►
From YouTube: Technical Oversight Committee 2021/10/04
Description
Istio's Technical Oversight Committee for October 4th, 2021.
Topics:
- Nominating Ethan Jackson to Product Security Working Group - APPROVED
- Feature Freeze October 14th for 1.12
D
D
So
I
guess
it
probably
needs
formal
approval,
but
he's
out
until
the
11th.
A
Do
we
need
to
do
anything
about
I'm
down
at
the
docks
for
offline
review?
Do
we
need
to
do
anything
about
the
feature
freeze,
dock.
D
D
D
Sometimes
there's
a
little
bit
of
discussion
that
goes
back
and
forth
between
the
release,
managers
and
and
not-
and
this
is
just
setting
some
of
the
expectations
for
I
guess-
people
that
are
writing
code
to
to
kind
of
meet
before
they
they
either
try
to
cherry
pick
things
back
in
or
try
to
get
features
in
after
a
branch
cut
in
particular.
A
Is
this
process
documented
somewhere
in
a
markdown
file?
No,
it's
not
that
we
can
turn
some.
I
think
my
preference
would
be
to
figure
out
how
to
have
this
somewhere
that
it's
a
file
that
we
can
just
that
has
the
process,
because
I
don't
like
having
process
index
because
people
don't
know
where
to
find
it,
and
then
it
gets
out
of
date.
E
I
would
put
on
the
wiki
with
the
we
have
like
a
page
for
each
release
and
then
we
can
just
link
to
it
from
there.
I
already
have
one:
that's
a
small
blurb,
that's
how
do
I
get
my
code
into
this
release
and
we
can
just
link
to
one
doc
instead
of
popping
it.
A
E
C
Yeah
this
is
the
last
week
folks,
if
you're
interested
in
filling
in
for
brian.
D
C
For
the
empty
tlc
seats,
please
reach
out
to
us
the
tlc,
I
think
there's
a
toc
steering
asking
questions
slack
on
istio.
So
so
far
we
have
eric.
Thank
you
for
your
interest
reach
out
to
us.
So
please,
let
us
know.
G
Yeah
we
have
a
had
some
sort
of
like
minor
reordering
within
restructuring
within
the
teams,
and
so
we
have
a
data,
plane
team
and
he's
the
tl
for
it
and
just
having
him
be
involved
in
the
product
security
working
group,
I
think,
would
be
would
be
helpful.
B
Just
fine
one
question
will
be
previously:
we
had
a
lot
of
qualifications
and
stage,
like
I
shouldn't
say
stages,
but
we
had
some
qualifications
and
things
turned
down
for
who
can
join.
Pswg
looks
like
over
the
last
few
quarters,
at
least
when
I
was
you
know.
We
don't
really
follow
that
process
anymore.
B
Is
that
fair
jacob-
and
I
guess
brian
and
I
don't
know
who
are
the
current-
leads
yeah
go
ahead.
D
Yes,
that's
fair
right
now,
so
the
reason
why
this
was
in
part
brought
up
is
that
over
the
last
probably
two
to
three
months,
we've
had
on
average
three
to
maybe
four
people
attend
the
product
security
working
group
meetings.
So
that's
when
we
kind
of
brainstormed
this,
oh
there's
oliver
as
well.
That's
where
we
were
you
know
trying
to
solicit.
You
know.
Is
there
anybody
else
that
that
could
actually
attend?
That
has
a
you
know,
a
key.
You
know
stake
in
actually
istio
security.
D
G
I
don't,
I
don't
think
they
are
the
fair
he's
fairly
new,
so.
B
Yeah
so
I
mean
again,
I
understand
the
concerns
and
that
we
don't
have
enough
people
and
we
want
to
get
people.
I
just
want
to
make
sure
it's
being
fair
to
everyone
right.
So
if
new
is
new
team
members
who
have
not
worked
on
stu
from
other
companies
were
to
join
pswg,
which
is
a
sensitive
group,
we
would
allow
it
going
forward
or
not.
G
B
That's
what
I
was
saying
just
saying:
we
did
write
down
something
concrete
when
francois
was
here.
I
was
the
lead
and
I
think
I
don't
remember.
Who
was
the
third
lead
it
just
what
I've
seen
is
over
the
time.
We
didn't
quite
follow
it,
so
I
just
want
to
make
sure
we
either
remove
it
or
update
it
right.
I
was
just
asking
where
it
is
because
I
haven't
seen
it.
I
think
it's
one
of
those
dogs
in
the
product
security
working
group
drive.
Is
that
correct
jacob?
I
don't
remember.
D
Yes,
it
is
I'll
I'll
find
it.
I
think
we
should
update
that
because
last
week
we
also
brought
up
to
tlc
if
we
could
solicit
members
of
the
early
disclosure
list
if
they
had
anybody
that
could
participate
in
that
as
well.
B
C
B
C
H
D
So
it's
kind
of
twofold
one
there's
not
enough.
You
know
cyber
security
experts
and
then
two
just
overall
engagement
and
as
far
as
you
know,
making
sure
the
patches
are
ready
and
things
of
that
nature.
So
so
we
need
some
worker
bees.
You
know
like
myself
as
well
as
some
people
that
actually,
you
know,
can
kind
of
dig
in,
and
you
know
kind
of
assess
some
of
these
vulnerabilities
as
they're
reported
to
us.
B
Yeah
we
started
out
with
really
strict
requirements
because
the
sensitivity
issue,
I
think,
over
the
time
it
got
diluted
because,
as
jacob
said,
lack
of
expertise
and
just
lack
of
participation-
and
we
had
quite
a
bit
of
churn
in
this
group.
I
Go
ahead,
yeah.
Currently
we
we
have
about
like
four
to
five
people
actively
working
on
pswg
like
participating
in
every
civil
unities
right,
but
that's
not
enough.
That's
the
issue
we
need
to
like
get
more
people
engaged,
so
I
I
personally
think
yeah.
I
I
think
other
people
also
said
either
you
have
good
experience
with
this
deal
or
you
have
good
expertise
on
securities.
I
If
you
qualify
for
one
of
them,
that
should
be
good
enough
to
participate
for
pswg.
Of
course
you
have
to
like
obey
all
those
rules,
the
special
sensitivity
like
rules
inside
this
pswg.
You
have
to
agree
on
that,
but
other
than
that,
I
think
it
should
be
okay,.
B
Oh,
I
see
you're
saying
he's
like
yeah.
G
J
G
And
by
way
of
background,
so
he
was,
I
worked
with
him
on
open
v
switch.
He
was
one
of
the
core
contributors
open
v
switch,
so
he
has
experience
in
in
open
source,
just
not
he's
new
to
istio
and
and
envoy.
B
A
D
D
Okay,
yeah
and
I'll
I'll
add
it
to
the
agenda
so
that
we
can
kind
of
refine
this
charter
at
the
next
meeting.
So
thanks.
A
A
Okay,
I
can
add
that
to
my
list
for
this
week,
anyone
else
want
to
help
wrangle
that.
A
Going
once
going
twice
all
right:
I've
all
enjoyed
myself,
okay,
I'll
I'll,
try
to
have
it
into
like
actual
draft
form
for
next
week.
So
we
can
discuss.
H
F
F
The
testing
has
got
very
very
simpler,
just
because
most
of
that
is
automated
now,
so
we
have
less
of
a
churn
and
another
good
news
is
our
weekly
working
group
leads
meeting
have
reduced
to
almost
80
percent,
so
we
only
meet
close
to
the
releases.
So
that's
another
good
news
that
we
have
given
30
minutes
back
and
it's
working
well
with
the
channels
discussions
and
just
meeting
around
the
release.
Time.
E
J
E
J
Completely
with
api
did
not
get
it.
No,
no
yeah,
I
mean
yeah,
it's
it,
it's
not
the
even
the
api
itself
is
not
in
yet,
so
I
don't
think
it's
reasonable,
not
expected.
Okay,.