►
From YouTube: Iteration Retro 14.5 - Secure:Composition Analysis
A
Okay,
hello,
everyone
and
welcome
to
the
first
ever
iteration
retrospective
for
composition,
analysis
group,
and
today
I
guess
we
like
for
for
this
retro.
We
have
two
issue:
the
preposition
one
is
for
me
and
I
just
like
added
it
as
a
kind
of
placeholder,
because
it's
not
finished
and
probably
we
can
discuss
it
later,
and
there
is
one
issue
proposed
by
fabian
about
support
proxy
settings
of
retargets,
and
I
think
that
we
should
discuss
this.
One.
A
B
Yeah,
so
you
know
where
this
was.
This
was
about
adding
support
for
http
and
https
for
keys
in
the
retire.js
analyzer,
and
it's
it's
important
to
share
a
bit
of
the
background.
We
we
had
a
community
contribution
to
implement
that
feature
long
ago
created
long
ago,
but
tests
were
missing.
It's
it's
a
bit,
tricky
to
to
test
that,
and
also
what
else
about
the
context
so
yeah.
So
we
we
had
these
magic
requests
created
long
ago.
We
had
to
remember
things:
oh
yeah,
30
and
10
13.
B
B
B
B
I
mean
it's,
it's
not
it's
not
unusual,
but
in
this
particular
case
I
kept
switching
between
analyzer
the
analyzer
project,
that
is
a
retired
gs
and
the
test
project
because
it
had
to
be
tested
using
an
external
test
project,
and
that
was
that
was
that
was
well
annoying
for
one
thing,
but
also
time
consuming
so
yeah.
Sometimes
it's
a
necessary
thing.
B
B
B
C
C
I
I
just
want
to
make
sure
we
are
focusing
on
on
the
deterioration
value
here,
because
part
of
the
retro
you're
showing
here
is
worse
discussing,
but
it's
more
like
a
general
retrospective
feedback
rather
than
what's
really
matters
for
the
iteration
value.
Specifically,
I
think
the
third
point
is
more
relevant
to
that
yeah.
So
I
will
leave
you
continue
with
this,
but
I
just
wanted
to
make
sure
that
it's
clear
that
this
is
about
the
iteration
value
rather
than
general
retrospective.
B
Yes
thanks
for
saying
that,
because
I
does
and
I'm
new
to
this
exercise,
so
thank
you.
So
yes,
third
point
is
totally
about
that.
I
I
wanted
to
support
both
http
and
https
proxies
and,
but
eventually
I
realized
that
http
proxies
are
not
needy.
In
that
case,
we
don't
because
it's
not
secure
and
we
only
we
only
care
for
secure
things,
features
and
yeah.
I
guess
by
better
refining
the
issue.
B
Yeah,
possibly,
and
but
I
think
I
think
I
was
influenced
by
the
way
the
issue
created
by
customer
by
the
way
was
framed.
The
issue
was
http
proxy
support,
okay,
so
all
sorts
of
proxies,
and
when
we
I
mean
we
engineers
in
this
secure
composition,
analysis
group
create
issues
we
well.
Maybe
we
we
would
have.
B
C
Yeah,
it's
always
easier
afterwards,
obviously
yeah,
but
but
I
think
that's
a
good
point
of
keeping
that
in
mind.
When
doing
the
refinement.
It's
clear
right
now
that
yeah
it
could
have
been
spotted
during
the
refinement.
So
this
is
maybe
some
tool
that
we
can
keep
in
mind
when,
during
refinements
to
constantly
re-read
the
implementation
panel,
maybe
and
see
what
are
the
separate
bits
that
could
be
extracted.
Maybe-
and
maybe
it's
not
a
good
candidate
but
at
least
asking
the
question
making
the
exercise
could
be
an
interesting
step.
B
A
B
Do
you
see
what
I
mean,
because
if
you
think
about
it,
you
think
at
the
practical
level
you
think
about
the
test?
Okay,
you
think
about
the
integration
test.
Wait
a
minute.
I
need
two
tests.
I
need
two
two
setups,
because
there
is
http
proxy
support
and
then
https
proxy
support.
Okay,
then
it's
kind
of
obvious
that
oh
two
is
more
than
one.
A
D
D
How
to
write
the
test
properly
right,
so
I
think
if
we
were
to
take
a
iteration
kind
of
feedback,
I
think
the
key
is
maybe
either
you
know.
I
think
you
mentioned
the
new
integration
test
suite,
but
also
like
make
it
more
accessible
or
at
least
guide
them
further
down
the
path
about
what
it
means
to
have.
B
I
I
I've
got
mixed
big
things.
I
mean
I
agree,
yeah
it
would
help
in.
In
most
cases
I
mean
we
don't
have
that
many
community
contributions,
but
normally
that
would
help.
But
in
that
particular
case,
this
test
for
us
http
proxies
is
a
first
was
a
first
and
it's
it's
not
the
first
email.
It's
it's
now
something
we
can
document
and
we
can
explain
users.
D
B
Yeah,
it
was
a
bit
more
nervous
that
we
said
we
need
tests
and
we
don't
have
capacity
for
that.
Do
you,
and
if
you,
if
you
do,
then
we
we
might
have
well,
we
wish
we'll.
We
will
help
you
something
like
that,
but
to
your
point,
it's
even
worse
than
that.
I
mean
it's
changing,
but
it's
worse
than
that.
B
A
Okay,
so
like
as
we're
running
of
time,
I
just
like
proposed
to
like
we
discuss
the
issue
in
full
right
now,
and
I
propose
to
just
get
back
to
the
questions
that
we
have
to
answer,
and
this
question
was
I
I
wrote
them
so
like.
I'm
not
sure
it's
a
great
one,
but
it's
like
a
good
place
to
start
and
yeah.
D
Well,
in
my
mind,
and
going
back
to
what
we're
talking
like
the
first
part
of
iteration,
was,
was
making
it
as
like,
I'm
not
even
looking
at
what
fabian
did
like
fabian's
implementation,
I'm
really
looking
at
what
would
have
been
the
next
iterative
step
to
allow
the
community
contributor
to
actually
get
as
close
as
possible
to
merging
this
right
and
and
to
me
it's.
It
was
task
test
for
the
blocker
right,
so
to
me,
the
the
opportunities
would
have
been
to
allow
them
to
to
create
a
test.
D
Maybe
just
just
I
don't
know
some
some
step
towards
what
it
would
have
looked
like
in
ci,
which
maybe
would
have
been.
Can
you
test
this
locally
like?
How
would
you
test
this
locally?
How
would
you
create
this
locally?
How
would
you
do
this
manually
and
then
take
that
manual
step
and
throw
it
into
a
like
a
looking
into
a
ci
script
right,
because
to
me
like
that's
how
I
test
right,
like
I
do
it
locally.
D
When
I
see
how
can
I
turn
this
into
a
ci
job,
and
so
maybe
in
the
future,
as
fabian
said,
if
we
don't
know
how
something
is
done,
we
could
ask
them
like
you
need
clearly
that
person
needed
this
feature.
How
are
you
using
it
and
then
maybe
we
could
go
from
there
and
help
them
show
us.
Your
use
case
show
us
how
you
do
this
locally
in
your
bash
shell,
and
then
we
can
see
how
we
can
turn
that
into
a
job.
D
And
just
to
mention
like
sometimes
when
we
write
like
we
implement
a
feature
and
then
we
write
integration
tests
for
it.
That
is
our
like.
I
think,
we've
seen
it
before
right,
like
our
you
know,
for
example,
our
our
test
integration
project
like
java
maven.
Those
are
our
idealized
thoughts
about
how
a
project
would
look
would
look,
but
I
you
know
I
I
would
much
rather
have
a
user
come
and
say
here's.
D
What
my
use
case
is
here's,
how
I'm
going
to
use
retire.js
and
then
from
us
to
go
from
there
to
create
a
test
project
rather
than
us,
idealize,
whatever.
What
we
think
a
test
project
would
look
like
or
anything.
I
think
that
that
that
iterative
aspect
that
you
just
talked
about
to
tiana
would
work
both
ways
right.
It
would
really
help
us
to
actually
create
a
more
real-world
scenario,
because
we
know
at
least
one
person
did
it.
B
A
D
We
would
learn
from
that,
so
so
just
to
piggyback
off
them,
maybe
the
step
of
refinement.
I
apologize
for
talking
too
much,
but
the
step
of
refinement
could
be
if
it
comes
from
a
user
to
actually
ask
them
for
a
test
project
right,
maybe
that,
like
if
a
user
reported
it
can
we
just.
I
might
not
call
us
too
much
to
reach
out
to
them
and
ask
you
know
we're
looking
at
refining
this
issue.
D
B
A
Yeah,
and
so
we
have
last
question-
and
we
have
one
one
minute
into
till
the
end
of
this
meeting,
so
what
we
learned
and
what
we'll
do
differently-
and
I
guess
like
it
was
already
said
that
we
need
to
take
more
attention
to
refinement
of
the
customer
created
issues
and
you
probably
asked
should
ask
them
to
bring
their
own
test
projects
for
the
emergency
quest
right.
Okay,
so
I'll
add
these
answers
either
to
the
issue
as
a
comment,
and
you
can
like
add
more
things
asynchronously.