►
From YouTube: SSCS Working Group Meeting - March 27, 2023
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
All
right,
Welcome
to
our
weekly
supply
chain
security
working
group
call
at
kit
lab,
looks
like
we've
got
a
couple
things
here:
I
can
go
ahead
and
vocalize
them.
A
B
So
for
those
we,
we
haven't
figured
out
a
Dri
from
them.
Yet
as
far
as
I
think,
we
only
have
to
do.
B
So
I
I'm
trying
to
understand
how
important
these
issues
are
and
I
commented
on
the
the
first
one,
which
is
the
IDC
issuer
I,
don't
understand
right
now
how
oidc
is
related
like
I'm,
not
sure
how
cosine
is
using
it,
because
the
the
delivery
from
the
CR
jobs
is
produced
by
ordc,
it's
just
injected
in
there
and
I.
Don't
know
why
cosine
needs
to
use
it
already
see
so
I'm
trying
to
figure
that
out.
B
B
I
haven't
looked
too
much
into
the
other
one
yet,
but
the
the
poor
requests
on
the
six
door
project
are
supposedly
blocked
by
that
issue.
So
if
you
don't
even
need
to
do
it,
that
would
be
great
I.
I,
don't
understand
right
now
why
it's
needed.
A
Let
me
see
if
I
can
find
a
link
to
this.
We
might
be
able
to
ask
them
as
well.
In
addition
to
Marshall
and
Stan,
they
might
be
able
to
help
give
some
explanation
as
to
why
oidc
work
is
needed.
A
It
looks
like
that's
the
person
who
opened
that
Mr
into
full
CO
as
well,
so
yeah
I
think
that
this
car,
I
I,
don't
know
Carlos,
but
Carlos
might
have
some
good
understanding
as
to
the
details
on
that.
B
Yeah
I
think
I
think
a
lot
of
these
issues
that
we're
looking
at
aren't
very
well
documented
and
so
they're,
based
on
like
prior.
B
Conversations
and
it's
really
they're
communicated
in
a
very
high
context
way,
meaning
that,
like
you,
have
to
understand
the
context
to
be
able
to
understand
the
issue
and
I,
don't
understand
any
of
the
context.
So
I'm
spending
a
lot
of
time,
trying
to
figure
that
out.
A
Okay,
well,
that
makes
sense.
Let
me
know
if
there's
any
way
I
can
help
with
those.
Maybe
I
can
try
to
reach
out
to
Carlos,
or
you
can
maybe
we
could
maybe
Carlos
would
even
be
willing
to
jump
on
a
call
with
us.
I
don't
know,
but
that
might
be
if
that
would
be
useful.
Let
me
know
I'm
happy
to
try
to
help
coordinate
that.
A
Okay
and
then
also
just
this-
looks
like
mostly
an
FYI,
is
it
Ali,
I,
think
or
Ollie
I'm,
not
sure
I've
scheduled
a
knowledge
sharing
call
tomorrow
talking
about
the
container
registry
images.
So
if
you
want
to
be
added
to
that,
please
do.
B
Yeah
I'm
hoping
to
be
there
and
I
hope
that
once
we
have,
that
call
will
be
able
to
better
understand
what
changes
we
need
to
make
to
the
registry
to
support
the
the
signature
enhancement
work
that
we
want
to
do.
B
I've
been
thinking,
I've
been
looking
at
that
and
trying
to
figure
out
a
high
level
implementation
plan,
but
I'm
trying
to
understand
the
apis,
because
the
registry
apis
are
built
to
conform
to
the
open
container
initiative,
specification
and
I.
Don't
think
we
can
do
anything,
that's
outside
of
the
specification
like
if
we
want
to
be
able
to
filter
for
images
that
aren't
signatures.
B
A
B
Yeah
but
I'm
hoping
you
just
got
that
rich
out
tomorrow,
I
did
I,
did
come
on
an
epic
and
ask
him
what
he
thought,
but
I
haven't
heard
anything
back
yet.
C
B
Yeah,
that's
me
so
I
created
an
issue
board
for
the
working
group
so
that
you
can
see
what
issues
we
have
there's
not
much
in
there
right
now,
but
as
we
start
doing,
refinement
and
creating
issues.
That'll
fill
up
and.
B
A
B
I.
Don't.
B
So
if,
if
someone
thinks
that,
if
someone
would
like
to
try
and
refine
an
issue,
then
they
can
assign
it
for
themselves
and
and
work
on
the
refinement,
it
would
be
great
to
have
the
requirement
be
a
collaborated
effort
too,
because
a
lot
of
the
stuff
is
really
difficult
to
understand.
So
I'd
love
to
hear
what
people
think
you
know.
B
A
Okay,
yeah,
that
makes
sense
so
at
least
for
the
engineers
that
are
allocated
80
percent
to
this
group
like
the
engineers
from
govern,
then,
would
it
make
sense
to
have
them
pick
one
of
the
two
items
that
we
have
currently
in
refinement
and
and
try
to
work
on
that?
You
know
just
creating
a
proposal
over
the
next
week.
A
Okay,
I
think
that's
it
then.
Are
there
any
other
questions
or
comments
or
topics
to
discuss.
A
All
right:
well,
thanks.
Everyone
appreciate
the
update
on
these
items,
Brian
and
thanks
to
those
who
contributed
asynchronously
to
the
document
as
well
and
appreciate
the
chat
today
have
a
good
week.
Everyone.