►
Description
Kubernetes Storage Special-Interest-Group (SIG) Data Protection WG Bi-Weekly Meeting - 14 July 2021
Meeting Notes/Agenda: -
Find out more about the Data Protection WG here: https://github.com/kubernetes/community/tree/master/wg-data-protection
Moderator: Xing Yang (VMware)
A
Okay,
hello,
everyone
today
is
the
14th,
I
think
july
14th
2021.
This
is
the
kubernetes
data
production
wing
meeting.
A
So
today,
ronak
will
go
over
a
design
for
the
volume
mode
conversion
issue
that
we
discussed
a
while
ago,
and
then
we
can
do
an
update
on
the
whitepaper
progress
all
right
rona
do
you
want
to
share
your
screen?
I
think
that's
easier.
D
Yes,
yeah
so
hi
everyone,
so
so
so
I
just
I
was
speaking
to
shane
the
other
day
about
this
issue,
so
I
just
thought
I
would
take
a
stab
at
it
and
basically
we
were
looking
to
get
more
sort
of
input
and
ideas
and
stuff.
So
the
document
that
we
have
here
is
is
pretty
high
level,
so
I
probably
just
go
through
the
problem
and
then
sort
of
high-level
solutions
and
then
of
course,
any
feedback
now
or
offline
later
as
well
as
is
welcome.
D
So
the
issue
is
basically
it
has
to
do
with
the
volume
mode
sort
of
conversion
issue
where
you
could
take
a
snapshot
of
a
pv
with
the
volume
mode
of
block
right.
So
technically,
there's
no
file
system
and
then
a
user
could
sort
of
maliciously
restore
that
that
sort
of
tv
sorry
restore
that
pvc
from
a
snapshot
and
change
the
volume
mode
to
a
file
system
and
then
try
to
mount
it
and
then
eventually
that
will
crash.
D
D
Honestly,
I'm
not
very
like
sure
about
how
backup
vendors
work
either,
but
basically
a
backup
vendor
could
potentially
want
to,
I
think,
temporarily,
sort
of
restore
a
snapshot
using
file
system
mode
and
then
sort
of
delete
that
that
sort
of
temporary
volume
that
they
create.
D
D
So
I
was
just
looking
at
that
and
seeing
it
seeing
like
how
we
can
sort
of
apply
those
concepts
over
here
to
sort
of
fine-grain
or
sort
of
provide
permissions
to
what
a
particular
user
or
service
account
can
do
right.
So
so
this
document
basically
speaks
of
sort
of
both
of
those
solutions
where
we
have,
I
mean.
D
Obviously,
the
names
are
just
like
not
really
thought
of
in
detail,
but
basically
a
volume,
security
policy
or
a
volume
security
standard
and
how
we
could
potentially
apply
that
to
our
problem
over
here.
So
first
off
like
basically,
we
need
to
store
the
the
pvc
pvcs
volume
mode
right
when
we,
when
a
user
takes
a
snapshot
of
a
pvc.
D
Currently
we
just
sort
of
populate
that
pvc
name
without
any
volume
mode,
so
one
change
would
be
to
sort
of
add
that
mode
to
the
snapshot
status
and
that
information
will
be
used
later
when
a
pvc
is
being
restored
from
a
snapshot.
D
So
any
questions
up
to
this
point.
E
I
was
just
gonna
mention
that
the
one
thing
preventing
crashes
is
is
a
lack
of
bug
in
the
current
lack
of
bugs
in
the
kernel
right.
We're
not
aware
of
any
actual
bugs
that,
let
you
do
anything
evil
today,
but
there's
a
potential
for
it.
Yeah.
D
Yeah
exactly
so,
that's
probably
why
it's
not
like
a
like
a
p0
at
this
point,
and
it's
been
alright
till
now,
right
cool,
so
so
the
first
sort
of
policy
or
solution
that
I
was
looking
at
is
like
volume,
security
policy,
which
is
basically
similar
to
like
the
pod
security
policies
that
we
have
today,
in
the
sense
that
basically,
we
would
introduce,
like
this
cluster
level
resource
where
you,
where
you
create
a
sort
of
a
volume
security
policy,
and
then
you
fill
in
the
spec
of
that
policy
with
whatever
permissions
you
want
to
give
to
that.
D
To
that
particular
particular
policy.
And
then
you
tie
that
policy
to
either
a
user
or
service
account.
So
as
part
of
this
proposal,
I'm
only
sort
of
suggesting
the
addition
of
a
single
field
called
allow
volume
modification
which
would
default
to
true
and,
of
course,
in
the
future.
D
If
we
come
across
whatever
other
sort
of
security
nuances
that
we
want
to
look
at,
it
could
easily
be
just
added
over
here
right
so
and
that
volume
security
policy
would
sort
of
be
tied
to
a
user
service
account
similar
to
what
psp
does
right.
D
So
when
in
psp,
like
port
security
policy
today,
if
you
need
to
tie
a
policy
to
a
user,
you
sort
of
create
the
role,
create
the
role
binding
and
then
sort
of
mention
that
you
know
that
particular
service
account
can
can
use
this
policy
like
you
have
to
specify
the
verb
and
stuff.
D
So
I
haven't
given
that
in
detail
over
here,
but
it's
all
in
this,
this
link
on
the
kubernetes
docs
and
then,
of
course,
we
would
introduce
an
admission
controller
which
basically
intercepts
requests
to
create
a
pvc
right.
So
what
that
admission
controller
is
going
to
do.
Is
it's
going
to
look
at
whether
you
know
the
source
of
the
pvc,
whether
it's
being
restored
from
a
snapshot,
and
if
it
is,
then,
is
it
modifying
the
volume
mode
right?
D
If
it
is,
then
it's
going
to
look
at
what
the
volume
security
policy
is
for
for
the
user?
That's
trying
to
create
that
pvc
right.
If
no
policy
is
specified,
then
we're
going
to
default
to
true
in
the
sense
allow
it
to
go
through
because
that's
sort
of
the
default
behavior
right
now.
D
D
Cool
so
so
psv
actually
was
deprecated
in
kubernetes
1..
I
think
it's
121
and
I
think
it's
going
to
be
removed
all
together
in
125
or
something
and
they've
sort
of
moved
to
this
thing
called
pod
security
standards.
D
Also
like
a
three-pier
pod
security
proposal,
it's
it's
actually
pretty
interesting,
and
this
proposal
is
actually
very
detailed.
So
I've
again
just
tried
to
take
concepts
similar
concepts
from
there
and
and
see
if
we
can
apply
it
to
sort
of
our
use
case
over
here
in
terms
of
volume
creation,
instead
of
like
pod
creation
and
the
reason
they've
done,
that
is
basically
they're,
a
bunch
of
like
limitations
with
bot
security
policies.
D
Again
all
of
that
is
sort
of
given
in
this
proposal.
So
I've
not
I've
tried
not
to
sort
of
duplicate
information
but
anyway,
so
this
sort
of
volume,
security
standard
would
support
two
modes
which
would
be
privileged
or
restricted.
D
Privilege
is
basically
allow
the
widest
level
of
permissions,
so
no
restrictions
on
on
creating
pvcs
or
you
know,
modifying
the
volume
mode
and
restricted
would
be
the
most
restrictive
policy
which
you
know
lets
you
fine-grain
your
sort
of
security
model
for
creating
volumes,
and
the
difference
here
from
pod
security
standards
is
that
you
actually
would
label
the
name
space.
So,
rather
than
so,
one
of
the
issues
with
tying
a
policy
to
your
user
is,
is
I
mean
think
of
it
like
this?
D
I
could,
I
could
be
a
user
that
creates
a
pvc
on
my
own
right.
So
in
that
case
I'm
the
user,
but
a
pvc
could
also
be
sort
of
created
as
part
of
a
stateful
set.
So
then
what
is
the
user
in
that
case
right?
So
I
think
those
are
sort
of
the
like
nuances
or
sort
of
these
smaller
issues
with
psp
that
also
apply
here.
D
So
the
idea
here
is
that
you
actually
apply
these
standards
to
a
namespace
rather
than
a
particular
user,
and
that
is
in
the
form
of
labels.
So
there
are
sort
of
three
modes
that
we
would
allow
again
similar
to
bot
security
proposal.
The
the
broad
security
standard,
which
is
enforce
audit
or
one
so
the
idea
behind
that
is
that
sort
of
enforce
is
you
know
if
a
policy
is
violated.
D
It
causes
that
pvc
creation
to
be
rejected
in
case
of
a
violation
but
audit
and
one
sort
of
lets
the
pvc
creation
goes
go
through,
but
still
you
know
sort
of
informs
the
user
in
in
a
couple
of
ways
either
by
auditing
or
you
know,
on
the
cli
and
the
reason
we
do.
D
That
is
because
you
know
customers
might
be
wanting
or
users
might
be,
wanting
to
move
to
this
model
without
really
or
would
rather
want
to
sort
of
see
how
the
future
works
before
you
know
enforcing
these
sort
of
policy
constraints
so
so
yeah.
So
basically
we
would
add
it
as
a
label
to
the
namespace,
where
this
prefix
is
obviously
still
undefined,
but
so
I
guess
kubernetes
dot,
io
dash,
something
sounds
something
slash
enforce
audit
or
one,
and
then
you
would
specify
the
policy
level,
which
is
either
restricted
or
privileged
right.
D
So
so,
when
this
pvc
is
created,
the
admission
controller
would
basically
read
the
label
of
that
of
the
name
space
that
it's
created
in
and
then
decide
what
policy
needs
to
be
applied
and
in
what
mode.
D
So
again
it
would
compare
the
pvcs
volume
volume
mode
to
the
sort
of
source
snapshots
volume
of
volume
mode
and
then,
if
they
match
it's
all
good,
if
they
don't
match,
then
it
would
look
at
these
labels
and
then
take
a
decision
accordingly
and
and
yeah.
Basically,
that's
very
high
level
sort
of
blast
of
information-
I
guess
so
yeah.
D
So
I
just
wanted
to
like
sort
of
put
this
out
there
and,
of
course
get
your
comments
and
see
what
what
what
everyone
thinks
about
sort
of
these
ideas
and,
of
course,
any
other
ideas.
If
you.
A
A
Rob
so
you're
asking
if
there
are
any
existing
kernel
or
existing
box
for
this.
I
think
right
now
there
are
no
no.
F
I
don't
want
to
derail
on.
You
know
just
discussion
on
that.
Okay,
you
know
on
that
too
much,
but
I'm
just
curious.
If
there's
any
communication
with
the
you
know,
sort
of
the
the
linux
proper
community
around
hey
is
this
the
right
behavior
and
obviously
it's
their
ball
of
wax
and
that's
a
whole.
That's
a
whole
other
topic
as
to
whether
or
not
this
community
can
influence
that,
but
I'm
just
curious
if
there's
been
anything
established
on
that
end
of
things,
I.
G
This
this
crashes
are
treated
as
cves
on
the
canvas
side.
But,
like
you
know,
the
fire
system
are.
The
fire
systems
are
huge
like
xfs
x4,
so
these
cvs
happen
from
time
to
time,
and
then
it
takes
quite
some
time
to
have
that
patched
in
all
distros.
G
F
Yeah
understood,
okay,
like
I
said,
didn't,
want
to
derail
but
glad
to
hear
there
has
been.
You
know
there
is
some
intent
on
the
linux
or
in
the
kernel
side
to
maybe
improve
things
over
time,
or
at
least
there's
an
awareness
such
that
they
could
potentially
have
intent
later
anyway.
Let's
not
derail
thanks.
H
I
I
have
this
kind
of
stupid
question
that
the
the
the
when
in
the
statement
of
the
problem,
is
it
looked
like
that
the
couplet
when
we
tried
to
mount
a
corrupted
tv
it
will
crash
and
we're
trying
to
find
a
way
to
address
the
problem
that
you
know
to
avoid
the
situation
like
this
happen,
but
have
you
ever
have
you
ever
I
mean
have
we
we
ever
think
about?
Why
don't
we
just
address
the
original
problem?
H
That
is
when
we
mount
some
pv
that
it
doesn't
have
cora
does
that
does
have
corrupting
file
system
so
that
it
will
not
crash.
So
that
is,
like
you
know,.
A
B
H
A
That
is
actually
to
say
if
some
some
malicious
user
tried
to
do
that.
This
is
not,
of
course,
not
like
normal
behavior
right,
so
I
I
don't
think
it's
actually
is
that
actually
even
possible
to
find
out
if
the,
if
the
file
system
is
a
corrupted
or
it's
you're
always
impossible
to
do
something.
E
H
A
Right,
so
maybe
young
can
answer
that
question
there
are
bugs,
so
we
I
think
young
was
about
actually
brought
this
up
right.
So
yeah,
I'm
probably
you
can
answer
this
one
better.
You
are
familiar
with
the
those
type
of
bags
you
saw
those
before.
G
There
are
bugs
in
kernel
some
few
times
a
year.
Somebody
finds
how
to
crash
your
kernel
using
corrupted
fire
system,
either
x4
or
xfs,
or
an
ntfs
or
whatever
these
bugs
happen,
and
there
is
no
way
how
we
can
check
before
we
mount
that.
The
first
system
that
we
are
going
to
mod
is
going
to
crash
the
kernel
or
not.
E
G
J
G
Can
mount
can
crash
the
camera
then
like
they
have
many
other
ways
how
to
crash
the
kernel.
They
don't
need
to
mount
like
they
can
stop
the
they
can
help
the
machine,
basically
even
without
mounting
something
wrong,
so
it
doesn't
have
the
highest
cve
rating,
but
it
is
fixed.
It
is
being
fixed
by
these
throws.
G
C
Okay,
I
had
another
question
so
so
the
other
way
we
can
provision
now
pvcs.
If
you
have
a
pre-existing
snapshot,
you
can
pre-provision
a
volume,
snapshot,
content
and
from
then
create
the
volume
snapshot.
So
then,
in
that
case,
where
do
you
get
the
mode
from.
D
Yeah,
that's
actually
a
good
question
and
I
think
that's
an
open
issue
that
I've
sort
of
listed
at
the
bottom,
which
I
I
didn't
really
go
through,
which
basically
for
pre-provision
volumes.
I
I
think
zheng
pointed
this
out
that
the
same
thing
is
what
you
said
right:
the
status
wouldn't
be
populated.
D
So
I
think
that's
an
open
question,
but
again
this
is
a
high
level
design.
So
I
didn't
really
think
about
like
stuff
like
that.
A
Yeah,
so
I
wonder
yeah,
if
that's
the
case,
maybe
at
least
this
process
cannot
handle
that
at
this
point,
so
I
think
at
least
we
want
to
start
somewhere
right.
So
maybe
let's
say,
of
course
we
can
continue
to
think
about
how
to
how
to
handle
that
case.
That
does
not
look
like
we
can
cover
that.
A
But
that's
so
this
is
the
volume
snapshot.
This
is
the
name
spaceman,
so
the
admin
will
be
creating
the
content
right.
Unless,
if
you're
saying
that
we
do,
we
add
that
in
and
also
when
you're
creating
that
the
con
the
status
will
not
be
populated
right,
so
admin
normally
probably
using
the
cli
cubacado
to
create
it
and
it
so
they
won't
be
able
to
change
the
status
unless
they
write
a
controller.
J
A
Are
you
suggesting
to
like
we
have
this
field
in
both
content
and
the
one
snapshot
so
right
now
in
this
current
proposal,
this
field
is
only
in
the
volume
snapshot
status,
not
in
content
status.
So
I
mean,
I
guess
there
are
a
couple
of
things
here:
do
we
also
want
that
field
to
be
in
the
content
status?
Because
that's
one
question
and
the
second
question
is:
when
the
admin
creates
it:
normally,
they
use
the
cube
card,
or
at
least
right
now.
A
You
know
when
I
try
to
say
I
don't
write
a
controller
just
to
create
a
content
with
this
status
populated
right,
so
I
mean
how
can
without
writing
a
controller?
How
can
the
status
will
be
populated
with
the
cut
or
you
cannot
yeah.
J
E
A
E
All
right:
well,
you
create
a
volume
yeah
with
the
raw
block
volume.
You
fill
it
up
with
a
malicious,
fake
ext
for
file
system
or
xfs
file
system.
A
A
But
I
mean
so
how
what
do
we
do?
How
do
we
do
that?
For
this,
this
is
privileged
provisioned.
How
do
we
get
that
information?
I
guess.
A
E
A
We're
getting
into
the
same
we'll
have
been
trying
to
avoid
that
so
the
field,
so
this
field
will
be
also
okay,
so
the
spat
field
in
this
case
it
could
be
either
be
like
a
status
because
it
changes
the
controller
or
by
the
user
in
the
preparation
case.
Yes,.
E
A
E
A
So
that's
what
we're
trying
to
say
is
that's
the
reason
we
have
the
the
source
to
different
source
if
it's
static
and
dynamic,
so,
but
only
that
the
id
is
still
that
it's
the
only
thing
that
is
there,
the
snapshot
last
id,
but
anyway.
E
E
A
Yeah,
all
I'm
saying
is
right.
We're
going
back
to
I
mean
I
think
it's
fine,
I'm
open
to
this
one.
Maybe
we
can.
This
is
an
option,
maybe
a
ronald.
You
can
write
this
down.
So
this
is
one
option
that
we
could
solve
this
problem,
which
is
to
have
this
in
volume
snapshot
content
where
we
have
this
field
in
spec.
E
E
At
least
we
would
have
a
record
of
if
someone
did
create
a
raw
block,
pvc
and
then
snapshot
it.
We
would
at
least
know
then,
when,
when
they
tried
to
turn
it
into
a
faucet
and
pvc,
that
they
were
making
the
change,
and
then
you
could
examine
some
policy
to
say
is
that
okay
or
not
and
for
a
backup
system,
you'd,
say
sure?
That's
okay,
because
we
trust
the
backup
system
before
joe
shmoe
say
no
we're
not
going
to
let
him
do
that.
A
Yeah,
so
if
it's
in
sweat,
then
we
then
we
don't
need
that
in
the
status
I
think,
do
we
still
need
that
in
the
status.
Oh,
we
probably
we
still
need
that
in
the
status,
because
that's
like
create
create
volume
time
we
need
to.
A
A
Okay,
all
right:
okay,
okay,.
D
Let
me
actually
look
at
how
the
api
the
api
would
change
of
the
content.
Then,
let's
see,
if
that's
that's
an
option.
A
Okay,
so
that's
for
okay,
that's
for
the
preparation
case.
A
D
Yeah,
I
need
to
probably
look
at
that
again:
I'm
not
sure
how
they
do
it
right
now.
D
Yeah,
so
actually
that's
it
for
me.
I
would
appreciate
if
anyone
can,
if
they
have
any
other
comments
later,
just
leave
it
on
the
page,
and
I
can
start
thinking
about
this
in
a
little
more
detail
as
well.
A
Okay,
michelle
do
you
have
other
concerns
with
us?
Should
we
can
we
move
forward
with
this,
or
is
there
any.
A
Yeah,
so
we
can
actually
maybe
take
a
make
a
call
here
and
we
can
should
we
also
bring
this
up
with
the
security
team
and
ask
them
probably.
I
would
think
they
will
be
suggesting
option
two,
since
that's
what
they
are
doing
with
the
pod
security
policy.
J
A
Okay,
so,
okay,
so
should
we
just
maybe,
as
rona,
can
clean
this
up
and
make
that
option
two
as
the
main
option
and
the
other
one
as
alternative
and
then
maybe
before.
A
L
M
Cool,
I
actually
have
a
question
regarding
this,
so
I'm
curious:
why
would
those
labels
be
part
of
the
namespace
and
not
the
part
of
the
pvc
itself.
D
All
right
so
so
I
think
the
difference
is
who
applies
the
label
to
the
space
right?
If
I'm,
the
user,
creating
the
pvc
then-
and
I
want
the
highest
sort
of
permissions,
then
I
would
just
say
like
create
this
pvc,
with
with
no
permission
with
no
restrictions
right
versus.
M
Yeah,
but
in
that
case
I
guess,
would
it
be
a
valid
use
case
that
a
user
in
would
want
two
different
set
of
policies
within
the
same
name
space,
or
we
are
saying
that
that
is
not
a
valid
use.
Skills.
D
Yeah,
so
I
think
that's
right
so
in
this
second
sort
of
when
you
apply
to
the
namespace,
rather
than
having
the
thing
like
the
policy
assigned
to
the
user.
In
that
case,
you're
saying
that
for
each
namespace
we
just
have
one
sort
of
standard
and
any
namespace.
Sorry
any
pvc
creator,
and
that
namespace
is
going
to
follow
that
standard.
M
Okay
sounds
good.
I
I
was
just
curious
like
why.
Why
would
that
like?
What
are
some
of
the
pros
and
cons
of
having
that
versus
having
this
specified
to
a
user,
but
I
guess
we
can.
I
mean
I
can
add
some
comments
to
the
document.
D
D
Cool,
so
I
think
that's
it
from
from
you
can
let
me
stop
sharing
okay.
A
I
thought
there
was
a
something
else,
but
I
couldn't
remember
what
that
was.
I
thought
was
that
something
else
that
we
also
oh,
I
think,
can
we
actually
can
you
go
back
to
share
that
again,
so
the
the
new
api
object
you're,
adding,
is
that
the
that's
like
under
the
policy
group
right
policy.
Api
group
is
that.
B
A
Can
you
hear
me
now
yeah?
Okay,
can
you
move
to,
I
think,
just
to
move
down
that
not
here
right
there,
the
let's
see.
A
Oh,
I
think
this
is.
This
is
option
two,
so
I
guess
maybe
it's
okay.
I
was.
I
was
just
so
so
if
we
oh,
so
this
is
yeah,
so
this
would
be
a
new
api
object,
but
I
think
this
is
since
this
is
option
two,
maybe
it's
okay,
I
was
just
trying
to
think
like
this
is
like
an
entry
api
object
right
and
then
because
we
talked
about
the
admissions
controller,
should
that
be
auto
tree
or
entry.
A
A
Okay,
so
I
think
xian
chen
is
on
vacation
and
he
has
no
problem
with
network,
so
I
couldn't
join.
He
said
he
will
be
working
on
the
white
paper
on
his
vacation,
so
I'll
think
I
will
see
my
keys
back,
so
I
just
want
to
see
if
there
is
any
update
on
this.
A
L
A
You
can,
maybe
just
like,
add
a
link
instead
of
writing
down
the
details.
Maybe
that's
fine
as
well
just
say
when
there's
another
example
and
then
just
here's
the
link-
that's
maybe
okay,
but
that's
okay,
I'll,
take
a
look
and
and
see
if
we
can
add
this
to
the
main
dock,
and
also
I
see
that
you
you're
trying
to
set
a
meeting
to
talk
about.
L
Yeah,
I
would
like
to
for
us
to
continue
to
talk
about
how
to
design
the
cap
for
cbt
for
this,
and
hopefully
that
the
guy
can
other
engineers
can
help
participate
in
that
meeting,
and
we
can.
J
L
L
A
A
So
we
don't
have
anything
on
agenda
for
next
meeting
yet
so
why
don't
we
just?
I
think
that
reviews
I
think.
A
The
call
are
interested
in
that
anyway.
Okay,
so
let's
do
that?
Okay,
yeah!
It's
sometimes
hard
to
find
another
meeting
time
that
works
for
everybody;
okay,
so
so
about
this
quiet,
ass,
hooks
tom.
Are
you
still
waiting
for
steve
steve
to
update
doc.
N
Yeah
steve
talked
to
me.
He
said
he
was
a
bit
busy,
I'm
still
very
young.
A
N
Doesn't
look
like
it
sure,
okay,.
A
We
can
probably
I
look
at
your
dog.
I
think
that
looks
good.
We
can
probably
include
that
first
and
then,
when
when
he
gets
time,
he
can
update
that
part
later.
A
And
I
also
look
at
the
you
know
the
you
know,
those
information
we
add
in
the
appendix
about
the
how
various
applications
does
choirs
and
backups
that
I
think,
maybe
it's
better
to
have
them
just
in
a
stay
in
a
google
doc,
and
then
we
can
just
add
a
link
to
that
google
doc,
I'm
thinking,
maybe
maybe
that
will
be
better.
N
That
would
be
good.
I
do
imagine
that
we're
going
to
turn
this
into
a
pdf,
so
we
probably
want
to
link
to
things
a
little
more
stable.
A
I
okay,
so
I'm
not
sure
that
we
want
to
do
a
pdf.
I
was
actually
thinking,
maybe
oh
yeah.
We
can
that
we
can
decide
later
yeah
we
can
pdf
is
one
way.
Otherwise
we
can
actually
just
to
enter
this
as
a
just
like
the
like
the
text
like
the
the
markups,
it's
fine
too,
I
think.
Well,
we
can
decide
that
later.
N
A
Okay,
all
right
see
does
anyone
else
have
any
update
on
this?
I
think
ben.
I
think
you,
your
name
is
also
on
one
of
the
sections.
A
Right
up
yeah,
can
you
write
up
something
for
that.
A
E
E
A
E
A
A
All
right
yeah
other
than
that
I
don't
have
anything
else
other
than
that.