that
in
mind.
Read
that
item
in
our
agenda
I'm
going
to
just
plow
on
through
so
anyway,
as
has
been
noted
before
there's
someone
new
here,
so
everybody
welcome
to
hi.
A
All
righty
so
continuing
through
ISO,
as
noted
as
as
questioned
in
the
agenda
who
doesn't
have
access
to
periscope.
If
you
need
I'm,
putting
together
an
access
request
for
not
only
myself
and
anybody
else
who
needs
it
happy
to
batch
it
up,
because
there's
some
analytics
data
that
is
beginning
to
be
pushed
to
that
platform.
So
if
you
need
it,
please
add
a
comment
that
you
need
that
you
need
access
and
I'll
go
ahead
and
get
that
that
request
submitted
today.
A
So
your
deadline
for
to
be
part
of
my
batch
request
is
in
six
hours,
so
4
p.m.
Eastern,
Daylight,
Time
and
so
I'll.
Put
that
in
the
agenda
as
well.
Next
item
is,
a
comment
is
just
remind
everybody.
Octa
is
being
rolled
out
and
so
have
you
signed
up.
So
Cathy
is
noted
that
about
half
of
the
company
has
activated
their
active
accounts.
If
you
haven't,
please
do
so.
A
Full
disclosure
I
haven't
that's
part
of
my
to-do
list
for
today,
but
the
next
phase
is
them
verifying
that
one
that's
working
with
application,
stack
that
we've
identified
thus
far
and
also
do
a
gap
analysis
on
if
there's
tools
that
need
to
be
added
to
this
particular
authorization
platform.
So
please
participate.
If
you
haven't,
then
I've
got
a
read-only
Scooby
and.
E
E
A
All
right,
so
my
bad
okay,
so
there's
my
so
I
have
one
more
read-only
item
for
me
in
that
there
is
that
security
is,
is
testing
an
escalation
engine
for
seee
issues.
Please
read
and
understand:
what's
going
on
with
this
with
with
this
particular
process,
and
if
you
have
questions,
please
please
reach
out,
and
with
that
now
I'll
hand
it
to
Kenny
and
Kimmy.
You've
got
the
last
one:
okay.
E
Yeah
I
was
just
so.
This
is
something
that
Dalia
has
also
been
suggesting
should
be
a
new
standard,
especially
as
we
move
to
CD
that
product
should
maintain
a
consistent
prioritized
list
instead
of
like
grouping
them
into
into
specific
milestones.
This
is
easier
for
me
and
it
feels
very
I.
Don't
know
what
I'd
say
uncle
a
buret
of
the
process.
We
do
it
today
where
it's
like
Kenny
and
Nicole
does
the
same
thing.
We
create
a
list
and
we
hand
it
to
Thomas
and
you
and
the
team
evaluated.
E
Then
you
give
us
like
that,
doesn't
feel
like
how
we
should
be
doing
things
in
a
CD
world
and
so
really
I
have
that
I
spent
some
time
this
weekend,
trying
to
figure
it
out.
I.
Have
this
like
tactical
problem
of
I,
don't
know
how
to
provide
that
list.
I,
don't
know
how
to
take
a
set
of
issues
and
sequence
them
as
I
think
creating
a
Google
Doc,
which
feels
very
wrong.
I,
don't
know
if
anyone
else
has
experience
for
or
has
played
around
with
this
and
knows
how
to
do
it.
E
A
E
E
E
We
have
a
new
and
there's
been
an
ongoing
discussion
about
how
and
where
do
we
split
and
start
preparing
for
the
defend
section
I
had
mentioned
in
an
issue
about
that
that,
like
hey,
this
issue
might
get
forced
if
we
hire
starting
PM
4
and
we
did
a
pretty
strong
p.m.
we
created
a
new
leveling
for
product
managers
called
principal
product
manager
for
this
candidate.
So
he
will
be
starting
on
729
and
I
wanted
to
make
sure
everybody
was
aware
of
that
signed
yesterday,
hot
off
the
press.
E
I
can
so
we
do
like
a
usage.
Ping
will
be
in
periscope,
I
think
also
some
engineering
metrics
might
be
put
in
to
periscope,
so
there's
a
whole
bunch
of
stuff.
That
is
not.
That
would
be
useful
for
developers,
I'd
love
to
send
and
shared
periscope
reports
with
the
team
just
get
an
idea
of
how
the
products
being
used
and
then
Thomas
I'm
sure
you
have
some
other
use
cases
for
him.
The.
A
Throughput
metrics
that
are
important
up
upwards
when
reporting
up
through
engineering,
management's,
that's
being
moved,
they're
out
of
get
lab
calm
and
over
into
periscope.
That's
the
biggest
example
that
I
have
at
the
moment.
So
it's
it's
metrics,
there's
a
lot
of
metrics
that
are
gonna,
be
going
there,
and
if
you
want
to
know
how
our
puck
is
being
used,
it's
important
as
well,
especially
as
usage
thing,
gets,
migrated
over
I.
A
A
G
One
good
question
I
have,
it
seems
we
all
seem
to
be
inconsistent,
which
people
on
which
groups
I,
at
least
on
the
slack
groups,
for
example.
This
is
something
you
should
talk
about
in
general.
You
know,
maybe
because
at
the
moment
a
few
people
are
missing
from
the
secure
team
hander,
for
example,
yeah.
A
I
think
that's
wrapped
up
in
another
initiative
to
serve
establish
baseline
entitlements
for
engineers.
I
think
that's
part
of
that
I
think
would
be.
I
would
argue
that
that's
wrapped
up
in
that
item.
That's
another
thing.
That's
being
discussed
being
worked
on
as
well,
that
I
didn't
add
to
this
agenda.
Cuz
I
thought
we
were
pretty
full,
but
in
any
case
yes
agreed.
That
is
a
problem.
I
think
it
is
being
worked
on
at
least
I
hope
it
is
I'll
go
I'll,
go
what
where
somebody
can
go?
C
A
Made
some
minor
tweaks
to
to
process
so
with
grooming
we're
going
to
continue
to
do
it
async.
The
request
is
that
everyone
be
trying
to
groom
to
issues.
So
if
you
tell
me
so,
if
you
can
only
get
one
done
or
you
can
get,
none
done
don't
get
any
more.
The
the
idea
is
we're
we're
trying
to
help
ourselves
in
the
future
as
we're
trying
to
figure
out
what
we
can
do
in
future
releases.
A
So
the
if,
if
an
item
does
fail
to
be
stomach,
if
it's
not
ready
for
whatever
reason,
then
my
request
is
add
a
comment
on
the
issue
as
to
what
is
missing
and
unassigned
yourself,
and
then
that
way
we
leave
room
for
it
to
be,
but
for
us
to
be
able
to
pick
it
up
in
the
future
as
these
issues
become
more
fleshed
out
and
they
then
become
ready
for
us
to
and
gate
to
look
at
it
again.
A
I
want
to
talk
with
well,
we'll
have
a
further
conversation
about
this
and
slack
per
Kenny's
request
today
about
how
can
p.m.
help
us
give
us
better
input
into
what
we
will
be
grooming
and
and
we'll
take
a
look
at
it
and
either
promote
it.
Will
either
move
it
physically
out
of
our
view,
or
we
will
or
will
we
will
send
it
back
to
p.m.
or
something
will
we'll
figure
something
out,
whether
through
labels
or
through,
maybe
milestones
that's.