►
From YouTube: Iteration Retro 14.5 - Secure:Composition Analysis
A
Okay,
hello,
everyone
and
welcome
to
the
first
ever
iteration
retrospective
for
composition,
analysis
group,
and
today
I
guess
we
like
for
for
this
retro.
We
have
two
issue:
the
preposition
one
is
for
me
and
I
just
like
added
it
as
a
kind
of
placeholder,
because
it's
not
finished
and
probably
we
can
discuss
it
later,
and
there
is
one
issue
proposed
by
fabian
about
support
proxy
settings
of
retargets,
and
I
think
that
we
should
discuss
this.
One.
A
And
fabian,
could
you
please
like
tell
us
like
some
details
about
this
issue
and
what
was
there.
A
How
would
they
like?
I
was
really
interested
in
just
like
to
know
how
it
was
break
down
and
what
was
like
details?
What
was
this
issue
about,
and
what
do
you
think
could
be
done
differently.
B
Yeah,
so
you
know
where
this
was.
This
was
about
adding
support
for
http
and
https
for
keys
in
the
retire.js
analyzer,
and
it's
it's
important
to
share
a
bit
of
the
background.
We
we
had
a
community
contribution
to
implement
that
feature
long
ago
created
long
ago,
but
tests
were
missing.
It's
it's
a
bit,
tricky
to
to
test
that,
and
also
what
else
about
the
context
so
yeah.
So
we
we
had
these
magic
requests
created
long
ago.
We
had
to
remember
things:
oh
yeah,
30
and
10
13.
B
Sorry,
the
10.,
and
this
issue
was
added
to
the
milestone
very
late
in
the
process.
Actually,
it
was.
It
was
added
to
14.6
during
14th
at
6,
which
is
initial,
but
it
happens
and.
B
It
it
had
been
refined
when
I
started
it.
I
started
working
on
the
implementation
that
is
working
on
the
tests
really
and
yeah
some
sometime
at
the
beginning
of
1406
thiago
support
engineer
shared
an
idea
on
how
to
implement
the
test.
B
So
it's
it
seemed
doable
but
okay,
but
then
maybe
we
should
we
should
jump
to
the
retro
part,
so
I've
there's
yeah.
Actually
I'm
glad
I
did
that.
I
didn't
know
about
this
upcoming
iteration
retrospective
meeting,
as
I
got
lucky
yeah,
so
it
took
longer
than
expected.
B
I
mean
it's,
it's
not
it's
not
unusual,
but
in
this
particular
case
I
kept
switching
between
analyzer
the
analyzer
project,
that
is
a
retired
gs
and
the
test
project
because
it
had
to
be
tested
using
an
external
test
project,
and
that
was
that
was
that
was
well
annoying
for
one
thing,
but
also
time
consuming
so
yeah.
Sometimes
it's
a
necessary
thing.
B
Igd.
We
can
have
image
integration
tests
using
our
spec,
but
in
that
case
it's
not
something
we
could
have
avoided.
I
think
but
yeah
it's
it's
just
a
waste
of
focus
and
time
being
forced
to
switch
between
projects.
That's
the
first
point.
B
Second
point
I
didn't
remember
much
about
http
proxy
is
really,
and
so
that's
something
I
could
have
considered
when
starting
the
issue.
That's
that
I
needed
a
refresher.
B
Well,
I
I
know
how
it
works,
but
there
are
details.
I
I
had
forgotten
and
as
as
a
result,
I
didn't
my
first
implementation
that
the
test
was
flows,
that's
something
I
could
have
avoided.
B
That
was
the
second
point
in
the
bullet
list.
Excuse.
C
Me
fabian
yeah,
sorry,
three
interrupt
yeah.
C
C
I
I
just
want
to
make
sure
we
are
focusing
on
on
the
deterioration
value
here,
because
part
of
the
retro
you're
showing
here
is
worse
discussing,
but
it's
more
like
a
general
retrospective
feedback
rather
than
what's
really
matters
for
the
iteration
value.
Specifically,
I
think
the
third
point
is
more
relevant
to
that
yeah.
So
I
will
leave
you
continue
with
this,
but
I
just
wanted
to
make
sure
that
it's
clear
that
this
is
about
the
iteration
value
rather
than
general
retrospective.
B
Yes
thanks
for
saying
that,
because
I
does
and
I'm
new
to
this
exercise,
so
thank
you.
So
yes,
third
point
is
totally
about
that.
I
I
wanted
to
support
both
http
and
https
proxies
and,
but
eventually
I
realized
that
http
proxies
are
not
needy.
In
that
case,
we
don't
because
it's
not
secure
and
we
only
we
only
care
for
secure
things,
features
and
yeah.
I
guess
by
better
refining
the
issue.
B
We
could
have
spotted
that
because
the
other
thing
it
takes
more
time
to
to
test
http
proxies
support
and
https
proxy
support.
B
When,
when
in
the
middle
of
that,
I
realized
that
it
took
more
time
and
effort
and
knowledge
to
to
test
both
so
yeah.
A
And
I
have
a
follow-up
question
it
where
it
was
possible
to
actually
like
split
it
into
two
iteration
and
deliver
https
proxy
and
all
the
then
http
proxy
or
it's
not
like
it's
not
reasonable.
B
Yeah,
possibly,
and
but
I
think
I
think
I
was
influenced
by
the
way
the
issue
created
by
customer
by
the
way
was
framed.
The
issue
was
http
proxy
support,
okay,
so
all
sorts
of
proxies,
and
when
we
I
mean
we
engineers
in
this
secure
composition,
analysis
group
create
issues
we
well.
Maybe
we
we
would
have.
B
C
Yeah,
it's
always
easier
afterwards,
obviously
yeah,
but
but
I
think
that's
a
good
point
of
keeping
that
in
mind.
When
doing
the
refinement.
It's
clear
right
now
that
yeah
it
could
have
been
spotted
during
the
refinement.
So
this
is
maybe
some
tool
that
we
can
keep
in
mind
when,
during
refinements
to
constantly
re-read
the
implementation
panel,
maybe
and
see
what
are
the
separate
bits
that
could
be
extracted.
Maybe-
and
maybe
it's
not
a
good
candidate
but
at
least
asking
the
question
making
the
exercise
could
be
an
interesting
step.
B
And
maybe
we
are-
and
it's
not
even
conscious-
maybe
we
are
hesitant
to
do
that
because
it's
a
customer
issue
like
we
don't
want
to
mess
with
the
issues
and
again.
A
But
like
I
started
understand,
these
shows,
like
the
person
created,
like
community
contributor,
created
merger
quest
and
created
an
issue
at
the
same
time,
right.
B
A
So
issue
was.
A
29
and
the
merger
quest
was
created,
oh
no,
no,
this
show
existed
long
before
okay.
A
B
Yeah,
maybe
maybe
that's
because
I
I
think
I
was
the
one
refining
that
issue.
B
Actually
I
didn't
know
it
was
it
wasn't
clear
to
me
how
we
would
we
would
test
the
feature,
and
if
this
had
been
the
case,
then
maybe
I
would
have
seen
that
oh,
we
need
two
tests,
two
integration
tests
and
it's
better
if
you
can
start
with
one
and
do
the
other
one
later,
and
thus
we
should
have
two
issues,
but
since
we
didn't
have
details
for
how
to
test
this,
it
didn't
appear
that
it
didn't
appear
clearly
in
the
issue.
B
Do
you
see
what
I
mean,
because
if
you
think
about
it,
you
think
at
the
practical
level
you
think
about
the
test?
Okay,
you
think
about
the
integration
test.
Wait
a
minute.
I
need
two
tests.
I
need
two
two
setups,
because
there
is
http
proxy
support
and
then
https
proxy
support.
Okay,
then
it's
kind
of
obvious
that
oh
two
is
more
than
one.
A
D
Yeah
I
recall
looking
at
this
at
the
mr,
I
don't
necessarily
remember
the
issue
and
I
think
the
the
contributor
was
more
than
happy
to
make
this
and
I
think,
as
as
we
saw,
it
was
more
or
less
code
complete.
I
think
the
struggle
that
they
had
was
writing
the
integration
test.
D
Like
I
think
your
feedback
fabian
was,
you
know
we
need
tests
for
this,
and
I
think
that
the
as
far
as
I
recall,
the
the
contributor
replied
like
I
don't
have
time
for
it
and
I
think
initially
it
seems
aggressive,
but
I
think
really
they
didn't
really
understand
how
to
sometimes.
D
How
to
write
the
test
properly
right,
so
I
think
if
we
were
to
take
a
iteration
kind
of
feedback,
I
think
the
key
is
maybe
either
you
know.
I
think
you
mentioned
the
new
integration
test
suite,
but
also
like
make
it
more
accessible
or
at
least
guide
them
further
down
the
path
about
what
it
means
to
have.
D
The
test
like
here
take
a
look
at
this
test,
and
this
and
this
thing
for
you
to
write
it,
because
I
think
that
was
really
the
point
where
the
contributor
gave
up
is
they
said
you
know
I
I
don't
have
time
for
this,
and
I
think
it
just
didn't
feel,
like
figuring
out
our
whole
system,
so
maybe
like
the
next
sort
of
step,
would
be
like
in
the
future.
B
I
I
I've
got
mixed
big
things.
I
mean
I
agree,
yeah
it
would
help
in.
In
most
cases
I
mean
we
don't
have
that
many
community
contributions,
but
normally
that
would
help.
But
in
that
particular
case,
this
test
for
us
http
proxies
is
a
first
was
a
first
and
it's
it's
not
the
first
email.
It's
it's
now
something
we
can
document
and
we
can
explain
users.
D
Because
our
feedback
was
write
tests
and
that,
in
that
case,
that
was
like
basically
giving
giving
them
guidance
into
a
brick
wall
because
we
don't
know
they
certainly
don't
know.
Then
yeah
like
that.
That's
not
helpful.
B
Yeah,
it
was
a
bit
more
nervous
that
we
said
we
need
tests
and
we
don't
have
capacity
for
that.
Do
you,
and
if
you,
if
you
do,
then
we
we
might
have
well,
we
wish
we'll.
We
will
help
you
something
like
that,
but
to
your
point,
it's
even
worse
than
that.
I
mean
it's
changing,
but
it's
worse
than
that.
B
A
Okay,
so
like
as
we're
running
of
time,
I
just
like
proposed
to
like
we
discuss
the
issue
in
full
right
now,
and
I
propose
to
just
get
back
to
the
questions
that
we
have
to
answer,
and
this
question
was
I
I
wrote
them
so
like.
I'm
not
sure
it's
a
great
one,
but
it's
like
a
good
place
to
start
and
yeah.
D
Well,
in
my
mind,
and
going
back
to
what
we're
talking
like
the
first
part
of
iteration,
was,
was
making
it
as
like,
I'm
not
even
looking
at
what
fabian
did
like
fabian's
implementation,
I'm
really
looking
at
what
would
have
been
the
next
iterative
step
to
allow
the
community
contributor
to
actually
get
as
close
as
possible
to
merging
this
right
and
and
to
me
it's.
It
was
task
test
for
the
blocker
right,
so
to
me,
the
the
opportunities
would
have
been
to
allow
them
to
to
create
a
test.
D
Maybe
just
just
I
don't
know
some
some
step
towards
what
it
would
have
looked
like
in
ci,
which
maybe
would
have
been.
Can
you
test
this
locally
like?
How
would
you
test
this
locally?
How
would
you
create
this
locally?
How
would
you
do
this
manually
and
then
take
that
manual
step
and
throw
it
into
a
like
a
looking
into
a
ci
script
right,
because
to
me
like
that's
how
I
test
right,
like
I
do
it
locally.
D
When
I
see
how
can
I
turn
this
into
a
ci
job,
and
so
maybe
in
the
future,
as
fabian
said,
if
we
don't
know
how
something
is
done,
we
could
ask
them
like
you
need
clearly
that
person
needed
this
feature.
How
are
you
using
it
and
then
maybe
we
could
go
from
there
and
help
them
show
us.
Your
use
case
show
us
how
you
do
this
locally
in
your
bash
shell,
and
then
we
can
see
how
we
can
turn
that
into
a
job.
B
I'll
show
us
using
a
test
project
of
yours
and
that's
something:
we've
never
suggested
to
contributors,
and
then
we
would
be
the
ones
adding
that
to
the
to
the
pipeline
to
automatic
testing.
A
It's
actually
a
really
great
suggestion,
because
I
just
wanted
to
remind
that.
A
Iteration
and
context
of
gitlab
for
values
is
something
that
brings
like
bring
value
to
user,
so
like
breaking
feature
in
a
few
major
quests,
and
they
are
just
like
not
like
kind
of
like
a
factor
and
things
it's
not
iteration,
generally
speaking,
but
creating
like
additional
step
when
we
add
some
what
kind
of
framework
to
write
integration
tests
for
our
community
contributor,
it's
kind
of
like
a
user-faced
change,
sort
of
speak
so
yeah,
it's
a
it
could
be
opportunity
for
integration
or
for
iteration.
D
And
just
to
mention
like
sometimes
when
we
write
like
we
implement
a
feature
and
then
we
write
integration
tests
for
it.
That
is
our
like.
I
think,
we've
seen
it
before
right,
like
our
you
know,
for
example,
our
our
test
integration
project
like
java
maven.
Those
are
our
idealized
thoughts
about
how
a
project
would
look
would
look,
but
I
you
know
I
I
would
much
rather
have
a
user
come
and
say
here's.
D
What
my
use
case
is
here's,
how
I'm
going
to
use
retire.js
and
then
from
us
to
go
from
there
to
create
a
test
project
rather
than
us,
idealize,
whatever.
What
we
think
a
test
project
would
look
like
or
anything.
I
think
that
that
that
iterative
aspect
that
you
just
talked
about
to
tiana
would
work
both
ways
right.
It
would
really
help
us
to
actually
create
a
more
real-world
scenario,
because
we
know
at
least
one
person
did
it.
B
A
B
Well,
we
should
encourage
that
not
only
that's
a
good
intermediary
intermediary
step,
but
also
we
would
benefit
from
that.
D
We
would
learn
from
that,
so
so
just
to
piggyback
off
them,
maybe
the
step
of
refinement.
I
apologize
for
talking
too
much,
but
the
step
of
refinement
could
be
if
it
comes
from
a
user
to
actually
ask
them
for
a
test
project
right,
maybe
that,
like
if
a
user
reported
it
can
we
just.
I
might
not
call
us
too
much
to
reach
out
to
them
and
ask
you
know
we're
looking
at
refining
this
issue.
D
Do
you
have
a
test
project
that
you
try
to
use
that
we
can?
Maybe
you
know,
make
public
something
that
it's
a
dumbed-down
version.
You
know
just
your
public
dependencies
used
and
whatever,
and
we
could
try
to
use
it.
That
could
be
a
really
great
help
in
refining
things,
but.
B
Not
in
that
case,
because
this
constraint
of
using
a
proxy
is
when
running
a
dependent
scanning
in
a
enough
what's
a
name
on
premises
in
in
an
environment
users,
customers
don't
want
to
share.
So
not
in
that
case,
but
maybe
in
other
cases
you
see
what
I
mean.
I
mean
good
point.
Yeah.
A
Yeah,
and
so
we
have
last
question-
and
we
have
one
one
minute
into
till
the
end
of
this
meeting,
so
what
we
learned
and
what
we'll
do
differently-
and
I
guess
like
it
was
already
said
that
we
need
to
take
more
attention
to
refinement
of
the
customer
created
issues
and
you
probably
asked
should
ask
them
to
bring
their
own
test
projects
for
the
emergency
quest
right.
Okay,
so
I'll
add
these
answers
either
to
the
issue
as
a
comment,
and
you
can
like
add
more
things
asynchronously.
A
If
you
want-
and
I
guess
that's
all
for
today-
so
I'll-
stop,
recording.