►
From YouTube: 2021 02 26 Platform SIG
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Welcome
everyone
to
the
platform
special
interest
group.
It's
the
26th
of
march,
thanks
for
being
here
so
proposed
agenda
items
talk
about
open
action
items
open
container
labeling
for
our
docker
images
was
a
topic
that
we'd
wanted
to
discuss
in.
Oh,
oh,
I
should
put
one
in
here
which
is
summary
of
the
of
the
containers
and
platforms
track
from
the
contributor
summit.
A
And
that
would
be
me
and
cara
and
and
gareth.
I
think
okay,
then
open
container
labeling
for
our
docker
images
of
proposal.
We
had
coordinating
docker
proposed
docker
changes.
I
think
that's
probably
still
worth
a
topic
of
conversation.
Isn't
it
are
there
other
topics
that
you'd
like
to
be
sure
we
get
on
the
agenda.
A
A
All
right
so
first
action,
adam
the
jep
on
docker
operating
system
support.
It
was
discussed
in
depth
during
the
during
the
contributor
summit
and
we've
got
agreement
that
the
techniques
were
proposing
match
and
it
justifies
a
jep.
So
so
they
had
good
feedback
from
daniel
beck
and
from
others
on
the
topic.
Hey,
are
you
sure
about
this?
What
about
this?
A
And
so
I
think
it's
a
good
candidate
to
include
in
the
gep
any
questions
there:
okay
blog
post
on
in
plugin
installation
manager
and
update
center
gareth,
and
I
were
having
this
conversation
I
think
just
yesterday,
and
and
I
tend
to
agree
now-
that
we
need
more
and
we
need
to
inform
people
about
what's
available
in
plug-in
installation
manager,
just
how
powerful
it
is.
Gareth
was
there.
I
think
you
had
you
had
learned
of
a
specific
feature.
B
Yeah
I
built
the
uc
tool
because
I
was
unable
to
update
plug-in
text
files
with
the
latest
plugins
matching
jenkins
version,
but
that
is
actually
functionality
that
plugin
installation
manager
supports.
We
just
didn't
know
about
it.
A
Yeah,
so
for
me
I
think
that's
that's
a
good,
a
good
excuse
for
us
to
consider
this
as
a
blog
over
the
course
of
the
next
few
weeks
that
hey,
let's
or
or
a
documentation
page
and
a
blog
post
that
points
people
to
the
documentation
page
right
now,
I'm
not
as
clear
where
it
would
fit
in
the
documentation.
So
I
got
to
think
about
that
a
little
bit
and
I'll
include
that
in
a
pull
request.
A
C
I
don't
think
so.
I
I've
just
been
super
busy
with
work,
so
I
haven't
kept
up
on
it
and
asked
for
reviews
and
things
like
that.
But
if
anybody
wants
to
review
it,
I
think
the
pr
link
is.
A
Yeah,
so
so
that's
just
and-
and
I
think
alex
rather
than
having
you
do-
that
blog
post,
if
you're,
okay
with
it
I'd
like
to
take
that
one
on
because
it
needs
a
it
needs
a
where
does
it
go
in
the
documentation
question
to
be
answered
is
that,
okay
with
you
yeah,
that's
fine,
okay,
great
all
right
latest
changes,
so
I've
not
I've,
not
seen
any
outrage
on
the
debian
9
to
debian
10
upgrade
or
on
the
centos
change
and
they're
both
delivered
and
running.
So
congratulations.
A
A
All
right
any
any
questions
or
concerns
on
the
on
topics
related
to
action
items.
A
A
Hey
did
we
say
something
that
sounds
to
you
like
it's
outrageous,
and
that
was
crazy.
So
here's
what
here's,
what
we
said
continue
the
2020
road
map
work
inc
on
multi-platform,
docker
images,
including
arm
s390
and
powerpc,
then
improving
our
image
governance,
and
this
is
where
we
describe
the
ideas,
discuss
those
in
some
depth.
A
Image
maintainers
adopt
this
image,
accelerating
our
docker
builds.
That
was
greeted
with
with
positive
view
from
daniel
beck
and
the
security
team,
thanks
for
everyone
for
being
willing
to
consider
it
and
then
scanning
the
docker
images
and
the
securing
the
delivery
pipeline
segment
also
had
a
scanning
topic.
Their
scanning
topic
was
more
scanning
source
code
and
dependencies
for
issues,
but
it's
the
same
scanning
tool
provided
by
the
linux
foundation,
a
commercial
commercial
license
to
sneak
so
it's
it
looks
very
promising
that
hey
this
thing
is
possible
in
the
in
the
track
discussing
containers
and
platforms.
A
One
of
the
big
concerns
was
how
do
we
deal
with
the
mass
volume
of
alerts
and
warnings
that
come
from
these
kind
of
security
scanning
tools?
I've
looked
at
tentatively,
one
of
them
and
it
alerts
about
things
related
to
ssl
and
and
where
there
isn't
a
change
available
from
the
operating
system
to
do
anything
about
it.
A
We
are
not
likely
to
do
java
15,
but
tim
jacom
noted
hey
the
scheduled
release
date
for
java
17.
The
new
lts
of
java
is
expected
to
be
the
the
fall
of
2021
so
autumn
of
2021
and
he's
seen
that
jenkins
works
and
compiles
and
tests
just
fine
on
java
15..
So
we
may.
We
may
yet
have
this
one
come
in,
but
we
specifically
said
it's
not
on
our
not
on
our
plan
for
right
now
to
do
anything
in
2021.
B
A
B
I
was
I
was
going
to
talk
about
the
security
scanning
stuff.
There
may
be
an
opportunity
to
chat
to
fred
blaise
about
defect,
dojo,
that's
one
of
the
tools
that
he
produces,
and
it
is
meant
to
be
very
good
at
taking
security
events
from
a
wide
range
of
things.
So,
like
different
scanning
tools,
I
think
he
has
got
there.
There
is
integration
with
snike
already
and
presenting
it
in
a
way
that
can
be
managed,
so
there
might
be
an
opportunity
there,
because
it
is
an
open
source
tool.
B
Defect,
dojo
is
what
cloud
base
use
internally
to
manage
security
defects,
but
it's
an
open
source
tool.
That
is,
I
think,
fred
is
actually
one
of
the
main
maintainers
of
it
as
well.
So
yeah
we
could.
We
should
have
a
conversation
with
him
about.
B
Can
we
yeah?
What
does
it
support?
Can
we
get
up
and
running?
Would
it
be
useful
for
this
kind
of
stuff
and
I
suppose
whether
daniel
would
find
it
useful.
A
D
I'm
mark
just
so
I'm
I'm
clear.
Are
we
using
the
snake
security
tool
from
the
linux
foundation
that
we
have
potential
to
use
through
the
continuous
delivery
foundation?
There
are
yeah,
that's
the
one
we're
using
okay.
A
Well,
using
is
using
is
a
very
that's,
a
very
generous
use
of
that
gerund
verb
using
right.
It's
we,
we
plan
to
use
that
that
so
yes,
I'm
I'm
experimenting
with
it,
but
my
experiments
are
not
using
the
they're
just
using
a
snake,
snick
free
account,
whereas
the
the
linux
foundation
account.
As
I
understand
it,
actually
has
additional
features
that
are
only
available
to
commercial
consumers
of
snake.
A
Yeah,
absolutely
so
that's
and-
and
I
think
I
think
I
suspect
there
are
p-
the
project
has
already
applied
and
it's
already
actually
being
used
on
jenkins
content,
but
there's
still
some
registration
stuff.
That
needs
to
happen
and,
for
instance,
oleg
in
the
session
was
was
demonstrating
and
there
were
a
couple
of
bumps
and
bruises
that
we
need
to
talk
to
alex
the
linux
foundation.
B
Yeah,
so
I
think
this
came
up
in
the
containers
and
platform
the
contributor
summit
as
well.
I
think
damien
raised
this
as
a
an
option.
It's
just
it's
about
that.
There
are
two
specs
at
the
moment.
There's
the
label
schema
and
open
container.
B
I'm
not
sure
it's
called
labels
or
annotations
spec,
but
they
seem
to
offer
the
same
kind
of
thing:
they're,
a
common
set
of
labels
that
you
can
add
to
your
docker
containers
just
to
try
and
provide
some
hints
on
where
that
docker
image
has
come
from
how
it
was
produced.
B
You
know,
get
repo
commit
hash
when
it
was
built
and
and
other
information
as
well
that
you
may
want
to
add
to
it
and
yeah.
I
think
this
is
just
an
idea
that
we
should
come
up
with
a
common
set
that
we
would
like
to
attach
to
all
of
our
images
and
start
doing
that.
B
Yeah,
so
I
think
that
was
the
label
schema
spec
that
it
added
it
added
most
of
the
sort
of
static
labels.
I
would
say
so
it's
like
descriptions
and
maintainers
and
that
kind
of
stuff
it
had
the
git
url,
but
it
didn't
contain
any
sha
in
there
or
commit
message
or
anything
like
that.
So
you
can
see
exactly
at
what
point
it
did
so
so
to
change
that
you.
Actually
you
obviously
need
to
do
that
at
build
time,
rather
than
just
add
them
statically
into
the
into
the
dockerfile
itself.
C
Yeah,
so
we
need
to
move
that
over
to
our
own
infrastructure,
rather
than
yes,
those
builds
on
docker
hub.
B
Yeah
docker
hub
is
problematic
for
that.
I
think,
unless,
unless
there
is
a
way
that
they
they
pass
a
builder
or
something
that
of
a
commit
hash
which
I've
I've
not
seen
them
do
that.
I
don't
know
whether
that's
something
they've
changed
but
yeah,
but
I
think
we
should
kind
of.
I
don't
know
whether
we
want
to
support
both
specs
or
whether
we
should
choose
one
of
those
specs
to
support.
C
One
we
pick,
someone
will
be
angry
that
we
didn't
pick
the
other
one.
So
if
it's,
if
it's
easy
to
do
both,
we
should
probably
just
do
both
just
so
that
we
don't
get
lots
of
complaints
because
you
know,
whichever
one
we
choose,
you
know
someone
will
be
all
up
in
arms,
so
we
didn't
choose
the
other
one.
So,
hopefully
there's
not
a
third
one
introduced
anytime
soon,.
B
What
one
of
the
ones
that
I
find
really
easy
is
already
really
handy
is
to
put
in
the
get
state
the
git
tree
state
and
whether
or
not
it's
dirty
or
clean,
so
that
I,
when
I'm
debugging
an
issue,
I
can
see
that
somebody
has
made
a
modification
and
built
it
on
their
desktop
and
pushed
it
up.
And
it's
not
to
come
from.
A
A
Great
anything
else
gareth
there,
so
it
seems
like
this
one
is
dependent
on
our
eventual
transition
to
building
the
images
on
our
own
infra,
but
that
we've
got
to
do
anyway
for
s
390
likely
for
arm
64
and
for
power
pc.
So
so
that's
an
eventual
transition,
no
matter
what
right
we're
making
that
transition
as
part
of
our
road
map.
B
Yeah,
we
can
add
a
subset
of
the
labels
at
the
moment.
I
think
so,
the
ones
that
are
relatively
static,
we
can
add
those
up
front
but
to
get
a
sort
of
a
complete
set
and
probably
the
the
more
useful
labels
like
knit
sharp.
B
A
Well,
but
I
I
I
missed
that
I
think
that's
a
valuable
thing.
We
could
immediately
add
those
those
more
static
labels
and
that
way
there
may
be
some
people
who
already
get
value
and
we
then
are
reminded.
Oh
yes,
let's
keep
using
the
static
labels
and,
as
we
make
more
transitions,
we
add
more
static
labels.
Yeah.
I
like
that
a
lot
alex
did
you
have
a
comment
there.
B
A
A
A
B
Yeah,
it's
just
they're,
just
they're
a
common,
a
common
set
of
labels
that
it
sort
of
says
that
you
should
add.
A
A
Well,
there's
an
organization
in
in
western
or
in
africa
called
chico
africa
and
one
of
their
leaders.
Zinab
abubakar,
is
a
jenkins
documentation,
contributor
and
she's
noted
that
they
have
upcoming
a
contribution
where
they're
going
to
seek
sponsors,
see
commercial
sponsors
who
fund
them
to
then
pay
women
in
africa
to
contribute
to
open
source
projects
and
they
have
sponsorships
available.
My
thought
was:
if
your
employer
is
interested
in
sponsoring
these
kind
of
things
where
various
groups
we
would
like
to
increase
their
involvement
in
tech,
it
might
be
worth
you
asking.
A
C
Yeah
that'd
be
great.
Are
you
going
through
your
like
hr
for
that
or
what.
A
A
And
that
kind
of
thing
is
is
where
yeah
and
my
guess
was:
you've
probably
got
it
and
I
think
I'm
gonna,
I'm
gonna
ping,
jim
crowley
as
well,
because
I'm
reasonably
confident
that
that
ibm's
got
something
similar
and
so
yeah.
Here
it
is
so
this
is
the
link
to
it.
So
what
this
is
is
right
now
they're
assembling
donations
from
from
sponsor
companies
and
then
during
the
month
of
april,
these
women
will
be
assigned
tasks
from
project
ideas,
that
open
source
projects
have
suggested
and
will
be
paid
to
contribute
to
those
tasks.
A
A
Right
yeah,
she
code
africa.org
and
the
contributon
is
described
on
their
events.
Page
perfect.
A
Excellent,
thank
you
and,
and
the
sponsorships
range
from
a
thousand
dollars
to
five
thousand
dollars
for
corporations,
and
certainly
you
could
sponsor
beyond,
but
what
what
their
goal
the
way
the
way
xenon
described
it
was.
They
will
be
delighted
if
they
get
forty
thousand
dollars
in
sponsors,
and
my
thought
was
between
your
employer,
my
employer
and
jim's
employer.
A
A
I'm
not
sure
there
are
specific
platform
related
project
ideas,
but
I
think
it's
worth
us
considering
as
a
platform
sig.
What
what
could
we
have
them?
Do
that
have
a
contributor
do
that
might
help,
and
there
may
well
be
thing
parts
of
our
road
map
where
they
would
they
would
really
benefit
and
we
would
benefit.
C
Great
yeah
I'll
definitely
reach
out
today
to
my
inclusion
and
diversity
team.
A
Great,
thank
you
super
yeah
and,
let's
see
in
terms
of
maybe
maybe
we
could
take
a
few
minutes
here
and
talk
about
what
are
some
project
ideas.
We
might
see
that
the
plat
that
are
platform
specific,
for
instance,
could
we
consider
having
them?
Well,
let's
see
what
have
we
got
on
the
roadmap?
If
I
think
about
roadmap
topics,
we've
got.
A
Well,
how
about
I
guess,
arm
64
arm
64
might
work
if
one
or
more
of
theirs
have
a
raspberry
pi
4..
Now
that's
that's
kind
of
a
a
rather
strange
thing,
but
you
never
know
I
mean
pi4
can
actually
run
64-bit
arm,
right
and
so
arm.
64
support
might
be
a.
A
One
of
the
suggestions
from
damien
had
been
techniques
to
accelerate
the
speed
at
which
we
performed
certain
of
the
tests.
He's
found
a
google
tool
that
does
that
will
inspect
the
contents
of
a
docker
image
or
test
a
docker
image
without
actually
running
the
image,
and
it
seems
to
be
faster
than
starting
and
stopping
the
image
process
so
test
improvements
might
be
a
might
be
a
candidate.
A
Certainly
documentation
and
yeah,
as
has
been
one
that
we've
discussed,
but
that's
not
specifically
to
the
platform
and
screenshot
updates
because
we're
getting
a
significant
change
to
the
ui
in
march.
And
we
need
to
update
pictures.
A
All
right
next
topic
proposed
docker
changes,
so
multi-arch
builds
installplugins.sh
still
in
progress
cara
on
the
non-root
user.
On
the
agent
docker
image.
You
want
to
give
us
a
how's
it
going
there.
What
do
we
need
to
help
with
what
are
the
challenges,
etc?
That.
D
That
is
a
good
question.
It's
actually
all
fine.
It's
had
a
bit
of
a
delay
because
I
just
got
pulled
into
other
things
like
talks
and
stuff.
So
I
I
have
not
worked
on
this
in
well
over
a
week,
but
it's
pretty
close
to
done,
and
I
now
have
a
clearing
in
my
time,
which
I
will
give
a
push
on
this
similar
for
the.
A
D
Particular
blocker
is
it
thank
you
for
your
offer,
but
there's
number
two:
it's
it's
just
me
needing
to
see
it
make
sure
it's
done.
That's
fine
yeah
and
same
with
the
docker
brother.
A
A
D
A
A
Okay,
so
we
jim
mentioned
verbose
tagging
and
I
think
that's
still
just
we
need
to
keep
making
progress
on
that
we're
using
that
follow.
The
tagging
pattern
that
we're
using
in
the
windows
image
and
adopt
em
is
showing
the
same
tagging
pattern
as
well,
so
that,
for
me,
just
feels
like
a
good
good
plan.