►
From YouTube: Kubernetes Community Meeting 20160728
Description
We have PUBLIC and RECORDED weekly video meetings every Thursday at 10am US Pacific Time.
https://docs.google.com/document/d/1VQDIAB0OqiSjIHI8AWMvSdceWhnz56jNpZrLs6o7NJY
Anchore demo; SIG-Storage update; SIG-Network update; SIG-Apps update; 1.3.4 release requests.
A
B
B
Time
and
let
me
talk
with
you
guys
for
sure
this
is
a
great
opportunity-
we're
really
happy
to
kind
of
engage
with
the
crew
benetti's
community
and
see
all
the
great
things
that
have
been
happening,
I'd
with
Cuban
Eddie's.
So
let
me
get
the
slides
up.
I've
got
like
to
refer.
You
kind
of
flies
like
a
quick
overview
kind
of
ways.
I
can
for
them
do
a
kind
of
quick
demo
of
I'm
show
what
it
is
and
how
it
works.
Why
kind
of
its
interests
of
interest
to
the
community.
B
Okay,
so
you
see
the
slides
right
now:
good,
okay,
perfect!
Thank
you
all
right.
So
egg
pore
is
a
newcomer.
We
just
started
up
a
few
months
ago
and
kind
of
our
goals
for
is
to
help
kind
of
make,
contain
really
production
ready
and
by
that
I
mean
helping
how
to
remove
the
barriers
within
organizations
and
with
it
and
the
text,
actor
kind
of
using
containers
and
orchestration
systems
like
Cooper.
B
You
know
the
organist
raishin
space
itself,
Cooper
netting
is
doing
great.
It
makes
deploying
applications
and
really
complex
tax,
really
simple
and
really
really
easy.
But
they're
kind
of
organizational
and
other
goals
are
other
difficulties
that
arise
when
you
can
push
code
to
production.
So
right,
I'm,
really
love.
The
number
of
containers
I'm
flowing
through
the
system
can
be
very
high,
with
a
mature
system
combining
a
nice
CI
system
and
urban
Eddie's.
So
this
has
been
created,
be
kind
of
operational
challenges
for
folks
that
need
to
know
what's
flowing
through
my
system.
B
Where
is
it
going
and
what's
actually
being
into
production?
That's
the
running
part
of
our
edge
network
locations
so
so
hectic
or
now,
we've
built
a
tool
set
to
kind
of
give
full
disability
into
that.
So
our
our
objective
is
to
give
us
money
visibility
into
what
can
what
is
in
the
container,
what
it's
doing
where
it
came
from
as
possible
and
kind
of
also
allow
operators
developers.
Anybody.
B
B
All
the
way
to
best
practices
right
like
definitions
now,
policy
around
holla
docker
file
should
be
constructed
for
the
container
builds
kind
of
interactions
between
containers
in
terms
of
the
port
support
exposure.
There's
all
that
kind
of
stuff,
so
really
anchor
is
kind
of
a
data-driven
approach
to
providing
visibility
into
container
images
themselves,
so
we're
not
an
orchestration
system
or
anything
like
we're,
not
a
monitoring
system.
In
that
sense,
it's
not
a
system
that
that
aims
to
kind
of
give
you
run
times.
It's
a
static
analysis
system.
B
At
the
moment,
our
design
goals
with
all
this
is
that
it's
very
lightweight
have
system
agnostic,
use
it
kind
of
anywhere
and
on
anything
and
you're,
not
tied
into
like
a
specific
registry
implementation
or
anything
like
that,
and
you
can
use
it
kind
of
when
and
where
makes
sense,
and
you
never
have
to
push
images
anywhere
outside
of
your
network
thing
or
not
comfortable
with
right.
So
it's
very
lightweight
and
try
to
keep
it
straightforward
for
integrating
with
with
grouper
Nettie's
and
a
number
of
think
so
one
thing:
I'd
love
to.
B
A
B
Way
to
verifying
that
and
turn
that
thing's
meet
those
certification
requirements
anywhere
from
again
and
the
standard
security
stuff
followed
a
more
complex
and
application
driven
properties
of
the
images
we
must
be
open
and
specifically
open
source.
So
so
it's
an
open
source
first
approach.
For
short,
you
know,
and
we
recently
released
our
open
source
tool
and
you
don't
get
help.
I'll
have
show
that
a
little
bit
later,
but
thats
road,
we're
taking
and,
to
reiterate
you
know
what
is
certification
in
our
context.
It's
definitely
more
than
just
security.
B
That's
kind
of
the
table
stakes
and
that's
what
a
lot
of
folks
are
talking
about
is
security
with
containers.
We
think
that's
interesting,
but
there's
a
lot
of
other
attributes
of
containers
and
especially
with
the
complexity
and
the
great
model
that
Cooper
Nettie's
and
orchestrations
employed
pernetti's
provide
around
the
container
space
and
combining
them
and
defining
services
that
are
collections
and
containers
interact
in
interesting
ways.
B
If
you
have
a
few
key
tenants,
a
kind
of
our
approach
and
open
source
extensibility
right
from
the
beginning,
we
build
this,
assuming
that
we're
not
going
to
even
come
close
to
guessing
all
the
kind
of
things
before
and
want
to
do
so.
It's
it
built
from
beginning
to
be
very
extensive
and
you
know
python
scripts
or
bash
scripts
or
whatever.
You
want
to
kind
of
do
this
helical
kind
of
eight
in
this
stuff,
cross-platform
developer
or
focus
and
we're
definitely
in
data
driven,
so
a
container
workflow
using
Angkor
right
the
basic
pieces
of
anchors.
B
You
can
create
gates
and
we're
calling
gates,
you're,
basically
queries
with
with
a
kind
of
a
pass/fail
kind
of
output,
as
well
as
queries,
you
kind
of
build
collections
of
those
things,
and
then
you
can
run
them
in
an
automated
fashion
in
an
automated
fashion,
with
images
as
they're
flowing
through
the
system.
So.
B
Both
retain
any
interesting
information
about
containers
and
about
the
images,
as
well
as
ensuring
that
certain
properties
of
the
image
itself
are
met
before
it's
rolled
out
into
it,
one.
So
the
basic
workflow
with
an
course
you
know,
you're
pulling
images
from
public
registries
anchor.
We
have
to
have
a
service,
that's
running
in.
B
Of
scanning
the
ecosystem,
doing
analysis
of
official
registry
official
registry
to
Marion
images,
as
well
as
things
like
bug,
report
feeds,
CDE
feeds
all
that
kind
of
stuff
and
kind
of
mining,
all
this
stuff
in
creating
a
nice
database.
So
next
is
then
you
would
sink
it
down
to
your
local
machine
will
be
installing
Anchorage
really
straightforward,
like
if
installed
Thank
or
where
you
can
get
a
bit
off,
get
up,
which
is
a
local
tool
that
sets
up
a
database.
B
That's
where
you
would
put
Angkor
and
there's
a
couple
option
to
you.
Usually,
we
recommend
doing
an
analysis
past
right
after
you,
the
bill
before
you
come
and
push
it
through
a
CI
system
or
three
CI
workflow
kind
of
get
the
data
about
it
and
then
run
your
test.
You
see
I
get
the
output
whether
functionally
it's.
A
B
The
test
you
time
and
then
through
the
evaluations,
the
end,
so
the
gate
modules
and
the
policies
you
define
can
be
applied
at
the
end,
and
this
allows
you
to
use
the
output
of
those
tests
as
well,
isn't
using
those
as
inputs,
the
Gades.
If
you
want
on
you,
could
collapse,
those
back
down,
have
a
single
kind
of
analyze
evaluate
so
you
don't
waste,
see
I
cycles,
for
instance,
on
an
image
that
doesn't
really
pass
muster
for
whatever
reason,
some
examples
of
our
default
models.
We
have
right
now.
B
B
You
know,
aside
from
the
analysis
and
the
gates
which
are
kind
of
pass
fail.
We
also
provide
modules
for
doing
the
queries,
so
you
can
just
ask
whether,
whether
it's
at
the
time
of
you
doing
analysis
or
any
time
after
that,
you
can
kind
of
ask
these
questions
about
what's
in
your
container,
and
this
is
great
for
systems
where
you
kind
of
building
and
push
away
in
and
it's
gone
I
don't
want
to
retain
a
bunch
of
information
about
or
the
actual
debate,
afore
that
container
outside
of
the
registry
itself.
B
A
B
B
C
B
So
at
this
point,
I've
installed,
Angkor
I
run
it
on
a
bunch
of
images.
For
brevity
here,
runnin
images
I
actually
have
images
running
in
Coober
Nettie's,
it's
a
basic
application
on
and
end
up
with,
JSF
really
straightforward
stuff.
So
I
kinda
want
to
show
what
ain't
working
the
information
anchor
can
give
you
about
those
images,
I'm
understanding
the
insight
that
dick
is
so
first
I'll
just
show
a
basic
report
like
so
this
is
a
basic
analysis.
Output
you
get
from
angkor
ran.
B
Of
things
that
that
were
that
we're
able
to
talk
about
and
able
to
learn
about
the
container
so
set
of
tags,
you
know
the
number
of
package
there's
two
cm
long
counts.
We
have
the
number
of
packages
number
of
files,
number
of
sui
d
files,
the
baits
dips
and
that
column.
The
kind
of
the
differences
from
the
base
image
is
its
own
face
image
ID
from
scratch.
B
So
we
can
kind
of
skip
over
that
and
then
the
type
of
image
here
is
an
aim
for
basin
that
it's
something
that
the
anchor
engine
is
scanning
in
the
ecosystem
and
providing
your
analysis
when
we
sync
the
data
down,
so
you
can
save
cycles
there
to
reanalyze
everything
from
docker
hub
for
them.
So
basic
analysis
reporter
on
the
one
so
I
have
a
web.
B
There's
the
image
ID,
I'm
using
a
GCR
for
this
moment
and
a
similar
output
right,
but
we
can
seduce
a
different
set
of
tags,
different
sets
of
counts
and
I'll
get
into
this
gate
status
in
a
moment.
So
the
beef
status
is
actually
output
of
these
gates
that
are
running
a
policy
checks
against
the
image
dig
into
that
moment.
So.
B
This
guy,
so
this
is
what
the
gates
run,
and
in
this
case
it's
mostly
running
cve
checks,
just
kind
of
us
in
the
street.
Where
would
they
do
explain
and
show
everybody
kind
of
understands
that
so
here's
the
list
of
open
sea
de
the
egg
core
is
found
against
this
image.
There
are
different
security
and
the
output,
so
the
policy
we
have
defined
in
this
case
says
unknown
or
abilities.
Are
low.
Vulnerabilities
are
okay,
a
medium,
throw
a
warning
for.
D
B
Start
pushing
an
adjuster
screw
go
to
output.
This
is
really
able
staked
right.
Cv
is
kind
of
a
well
known
and
understood
thing,
but
we
can
kind
of
get
more
information
from
these
containers
as
well.
So
so
we
have
this
thing:
it
has
vulnerabilities.
Let's
see
what
container
this
node
app
is
actually
based
on,
so
we
can
run
the
show
command
out
of
our
toolbox
and
okay.
So
we
have
image
ID
repo
tags.
Oh
so
we
know
it's
a
debian
distro
for
an
eight
I'm.
You
get
some
parent
IDs
and
face
ID
stuff.
B
So
let's
find
the
parent
container
like
what
was
their
container.
This
was
actually
based
on.
We
have
a
tool
in
our
toolbox.
They'll
show
family
tree,
it
kind
of
shows
you
the
history
of
it.
So
what
what
things
with
this
image
based
on?
And
so
here
we
can
stick
your
at
the
bottom.
Here
is
the
container
we
have
right
now,
and
parents
based
on
those
lists
which
isn't
a
core
base
image
that
we've
analyzed.
So
we
can
kind
of
learn
about
okay.
So
it's
not
so
we
know
what
is
the
report
on
the.
B
Doing
well
so
this
is
the
basic
anchor
report
on
node
2,
okay
latest
here's.
The
tags
makes
sense
packages
files
about
its
gate
status.
It's
also
stopped,
so
it
must
have
had
some
vulnerabilities
or
didn't
meet
the
criteria
so
their
CVS
that
are
present
in
this
parent
English.
We
can
actually
run
view
the
gate,
output
on
the
parent
image
as
well.
C
B
Yeah,
so
we've
been
working
on
that
we
don't
have
to
have
a
proper
plug
in
yet
that's
that's
kind
of
in
progress.
We're
looking
at
that,
but
usually
what
we
do
is
the
part
of
your
Jenkins
workflow
rash,
doing
the
bill,
so
the
worker
that's
actually
pulling
the
dockerfile
and
usually
a
ditch
or
something
you
actually
run
anchor
there.
So
you've
run
the
docker
build
and
then
run
angkor
analyze
on
it.
At
that
point,
and
then
at
that
point.
B
B
Okay:
okay,
great
question:
so
the
minivan:
here's
that
it's
a
generic
approach,
we're
not
focused
on
just
security,
so
I
show
I
showed
CVEs,
that's
one
of
the
things
we
can
do.
For
example,
here
I'm
actually
outputting
the
docker
file,
so
we
can
actually
also
confer
and
track
docker
files
over
time.
So
basically
gives
you
visibility
into.
B
B
B
Cpe
feeds
and
kind
of
stuff
set
up,
but
we're
not
quite
there.
Yet
we
love
to
you,
know
pocket
folks
about
doing
that
and
look
at
thick
a
couple.
Other
folks
have
introduced
capabilities
for
that.
The
looking
into
how
Alpine
is
approaching
it
from
what
I've
seen
it's.
Basically,
they
track
it
in
their
bugs
system,
so
get
any
actual
feeds
is
not
quite
as
straightforward,
just
debian
and
I'm
going
to
on
those
guys
and.
B
A
B
But
because
anchor
is
built
for
containers,
we
keep
things
like
the
provenance
like
what?
Where
did
this
container
come
from
in
terms
of
what
was
the
parent
image?
So
we
can
do
interesting
analysis.
I'm
not
gonna,
have
time
to
get
to
things
like
if
I.
If
I
rebuild
the
parent
image
of
a
bunch
of
different
developer
images,
then
all
they
have
to
do
is
rebuild.
B
They
don't
have
to
change
their
docker
file
at
all
update
because
it
rebuild
us
and
it
pulsed
changes
through
so
mapping
the
container
space
and
helping
you
kind
of
combat
a
image
sprawls
so
to
speak
and
understand
kind
of
across
a
bunch
of
different
images.
What's
going
on
right,
what
similar
packages
you
know,
should
you
be
pulling
packages
into
your
ice
cream
image
stuff
like
that,
it's
really
container
for
them.
Thank.
A
A
So
I
did
say
we
have
a
relatively
light
agenda
today,
which
is
one
of
the
reasons
that
Zach
got
some
extra
time
without
me
being
too
terribly
invasive
there,
but
we
have
do
have
to
seek
reports
scheduled
up
so
Michael
sitting
here
next
to
me
is
going
to
talk
about
cig
storage
and
what
has
been
going
on
in
that
special
interest
group
and
what
will
be
going
on
in
that
special
interest
group?
Okay,
your
cameras
there,
oh.
E
Hello,
camera
so
right
now
there
are
several
things
going
on
in
the
sake,
one
of
them
is
that
there
is
a
lot
of
open
bugs
in
the
one
dot
3
release
due
to
the
fact
that
we
had
a
lot
of
churn
in
the
storage
stack
and
a
mountain
and
unmounting
path,
and
I
think
one
got
three
dots
for
we
should
have
a
lot
of
these
being
addressed.
That
release
will
be
coming
out.
I
think
we're
going
to
try
to
cut
it
today
or
early
next
week.
E
The
community
overall
is
very
interested
in
focusing
on
and
ramping
up
our
testing
in
general
and
making
the
system
a
lot
more
robust
and
to
discuss
that
we're
going
to
well,
and
in
light
of
that
and
other
things,
we're
going
to
be
having
a
face
to
face
storage
cig
in
the
second
week
of
August,
a
bunch
of
people
from
all
over
the
community
redhat
a
cluster
HQ
poor
OS
we're
all
going
to
be
meeting
in
San,
Jose
I
think
it
was
a
sight
again.
You
know
sorta
demanda,
cordia,
diamante,.
E
I
believe
in
their
office
and
the
agenda
is
online.
If
you
go
take
a
look
at
the
storage,
cigs,
email
archives
and
you
can
see
what
we're
going
to
be
talking
about
we're
also
dealing
with
dynamic,
claim
provisioning.
This
cycle
and
there's
been
a
lot
of
debate
in
the
sig
right
now
about
getting
that
done
and
trying
to
get
that
done
in
time
and
what
the
design
of
that
will
look
like.
E
E
C
E
Think
if
I
understand
things
and
remember
I'm
new,
so
I
probably
am
misunderstanding.
Something
I'll
use
that
excuse
as
long
as
I
can
but
as
I
understand.
Sick
testing
is
a
lot
more
about
sort
of
the
infrastructure
of
testing.
Overall,
what
I'm
talking
to
people
in
the
state
storage
team
about
and
what
they're
also
interested
in
Aaron
Boyd,
especially
has
been
highlighting
this?
Is
that
there's
a
lot
of
you
know
it's
not
so
much
the
test
infrastructure
as
we
need
to
write
more
tests.
E
We
need
to
exercise
what
we're
doing
right
now,
some
of
the
data
integrity
tests
we
have
they
do
things
like
we
write
30
bites
into
a
volume,
close
the
volume
open
it
up
and
then
see.
If
those
30
bites
are
there
I,
don't
think
a
lot
of
customers
are
only
writing
30
bites
into
their
volumes.
We
should
probably
be
understanding
the
use
cases
of
our
customers
more
deeply
and
building
up
more,
even
more
testing
than
what
we
have
already
in
you
know,
exercising
those
paths
from
what
I've
gathered
and
again
remember:
I've
come
in
late.
E
C
Well,
I
guess
I'd,
say
I'd,
encourage
you
to
if
you're
talking
about
sort
of
general
testing
things
please
touch
base
on
with
the
with
the
testing.
Sig
I
certainly
understand
a
specific
test
case,
specific
test
case
enhancement,
things
that
are
that
are
specific
to
the
cigs
area.
Probably
shouldn't
be
going
there,
but
it
sounded
like
there
were
some
community
process
communication
things
going
on
in
your
discussion
there
that
it
would
think
it
did
right.
E
Yeah,
if
that
happens,
I'll
definitely
do
that
and
it's
possible
that
we'll
end
up
asking
for
things
from
that.
You
know:
saving
disk
and
infrastructure
and
communication,
but
right
now,
I,
don't
think
that's
where
we're
at
my
my
impression
is
that
there's
actually
a
pretty
rich
environment
to
do
what
we
need
to
do.
We
just
need
to
start
utilizing
that
environment
and
making
progress
a.
A
Know
that's
a
good
question.
So
far.
Yes,
so
there
was
an
email
this
morning
asking
for
people
to
RSVP
on
the
dock
that
is
starting
to
track
the
agenda.
So
this
was
all
happening
on
the
cig
storage
mailing
list,
so
simply
for
the
facilities,
preparation,
kind
of
thing.
If
you
can
RSVP,
that
would
be
great,
but
it
is
not
an
invite
only
sort
of
thing
exactly
yes,.
E
It
this
is
not
being
intended
as
sort
of
a
closed
room,
six
storage
event,
but
at
the
same
point
you
know
I
I
expect,
if
you're
not
really
focused
on
storage
type
of
conversations,
you
know
it,
it
probably
isn't
going
to
be
the
most
useful-
and
you
know
please
be
aware,
like
I-
would
hate
for
a
really
cool
networking
conversation
to
erupt
in
this
forum,
because
you
know
probably
not
gonna,
have
all
of
the
people
that
we
need
to
have
involved
and
we
have
a
lot
of
things
to
focus
on
in
the
storage.
E
If
you
take
a
look
at
the
agenda,
so
be
respectful
of
the
agenda
is
mostly
it,
but
you
know
people
should
be
welcomed.
I'm,
not
really
aware
of
how
big
the
facility
space
is
and
so
yeah
I
guess
not
enough.
Thought
has
been
really
been
given
to
that.
But
I
would
hate
to
make
this
an
invite,
only
sort
of
event
and
that's
not
hot.
It's.
C
If,
for
some
reason,
I'll
just
make
the
offer
here
for
some
reason
you
blow
the
space
out,
I'm
sure
we
have
enormous
facilities
in
san
jose,
I'm
sure
I
could
arrange
for
arrange
for
samsung
to
host
as
an
alternative.
Okay,
oh
hey,
yeah!
Sorry,
this
bob-whites
from
samsung,
oh
cool.
A
C
A
F
This
isnt
sig
storage
related
directly
but
Michael,
said
at
the
beginning
that
we'd
be
cutting
a
13
for
this
week.
I'm
just
looking
at
that
cherry-picked
dashboard
and
there
are
26
PRS
proposed
to
be
cherry-picked.
I
think
Fabio
has
been
going
through
and
peeing
folks
asking
them
to
send,
cherry-pick
pull
requests
and
most
I
think
a
lot
of
people
haven't
done
so
yet.
So,
if
you
have
a
PR
that
you
sent
out,
that's
been
marked
as
cherry
pick
candidate.
F
E
E
First,
there
was
a
security
issue
and
then
we
found
two
pretty
high
impact
bugs
so
in
my
mind,
13
dot
4
is
kind
of
a
one
of
the
big
roll
up
releases
for
13
for
a
lot
of
bug
fixes
not
just
storage
related,
but
there
are
some
things
with
secrets
in
the
way
that
we
do
mounts,
we
accidentally
did
them
in
serial
as
opposed
to
parallel.
So
you
know
134.
Should
it
be
addressing
a
lot
of
those
concerns
right.
F
And
to
make
134
actually
a
good
roll
up
release,
we
do
want
to
get
all
of
these
cherry
picks
and,
like
it's
real
easy
for
me
to
go
and
like
poke
Googlers
and
make
sure
that
the
Google
cherry-picks
get
in.
You
know
other
for
people
that
don't
work
at
Google
like
we
can.
We
can
poke
PRS,
but
we
really
want
people
to
sort
of
proactively
start
sending
those
terrific
PRS.
A
A
G
Hey
everybody
yeah,
so
the
Signet
work
took
a
little
bit
of
a
summer
vacation
along
with
me,
and
we
haven't
met
in
about
a
month,
but
we
are
going
to
meet
this
afternoon
and
the
topics
on
the
agenda
for
this
afternoon
include
the
extension
of
the
new
network
policy
object,
which
is
new
in
13,
extending
that
to
include
egress
policies.
At
least
that
is
the
intention.
There's
a
bunch
of
proposals
open
for
how
to
do
that.
G
There's
also
a
topic
about
an
idea
called
node
local
services,
which
I
honestly
have
not
had
a
chance
to
look
at
the
pull
request
yet.
But
the
basic
idea
has
come
up
many
times
with
people
who
have
a
some
agent
that
runs
on
their
machine
and
then
they
want
the
pods
on
that
machine
to
find
that
particular
instance
of
the
agent.
G
But
we
don't
want
to
share
the
machines
IP
address
because
that's
too
high
couple
so
we're
trying
to
work
out
a
good
pattern
for
that
and
then
the
other
hot
topic
that
is
going
to
be
a
long
topic
of
discussion.
I'm
suspect,
is
multi-tenancy
multi-network
that
level
of
a
problem.
There
are
a
lot
of
people
out
there
who
are
trying
to
work
on
solutions
that
involve
you
know,
running
Coke
and
Pepsi
on
the
same
cluster
and
making
sure
that
cokes
work
can't
talk.
Two
Pepsi
servers,
coke
and
pepsi.
G
Here
are
hypothetical,
of
course,
but
this
is
a
really
big
topic
with
a
lot
of
facets.
Networking
is
just
one
of
them.
I
think
networking
is
one
of
the
first
ones
that
we
need
to
handle
so
we're
starting
here.
This
is
not
sig
multi-tenant.
There
is
no
signaled
attendant,
please
don't
start
one,
but
but
it's
going
to
hopefully
start
the
conversation.
So
these
are
some
of
the
things
that
we're
working
on
right
now.
G
The
multi-tenancy
stuff
is
a
very
hard
problem,
so
if
you
feel
like
you're
in
a
multi-tenant
situation,
where
multi-tenancy
would
benefit
you,
you
may
want
to
join
in
and
some
of
the
conversations
ya
nothin
goes.
Those
are
the
biggest
bits
of
feedback.
Then
looking
for
from
folks
that-
and
you
know
what
else
is
hot-
that
we're
missing,
like
there's
a
million
things
to
do
in
networking
right.
A
A
G
A
A
A
D
Actually,
this
is
matt,
Farina
I
was
just
going
to
jump
in
and
in
say
gaps.
One
of
the
conversations
that
we
had
this
week
was
the
fact
that
secrets
aren't
encrypted
at
rest
and
we
were
we're
hoping
or
looking
for
people
who
might
be
interested
in
helping
improve
that
in
the
SAP
survey,
we
found
that
a
lot
of
people
are
using
secrets
and
they're,
probably
under
the
impression
that
they
really
are
stored
and
locked
down
in
an
encrypted
manner.
But
the
conversation
came
up
that
they
weren't.
D
We
got
the
context
around
it,
but
really
trying
to
do
something
better
with.
That
is
something
a
lot
of
us
would
like
to
see
happen
and
we're
looking
for
people
with
interest
in
time.
So
my
name
is
Matt
Farina
and
if
you,
if
you're
interested
I,
will
point
you
to
the
issues
or
try
and
get
you
linked
into
the
right
place.
Can.
E
G
D
Yeah,
it's
just
one
of
those
lockdown
requirements.
You
want
everything.
That's
credential,
wise
lockdown,
when
it's
stuck
at
rest,
I
mean.
Ideally
you
know
your
passwords.
You
don't
store
in
plain
text
in
there,
but
you'll
store
passwords
to
other
systems,
you're
right.
Anybody
who
has
access
to
keep
cuddling.
You
know
it
locks
down,
but
if
an
intruder
gets
into
your
system
and
can
poke
around
or
somebody
who
doesn't
have
authorization
gets
in
they've
now
got
access
to
the
back
end.
You
want
to
try
to.
A
E
Question,
actually
is
that
you
know,
even
if
the
window
is
closed
in
the
door,
is
wide
open.
Unfortunately,
the
person
buying
the
house,
you
know
really
wants
to
cares
about
the
windows
being
closed
means
you
know
we
should.
We
need
to
do
this
anyway,
just
to
check
box
something
for
standards.
People
is
it.
Is
that
the
thing
well.
D
That's
part
of
it
and
a
you
know
what
if
somebody
gets
unauthorized
access
to
the
S&ED
machine
to
or
on
it,
but
they
don't
have
access
to
everything
else.
It's
also
covering
your.
You
know
your
your
attack
basis
and
so
sure
the
door
may
be
open,
but
maybe
it
is
closed
because
you
know
people
don't
have
access
controls
to
get
into
to
do
those
things
and
then,
when
we
get
to
multi-tenancy,
this
will
become
an
even
more
important
thing
too.
Yeah.
E
I,
just
I
definitely
agree
with
multi-tenancy.
This
is
a
big
deal
without
it
I
admit
I'm.
I
guess
I'm
curious
to
know
more,
but
that
said,
I
also
understand
that
if
there's
a
standard
and
a
check
box
that
needs
to
be
made
for
someone
to
feel
both
buying
the
product
even
or
not
buying
but
getting
involved
in
the
product,
then
that's
that
is
also
a
separate
issue.
Too
I
got
it
I.
C
I'll
ask
a
question,
then
sounds
like
you
have
a
kind
of
prioritized
list
of
things
that
you
think
would
be
better
addressed.
If
there's
an
alternative
proposal
for
priorities,
then
by
all
means,
let's
figure
out
how
to
get
the
community
a
rallied
around
it.
Otherwise,
I'm
not
sure
why
we
would
put
off
hygiene
efforts
across
the
across
and
along
the
project's
evolution
until
whole.
Bunch
of
other
things
are
done.
I
think
we're
headed
towards
a
security
waterfall
nobody's.
G
Proposing
putting
it
off
if
people
want
to
work
on
it,
this
is
the
beauty
of
open
source.
If
it's
important
to
somebody,
they
can
work
on
it.
My
question
is
really
as
a
non
security
expert.
You
know
if
those
people
have
security
backgrounds
who
are
interested
in
this,
you
know.
Are
there
other
things
that
we
can
do,
that
would
have
more
impact
in
the
medium
term
and.
E
I've
got
like
sort
of
two
thoughts
here
to
unfortunately,
so
one
thing
that
people
may
not
know
because
I've
not
done
a
good
job
publicizing.
This
is
evidently
I'm,
also
responsible,
at
least
on
the
Google
side,
of
keeping
track
of
a
lot
of
the
security
topics
that
are
involved
in
Cooper
Nettie's
and
I'm
currently
looking
for.
You
know
people
to
hire
to
help
us
do
that,
but,
given
that
I'm
just
interested
in
what
problems
were
trying
to
solve,
people
bring
up
security
features
and
finally
yeah.
E
A
Awesome
so
the
other
thing
I'll
mention
about
cig
apps
in
the
short
term
is
I,
have
asked
for
some
to
talk
about
the
future
of
pet
set
next
week
here
in
this
meeting
and
to
also
start
looking
at
doing
a
lot
of
that
work
in
conjunction
with
sig
apps,
as
well
as
the
the
the.
What
is,
what
is
the
workloads?
What
are
we
calling
that
I
think.
A
Okay,
as
long
as
well
as
the
workloads
work,
so
the
common
workloads
where
you
know
everybody
wants
to
be
able
to
do,
use
this
piece
of
software
on
coubertin.
Also
having
that
work
start
being
surfaced
more
in,
say,
gaps,
we're
trying
to
time
more
and
more
of
these,
these
efforts
to
special
interest
groups
and
then
have
them.
A
H
Can't
have
so
and
we
have
defined
the
pictures
that
are
going
to
be
added
to
one
of
her
lace.
Best
link
to
our
github
are
to
obligate
pitches
report
to
the
MIT
announced,
and
you
may
review
them
and
possibly
something
recessions
if
you're
interested
in
town-
and
we
expect
them
to
finalize
the
codeine
codeine
stage
in
three
weeks,
so
soft
good.
So
if
I
of
countries
will
happen
in
three
ways
of
the
debt
will
start
a
bug
fixes
stage
slow,
yeah
and
I'm
expecting
to
prepare.
H
A
A
H
A
Excellent,
thank
you.
You
are,
and
then
the
last
note
that
I
had
is
the
CLA
change
is
coming
so
as
part
of
moving
Cooper
Nettie's
to
the
cloud
native
compute
foundation.
We
are
also
moving
out
of
the
Google
CLA
and
moving
to
the
cloud
native
compute
CLA.
I
am
going
to
be
reaching
out
to
large
companies
who
have
generally
had
a
corporate
CLA
signing
the
next
week
or
several
and
getting
getting
started
that
legal
process.
A
So
we're
not
going
to
we're
going
to
try
very
hard
to
not
cut
over
any
of
the
repos
until
we
get
many
of
the
large
corporate
clas
assigned,
but
we
need
to
get
this
moving.
We're
also
going
to
be
moving
the
repos
one
by
one
as
a
put
inside
Cooper
Nettie's,
as
opposed
to
the
whole
of
the
Cooper
Nettie's
organization,
because
we
have
to
do
some
testing
before
we
cut
over
the
whole
org.
So
keep
an
eye
out
for
CLA
changes.
You
may
be
asked
to
sign
again.
A
If
you
are,
please
do
if
you
can
sign
as
an
individual,
please
reach
out
to
me.
If
there
are
corporate
issues-
and
I
am
happy
to
help
facilitate
on
that-
so
the
change
is
coming-
there
will
be
more
info
and
an
actual
plan
put
forward
to
mailing
list
and
probably
again
on
this
meeting
when
when
we
have
the
actual
plans,
we're
still
in
the
testing
phase
phase
on
this,
but
I
will
start
reaching
out
to
the
corporate
contributors
with
the
CLA
so
that
we
can
start
the
the
legal
grinding
ahead
of
the
cutover.