►
From YouTube: 2020-07-09 Istio Community Meeting
Description
Istio 1.7 status, Central istiod, upgrading from Helm to istioctl, and a Q&A on the new Open Usage Commons.
A
B
We
can
do
the
other
ones
will
get
into
it.
You
know
Chris's
is
on.
Oh,
you
see,
and
you
talk
about
that.
Certainly
we
have
people
in
these
geo
steering
here
as
well.
So
why
don't?
We
do
the
other
topics
first,
because
that
will
clearly
take
the
that's
the
time
so,
okay
sure
I,
think
that
I
mean
that's
the
right
thing
and
Chris
will
join
at
some
point.
We
don't.
A
Right
that
sounds
good.
You
can
see
my
screen
I'm
sharing
today,
yes,
okay,
cool,
so
we'll
start
off.
You
know,
as
usual,
likes
talking
about
the
current
releases
that
are
being
built
so
1.7
status.
For
those
that
don't
know
there
is
a
wiki
where
you
can
keep
track
of
the
release.
You
know
get
information
about
when
the
feature
freezes,
July,
17
and
then
branch
cut
is
the
July
21st
and
in
about
a
month
after
the
two
testing
days,
end
of
July
and
beginning
of
August,
you
should
expect
a
release
on
August
11th.
A
A
History,
oh,
does
run
a
pretty
tight
ship
now
so,
like
weekly,
the
working
groups
report
the
status
of
the
of
the
features
that
they're
working
on
to
the
technical
Oversight
Committee.
So
this
spreadsheet
kind
of
shows
you
all
the
major
features
that
each
working
group
is
working
on
and
then
from
here
you
can.
You
know
see
information
about
the
current
status
of
it
and
the
release
type
if
there's
a
design
doc
and
then
link
to
the
actual
github
issues
where
the
work
is
actually
taking
place.
A
Some
things
that
stood
out
for
me
is
the
multiple
control
plane
support.
So
this
includes
not
just
running
multiple
control
planes
for
multi-tenancy,
but
also
there's
work
going
on
for
to
do
canary
upgrades
using
multiple
control
planes,
helm,
v3,
support,
goings,
further
down,
there's
stuff
around
VM
support
and
just
general
multi
cluster
improvement.
A
This
has
been
working
progress
for
for
a
while,
but
I
think
the
priority
of
this,
as
as
increased
for
this
release,
it's
going
down
for
user
experience.
A
lot
of
these
things
are
around
using
sto
CTL
for
installation,
so
removing
a
profile
or
a
manifest
that
you've
applied
using
sto
CTO
manifest
remove.
We've
had
install
for
1.6
so
now
we're
gonna
have
a
removed
promoting
canary
version
of
sto
upgrade
to
master
and
then
some
more
things
around
central
cod4
test
and
release
improvement
of
base.
A
Image
vulnerabilities
I
think
this
just
has
to
do
with
us
doing
vulnerability
scans
more
often
on
the
base
images.
So
we
can
pick
up
the
latest
faster
and
then
scrolling
down
multi
cluster
single
is
Tod
certificate
provisioning.
This
has
to
do
with
if
you're
running
is
Tod
on
a
different
cluster
being
able
to
provision
the
certs
for
the
remote
cluster
and
sending
it
to
it,
and
then.
A
C
Because
now,
if
your
traffic
is
going
over
this
tunnel
right,
it
will
be
going
on
a
reserved
pork
on
in
some
ways
that
makes
it
easier
to
write
policies
right
because
you
can
just
constrain
access
to
that
port,
like
if
you're
using
kubernetes
network
policies
wrong
other
hands,
because
it's
a
tunnel
right.
You
can't
differentiate
by
poor
for
traffic
right.
So
then
you
should
be
using
the
ISTE
authorization
policies
to
constrain
traffic.
So
that's
kind
of
that.
The
trade-off
that
this
feature
represents.
C
One
of
the
major
advantages
is,
if
you're,
using
a
system
that
tends
to
a
lot
of
TCP
connections
right
now,
you're
getting
a
lot
of
it
TLS
negotiations,
because
we
do
one
per
TCP
connection
with
this,
you
will
get
one
TLS
negotiation
per
producer-consumer
pair
in
the
network
right
so
from
a
performance
perspective.
We
do
actually
see
expect
to
see
some
sizable
gains
for
systems.
Okay,
see
people
know,
but
also
things
like
Redis
and
that
tend
to
be
a
little
connection
heavy
rather
than
using
multiplexing
within
their
own
internal
protocol.
C
So
this
actually
fixes
a
bunch
of
performance
by
the
things,
and
this
idea
is
it.
You
know
it's
actually
even
moderately
common
within
the
industry
at
Google.
We
use
something
like
this
for
traffic,
which
within
there's
a
proxies.
You
know
when
traffic
comes
in
to
Google
edge
of
Google's
network,
we
what
effects
it
up.
I
help
and
in
general,
we've
seen
pretty
substantial
performance
benefits
for
certain
traffic
classes
doing
this,
and
we
don't
really
expect
to
see
any
performance
loss
for
the
existing
traffic
patterns
already
being
told
over
time
to
last.
C
This
will
be
an
alpha
feature,
but
it
is
quite
an
important
part
of
the
remote,
so
I'm
happy
to
questions
about
this
or
people
want
to
go
off
and
think
about
it
and
come
back
later.
That's
totally
fine
or
just
pay
me
offline,
but
there's
this
as
Rand
was
showing
this
some
good
content
in
the
design
dog.
That
explains
what
something.
D
C
C
C
All
right,
that's
know,
while
the
Wiseman
work
is
being
done
by
people
within
the
sto
community,
we're
doing
it
from
the
benefit
envoy
in
general
as
well,
and
so
it
will
be
up
streamed
into
envoy,
and
so,
if
you
use
envoy
for
other
things
right
the
you
know,
you
can
expect
to
start
leveraging
that
you
know
it's
not
strictly
time
to
taste
your
release.
But
it's
a
thing.
That's
happening
in
this
window.
C
Know
we've,
so
you
had
with
companies
that,
like
using
C&I
rather
than
pol
injection,
because
it
gives
a
bit
more
control
over
the
injection
of
envoy
to
the
kind
of
mesh
administrator
and
takes
it
out
of
the
hands
of
kind
of
the
workload
owner
right
and
so
organizations
have.
You
know
tighter
control
boundaries
about
who's
allowed,
to
opt
in
to
or
out
of
a
mesh
right
like
that
property.
But
CNI
has
issues
that
we've
had
to
work
through
to
make
it
stable
and
reliable.
C
Well,
one
thing
we
are
working
hard
on
is
making
the
existing
extension
API
envoy
filter
a
stable
API
for
upgrade
right.
So,
if
you're
using
the
extension
mechanism
to
inject
some
custom
behavior
into
the
mesh
or
to
traffic
right,
that's
not
part
of
the
the
base
set
of
this
tio
API
is,
maybe
you
wrote
a
wizened
filter
or
something
like
that
or
using
lua
or
some
other.
You
know
proprietary
feature
or
not
proprietary,
but
other
feature,
an
envoy
that
we
don't
model
in
the
API
is
that's
how
you
do
it
today.
C
C
A
A
A
A
There's
like
the
replicator
control,
plane
pattern
where,
if
you
have
two
clusters,
each
one
of
the
clusters
has
a
full
Castillo
control
plane,
all
the
all
the
components
basically
and
then
basically
the
users
get
to
pick
and
choose
what
services
they
want
to
kind
of
export
and
consume
and
and
they
both
use
the
same
route
CA.
So
that
there's
trust
between
the
two
side,
cars
and
the
traffic
goes
through.
You
know
if
you
want
an
egress
gateway
and
then
the
ingress
gateway
on
the
remote
cluster
and
then
in
the
shared
control
plane
model.
A
You
only
have
the
control
plane
functions.
Most
of
them
are
in
one
cluster
right,
your
your
main
cluster,
the
one
on
the
left,
and
then
you
extend
it
with
cluster
to
the
remote
cluster,
on
the
right
and
and
technically
that
cluster
also
has
like
sto
D
running,
but
that
is
DoD
only
provides
the
features
that
are
needed
for
that
for
the
data
plane
to
run
on
that
cluster,
so
things
like
sidecar,
injection
and
and
base
and
the
certificate
distribution
services.
A
A
So
if
you
had
gateways
and
stuff,
for
example,
you
know
traffic
would
come
through
a
cluster
of
one
on
the
left
and
then
your
downstream
services
can
be
on
either
services
the
two
clusters
they
can
be
on
a
flat
network
using
if
you
already
have
a
flat
network
or
a
VPN
or
if
you
don't
have
a
flat
network,
you
can
have
multiple
networks
and
then
you
can
use
again
egress
and
ingress
gateways
to
basically
hop
through
the
gateways.
So
both
of
these
are
documented
pattern
that
that
work
well
on.
A
So
it's
Tod
I
mean
central
sto
D
has
to
do
with.
So
if
you
had
two
clusters,
let
me
pull
up
a
diagram,
Oh
quick.
So
let's
say
you
had
two
clusters
like
cluster
one
on
the
left
and
then
cluster
two
on
the
right,
and
you
want
the
cluster
on
the
left
to
be
a
dedicated
control,
plane
cluster,
meaning
that
you're
not
planning
on
running
any
of
your
workload
on
that
cluster
and
then,
but
all
your
workload.
A
You
plan
on
running
it
on
the
cluster
on
the
right,
which
is
like
your
data
plane
cluster,
so
think
of
the
left.
One
is
only
a
control
plane
cluster
and
the
one
on
the
right
is
data
plane.
So
this
is
good
if
you
have
like
two
different
roles
right,
so
the
control
plane
cluster
could
be
like
a
mesh
admin
that
is
only
responsible
for
installing
the
the
control
plane
aspects
of
the
sto
deployment
of
the
SQ
installation
and
then
the
stuff
on
the
right
would
be
just
the
data
plane
related
stuff.
A
So
things
like
the
ingress
gateway
and
then
the
things
that
you
need
for
its
do
to
work
on
the
data
plane
side
like
webhook
configurations.
A
key
difference
here
is
that
when
you're,
applying
your
sto
resources
like
virtual
services,
gateways,
destination
rules,
etc,
you
apply
it
to
the
cluster
on
the
right.
So
the
cluster
on
the
left
now
needs
a
an
installation
of
sto
D
that
is
able
to
listen
to
the
kubernetes
api
from
the
customer
cluster
on
the
right.
A
The
remote
cluster
and
this
cluster
on
the
left
doesn't
need
any
of
the
data
playing
stuff.
So
this
model
blends
really
well
for
for
also
for
vendors
to
provide
SEO
as
a
service,
for
example.
So
if
you
don't
want,
if
you
want
to
provide
ACOD
as
a
service,
and
then
you
don't
want
your
users,
your
data
plan
users,
your
your
application
developers,
don't
want
any
access
to
the
ACOD,
then
this
model
works
really
well,
so
SEO
decentralized
tod
has
to
do
with
creating
this.
A
A
You
can
have
one
Co
D
running
on
the
control
plane
cluster,
supporting
multiple
remote
clusters.
Some
of
those
clusters
can
have
sto
config
call
it
like
the
config
cluster
and
some
of
them
might
not
have
any
sto
config,
but
they
still
need
like
sidecars,
etc.
So
that's
what
this
work
is
about.
There's
a
couple
of
design
documents
already
that
are
currently
being
worked
on.
The
reason
why
I'm
I'm
introducing
this
is
that
if
you
have
any
feedback
for
this
type
of
deployment
model,
then
now
is
a
really
good
time
to
get
involved.
A
There's
a
centroid,
DoD,
design,
doc
and
then
from
this
another
design
dog
got
stemmed
out
to
focus
on
just
one
of
these
patterns
and
that's
and
that's
under
a
simplified
central,
OS
DoD.
So
I'll
link
to
these
as
well
and
I,
think
that
you
know
once
the
the
pattern
is
more
further
developed.
So
right
now
the
work
is
focused
on
building
the
building
blocks.
A
Basically,
the
sub
components
that
are
needed
to
make
this
work,
so
that
will
evolve
to
profiles
and
then
eventually
be
a
working
solution,
probably
under
the
documentation
page
but
kind
of
still
in
the
early
phases.
They
just
wanted
me
to
use
this
concept
to
users
that
that
might
find
it
interesting
and
potentially
provide
feedback
to
see.
If
this
type
of
model,
you
know,
makes
resonates
with
you
if
your
administration
would
be
interested
in
this
control.
Plane
is
Tod.
These
doc
talks
about
the
various
roles
and
responsibilities
of
each
type
of
user.
B
A
E
A
E
So
my
question
is
in
regards
to
multi
cluster
in
the
replicated
control
plane.
So,
in
my
simplified
use
case,
I
have
two
kubernetes
clusters.
Let's
caller
like
one
in
two
and
these
kubernetes
clusters,
they
are
a
mirror
of
each
other
in
terms
of
workloads,
they're
running
the
same
service
names
and
the
same
namespace
name.
E
Let's
say
what
cluster
one
zone
for
my
closer
one
and
what
cluster
two
zone
and
I
would
configure
my
service
entries
according
to
Cordy
and
I,
see
an
agreement
according
and
that
that
way,
I
would
call
my
service
dot,
name,
space,
dot,
cluster
name,
which
will
be
cluster
two
from
cluster
one
rather
than
having
a
single
zone.
Is
that
something
that
will
work?
Is
that
a
hard
stop
in
that
approach
that
you
can
think
of?
I
know.
C
I
still
want
everything
to
be
able
to
communicate,
so
that's
kind
of
what
we
optimized
for
right,
which
leads
us
to
this
situation
right
where,
if
you
have
a
situation
where
you
have
two
services
running
in
two
different
curvas
clusters
with
the
different
name,
and
they
are
different
things,
not
the
same
thing
right,
then
you
have
an
issue
right
because
it
wasn't
optimized
for
that.
So
I
guess.
The
first
question
I
have
is:
if
everything
has
the
same
name
in
the
same
organizational
structure,
are
they
really
different
or
are
they
logically
the
same
thing.
D
C
So
that's
that's
pretty
actually
a
pretty
common
thing
right
now.
What
kubernetes
Freight
has
this
behavior,
where
all
services
by
default
right
get
docked
cluster,
not
local?
That's
the
DNS
name
in
reality.
What
you
have
is
dock
cluster,
New,
Zealand
and
dot
cluster
dot,
turkey
right
and
they
have
different
names,
and
so
that
actually
worked
to
this
deal
right.
There's
there's
some
pain
because
of
setting
up
different
cluster
DNS,
suffixes
right
and
the
assumptions.
C
D
C
So
dukh
global
is
really
an
attempt
to
make
the
naming
line
up
with
the
reality
right.
I
missed
your
treats
services
with
the
same
name
as
Global's
right
and
then
you
use
load,
balancing
policies
to
control
how
traffic
routes
based
on
Geographic
needs,
costing
needs,
etc,
etc,
and
then
separately,
you
can
have
different
logical
service
names
and
address
them
right.
So
the
dark
global
thing
is
really
just
trying
to
name
reality
correctly,
alright,
and
that's
actually
there's
something
that
kubernetes
itself
is
trying
to
do
right
there
or
other
projects.
C
C
There's
a
problem
with
doc:
Buster,
not
local
right,
and
it's
generally
not
it's
not
good
practice
to
just
randomly
create
colliding
DNS
names
right
because
it's
gonna
cause
confusion.
It's
like
down
the
road!
So
that's
what
this
is
about
now.
Unfortunately,
there
are
a
lot
of
people
who
have
had
clusters
running
for
a
long
time
that
have
dog
Buster
dot
local
as
their
name,
and
they
can't
fix
it
right.
They
need
two
alias.
D
C
C
G
C
So
the
workaround
is
to
alias
right.
If
you
need
something
in
New
Zealand
to
talk
to
something
in
Turkey
right,
you
have
a
separate
mesh
for
each
one,
but
you
create
an
entry
in
each
mesh.
That,
basically
alias
is
the
thing
and
the
other
one
right.
And
then
you
talk
through
the
gateways
that
that
still
works
right
and
you
can
do
that
selectively.
So
you
don't
have
to
do
it
for
everything
you
just
have
to
do
it
for
the
things
that
you
care
about.
C
G
C
B
A
I
H
Question
was
so
hello,
everyone,
I'm
Nicola,
so
just
to
summarize
so
question
is
we
are
now
on
1.5
and
we
want
to
go
to
1.6.
1.5
has
been
installed
using
L
charts,
oh
no,
not
with
the
East.
You
secured
comments,
so
we
are
kind
of
struggling
understanding
how
we
can
do
no
downtime
upgrade
to
1.6,
because
I
find
found
around
some
guide
that
it's
supposed
to
explain
how
to
do
it,
but
the
Google
Doc,
it's
not
accessible.
H
I
Answer
is
yes.
If
I
could
share
my
screen,
I
would
give
you
a
demo
but
I
can't
because
it's
disabled
in
zoom,
but
what
I'll
do
is
I'll
put
a
link
to
the
preliminary
documentation
on
how
to
do
this.
It
would
be
nice
at
some
point
just
to
give
a
demo
of
how
what
the
revision
tech
initio
works.
I
don't
have
to
do
it
today.
I
I
Ok,
so
there
we
go.
This
is
a
preliminary
documentation
down
here
and
way
down
at
the
bottom.
Actually,
Martin
Martin
put
this
together,
there's
some
documentation,
upgrading
from
one
for
and
then
upgrading
from
Helms
installations.
Now
I'm
not
going
to
go
through
this.
Actually,
because
this
is
just
really
preliminary
really
rough
I
am
I,
do
want
to
show
people
the
how
revisions
work.
It's
really
straightforward,
so
real,
quick,
I,
just
good
quick
demo
I
mean
you.
A
I
I
It'll
come
back
with
data
plane
is
we've
got
eight
proxies
running
one
five,
seven,
and
what
a
lot
of
people
want
to
do
is
I
want
to
upgrade
their
control
plane
independently
of
their
data
plane.
We
find
this
as
commonly,
and
what
we're
running
now
for
our
control
plane
is
one
five.
Seven
of
this
Joe
I'm
gonna
install
the
one
fix
control
plane
and
now
we
follow
documentation.
I
want
people
to
understand
this
stuff
is
documented.
So
really
the
thing
that
matters
here
is
this
set
revision
canary.
I
A
I
I
Keep
in
mind
when
you're
upgrading
from
helm,
you
would
use
the
same
pattern,
there's
a
little
tweak
at
the
beginning
that
you
have
to
change.
But
after
once
you
transition
from
helm
to
this,
then
you
can
always
use
this
model.
If
you
want
to
stand
helm,
we
have
plans
for
that
in
the
future,
but
not
right
at
the
moment.
We'd
spoke
about
that
the
intro,
but
I
do
want
to
just
focus
on
the
revisions
tech
for
now.
So
it
takes
a
little
moment
to
get
through
the
install
install
sometime
this
year.
I
I
You
know
I'm
running
on
that
I
guess
the
moment
cuz
my
I
installed
B
sphere
on
my
bare
metal
and
it's
not
working
anyway
in
six
four
version,
so
we'll
see
that
we've
got
six
proxies
on
one
five.
Seven
I've
got
two
proxies
on
one
six
for
the
two
proxies
running
on
one
six
four
are
in
the
sto
system.
Namespace
one
of
them
them
is,
is
two
ingress.
We
see
it
was
restarted
53
seconds
ago.
Another
one
is
connected
to
Prometheus
because
there's
a
prometheus
pod
and
has
a
sidecar
associated
with
it.
I
So
I've
got
two
proxies
on
one
six,
four,
six
on
one
five:
seven
we
just
go
down
here,
we're
a
little
bit
at
the
docks.
This
is
like
describing
how
you
tell
if
your
stuff
is
actually
enabled
I.
Think
the
most
important
part
is
this
right
here.
So
you
just
want
to
label
the
namespace
and
we're
just
using
the
default
namespace,
but
we
don't
even
need
to
fight
that,
but
we
won't
turn
off
injection
and
then
it's
do.
I
I
OH
grab
slash
slash
red
slash
for
an
equal
group
in
164
and,
what's
that,
what's
this,
what
this
does
is
this
tells
the
control
plane
when
we
do
a
rolling
restart,
which
is
what
we're
going
to
do
next.
It
tells
it
tell
us
a
control
plane
to
to
a
sign
and
inject
the
sidecar
version
that
the
control
plane
matches.
So
if
I
do
a
coop
cuddle,
rollout
and
all
this
rollout
restart
does
is
restart
all
the
deployments
in
the
default
namespace.
I
If
I
do
to
cuddle
get
pause,
let's
see,
we've
got
a
bunch
of
internet
and
bunch
and
running
the
ones
that
running
or
160
for
the
one
in
the
net
earn
sorry
the
yeah,
the
one
in
it
is
one
sick
for
the
one
running
is
one
five.
So
if
I
do
cube
cuddle
excuse
me
if
I
do
just
go
cuddle
version,
we'll
see
that
some
of
the
data
plane
is
starting
to
transition
over.
So
we've
got
four
proxies
on
one
five.
I
Seven
we've
got
five
on
one
one
six
floor
and
you
can
have
like
fifteen
versions
of
control
planes
on
your
system
at
once,
which
is
really
cool.
So
we'll
see
some
all
of
the
proxies
are
going
to
transition
from
one
five,
seven
to
one
sixth
floor
now,
a
question
that
comes
up
commonly
is
what
happens
with
the
ingress.
So
now
everything
is
transitioned
to
the
one
six
four
data
plane.
We
look
at
the
book
info
here
and
soar
and
that's
still
running
so
still
running.
Everything
is
great.
I
So
a
common
question
is
what
happens
with
it
with
the
ingress
now
ingress
it
has.
A
deployment
was
also
a
service,
so
the
service
retains
its
IP,
its
external
IP,
but
the
deployment
restarts
so
one
last
thing:
I'm
going
to
get
the
pods
for
the
SEO
system,
namespace
and
then
I'll
just
delete
I
want
to
I,
want
people
to
see,
there's
an
issue,
ID
virgin
164.
That's
what
I
just
deployed
my
delete.
The
deployment
of
the
old
one
is
Tod
and
we'll
still
see
everything
is
lovely.
J
E
H
I
Yeah
see
if
you
want
to
remove
this
stuff,
we're
adding
deletion,
but
it's
not
there
yet.
So
we
see
two
deployments:
SEO
DNS
should
be
version,
1,
6
forest.
So
if
I'm,
just
in
just
deleted
deployment
its
Judy
and
then
I
get
the
now,
we
expect
people
to
use
CI
for
this
stuff
and
I
expect
people
to
like
that
million
commands
and
will
see
the
versions
there.
And
one
thing
that's
different
is
the
control.
Plane
is
gone
now,
four
one
five
and
we
can
still
refresh
and
everything's
Carlton.
Okay,
that's
my
demo!
I
If
you
have
questions
come
to
the
environments
working
group
meeting,
we
can
handle
your
detailed
questions
there.
I
just
want
people
understand.
This
is
how
we
expect
upgrades
to
happen
in
the
future.
He's
using
this
revisions,
technology
and
I
love.
It
I
think
it's
phenomenal.
The
greatest
thing
I've
ever
seen
in
like
20
years
of
Engineering.
I
H
Steve,
that's
that's
amazing.
My
question
is
now
I'm
running
1.5
with
without
East
to
do
so
because
installing
it
with
all
the
passionate
and
file
I'm
still
having
my
mr.
pilot,
is
to
telemetry.
Whatever
is
this
changing?
Is
this
preventing
me
to
do
the
same
as
will
demonstrate
it
in
this
level?
It's.
I
Be
fine
children
can
we
yeah?
Can
you
come
to
the
environments
working
group
meeting
I'll
drop
a
link
in
the
chat
or
than
the
chat
in
the
community
meeting
working
dark
of
how
to
join
that
I
think
you
would
get
a
lot
of
value
out
of
that.
If
you
have
detailed
questions
like
that.
Yes,
thanks.
Okay,
thank
you.
Now,
I'm
stable.
J
B
So
so
we're
joined
today
by
Chris
DiBona
at
Chris,
is
in
the
open-source
program
office.
Here
he
runs
the
open-source
program
office
here
at
Google.
He
is
also
on
the
board
of
the
recently
created
open
usage
Commons,
and
the
last
item
on
the
agenda
is
the
donation
of
the
sto
trademark
from
google
to
the
open
usage
comments.
I
think
there
was
a
particular
question
about
it.
C
B
K
I'm
just
hi
everyone,
I'm
Chris,
I,
look
after
open
source
licensing
standards,
compliance
tooling
for
alphabet
across
the
conglomerate.
We
we've
been
releasing
software
for
a
very
long
time.
We
did
our
first
patches
in
99
and
we've
really
somewhere
around
thirteen
thousand
projects.
Since
my
start
in
2004,
we
have
about
3,000
30-day
active
projects
and
what
this
means
and
I'm
not
doing
this
to
puff
myself
up,
maybe
a
little.
K
But
what
this
means
is
that
we
end
up
hitting
little
corner
cases
of
intellectual
property
and
open
source
kind
of
before
anyone
else,
and
sometimes
those
interactions
are
in
the
courts.
You
know,
and
so
over.
The
last
I
want
to
say
about
three
or
four
years
with
the
rise
of
our
filing
way:
more
trademarks
in
the
open
source
space.
We
started
having
more
complicated
discussions
about
what
it
means
to
open
source,
something
that
has
a
trademark
registered,
so
starting
I
know
late
last
year.
K
K
And
it's
interesting
when
things
end
up
getting
marked
non-free
and
debian,
let's
just
say
anyway,
so
the
approach
evolved
over
the
six
months
or
so,
and
then
it
happened
and
word
from
sheds
happened
and
we
decided
to
put
together
a
external
body
that
is
not
under
Google's.
You
know
exclusive
control.
We
have
two
people
on
the
board
of
directors
of
the
oh,
you
see
of
the
six
and
we
put
with
the
goal
of
basically
presenting
that
guidance
for
open
source
projects
that
have
trademarks.
K
And
then,
if
we're
successful
at
that,
we
want
to
talk
about
what
it
means,
when
you
have
Hardware
intellectual
property,
which
is
actually
pretty
different
from
patents
and
copyright,
and
how
we
can
make
sure
that
that's
being
released
in
again
in
accordance
with
the
open
source
definition,
but
we're
going
to
start
really
small
and
just
with
trademarks.
And
the
other
side
of
this
is
we're
like
listen.
If
we
don't
do
it
ourselves,
if
we
don't
actually
have
skin
in
the
game,
no
one's
gonna
care.
K
You
know
in
the
world
of
sort
of
corporate,
trademarking
and
and
licensing.
If
we
don't
take
things
that
matter
a
lot
to
the
company
and
put
them
into
this
independent
body,
then
no
one's
gonna
give
a
crap
they're,
just
gonna,
say:
yeah.
We
don't
care
what
they
do.
So
that's
where
we
came
up
with
the
idea
of
sto,
angular
and
Garrett
being
put
into
this
thing.
So
what
does
it
mean
for
the
ISTE
o
community?
K
Actually
very
look
if
anything,
it's
an
opportunity
for
us
to
give
really
good
clarity
around
what
it
means
to
use
the
SGO
trademark.
Well,
what
if
you
want
to
create
an
SEO
API
equivalent?
Can
you
use
the
word
Sto?
Can
you
use
the
the
sale
and-
and
we
aim
to
answer
all
those
questions
in
a
way-
that's
compatible
open-source
distribution.
K
B
K
And
also
I
would
point
out,
it's
actually
incumbent
on
the
sto
steering
committee
and
the
sto
community
developers
to
take
part
in
what
we're
eventually
going
to
probably
call
the
sto
trademark
escalation
group
over
at
the
OUC,
because
there's
gonna
be
some
areas
that
are
going
to
be
various
geo-specific
I
think
that
we
need
to
make
sure
that
we're
covering
again
in
accordance
we'll
be
able
to
source.
Definitely
so,
if
anything,
we
we
need
the
SCO
steering
committee
and
and
the
community
to
be
very
effective
and
good
at
communicating.
So.
K
I
I'm
gonna
be
really
frank
about
this
down,
because
I
think
that
y'all
deserve.
If
you
look
across
the
organization's
that
Google
is
funded
for
the
last
fifteen
years,
you
have
the
CNC
fdlf,
which
we
actually
helped
create
the
w3c,
the
IETF,
the
I
Triple
E,
the
SFC,
the
SFL
C,
which
we
no
longer
fund,
I
used
to
and
honestly
I
think.
Last
time
we
checked,
we
were
members
and
board
members
of
and
contributors
to,
something
like
30
different
organizations
of
size,
and
some
of
those
groups
will
not
work
with
the
other
groups.
K
Some
of
them
find
working
with
the
other
groups
anathema
and
so
and
and
201.
Well,
not
all,
but
many
of
them
were
when
we
told
them
what
we
were
doing
they're
like
oh
I'm,
glad
that
you
guys
are
doing
it
because
we
don't
have
the
time
we
don't
have
the
money.
We
don't
have
the
structure
right,
and
so
they
would
love
for
us
to
succeed
or
fail
independently.
And
so
when
I
talk
to
groups
like
Debian,
when
I
talk
to
groups
like
sort
of
the
the
more
you
know,
poppy
left
Orion
people.
C
K
Specifically,
we've
made
it
clear
that
we're
not
in
the
business
of
running
conferences
we're
not
a
marketing
organization.
There
is
a
discussion
on
the
technical
side
where
so
suppose,
SEO
comes
up
with
a
conformance
test.
Okay,
what
does
that
mean
for
somebody
who
wants
to
say
that
they
are
conformant
with
the
SEO
API
for
lack
of
a
better
term
and
and
that's
part
of
what
we
want
to
work
with
the
SEO
steering
committee
to
sort
of
figure
out?
K
What's
the
what's,
how
do
we
thread
the
needle
for
the
open
source
definition
of
the
Debian
free
software
guidelines
in
a
way
that
so,
if
you
run
the
conformance
test-
and
it
comes
out
that
you've
passed
or
some
future
version
of
this,
do
do
you
automatically
get
listed
on
some
website
or
something
so
there's
a
technical
aspect
to
that
right?
But
but
it's
it's
we're
consumers
of
it.
We
are
not
producers
of
it
right
so
that
that's
really
the
only
corner
where
I
see
us
putting
our
toes
into
what
I
would
consider
a
technical
pursuit.
K
All
right
I
mean
we're
basically
legal
license,
nerds
and
librarians
right
and
then
that's
kind
of
the
goal.
I
I,
don't
listen.
We
were
already
members
of
the
Linux
Foundation
we're
any
members.
I
look
like
I
said:
30
different
organizations.
I
don't
want
to
create
another
one.
May
that
be
reductive
and
waste
of
time,
so
that.
K
Well
so
Dan
you
have
to
realize
at
Google,
there's
3,000
30-day
active
projects,
I
think
twelve
are
in
foundations,
so
foundations
are
actually
unusual
for
us,
and
so
no
I
don't
see
us
changing
our
relationship.
The
reason
we
joined
the
Linux
Foundation
was
not
because
of
their
their
hosting
of
projects.
The
reason
we
joined
the
Linux
Foundation
was
because
it
supported
leanest
developing
Linux.
The
reason
we
created
the
CNC
F
was
for
it
to
be
a
host
of
kubernetes
right.
So
you
know
I
I,
don't
see
any
reason
that
we
would
exit
them.
K
Suspension
but
not
suspension
like
you,
would
think
of
it
like
a
process.
So
if
you
look
at
the
path
of
trade
marking,
we
can
hold
a
trademark
as
Google
and
then
transfer
that
to
another
entity
while
the
trademark
office
is
determining
its
status
and
we
can
actually
hold
trait.
This
is
another
very
odd
thing
about
trademark
law
as
I
understand
it,
where
we
can
hold
a
trademark
to
something
prior
to
actually
filing
with
the
trademark
office.
K
Now,
if
I
put
on
my
my
other
Google
hat
I
actually
run
patent
search,
and
that
has
an
intimate
relationship
with
a
trademark
search
group
at
the
USPTO.
So
these
are
one
of
those
things
where
it's
it's
pretty
unusual,
how
things
work
and
what
assumptions
you
can
make.
So,
for
instance,
oh
you
see,
does
not
have
possession
of
the
isseo
garret
or
angular
trademarks
or
trade
dress
service
marks
logos
yet
because
we
just
formed
the
company
and
it
takes
time
to
move
the
things
over
so
but
that's
all
in
process.
G
K
K
B
Wilson
asks:
are
there
plans
to
movie
sto
from
a
non
trademark
perspective
to
an
open-source
foundation
and
and
and
I
asked
Danny
I,
don't
know
if
you
want
to
clarify
I,
don't
know
what
assets
would
be
transferred
because
I
think
that
when
you,
when
something
is
donated
to
it
to
a
foundation,
the
only
thing
that
gets
assigned
literally
is
is
ownership
of
the
trademark.
Well,.
K
So
it's
interesting
because
if
you
look
at
the
CNC
fdlf
and
a
number
of
other
foundations,
you'll
find
projects
that
have
not
had
their
trademarks
transferred
over
and
in
fact,
the
Linux
Foundation
bylaws
and
the
CNC
have
bylaws
accommodate
that
by
allowing
a
two-thirds
vote
of
some
some
committee
that
would
allow
them
to
take
on
projects
without
trading.
So
that's
actually
happened
a
number
of
times
across
the
Linux
Foundation
in
its
history.
So
that's
you
know
angels.
K
K
This
is
the
other
side
of
things
to
be.
I
want
to
be
super
Frank
I'm,
actually,
not
a
big
fan
of
the
big
marketing
push
and
all
the
rest
reality
is
when
you
create
a
new
company
outside
of
Google.
It's
going
to
be
news,
so
we
voted
in
the
initial
board.
Members
I
think
it
was
two
days
ago.
We
got
an
EIN
yesterday,
we're
voting
in
the
bylaws
next
week
and
then
it
so
like
all
these
things
are
in
progress.
You
know
and
I'd
love
to
honestly.
K
Never
do
any
press
at
all
once,
but
the
reality
is,
you
have
to
write
so
so
there's
a
lot
of
things
that
we're
still
putting
together
and
then
we
can
share
it.
You
know
yeah
I
mean
Mike.
My
goal
is
that
the
the
guidance
document
for
trademarks
is
something
that
we
just
headed
in
the
open.
Anyone
and
honestly
can
just
come
and
check
out
and
and
maybe
even
comment
on
so.
B
So
we're
running
up
the
top
of
the
hour.
The
the
other
thing
I
wanted
to
tell
people
is
that
this
doesn't
affect
governance
too
much
as
donating
to
the
CN.
Cf
would
not
have
affected
governance.
Cnc
has
to
take
over
governance
of
projects.
Each
project
is
governed
individually,
writes
their
own
rules
of
governance.
We've
had
a
public
governance
doc
for
years
now,
and
we
have
a
we
had
a
bunch
of
private
discussion
and
we
thought
it
would
be
best
to
have
that
discussion
in
public.
We
want
to
be
very
clear.
B
We
are
working
actively
to
get
more
involvement.
I
think
we
have
a
lot
of
maintainer
and
different
companies.
We
now
have
four
companies
on
the
TOC
we'd
like
to
get
more.
Companies
represents
been
individuals
represented
in
the
steering
committee
as
well,
and
so,
if
you
go
to
github
community
repo
you'll
see
there's
a
pull
request
by
me,
oak,
toner,
and-
and
that
is
where
it's
it's
a
public
law
request.
It's
open
for
comment
right
now
on
our
proposal
to
not
just
work
for
but
ensure
that
we
get
more
diversity
right
now.
B
Everybody
on
the
on
the
committee
is
either
from
IBM
or
Google
or
Red
Hat,
and
we
want
to
see
more
companies
there.
So
we
are
moving
towards
more
open
governance.
I
will
add,
self-serving,
lis,
much
more
open
governance
than
many
projects
that
are
in
the
CNC
F.
So
thank
you
Lily
for
putting
a
put
an
opponent
request
in
there.
So
we
welcome
your
comments
there.
We
do
think
that
this
project
is
dependent.
We
have
a.
B
We
have
a
very
vibrant
community
around
it
right
now
very
happy
of
the
number
of
people
who
from
different
companies
who
are
committing
time
on
their
own
time
on
their.
You
know,
with
with
company
on
company
time
as
well.
We
want
to
continue
to
encourage
that
having
someone
who's,
not
google,
whole
the
license
for
the
trademark.
We
think
is
good
for
that
I'm.
Getting
more
open,
getting
more
participation
in
our
already
open
governance
process
is
also
good,
so
I
invite
your
your
commentary
there
and
yes
I
guess
we
did
announce
last
week.
B
B
C
A
C
G
G
C
G
C
C
Protective
for
the
body
that's
receiving
the
copyright
they're,
not
yes,
they're
not
designed
to
enable
the
body
receiving
the
copyright
to
then
go
and
do
enforcement
effort
right.
That's
not
what
they're
for
right
there,
so
they're
kind
of
to
indemnify
the
body
that
receives
the
notice
but
again
another
lawyer,
I
guess.
C
J
Right
and
the
licenses
within
the
source
code
in
the
repos
really
drives
how
you
can
use
the
code
or,
as
the
trademark
is
really
there
for
other
vendors
doing
research
and
what
they
can
do
with
the
name
and
the
logo
and
other
representations
that
identify
the
project.
It's
such
a
most
offenders
yeah,
it's
mostly
for
vendors,
so.
D
C
D
C
J
C
G
Cf
says
so
long
as
you
know,
you
are
allowed
to
use
the
criminais
trademark
in
your
managed
offering
of
kubernetes
so
long
as
the
kubernetes
community
gives
that
the
pumps
up
and
then
the
community
has
defined
that
thumbs
up
as
an
forward
passing
our
conformance
tests.
And
so
it's
really
like
that's
that
administration
of
that
usage
is
really
what
the
since
yeah
word
like,
though
you
see
in
the
space
right.
J
C
C
It's
to
in
some
ways
is
someone
for
looking
in
this
regard
that
we
actually
strictly
separate
technical
decision-making
in
the
project
from
marketing
and
or
other
decisions.
That's
why
you
can
have
a
TOC
and
membership
on
the
TOC
while
currently
is
stipulated
by
history
of
steering.
We
desperately
want
to
change
that.
We
try
to
operate
not
like
that
right.
One
of
the
one
of
the
founding
principles
in
this
do
has
been
look.
You
have
to
put
in
your
time
doing
technical
work
to
be
on
the
TOC
right.
C
Yours
expected
to
get
working
to
bleed
you're
expected
to
do
useful
technical
things,
and
so
we
kind
of
have
this
almost
tenuring
requirement
right.
You
have,
you
have
to
have
spent
some
time
doing
stuff
in
the
project.
It's
not
written
into
the
bylaws
right
now,
but
it's
something
I
put
certain
like
this
II
written
into
the
bylaws,
the
TOC,
but
it
certainly
has
been
how
we've
operated
I'm,
not
the
proposal.
That's
linked
for
steering
cuz.
We
like
you,
can
only
do
one
thing
at
a
time
in
some
I
can
only
do
so.
C
Many
of
these
things
at
once
for
that
right
is
trying
to
deal
with
the
steering
charter
to
make
it
so
that
we
have
not
just
I
guess
what
people
turn
open
governance,
which
means
that
you've
said
what
your
governance
model
is
but
neutral
in
the
sense
that
you
know
you
know
for
some
definition
of
neutral.
You
have
more
than
one
party
in
making
decisions.
I
know
one
party
can
be
making
all
the
decisions.
D
C
D
C
Yeah,
no,
we
very
much
want
to
form
something
along
the
lines
of
a
technical
advisory
board.
At
least
you
know,
that's
I
think
like
I
brought
it
up
in
the
TOC
a
couple
of
weeks
ago,
because
we
have
features
like
we'd
like
to
get
feedback
on,
and
some
of
the
features
may
be
controversial
for
users
and
you
link
you
need
that
engagement
right
and
have
to
structure.
It
is
really
important,
because
you're
gonna,
like
we're
gonna,
make
demands
of
people's
time.
C
C
Yeah
Craig
is
very
much
trying
to
drive
this
process
and
get
volunteers
who
are
willing
to
spend
some
amount
of
time.
You
know
engaging
with
mostly
with
technical
leadership
in
the
project
to
answer
questions
about
how
they,
like
the
seedings
work.
You
know,
I'm
sure
users
have
opinions
about
non-technical
things
within
the
project
too,
but
well
mostly.
What
we
do
is
technical,
so,
hopefully
that's
where
most
of
the
time
you'd
spent.
C
You
know
the
topic
I
talked
about
earlier
about.
You
know
changing
how
we
do
tunneling,
that
some
traffic
has
material
consequences
for
end-users,
that
you
know,
I'd
like
to
get
their
feedback
on
and
actually
was
in
the
context
of
that
that
you
know,
I
was
harassing
other
folks
to
think
about
setting
up
a
technical
advisory
board.
C
D
C
Really
the
way
these,
like
we
haven't
by
any
means
nailed
that
and
the
details
of
this
you
know
we
had
asked
for
a
certain
number
of
hours,
a
quarter
to
go
to
a
meeting
where
there
would
be
a
reasonably
directed
set
of
questions
that
would
how
to
reasonably.
You
could
provide
detailed
answers
on
that.
Would
help
guide
the
direction
the
project
listen.
C
To
work
not
with
release
Cadence's
and
everything
else
right,
because
we're
shipping
software
every
three
months,
you
know
we
have
a
lot
of
features
we
want
to
get
to
that.
Don't
get
delivered
right.
If
you
look
at
the
roadmap
right,
you
will
see
plenty
of
stuff.
That
probably
is
not
gonna
make
the
one
that
seven
release
just
like
any
other
software
project,
so
helping
with
prioritization
understanding
impact
understanding.
What
you
know
would
be
the
most
important
things
to
see
coming
up
where
points
of
alignment
or
points
of
pain
exist
for
customers
almost
are
two
things.
D
C
C
F
Is
very
true:
we're
in
the
process
not
sure
grandest,
okay,
but
we're
in
the
process
of
sitting
up
in
ecosystem
group,
which
will
look
after
coordination
with
with
vendors
and
look
after
marketing
and
so
on,
and
also
be
a
good
place
to
get
people
involved
advisory
capacity.
So
some
of
that
might
be
sitting
up
a
user
group
regular
conversation
for
people
to
have
between
themselves.
We
found
that
the
early
days
of
communities
that
that
work
really
well
is
having
people
who
aren't
just
tire
kicking
but
are
actually
using.