►
From YouTube: Kubernetes Community Meeting 20170420
Description
We have PUBLIC and RECORDED weekly video meetings every Thursday at 10am US Pacific Time.
https://docs.google.com/document/d/1VQDIAB0OqiSjIHI8AWMvSdceWhnz56jNpZrLs6o7NJY
Release team update 1.7; SIG updates node, instrumentation, auth; Demo: Out of Tree Cloud Providers in Kubernetes; CII introduction
A
Off
you
go
George
all
right!
Welcome
everybody
to
the
Cooper
Nettie's
community
team
meeting.
It
is
April
the
twentieth
of
2017,
I'm
jorge
castro.
If
you
have
a
met
me
yet.
I
recently
started
at
hep:
do
to
help
do
all
sorts
of
community
things,
so
you'll
help
Sarah
and
I'll
see
where
I
can
so
I'm
going
to
start
off
my
first
week
by
I'm
seeing
this
meeting
so
Jason
you've
got
the
notes
right
and
I'll
go
ahead
and
toss
a
URL
to
the
notes
in
the
youtube,
video
description
and
in
check.
A
A
D
F
B
F
F
B
F
I
think
there
was
a
call
for
additional
candidates
and
there's
been
no
response,
that
what
are
the
current
candidate
I
think
Maru
was
going
to
take
on
the
secondary
or
shadowing
rolled
on
was
looking
to
do
the
release
he
meant.
Andrew
was
doc
Slade
and
rich
n
boy.
Tech
was
asking
to
do
the
patch
releases
for
the
minor
releases
in
July
and
kinky.
G
I
F
J
F
I
H
B
H
H
B
H
G
I
I
G
G
B
B
L
Yep
here
you
can
hear
me
so
I'll
give
a
quick
rundown
on
what
we're
looking
at
these
days
in
signode.
So
I
guess,
there's
been
a
lot
going
on
recently
at
a
high
level
for
things
that
people
might
be
interested
in
when
we're
looking
at
what
we
want
to
work,
one
in
17
timeframe,
we're
continuing
to
look
to
enhance
or
basically
improve
the
CRI
in
fish
to
cover
some
listing
gets
comin.
Api
definitions,
end
points
that
are
there
today.
L
Those
gaps
would
include
the
ability
to
not
necessarily
have
some
way
of
reporting
monitoring
metrics
from
visual
container
in
times
without
requiring
to
so
to
go
through
state
visor,
clearing
up
or
cleaning
up
with
the
logging
requirements.
Contracts
will
be
between
the
CRI
and
individual
container
run
times,
as
well
as
probably
looking
at
some
amount
of
improve
data,
versioning
the
TR
interface
itself
and
then
behind
that
there's
a
whole
group
of
individuals
who
are
all
building
implementations
according
to
that
select
that
will
continue
to
iterate
this
release
cycle.
L
That's
kind
of
an
update
on
the
CRI
there's
also
an
effort
to
try
to
simplify
how
the
node
is
brought
up
using
some
amount
of
dynamic
cubic
configuration
and
that
effort
I,
don't
think,
is
a
bit
early
but
I
think
we're
targeting
some
amount
of
alpha
support
for
that
vasilis.
There's
some
work
going
on
across
fig
node
and
fig
scheduling
to
or
an
improved
priority
preemption
in
addiction,
not
so
simple
supply
seem
them
work
that
David
Oppenheimer
point
out
there
describing
their
vision
for
that
in
the
near
term.
L
Then
there's
been
a
lot
of
work
going
on
recently
across
signaled
and
sick
scheduling
as
well,
where
there's
a
lot
of
interest
in
the
community
to
support
more
performance,
sensitives
workloads
or
just
the
ability
to
run
certain
workload
more
optimally
on
the
node
than
what
is
available
today,
and
so
we've
been
running
a
resource
management
work
group.
That's
basically
a
joint
effort
across
signode
on
scheduling
where
we
try
to
bring
together
topics
that
have
an
intersection
between
those
two
spaces
and
those
meetings
are
being
recorded
and
uploaded
to
YouTube.
L
It
soaks
want
to
participate,
but
in
that
context
we've
been
discussing
a
number
of
topics,
so
there's
been
a
lot
of
interest
in
the
community.
Around
GPU
support
and
in
particular
folks
from
Nvidia,
have
been
really
great
at
bringing
up
requirements
around
GPU
support
more
generally,
to
help
push
the
alpha
level
features.
Today
we
have
around
vpon
cube
toward
something
more
feature
complete.
In
addition,
we've
been
discussing
topics
around
local
storage
management,
so,
okay.
L
So
the
idea
there
is
how
the
key
book
can
manage
your
host
just
more
efficiently
and
slightly
more
opinionated,
so
that
it
can
potentially
do
things
like
manage
the
amount
of
logging
space,
your
containers
that
can
control
how
much
hostess
you're
able
to
use
and
potentially
control
your
ability
to
create
things
like
local
professor
volumes,
as
well
as
control
the
amount
of
copy-on-write
storage.
You
can
consume
on
a
per
container
basis.
L
So,
basically,
at
this
point,
we're
trying
to
get
like
a
long-term
direction
in
place
for
what
the
khelat
can
do
with
local
disk
management
and
then
out
of
that
figure
out
what
we
can
iterate
on
in
the
near
term.
I
suspect
that
will
be
an
item
that
will
roll
out
over
a
series
of
releases.
But
generally,
the
theme
is:
how
do
we
treat
this
cat?
A
first
class
of
resource
ID,
a.
L
L
L
And
an
invite
was
sent
out
to
the
signal
mailing
list
and
the
scheduling
mailing
list
and
I
think
it
might
have
been
run
to
terminate
them
as
well
announcing
it.
And
then
there
was
a
long
process
involved
in
trying
to
identify
who
would
be
interested
in
attending
and
if
they
were
interested
in
attending
where
in
the
world
they
were
film
and
then
what
time
frames
we
could
host
it
at.
And
there
was
a
lot
of
back
and
forth
on
that
because
of
conferences
and
stuff
that
we
set
on
this
time.
L
But
if
you
are
interested
attending,
I
can
paste
the
link
in
the
meeting
notes
here,
there's
basically
a
an
open
invite
where
you'll
add
your
name
to
your
list,
but
you're
interested
in
participating
and
you're.
More
than
welcome
to
join
I
think
right
now
we're
about
13
or
14
20
participants,
plus
some
number
of
Googlers
I.
Don't
know!
That's
the
exact
number
yeah.
G
I
think
it's
about
half
a
dozen
Googlers
at
this
point.
It's
about
20
people,
which
I
think
is
today
because
we'll
need
some
breakout
conversations
to
another
neat
nose
was
that
a
high
performance
during
I
don't
know
he
saw
what
would
be
with
you.
Were
you
a
cute
on
Europe?
For
now,
I
was
bored,
yeah
I
thought
I
was
looking
for
you,
dude
I
miss
you.
It
looks
like
there's
two
really
good
vendors,
who
did
a
lot
of
high
performance
work
that
I'm
actually
offered
things
to
do
source
community
for
Cooper
Nettie's.
G
L
G
L
K
K
As
a
part
of
this
vision,
basically
there
are
two
parts
of
monitoring
architecture:
one
is
called
the
65
time
and
another
one
is
integration
with
third-party
monitoring
solutions,
solutions.
So,
regarding
third-party
monitoring
solutions
are
basically
as
a
sick.
We
do
not
have
much
to
do
right
now,
but
rather
you
know
as
those
vendors
to
make
the
integration
better
and,
of
course,
you'd
like
to
introduce
some
documentation
around
this
and
nike
is
some
guidelines
for
them:
health,
integration,
but
yeah,
and
regarding
coremetrics
pipeline,
the.
K
K
Proposes
and
the
idea
is
in
alpha,
but
there
is
no
implementation
of
this.
So
in
this
quarter
you
would
like
to
focus
on
providing
some
simulations.
A
chromaticity
I
probably
would
like
to
provide
these
three
implementations
for
from
use
or
ocular
and
four
star
driver,
but
you
know
if
there
is
any
other
if
we
interested
in
providing
an
implementation,
this
API
pimp
'little
to
reach
me
or
all
solid
or
some
redfish
driving
this
effort.
K
So,
okay,
so
another
update
the
Skip
site
metrics
project,
which
is
pretty
small
project
about
a
providing
a
matrix
about
Vanessa's,
object,
I
think
remittance
format,
it's
more
or
less
implemented
in,
and
you
like
put
some
effort
to
other
like
this
for
1.7
and,
let's
say,
graduating
to
GA,
whatever
it
means
and
what
else.
So,
there
is
an
idea
to
also
introduce
historical
metrics,
API
I'm,
not
sure
whether
we
would
have
time
to
super
move
forward
with
this
idea,
but
yeah.
This
is
chris
defending
the
top
of
our
interest.
K
We
also,
we
also,
let's
say
introduce
logging
idea
to
signal
fermentation
and
logging
is
a
hard
topic.
It's
also
know
it
touches
signaled
the
storage,
and
we
would
like
to
define
a
similar
long-term
architecture,
vision
or
logging
that
you
provided
for
monitoring,
but,
as
I
mention
it's
more
complicated
because
it's
over
last
week
with
the
other
work
in
this
quarter,
we
would
like
to
start
some
discussion
around.
This
is
long-term
vision.
C
D
K
K
There
will
be
mathematics,
API,
which
will
set
basic
resource
usage
metrics
for
contraband
SS
components
to
make
sure
that
they
can
operate
smoothly,
and
this
will
be
part
of
Vanessa's
and
the
implementation
we
can
provide
it
out
of
the
box
yeah
my
successor
and
keep
aggregator,
and
there
will
be
as
the
number
of
optional.
If
you
guys,
like
a
cosmetics,
API
and
historical
API,
which
will
be
you
know,
implemented
by
third-party
monitoring
solutions.
They
can
be
either
that
can
be
either
an
adapter
or
just
and
conversation
as
a
part
of
this
perfect
monitoring
solution.
K
L
C
L
I
K
Right
so
basically,
our
metrics,
currently,
that
is
on
cpu
and
memory
of
this
really
is
also
uses
of
other,
let's
say,
resources
that
are
first-class
Copernicus
resources
like
GPU
or
beef.
To
be
honest,
I'm,
not
sure
what
is
the
purpose
of
weekend
and
video
is
this
already
first
class
schedule
level
resource
its.
L
G
Gpus
that
are
real
and
that
I
think
customers
are
using
them
both
in
the
wild
and
more
stable
areas,
but
I
think
also
there's
still
a
directive
saluted
really
ill
defined
at
this
point
and
so
I
think
there's
alpha
and
I'm
gonna
be
really
output.
When
Derek,
please
correct
me
if
I'm
wrong,
but
I
think
GPUs
are
in
the
you
know
there
there's
speculation
and
a
hypothesis,
but
people
are
using
them
sort
of
state.
Yes,.
L
Because
people
can
use
them,
but
then
they
can
use
more
than
one
of
them,
but
they
might
not
get
optimal
performance
when
using
more
than
one
of
them,
because
we
don't
have
things
like
civilized
localities
and
other
topics
like
that
worked
out
so
yeah.
You
can
use
them,
but
it
might
not
be
awful.
Yeah.
I
I
So
we've
always
intended
to
provide
those
metrics
through
a
separate
data
path,
and
that's
the
intent
here,
therefore,
that
they're
going
to
be
needed
not
just
for
auto
scaling,
but
also
for
scheduling-
and
you
know
just
a
general
for
things
like
control-top
users
need
to
be
able
to
understand
some
basic
behavior
of
their
containers
that
are
so
if
you
are
successful
using
system.
So
the
intent
is
to
make
that
information
available
to
the
widest
set
of
users
that
we
can
and
surface
it
through
the
toi
in
the
UI.
N
G
A
P
Summary
up,
yeah
cool,
so
yeah,
some
updates
from
sig
off
one
of
the
big
ones.
That's
coming
up
is
you're.
Adding
a
threat
model
proposal
to
the
community,
so
remember
with
that,
basically
entails
is
dominating
a
little
bit
of
what
they
expected.
Sort
of
security.
Realms
of
communities
are
pretty,
boundaries
are
where
potential
attackers
can
come
from
and
what
the
actors
are
within.
P
The
CD
system
just
came
out
of
a
bit
of
the
conversation
around
multi-tenancy
at
the
last
developer
summit
and
has
been
taken
up
by
some
of
the
right
hat,
guys
to
sort
of
document
this
formally
about
what
we,
what
the
sort
of
expected
boundaries
are
and
possibly
what
can
happen
when
those
boundaries
are
broken.
I
will
go
ahead
and
add
a
link
to
that
proposal
in
the
in
the
doc
yeah.
I
I
want
to
say
that
this
work
is
super
important.
As
an
example.
This
week
the
security
team
got
a
report
about
a
local
dot
and
being
able
to
point
to
here's
how
we
think
about
what's
a
security
issue,
what's
not
in
communities
today
and
what
we
might
be
able
to
say,
the
security
issuing.
The
teacher
is
super
helpful.
So
thanks
for
people
putting
that
the
other.
P
Also,
sort
of
thing
that
some
of
the
day
is
going
to
be
about
the
pod
security
policy
work,
that's
being
done,
security
policies
with
a
basically
our
estate.
Let
you
specify
sort
of
bikram
fine
and
privileges
that
a
stick,
the
podcast
so
right
now
the
day,
if
you
don't
want
to
run,
allow
users
to
run
a
privilege
spot.
P
You
have
to
Center
under
couplet,
applying
on
your
tablet
or
your
API
server,
and
to
her
entire
cluster
sort
of
either
run
privileged
pocket
on
pod
security
policies
are
a
introduction
to
the
API
that
allows
you
to
have
dynamically
say
this
particular
component
or
user
or
namespace
can
run
each
kind
response
allowing
clusters
to
have
both
thoughts.
The
privileged
access
basic
needs,
closed,
Network,
a
specific
types
of
volume
mounts
even
into
things
like
that
see
Linux
processes,
content
and
allow
you
to
have
a
dynamic
and
different
set
of
policies
on
a
particular
clusters.
P
So
an
example
of
the
types
of
things
if
you
could
do
would
be
to
say,
I
would
like
to
run
this.
I
would
like
to
let
this
thing
in
this:
namespace
not
run
any
templates
boss.
So
this
would
hopefully
be
credibly
useful
for
clusters
that
require
some
type
of
privilege
pods
to
be
running
in
the
mind
of
that
for
our
self.
P
This
is
the
requirement,
and
now
people
will
hopefully
be
able
to
sort
of
pick
and
choose
about
what
contexts
get
to
have
access
to
welcome
motives.
So
that
is
work.
That's
been
ongoing
and
its
continued
to
continuing
to
be
ongoing.
I,
don't
know
the
exact
state
of
alpha
data
that
were
aiming
for
in
this
particular
cycle,
but
the
updated
the
updated
proposals
for
a
lot
of
this
work
and
sort
of
where
you
can
look
at
the
API
objects
that
are
introduced
in
access
today
is
something
that
I
will
again
link
to
and
dog
is.
C
This
stuff
again
I'm
going
to
ask
the
same
question.
This
stuff
going
in
in
part,
is
part
of
core
or
the
building
on
top
of
state.
The
extensible
admission
controller
work
that's
being
proposed,
so
let
me
move
this
stuff
out
because
I
it
sounds
like
some
names
facing
do
stuff
without
other
stuff.
That's
a
traditional
sort
of
admission,
controller
type,
job
yeah.
So.
P
This
is
actually
already
in,
for
it
has
been
for
the
lock
abilities
the
specific
object
is
they
thought
security
policy
I
forget
exactly
what
ap
I'd
resistant,
but
the
recent
work
has
been
to
interact.
It
is
interacting
with
or
back
so.
You
can
defy
things
like
use
our
back
to
define
where
and
who
can
use
the
peel
across
security
cultures,
yeah.
I
So
the
friend
definitely
is
Joe
to
get
the
Mission
Control
edition
stuff
moving
in
one
decided
and
we're
trying
to
make
sure
that
between
Google
and
red
hats,
but
that
effort
gets
fast
and
definitely
welcome
more
help
than
that
and
many
other
critical
areas.
It's
not
really
ready
for
prime
time
and
can't
be
depended
on
in
yeah
pot.
Security
policies
actually
been
around
for
quite
a
while.
So
far,.
N
I
I,
take
a
look
at
my
art
architecture,
a
roadmap
doc
formerly
called
the
core
layers
doc,
where
I
try
to
do
some
of
these
things
apartment
and
suggests
a
direction
we
could
go,
and
definitely
I
put
that
I
call
the
governance
layer
policy
stuff
at
the
highest
layer.
I
think
we
can
move
in
that
direction,
but
we
really
need
to
get
the
extension
mechanisms
like
API
aggregation,
the
Mission,
Control
extension.
Those
things
actually
need
to
be
done
and
usable
before.
G
We
can
start
making
those
moves.
Is
there
links
or
something
that
can
be
added
to
the
community
document?
I
know
that
there's
some
people
that
I'm
working
with
going
to
be
very
interested
in
getting
involved,
we're
also
looking
at
secure
pods
and
how
to
deal
with
privilege,
odds
being
run
in
the
environment.
So
there's
already
on
the
only
work
be
really
great
to
hopefully
give
the
concretion
get
involved
in
Saigon,
yeah
I'm,
realizing
it
now
I
got
a
lot
of
this
is
in
signode
shalini,
so
I,
just
don't
yeah.
P
P
Other
any
other
person
about
pops,
critical,
teaser
schedule
on
to
the
next
one
to
say,
pull
and
then
finally,
there
is
work.
There's
massive
work
that
has
been
is
is
being
done
by
the
Center
for
a
dish
that
security
is
going
to
be
able
be
seeing
a
benchmark
for
Cooper
neji's.
So
what
the
Center
for
Internet
Security
does
is.
D
P
Beliefs,
various
reports
about
particular
technologies.
They
did
this
one
for
doctor
and
have
done
it
for
several
other,
that
sort
of
big
projects
and
what
it
will
be
is
a
very
specific
recommendations
about
the
security
trade-offs
for
setting
Pacific
flags
on
API
servers
or
setting
up
particular
setting
em
clusters
in
the
certain
ways.
The
nice
thing
about
this
is
that
they
are
focusing
on
audited
on
an
ability,
so
they're
specifically.
D
P
So,
on
so
forth,
for
this
function
set,
hopefully
a
lot
of
people
that
hf
automated
scripts
sort
of
audit
their
own
internal
clusters.
That
work
is
ongoing,
though
they
expect
to
sort
of
have
a
big
expense
finishing
it
up
in
the
next
four
to
six
weeks.
I
believe
for
those
any-
and
this
is
also
a
anyone
who
wants
to
be
involved
in
this
particular
discussion
as
formal
and
conforming
this
report.
P
P
M
Can
I
add
a
quick
plug
on
the
sea?
Is
our
dinkus
in
a
lot
of
enterprises?
That
is
the
absolute
go
to
for
implementation
details
in
an
enterprise.
So
this
the
ramifications
of
this
document
for
in
the
field
operations
of
communities
clusters
cannot
be
understated
like.
If
we're
not
all
over
this
effort
and
putting
in
our
input
into
this,
we
could
see
a
severe
impact
on
adoption
in
the
wild
of
Corinne
Eddie.
Q
P
Q
A
I
B
B
F
R
You
ok
should
I
go
now,
yeah
go
happen.
Ok,
ok!
So,
first
of
all
excited
I.
Wasn't
here
earlier
I
honestly
thought
I
was
present
thing
tomorrow.
So
sorry
about
that
anyways
I'll
go
on
and
present
this.
So
six
months,
I
started
working
with
Tim
Hawkins
to
move
the
cloud
provider
court
out
of
google
ad
hoc
and
the
reason
was
the
cloud
provider.
Specific
code
was
tied
into
the
communities,
release
and
relief
life
cycle.
R
So
let
me
share
my
screen
and
I'll
start
the
demo
sure
okay,
so
I
have.
I
have
two
hosts
I've
already
logged
in
here
on
lockdown
with
here,
so
I
call
the
first
one
code
master
and
then
the
split
screen,
so
this
is
cube
slave
now.
What
I
do
is
I,
don't
use
QB,
DM
or
chaos.
I,
just
I
just
started
directly
so
I
have.
R
So
when
I
start
the
cube
controller
manager,
if
you
notice
I've
set
the
cloud
provider
to
external,
this,
instructs
the
cube
controller
manager
to
not
load
any
of
the
cloud
providers
and
just
expect
that
an
external
flow
provider,
external
controller
will
actually
take
care
of
it.
The
same
flag
will
be
set
on
cube
led
to
when
I
started.
So
let
me
first
start.
R
Let
me
first
start
the
Cloud
Controller
manager,
so
the
crowd
controller
manager
is
the
binary
that
I
was
talking
about.
This
binary
has
all
of
the
controllers
that
the
queue
controller
manager
originally
had
that
that
base
cloud
provider,
and
it
also
has
the
parts
of
cube,
let
that
take
care
provider
specific
calls.
So
when
the
cubelets
starts
up,
it
talks
to
the
cloud
to
find
out
the
addresses
of
the
node
that
it's
actually
running
on.
It
also
talks
to
the
cloud
to
find
the
Internet
community,
which
we
call
the
provider
ID.
R
Now
I've
made
changes
in
the
cube
lid
and
in
the
controller
manager
such
that
when
the
cubelets
starts
up.
It
starts
the
node
with
a
non
ready
status
which
sets
it
ain't
actually,
which
says
the
node
is
not
scheduled,
able
notch
can
be
scheduled
on
it
and
then
the
Cloud
Controller
manager
listens
on
North,
create
events
and
as
soon
as
it's
created,
it
was
a
cloud
provider
and
then
extracts
the
node
addresses
zone,
the
instance
type
and
it
populates
it
back
into
the
API
and
then
once
the
notice.
R
R
So,
if
you
notice,
I
start
the
calcloud
controller
manager
similar
to
control
the
manager
cuz.
I
just
set
the
clock
for
AWS
here.
This
is
the
only
binary
search
has
also
added
specific
code
and
the
reason
this
is
considered
out
of
tree.
It's
because
this
this
binary
will
only
be
our
only
be
a
library
within
the
proven
ID
/
coconut
is
repository.
The
AWS
folks
will
have
to
fork
this
library
and
then
implement
their
own
software
on
top
of
it.
R
If
you
set
the
hostname
/
right
except
the
API
servers,
IP
address
and
I've
set
the
clock
for
external,
so
cubelets
cannot
cube.
Lip
does
not
start
any
cloud
providers,
it
doesn't
initialize
any
of
them,
so
the
node
will
not
get
the
node
IP
addresses
the
various
cloud
no
dipea.
This
is
like
the
private
and
the
public
IP
address
from
the
cube
list,
all
right,
we'll
get
it
from
the
cloud
controller
manager,
so
I
started.
It
starts
up.
It's
actually
registered
the
node
now
I
go
to
cube
CTL.
R
You
know
if
you
notice
it,
it
has
the
region
zone
and
I
scroll
down
further,
it
has.
The
node
addresses
haven't
been
initialized,
yet
the
Cloud
Controller
manager
will
initialize
the
node
addresses.
At
this
point
it
only
has
a
the
IP
address,
the
private
IP
address
and
the
post
name,
but
on
the
cloud
it
actually
has
a
public
IP
address
to
which
will
be
populated
soon.
R
R
R
The
Cloud
Controller
manager,
the
first
the
cube
controller
manager,
which
keeps
getting
the
status
of
the
node
so
yeah.
This
is
closed,
switched
off
the
ssh
connection
terminated
the
cloud
control.
The
cube
controller
manager
keeps
monitoring
the
status
of
the
node
and
it
marks
the
node
as
unknown
status,
because
it's
not
able
to
reach
it
anymore.
Then
the
Cloud
Controller
manager,
external
node
style,
is
unknown.
I'd
goes
inquiries,
the
cloud
provider
to
check
if
the
node
is
present
there
or
not,
I
have
to
actually
he
eat
it.
R
In
order
to
make
it
go
away,
then,
if
the
node
is
Philippe,
it
get
nodes
will
delete
that
node
from
the
API.
So
that's
all
this.
The
demo,
the
one
other
terms
with
the
controller
manager,
does
is
set
up
load
balancers
in
the
cloud.
If
you
create
a
load
balancer
service,
but
yeah,
there's
no
time
to
show
that
and
and
I'm
also
writing
a
dog
for
how
to
write
your
own
Club
controller
manager.
So
I
publish
that
soon
and
post
it
on
the
current.
Well,
hopefully,
I
can
integration.
So
you
can
ask
me
really.
H
S
Minutes
after
eight
map
minutes,
all
right,
I
can
talk
fast,
all
right.
So,
let's
see
here,
I
have
a
bunch
of
slides
from
presentation.
I
gave
it
Lake,
Tahoe
and
I
thought.
Maybe
that
might
be
I'm
not
going
time
to
show
mall,
of
course,
but
I
thought
that
might
be
useful
to
induce
do
a
quick
introduction
so,
first
of
all
and
the
cognitive
computing
foundation,
if
you
want
to
graduate
there's
various
criteria,
one
of
them
is
this
bullet.
That
may
be
a
mystery
to
some
of
you.
S
It's
achieving
and
maintaining
core
infrastructure
initiative
best
practices
badge
well.
What
the
heck
is
that
so
I'm
going
to
talk
to
you
real
quick
about
the
CI
is
we
can
talk
more
later
because
I'm
not
going
time
today,
probably
answer
everybody,
but
basically
the
CI
core
infrastructure
initiative
is
another
linux
foundation
project
and
the
basic
idea.
Is
it's
not
the
case
that
all
open
source
is
insecure
or
that
it's
always
secure
either?
You
know
some
more
secure
than
others
and
Hart
Lane,
based
in
openssl,
basically
kind
of
triggered.
The
CI
is
creation.
S
The
CIA
does
number
of
different
things.
It's
fun
specific
projects
that
are
in
bad
shape,
security,
wise
that
are
widely
used,
but
there's
so
many
projects.
You
can't
fund
everybody,
so
it's
also
trying
to
do
some
holistic
solutions
that
are
going
to
more
likely
help
open
source
security
generally,
and
that
brings
us
to
the
badge
the
theory
behind
the
badge.
I,
don't
think
it's
particularly
controversial.
The
idea
is
that
open
source
software
tends
to
be
more
secure,
as
it
follows
good
security
practices,
but
you
know
how
can
we
encourage
them?
S
How
can
anybody
know
if
those
are
being
followed?
So
the
idea
is
pretty
straight
straight
forward:
let's
create
a
list
of
criteria
for
some
of
those
basic.
You
know
what
should
an
open
source
software
project
due
based
on
what
current
open
source
projects
that
are
run
well
do
and
then
we've
created
a
little
web
application
to
let
open
source
software
project.
Self-Certify
I'll
show
you
the
what
the
site
looks
like
in
a
moment.
S
But
if
you
remember
nothing
else
from
today,
you
can
go
get
yourself
a
badge
by
going
to
this
website
best
practices,
core
infrastructure,
org
and
sign
up
and
work
to
get
your
project.
A
badge,
let
me
talk
real,
quick
about
the
criteria.
In
essence,
we
have
only
one
badge
level
called
passing:
we
are
working
on
higher
levels,
but
really
for
most
people.
Passion
is
what
we're
expecting
those
two
on,
for.
There
are
sixty
six
criteria.
S
Six
groups
shouldn't
take
you
more
than
an
hour
to
fill
it
in
and
for
most
people
takes
a
lot
less.
Now,
how
do
you
get
a
badge?
There's
my
criteria,
you
need
didn't,
have
to
figure
out
a
grading
system,
so
our
grading
system,
most
of
criteria,
are,
must
or
must
up.
They
have
to
be
met.
There's
some
shoulds.
They
threw
me
that
aim
to
have
to
be
mech
or
you
have
to
justify.
Why
not
and
just
suggested
you
simply
have
to
answer
whether
or
not
you
meet
the
remote
at
that
point.
S
We're
kind
of
appealing
that
people
don't
like
admitting
to
the
world.
They
don't
do
something.
We've
got
a
number
projects
already
have
badges
that
you're,
probably
already
familiar
with
no
Jas
with
an
external
curl,
get
lab
the
current
openssl,
but
not
the
original
one.
The
original
one
we
found
retrospectively
missed
a
whole
lot.
Let's
see
here
I'm
going
to
skip
through,
we
can
show
some
pretty
graphs
here.
Some
other
ones
have
gotten
more
recent
badges
anywhere
from
bhaji
lip
cloud
and
so
on.
We
got
some
interesting
comments.
S
0
people
who
seem
to
be
generally
receiving
this
positively.
The
olas
zap
folks,
for
example,
develop
a
widely
used
web
application
scan
or
something
they'd
already
be
familiar
with
it.
But
in
fact
there
were
several
things
that
they
knew
they
should
be
doing
and
weren't
doing
and
the
project
manager
project
Lee
said
you
know
this
process
helps
them
improve
buzz
that
quality
help
us
focus
on
areas
that
most
state
is
improving.
A
common
mark
made
changes
like,
for
example,
getting
pls
on
the
website.
You
know
so.
Basically,
we've
really
tried
to
make
this
practical.
S
Let
me
show
you
what
the
front
page
looks
like,
because
I'm
really
running
short
on
time.
Well,
look!
This
is
move
this
off
here.
So
basically,
this
is
what
the
front
page
looks
like
right
now.
You
click
the
big
green
button,
while
you'll
need
to
log
in
first
the
end,
you
can
say
here's
my
project
and
start
the
process
of
you're
curious.
What
this
looks
like
the
badge
application
is
itself
an
open-source
software
program
and
to
prevent
hypocrisy.
S
Yes,
we
get
our
own
badge,
so
here's
the
various
categories
so,
for
example,
and
their
security
or
quality
and
then
there's
bigger
ago
basic.
A
number
of
questions
of
reach
once
met
unmet.
Some
are
not
applicable
and
the
?
simply
means
we
don't
know
you
that's
not
filled
in.
We
do
try
to
automatically
fill
in
some
of
this,
for
your
amusement
I
can
show
you
some
graphs
of
overtime.
This
is
the
number
of
projects
that
are
participating
and
at
various
levels,
percentages
that
one
hundred
percent.
That
means
they've
actually
achieve
the
badge.
S
B
S
P
S
Ok,
ok,
yeah,
ok,
yeah
this!
This
is
more
about
things
like
do.
You
have
a
test
suite,
you
know,
you
know,
do
you
and
are
there
people
who
know
how
to
write
them?
What
the
basic
approaches,
principles
for
designing,
secure
software
and
what
are
the
common
kinds
of
vulnerabilities?
They
happen.
We've.
M
Can
everybody
here
is
super
important
if
we
want
our
17
release
to
be
even
more
rockin
than
16,
please
go
to
the
the
document
that
is
linked
in
the
notes
and
add
your
things
you'd
like
to
see
different
done
differently
and
also
put
your
initials
by
them,
so
that
in
the
meeting
tomorrow
we
can
speak
to
it
or
if
you
need
to
delegate
some
need
to
speak
to
it.
That
would
be
great.
Thank
you.
So
much
yep.
A
And
the
last
bit
is
Lucas:
remove
the
docker
multi-node
instructions,
but
those
were
old
and
that
didn't
seem
like
a
very
controversial
move
and
everyone
applauded
it.
So
with
that
any
any
last
minute
issues
before
I
give
everyone
their
time
back.
Ok,
great
thanks!
Everyone
for
joining
those
of
you
listening
on
youtube!
Please
share
this
with
your
friends
and
we'll
see
everyone
next
week.
Thank
you
very
much.
Well,.