►
From YouTube: Sig-Auth Bi-Weekly Meeting for 20230104
Description
Sig-Auth Bi-weekly Meeting for 20230104
A
All
right,
hello,
everyone:
this
is
the
January
4th
meeting
of
Sig
auth,
happy
New
Years.
It
is
now
2023.
wow,
let's
get
started
Mo
are
you
around
today,
yep
I'm,
here,
I,
hope,
you're,
feeling,
okay,.
A
A
I
I
was
not
actually
I'm,
still
not
sold
on
how
to
do.
Caching
for
this
in
a
way,
that's
reasonable,
I
think
that
so
the
general
idea
of
this
was
like
if
we
did
want
to
have
additional
headers
added
by
like
an
auth
proxy
or
something
such
as
you
know,
like
IP,
based
context
added
to
user
info
for
use
and
authorization.
A
This
would
allow
additional
headers
to
be
transferred
through
to
the
authenticator
and
like
storage.
In,
like
the
authentication
context,
the
motivation
for
This
was
gcp
has
a
feature
called
context.
Aware
access
where
you
can
do
your
context,
you
can
do
authorization
based
on
you
know.
A
Yeah
IP
ranges,
I
think
is
the
easiest
easiest
example,
but
they
can
also
be
like
on
like
the
VPC
or
virtual
Network
request
originated
that
it
could
be
like
you
know,
even
like
something
like
a
trusted
trusted
device
or
something,
and
we
needed
a
way
to
store
additional
information
in
the
authentication
context
to
perform
authorization
rules
on
it.
A
The
challenge
that
I
encountered
while
while
trying
to
implement
this
is
how
it
interacts
with
the
authentication,
proxy
right
and
the
authentication
cache
in
a
way
and
I
was
trying
to
figure
out
if
there
is
a
way
to
make
the
authentication
sketch.
Still
it's.
A
C
Yeah,
so
I
I
wanted
to
make
sure
that
you
know
if
it,
since
the
body
was
harassing
it
that
if
you
know,
if
you
decided
you
didn't
need
it,
then
you
know
we
could
just
close
it
and
with
some
explanation
of
why
you
decided
you
didn't
need
it
or,
and
it
was
the
the
state
of
it
was
unclear
like
what
you
just
described,
was
sort
of
unknown.
To
me,
how.
A
Many
comments
that
on
the
bug
and
let
it
get
club
or
let
it
be
let
it
remain
closed,
but
thank
you
for
bringing
this
up.
Maybe
if
it's
gets,
maybe
there
will
be
a
time
in
the
future
where
we
can
prioritize
it
again
and
work
through
some
of
those
problems.
C
Yeah,
that's
fair,
I
had
a
question
for
you.
This
does
it
so
I
I
assume
the
desire
to
have
this
is
for
one
reason
or
other.
You
don't
want
to
use
an
authentication
proxy
to
do
this,
since
the
authentication
proxy
would
be
able
to
have
the
full
Network
details
and
just
embed
them
into
the
extra
field.
A
D
A
Is
a
very
good
point:
I
think
that
would
I
think
that's
valid.
A
The
I
I
think
whether
or
not
the
authentication
proxy
approach
is
used,
which
maybe
that
makes
the
most
sense
here
or
this
approach
is
used.
They're
still,
challenges
with
making
sure
that,
like
the
captioning
is
efficient,
but
yes,
I
I,
see
your
points
that
maybe
authenticated
proxy
would.
D
A
Right
approach,
without
other
issues,
with
implementing
something
like
this.
C
F
A
Yeah
but
the
bar
is
high
I.
It
is
unclear
to
me
whether
the
requirement
here
is
Niche,
so
I
think
if
the
you
know,
if
the
requirement
is
Niche,
then
the
bar
should
probably
be
high
right
or
I.
Guess
it's
fine.
If
the
bars
are
not
the
Martian
probably
be
High.
A
G
C
A
Okay,
so
I'm
going
to
leave
the
tab
open,
I'm,
going
to
explain
the
problems
with
the
cache
and
also
add.
A
E
Review
and
you
can
skip
that
that
actually
got
approved
and
merged
already
so.
A
A
Okay,
who
wants
to
take
this
one.
C
I
think
I'm
here
and
I'll
see
you
I
see
Tim
on
the
call
too.
The
gist
of
this
was
to
be
a
folk
agreed
with
the
assessment
that
we
should
remove,
that
plug-in.
I
forget
this
okay
Timmy.
Maybe
you
can
remind
me
if
it's
already
deprecated
I,
don't
remember,
but
we
I
think
the
feeling
was
that
we
have
built
far
better
approaches
to
doing
what
this
thing
was
doing,
and
it's
not
so
it's
got
gaps
and
probably
should
not
be
used.
C
E
I,
don't
remember
the
retroactive
cup.
Normally
we
do
that
when
there
was
all
like
Perma
beta
thing
that
is
wanting
to
be
GA
and
we
use
the
retractive
cap
just
to
capture
test
stuff
and
upgrade
stuff
and
make
sure
it's
actually
GA
if
I
thought
we'd
mark
it
deprecated,
but
I
just
looked
and
I
don't
see
any
code
mentioned,
but
maybe
we
mentioned
it
in
release.
Notes.
E
So,
at
the
very
least,
putting
a
note
in
like
wait,
you
use
it
like
printing
out
something
saying
you
probably
don't
want
to
be
using
this,
that
that
seems
like
a
no-brainer
I,
don't
know
that
it
has
actually
cost
us
any
maintenance
effort.
I
think
it
just
sits
there,
so
it
might
be
worth
doing
a
sweep
for
like
any
references
in
public
GitHub
to
see
if
we
can
find
any
evidence
of
use,
and
maybe
what
we've
done
in
the
past
is
reach
out
like
file
issues.
E
If
we
find
use
of
deprecated
things,
you
did
that
for
the
service
account
token
deprecation,
reach
out
and
say
like
do
you
know
that
this
doesn't
work
the
way
you
think
it
does,
maybe
maybe
a
sweep
of
that
if
we
can't
find
any
used
or
we
do
find
use
and
we
reach
out
and
they
say:
oh
thanks,
we'll
switch
or
something,
then
that
would
be
a
stronger
case
for
announcing
deprecated
and
removing
if
we
do
find
use-
and
they
say
no,
we
love
it
and
here's.
Why,
then,
maybe
we
can
reconsider
it?
C
E
So
yeah
updating
the
code,
updating
the
docs
scanning
for
use.
Those
are
some
concrete
things.
Maybe
we
could
put
that
in
an
issue
in
tags
and
security
and
Market
has
help
wanted
for
those
concrete
actions.
E
C
Yeah
but
I
from
the
gist
of
this
conversation,
I,
don't
see
any
one
immediately
saying.
Do
I
really
want
to
keep
this?
Basically,
it's
it's
more
of.
Let's
explore
to
make
sure
that
our
belief
that
it
can
be
safely
removed
is
correct,
and
if
so,
let's
do
our
very
graceful
dance
of
slowly
removing
things.
C
Take
that
as
a
yes,
so
this
came
up
during
one
of
the
the
triage
meetings.
A
A
Or
so
blog
rotate
or
like
the
recommendations.
Generally,
you
just
use,
like
a
log
rotate
for
the
ones
that,
like
the
log
files
that
we
write
but
yeah
I'm,
pretty
sure
this
is
just
right.
The
audit
policy
just
right
or
I,
don't
know.
I
just
went
to
a
file
foreign.
A
C
Right
and
I
think
if
you,
if
the
log
mode
wasn't
blocking
strict
I,
would
feel
pretty
confident
saying
just
I
mean
I,
don't
know
that
happens,
but
it
just.
It
feels
really
awkward
that
you
know
you
set
it
up
in
a
way
like
I,
I,
guess
the
question
becomes:
whose
responsibility
is
it
to
make
sure
that
the
file
remains
valid?
Is
that
Within
the
API
server's
responsibility,
or
is
it
the
operator
to
make
sure
that
Nobody
messes
with
the
host
and
thus
cannot
mess
it
in
the
file.
B
A
C
D
Yeah,
both
both
modes
are
used,
like
usually
like
you,
move
the
existing
file
and
then
send
a
signal
to
the
process
which
causes
it
to
reopen
the
log
files.
A
That's
not
what
log
rotate
does
so
Analytics.
D
It's
got
a
copy
truncate
option,
so
you
like
copy
the
old
file
and
truncate
the
the
existing
one
and
new
rights
go
to
the
like
the
previous
existing
file.
D
Yeah,
but
that
this
really
depends
on
like
what
what
the
definition
of
audited
is
right,
like
and
in
production,
I
think
like.
We
don't
really
use
log
files
in
the
sense
like
do
you
just
forward
it
to
a
log
auditing
service?
B
I
think
some
deployments
use
the
file
as
a
like
a
local
buffer
in
case
there's
a
network
segmentation
or
something
like
that.
G
A
I
would
say
it's
probably
not
a
bug.
I
would
maybe
call
it
an
enhancement.
D
Is
there
any
way
to
detect
lost
audit
records
like
if
I'm
looking
at
the
like
a
sequence
of
what
it
records
can
I
like
see?
Oh
there's
a
gap
in
the
sequence
numbers
here
and
I
know
that
some
records
were
lost.
E
It
was
a
little
weird
like
someone
else
mentioned,
like
we
don't
fsync
after
every
right
either.
So
like
there's
a
maybe
a
variety
of
things
like
does,
the
file
still
exist.
Are
we
f-syncing?
E
Is
there
a
way
to
detect
gaps
in
the
audit
log,
like
there's
sort
of
a
few
things
around
this?
That
maybe
could
be
done?
Some
of
them
would
take
a
performance
at
some
of
them.
Like
you
know,
incrementing
sequence,
on
the
events,
a
single
server
emits,
maybe
wouldn't
be
a
performance
hit,
but
I
kind
of
agree.
It's
a
sort
of
low-ish
priority
enhancement
request
like
reliably
ensure
we
get
all
events
in
the
file
and
sort
of
bundle,
those
things
up
into
that.
B
A
E
A
Yeah
and
detecting
gaps,
I
guess
the
to
up
level.
It's
just
more
look
at
reliability
of
file
based
on
it
sinks.
A
F
Yeah
so
I'm,
looking
at
picking
up
the
cap
3257
again
and
there's
a
two
halves
to
the
functionality.
One
is
the
API
server
pieces
about
accepting
trust
anchor
sets
or
whatever.
We
call
them
now.
Think
trust
member
sets
okay
and
then
there's
the
bit
about
cubelet,
actually
being
able
to
project
them
and
I'm
wondering
should
they
be
1pr,
one
Mega
PR
or
to
still
quite
large
vrs.
A
Yeah
I
think
re-reviewing
changes
is
a
lot
easier,
the
smaller
the
Pras.
A
F
E
All
the
API
level
changes,
including
validation,
should
be
grouped.
The
implementation
that
like
makes
use
of
that
and
actuates
stuff
based
on
that,
can
be
stacked
in
a
separate
PR,
but
so
in
an
API
PR.
We
have
the
fields,
the
definitions,
validation,.
F
That's
all
that's
in
the
first
PR,
it's
just
a
correct
kind
of
stuff
should
I
include
so
there's
also
API
changes
for
the
cubelet
piece,
like
changing
the
definition
like
adding
a
new
projected
volume,
type.
Okay,.
A
A
Is
also
the
API
server
okay,
so
that's
like
four
or
seven
years.
We.
C
F
F
C
Like
when
yeah,
when
you
act,
like
I
I,
do
appreciate
when
folks
put
the
the
generated
stuff
in
its
own
commit.
So
that
way
you
can
look
like
you
should
like
I
like
to
review
it,
but
I
just
like
to
review
it
separately
from
like
the
parts
that
you
hand
wrote
just
because
it
tends
to
be
easier
to
figure
out
what
happened.
E
Also
get
just
released
a
feature
that
makes
working
with
stack
branches
way
easier.
So
if
you
have
like
one
local
branch,
you
can
push
it
to
like
three
or
four
different
remote
branches
and
update
three
or
four
different
remote
PRS.
All.
A
E
And
actually
I'm
I
have
a
API
review
question
that
I
try
to
do
every
other
week,
and
so
this
is
on
the
list
for
tomorrow's.
If
you
want
I
can
invite
and
if
we
want
to
do
any
hype,
Android
stuff
tomorrow,
that
might
be
good.
Okay,
true.
F
A
C
A
Yeah,
so
the
One
technical
thing
that
I
wanted
to
discuss,
while
I
had
about
Jordan
in
the
room
is
the
changes
to
the
upgrades
to
use
the
HTTP
client
rather
than
the
dialer
or
a
weird
dialer
thing.
A
A
So
the
problem
that
we
have
today
that
this
attempts
to
address
is
that
we
have
when
we
do
an
upgrade
from
Speedy
for
Speedy,
and
maybe
this
is
true
for
websites
I
can't
remember,
but
definitely
for
Speedy.
We
create
a
request,
we
dial
a
connection
and
we
write
the
raw
request
to
the
connection,
and
then
we
parse
the
response.
A
The
problem
with
this
custom
code
is
that
it
lives
independently
of,
like
you
know,
the
transport
cache
configuration
ideally
what
we
would
want
to
do
with
this
client
exec
as
per
spec
in
the
kept
is
we
want
to.
We
can
implement
this
fairly
straight
fairly
easily
by
just
replacing
so
like
the
base
transport
that
obviously
doesn't
work
for
our
Speedy
upgrades.
A
D
A
Work,
otherwise
we
are
going
to
make
that
dialer
upgrade
stuff
like
much
more
complicated,
and
it's
already
kind
of
Fairly
complicated
time
is.
C
Mike
as
a
possibly
different
approach
like
I,
think
what
you're
describing
is
I
just
want
to
change
like
a
piece
of
the
round
Tripper
and
thus
implement
it.
That
way,
and
in
order
to
be
able
to
do
that,
the
Speedy
stuff
needs
to
behave
nicely
with
that
happening.
C
I
think
what
I
had
originally
tried
to
do
was
effectively
try
to
use
the
HTTP
reverse
proxy
stuff.
So,
instead
of
like,
instead
of
changing
the
client
I
effectively
changed
the
server
and
then
extra
hooks
into
that
that
transport.
D
C
So
I
I
what
I?
What
I
was
saying
is
that
you
would
have
all
of
your
custom.
Dialing
logic
stay
where
it
is,
and
it
would
make
a
request,
it's
just
that
it
makes
a
request
to
a
different
server
right.
So
it's
it's!
Instead
of
trying
to
change
the
semantics
of
how
like
the
server
stuff
works
in
the
transport,
we
just
literally
changed
the
request
to
be
a
different
place,
all
together
right.
So,
instead
of
like
going
to
API
server
Dot
aks.com,
you
go
to
like
127.0.0.1
literally
that's
like
the
server
you're
going
to.
A
Yeah
I
I
think
that
is
the
option
where
we
make
the
dial
stuff
a
bit
more
complicated.
C
A
I
I
think
that
would
be
valid
if
we
are
so
afraid
to
touch
this
stuff
that
we
can't
like
do
some
simplification
but
I
think
in
general.
Removing
that
would
be
beneficial
if
we
can
do
it
carefully
and
correctly.
C
Yeah
I
mean
yeah
I
generally
agree
with
the
notion
of
trying
to
come
up
with
some
way
to
simplify
this
stuff,
because
it
is
incredibly
difficult
to
reason
about.
Even
if
you
know
what
it's
supposed
to
be
doing,
I
I,
guess
I
think
I
would
ask
like
how
would
we?
How
would
we
validate
that
we
didn't
break
it?
Yeah.
A
That's
exactly
what
I
was
leading
with.
Is
this
like
an
upgrade
test
for
Cube
control
exec?
Is
it
like
a
down
downgrade
test
for
compatible
backwards
compatible?
What
are
we,
what
is
acceptable
here.
E
A
We
have,
we
have
e
to
e-tests
I,
don't
know
whether
they
are
running
in
the.
Let
me
see
the
ete
test.
D
I,
don't
know
whether
they
are
running
in
any
version
ski
Suites,
but
the
the
ete
tests
are
fairly
extensive.
A
The
change
here
was
that
we
stopped
I
removed
the
go
proxy
library
because
it
was
actually
kind
of
busted,
but,
like
the
ews
here
are
extremely
extensive.
They
are
do
execs
through
a
student
proxies
I
think
that
we
have
a.
We
don't
have
anything
sex
through
a
socks
proxy,
but
we
could
add
one,
and
we
should
also
make
these
run.
Inversions
key
Suites.
E
Yeah
the
fact
that
this
appears
to
only
be
changing
the
client
is
promising
changing
the
client
and
the
server
at
the
same
time
is
sketchy
I
I,
like
the
idea
of
simplifying
it
a
lot.
E
It
might
be
worth
looking
through
the
history
of
the
speedy
roundtripper
and
like
seeing
when
some
of
the
options
and
things
like
the
Ping
period,
And
like
I
I'm,
just
looking
through
the
file
and
seeing
some
of
the
options
and
wondering
if
we
have
test
coverage
all
of
those
things
so
like
Ping
period,
keep
alive.
I,
know
exact,
like
long-lived,
exec,
sort
of
terminating
after
a
minute
or
some
some
short
time
out.
The
Ping
period
might
have
been
added
for
that
and
we
might
not
have
ede
coverage
of
that.
E
The
proxier
HTTP
proxy
and
socks
proxy,
so
just
making
sure
that
we're
exercising
all
of
the
sort
of
knobs
and
levers
that
the
old
one
had
and
then
probably
sitting
down
and
doing
a
review
like
in
person.
So
we
can
talk
through
each
each
thing.
That's
changing
and
just
make
sure
we're
catching
all
the
balls.
We're
throwing.
A
Yeah
so
check
it
again.
I
can't
remember
exactly
where
but
I
registered.
C
Is
used
rather
than
so
since
David
is
on
the
call
hey
David.
Do
you
want
to
like
go
rewrite
the
upgrade
handling
on
a
aggregated
server
so
that
it
doesn't
also
have
that
horrendous
mess
and.
G
I'm
willing
to
obey
the
one
at
a
time,
but
I
would
look
at
the
technique
and
see
if
we
could
simplify
it,
although
I
will
admit
to
being
a
little
gun
shy
after
yeah
to
end
all
cves.
C
G
So
so
I'm
I'm
open
to
it,
but
I
don't
think
I
want
to
go
for
it.
At
the
same
time,.
A
A
Okay,
yeah
I
will
follow
up
yeah
with
whoever's
interested
and
then
yeah
once
this
is
in,
like
y'all
all
to
talk
with
or
I
guess,
even
before
that
I'll
sync
up
with
Nick
and
see
what
the
next
steps
are
for.
The
actual
implementation
of
the
meeting
parts.
C
E
Yeah
I
still
like
the
idea
of
it.
The
I
I
haven't
followed
the
discussion
closely,
but
the
after
walking
some
folks
through,
like
the
client,
go
exec
plug-in
thing.
The
only
question
would
be
like
invocation
of
the
thing
and
are
we
opening
ourselves
up
to
like
consuming
Cube
config?
That
makes
stuff
get
exact.
E
I
know
there
were
some
concerns
around
that,
but
the
exact
plug-in.
So
if
this
is
another
mechanism
for
like
spawning
a
process
or
yeah
doing
a
thing,
it's
just
worth
thinking
about
how
we
protect
that
or
inform
people
of
it
or
how
we
let
people
manage
that
in
their
environments,.
C
E
A
Yeah
yeah,
but
you
could
I
think
that
there's
that
aspect
of
it
but
there's
also
the
aspect
of
you-
have
a
cube,
config
file
that
can
run
arbitrary
code.
That
can
you
know
demonize,
and
at
that
point,
does
it
even
matter
if
the
request
is
passing
through
it
or
not.
I
think
this
is.
There
is
a
valid
security
concern
here
that
might
not
be
as
addressed
as.
C
Like
my
long-term
thoughts
around
this
is
I
know,
six
CLI
is
working
on
like
QRC
support.
I
I
would
like
to
be
able
to
add
like
a
list
of
trusted
plugins
into
that
QRC
file,
and
once
you
have
that,
then
it'll
just
refuse
to
invoke
anything
that
isn't
one
of
those
and
I
think
at
that
point.
Your
attack
vectors,
really
small,
like
just.
D
C
Bash
in
there
and
you're
kind
of
good,
so
that
was
kind
of
my
thoughts,
long
term
and
trying
to
lock
this
down,
and
it
basically
has
to
move
out
of
the
cubeconfig
file
into
a
separate
place
where
the
user
controls
it
and
it
has
to
be
a
file
that
the
user
doesn't
like.
Let
other
people
set
and
generally
you
probably
wouldn't
other
people
mess
with
your
QRC
file.
Probably.
A
All
right
does
anybody
have
anything
else
on
this
topic.
E
Was
there
anything
else
for
1
27
that
folks
were
planning
to
work
on
that?
We
wanted
to
mention
here
for
visibility
or
in
case
people
wanted
to
be
involved.
E
B
I
just
wanted
to
call
out
the
web
hook.
Exclusions
is
something
I'm
looking
for
looking
at
in
127
I
think
this
Falls
more
under
API
Machinery,
but
kind
of
off
the
Json
I.
Have
the
cap
open,
I'll
drop
enough
notes,
I'm
going
to
write
up
an
alternative
cap
to
the
one.
That's
currently
open
that
looks
at
using
cell
predicates
instead,
but
I
think
some
some
sort
of
approach
in
this
space
is
something
that
I'm
hoping
to
get
to
Alpha
in
127.
G
When
you
write
up
that
cap,
can
you
be
sure
to
describe
which
so
variant
you
plan
to
use
and
why
we
actually
have
two?
Now
we
have
self
cell
variant
for
crd
validation,
and
then
we
have
a
cell
variant
for
for
admission
and
even
though
it's
the
same
cell
library,
all
the
bindings
there's
a
very
different
set
of
Bindings
that
can
be
used
and.
G
So
there's
different
variables
that
can
enter
it.
So
so,
like
you,
access
an
object
in
in
crd
validation,
you
can
get
the
self
and
the
new
self
and
it's
a
self-induced
self.
That
is
like
part
of
a
schema
because
you're
defining
a
scheme
in
the
same
spot
for
admission
there
is
the
old,
the
new
and
then
a
bound
policy
object
and
how
those
things
all
intersect
is
a
challenge.
E
B
E
It
is
the
namespace.
G
B
Yeah
that
makes
sense
I'll
make
sure
to
cover
that
in
the
cap.
Just
very
briefly,
like
I'm,
imagining
this
having
access
to
the
full
admission
review
and
nothing
else.
A
All
right
and
yeah,
the
other
thing
was,
we
did
drop
webhook
configuration.
A
Dynamic
admission,
Cube
config
support
for
trust,
bundles,
and
maybe
we
will
reincorporate
that,
but
I'm
I
would
guess
it's
unlikely
to
get
that
see
that
implemented
in
one
127,
but
maybe
the
camera
will
be,
the
design
will
be
redefined.
C
I
can
reach
out
to
the
room
and
see,
if
he's
feeling
up
to
it.
When
I
talked
to
him
at
UConn.
C
He
seemed
optimistic
because
when
I,
when
I
described
to
him
like
what
I
wanted
from
the
cell
stuff
in
there,
he
felt
a
lot
better,
because
I
I
think
he
didn't
immediately
grok
that
the
schema
was
effectively
static.
So
you
didn't
need
to
do
a
bunch
of
answers,
but
I
can
reach
out
to
him
and
see.
F
C
Wait
are
you
wanting
to
at
least
get
it
marked
implementable,
or
is
it
just
like
you
want
to
have
it
open
in
this
release?.
F
A
Okay,
all
right
CF,
flicks,.
A
A
Okay,
these
look
a
lot
worse
than
usual.
A
A
A
In
the
other
test
rates,
I
will
I'll
grab.
E
A
Yeah,
alias
slow
and
local,
okay,
I
guess,
I'll
search
for
Vibes
for
those
test
Suites
and
if
they
aren't
there,
oh,
maybe
a
file,
an
issue.
Okay,
maybe
ask
Sig
testing
yeah,
but
ours
look
stable
as
usual.
Nice
work
not
ready,
not
fighting
tests.
Everyone,
cool,
I,
think
that
concludes
it.
For
this
meeting,
thank
you
for
joining
us.
Happy,
New
Years.
Everyone
I,
will
see
you
all
in
two
weeks.