►
From YouTube: [SIG ContribEx] Weekly Meeting for 20220511
Description
[SIG ContribEx] Weekly Meeting for 20220511
A
Hello,
everyone
and
welcome
to
the
may
11th
sig
computer
experience
meeting
the
road
to
kubecon
the
for
for
us.
These
meetings
are
recorded
and
we
post
the
internet
at
some
point.
You
know.
Eventually
we
abide
by
the
cncf
code
of
chronic,
which
essentially
boils
down
to
please
be
excellent
to
each
other.
A
A
Events
community
meeting
that
has
been
punted
for
this
month
because
it
clashes
with
keep
con
we've
canceled
our
meetings
next
week,
because
cubecon
yeah
yeah.
D
It
might
be
worth
looking
ahead
at
the
schedule
and
for
that
matter,
if
we
have
a
meeting
falling
in
october
in
the
middle
of
the
other
kubecon.
A
It
is
the
one
as
well,
it
is
the
week
before
it
is
the
last
week
in
october,
because
it
literally
clashes
with
halloween.
D
The
halloween's,
a
big
holiday.
C
B
D
We
don't
what
we
do
is
be
because
of
my
sweetie.
We
actually
we
buy
miniature
ones,
but
it's
here
at
deli,
chocolate,
oh
nice,
so
we're
we're
very
popular
with
the
adolescent
girls.
None
of
them
missed
this
house.
A
A
D
A
A
A
A
D
Yeah,
it's
it's.
Actually,
it's
actually
come
together.
Really,
surprisingly.
Well
considering
all
of
the
uncertainty
we
started
into
this
with
we've
got.
D
I
think
at
this
point
more
than
110
people
registered
nice,
which
is
double
the
number
who
were
registered
for
the
social,
in
los
angeles,
the
and,
and
we
have
a
bunch
of
suggested
topics
on
the
open
issue
about
unconference
topics
we
have
12
sigs
signed
up
for
the
sig
meet
and
greet.
D
A
D
Be
there?
Okay,
that's
fine,
I'm
not
sure
how
I'm
not
sure.
Already
people
are
going
to
actually
be
to
ask
questions
the
it's
okay,
we
can
talk
yep,
the
mostly
we
wanted.
We
needed
to
have
something
in
the
morning
that
was
already
scheduled,
yep
the
and
it
was
either
the
steering
ama
or
having
the
reliability
discussion,
and
it
felt
like
throughout.
D
Nothing
other
than
the
fact
that
planning
for
the
contributor
summit
detroit
has
started
yep,
and
I'm
presuming
that
I'm
turning
that
over
to
your
midwestern
team
bob,
the
the
only
thing
we've
done
is
pick
the
room
layout
because
we
had
to
do
that
already,
and
so
it's
basically
going
to
be
one
more
room
than
we
have
for
this
one.
D
So
one
big
room,
you
know
a
big
auditorium
room
plus
four
small
rooms,
yeah.
A
D
Yep
the
I'd
say,
the
one
request
passing
on
from
the
team
is
obviously
really
early
to
be
planning.
This
is
that
it
might
be
nice
to
have
have
the
intermediate
workshops
at
this
one,
though
the
sort
of
things
of
like
how
to
do
a
code
review,
how
to
do
a
doc
review,
et
cetera,
yep.
A
D
D
And
we'll
see
about
planning
for
that,
but
we
still
there's
still
been
requests
for
things
for
new
contributors.
We
just
need
to
turn
the
time
and
resources
required
way
down.
Yeah.
D
And
that
that
and
have
it
not
conflict
with
the
rest
of
the
contributor
summit,
so
that
was
our
approach,
so
it
would
probably
like
if
the
contributor
summits
happening
on
monday.
That
would
probably
happen
on
tuesday.
A
D
The
yeah,
but
if
we
remove
a
lot
of
the
stuff
that
required
downloading
things,
then
we
make
it
a
lot
less
painful
for
us
yeah.
D
A
And
lots
of
people
walking
off
with
swag
that
wasn't
theirs
yeah.
Okay,
at
this
point,
any
other
questions
items
regarding
the
contributor
summit,
this
one
are
upcoming.
D
A
Issues
so
yeah,
we
do
at
least
have
a
play.
We
do
have
a
playbook
now,
so
I
think
it's
just
finding
the
right
people
to
you
know,
get
on
it
and
and
chase
down
the
various
cigs
yeah.
D
D
A
A
C
C
A
Okay,
so
speaking
of
of
steering
the
steering
election
josh,
you
said
you're
not
going
to
be
on
the
committee
this
time
around.
D
That's
the
idea
so
we'll
need
to
select
another
committee
member
after
kubecon.
I
need
to
launch
the
election
subproject.
I've
just
been
overwhelmed
with
all
of
the
other
things
yeah
and
step.
One
of
launching
election
subproject
is
moving
a
lot
of
stuff
in
the
community
directory
and
some
moving.
Some
of
that
stuff
will
break
electo.
So
I
need
to
do
it
in
a
coordinated
way.
A
D
Done
with
all
of
the
security
stuff,
there
is
one
security
task,
that's
dependent
on
me,
because
it's
very
kubernetes
configuration
specific
and
he
doesn't
have
a
background
in
kubernetes,
but
all
of
the
encryption
stuff
is
done
and
and
he's
working
on
the
one
sort
of
extra
task
which
is
ballot
review,
which
is
you
know,
so
you
can
not
only
go
back
and
revoke
your
ballot.
You
can
actually
check
the
ballot
before
you
revoke
it,
so
you
can
actually
go
back
in
and
say.
Did
I
already
vote
in
this?
D
Who
did
I
vote
for
the
and
yeah?
So
that's
there,
the
voter
and
operations
documentation
is
written
pending
cleanup,
which
the
cncf
docs
team
was
helping
with,
but
they're
with
ihor
out
there,
yeah
they're
put
that
on
hold
and
the
administrative
documentation
is
75.
D
Okay,
cool
the
yeah,
so
I
mean
part
of
this
is
cncf
wants
to
use
this
for
some
of
their
own
elections,
so
I
need
it
completely
packaged
for
them
to
do
that.
Yeah.
D
They'll
need
to
they're
they're
planning
on
they're
talking
about
changing
the
rules,
because,
because
I
mean,
among
other
things
right
now,
it
literally
specifies
yeah.
D
Link
to
save
so
they
need
to
have
a
vote
to
change
the
rules
there
and
we
talked
about
it
and
they're
going
to
wait
because
they
want
to
do
it
all
at
once.
Right
yeah,
so
electo
is
ready
for
them
and
then
they
vote
and
they
change
the
wording
so
that
it
they
can
use
other
systems.
D
E
D
Because
it's
going
to
be
self-hosted
right,
yep,
red
hat
would
be
willing
to
host
it,
but
I
don't
think
that
would
be
politically.
Okay.
D
Hey
this
is
getting
way
off
of
contrabex
topics.
The
so
yeah
yeah.
A
D
That's
about
it,
I
mean
after
I
move
everything.
We've
got
a
lot
of
election
documentation
backfill,
particularly
I
and
the
other
election
officers
were
really
exhausted
by
the
time
the
last
election
concluded,
because
we
went
straight
from
that
to
kubecon
and
the
contributor
celebration,
which
all
of
us
were
directly
involved
in
arranging.
D
So
we
really
did
not
improve
the
documentation
at
all.
After
the
last
election,
it
was
already
out
of
date,
yeah,
so
the
so
I
might
put
out
a
call
for
help
there,
but
not
until
I
have
everything
moved
because
I
don't
want
to
be
moving
it.
While
people
are
submitting
pull
requests,
yeah.
A
A
Yeah-
and
we
can
just
strike
this
section
all
together-
community
management
topics-
I
think
the
the
only
one
that
I
can
think
of
is
c
cluster
life
cycles.
Mailing
list
is
now
large
enough
that
they
cannot
send
calendar
invites
to
it
it's
the
same
problem
we
had
with
k-dev,
oh
so
a
project,
that's
probably
gonna-
be
spun
up
soon
will
be
to
take
the
god-awful
hack.
That
kristoff
wrote
to
sync
mailing
lists
and
turn
it
into
actually
something
we
can
start
using
for
the
sigs.
A
This
is
something
you
wanted
to
do
anyway.
It
just
is
now
acting
as
a
forcing
function
to
get
it
done.
I
imagine
this
won't
be
the
first
or
last.
A
No,
we
do
want
to
get
all
the
sigs
and,
like
all
the
community
groups
over
to
kubernetes,
I
o
managed
groups
for
a
number
of
reasons,
and
I've
had
to
change
out
probably
six
different
zoom
keys
and
accounts,
because
people
have
lost
access
to
the
public.
Google
groups,
like
so
expect
this
to
be
I'd,
say
rolled
out
over
the
next
year,
but
their
other
advantages
too,
is
that
we
can
now
do
google
shared
drives
and
things
like
that
with
managed
domains.
D
Yeah,
okay,
that
was
gonna
say
that
was
the
other
thing
is
the
to
do
about.
We
really
need
a
place
to
drop
community-owned
documents
yep
because,
like.
A
We
do
have
a
way
to
do
it
right
now.
In
fact,
several
sigs
have
it
set
up
it's
technically
under
the
contributor's
app
account.
They
have
a
shared
folder
instead
of
a
shared
drive
and
then
the
sig
leads
own
it,
and
then
they
have
a
sub
directory
in
there.
That's
shared
out
with
their
list,
but
having
a
standard
pattern
of
the
shared
drive
will
just
make
things
easier
for
everyone.
D
Yeah,
okay,
one
other
thing
about
community
management
is
I
had
a
conversation
with
a
community
member
about
code
of
conduct
committee
and
one
of
the
things
that
came
out
of
it
is.
D
The
transparency
report
makes
it
look
like
there's
a
lot
more
sanctioning
going
on
than
there
is
the
for
one
thing
exactly.
C
D
B
D
D
I
just
had
this
conversation
yesterday
afternoon,
so
I
haven't
thought
about
what
sort
of
wording
we
would
change
there
to
make
it
a
little
bit
more
clear
what
the
kind
of
activity
is,
the
so
the
just,
because
it
gave
this
particular
person
the
impression
that
the
code
of
conduct
committee
was
was
literally
hearing
a
case
a
week
which
is
is
pretty
far
from
the
case.
The
and
looking
at
the
report
you
know
I
can
see
how
they
got
that
impression.
Yeah.
D
Yeah
so.
A
A
Yep
but
yeah
I
would
follow
up
like
the
coc.
Has
a
channel
can
ask
on
the
channel,
but
yeah
the
cocc
and
steering
would
be
the
two
groups
for
that.
D
Yeah,
the
other
thing
we
should
do
on
the
slack
admins
team
is
also
add
some
more
stuff
to
the
slack
thing
to
make
under
clear
that
what
our
practices
already
are,
which
is
that
you
know,
if
there's
any
sort
of
doubt
whatsoever,
people
get
warnings
before
they
get
kicked
off.
B
D
Platform
even
things
that
seem
like
obvious
spammers,
because
that's
true,
but
people
don't
necessarily
who
haven't
been
part
of
the
process.
Don't
necessarily
know
that
so.
A
C
Hey
castle,
anyone
take
it
or.
B
Sorry
I
was
finishing
up
writing
and
to
find
the
window
and
unmute.
I
was
also
working
on
finding
there.
We
go.
B
B
That
is
not
the
one,
I'm
looking
for
sorry
tweets
there.
It
is
copy
that
link
and
I'll
put
it
here
and
I'll,
replace
with
that.
Okay.
So
there's
the
link
to
our
kubecon
tweets
plan
in
case
anyone
wants
to
look
at
it.
It's
a
spreadsheet
where
we've
got
around
40
tweets
laid
out.
They're,
mostly
done
most
of
the
ones
that
are
outstanding,
honestly
are
my
own,
which
is
not
surprising.
B
Thank
you
very
much
to
frederico
and
rajesh,
who
are
both
on
here
today
and
helped
out
with
this
effort,
so
we're
just
about
there
I'll
be
putting
these
into
our
account
to
be
scheduled
to
go
out
at
their
designated
times.
B
B
So
the
things
we
have
left
there,
no
before
you
go
email
did
that
actually
go
out.
Yeah.
B
B
We
want
to
send
out
another
email
to
remind
folks
that
the
last
chance
to
register
is
may
13th.
So
I
should
probably
write
that
out
today,
assuming
no
anyone
else
is
doing
that,
I
don't
think
anyone
else
said
they
were
going
to
and
then
a
post
event
email
josh.
You
were
going
to
create
a
survey
for
that,
the
slack
blast
we
organized
that
one
awkwardly.
So
we're
gonna
do
that
differently
next
time,
but
we
ended
up
not
really
needing
it
because
well.
B
D
B
D
B
That's
true,
that
is
a
good
point
and
by
the
way,
for
anyone
not
familiar
with
slack
blasts,
we
have
a
slack
bot
that
can
send
out
a
slack
message
to
all
the
different
channels
in
the
kubernetes
slack,
so
that
we
make
sure
that
we're
pinging
folks,
where
they
actually
look
at
things.
C
C
B
Save
meetings
just
looking
through
everything
else:
okay,
we
should
probably
do
a
tweet
about
the
note
before
you
go
now.
That's
out
so
I've
updated
that
with
the
things
that
I
need
to
do
as
soon
as
possible,
which
is
good
work
for
me
and
that's
pretty
much
what
we've
got
going
on.
I
think
anything
else.
Oh
we've
got
the
name,
change
change
pr
out.
B
B
C
B
C
To
fix
all
the
well,
I
think
it
was
one
pr,
but
there's
two
things
like
changing.
The
name
of
the
directory
is
one
thing,
but
changing
all
the
things
that
link
to
that
directory
is
another
yeah
and
there's
a
few
I'd
created
a
gist
and
dropped
that
in
the
pr
the
existing
pr
so
yeah,
I've
got
to
get
all
that
together,
but
that'll
probably
be
during
or
after
cubecom.
C
B
C
B
D
C
A
No,
it
should
be
open
an
issue
in
steering
funding
and
then
okay.
D
B
B
C
D
A
hold
of
somebody
at
cncf
with
a
credit
card
I
mean
and
then
and
then
get
the
whole
account
set
up.
So
it's
gonna
be
a
post,
coupon
thing
yeah.
B
C
C
A
A
There
is
nothing
currently
like
we,
we
just
onboarded,
you
know
arno
and
nebarun.
As
new
github
admins.
We
are
planning
on
backfilling
the
new
member
coordinator
role,
but
that
will
be
a
post,
kubecon
action.
A
D
A
I
I
believe
it
is
merged.
We
are
set
up
an
ops
genie
to
handle
the
scheduling.
Okay,
it's
just,
I
think
the
actual
setting
up
the
schedule
has
not
happened
yet
and
that
will
again
probably
be
a
post
kubecon
action
yeah.
I
would.
D
D
D
Like
for
slack
admin,
I
don't
have
any
way
to
do
that,
except
I
post
in
the
admin
private
channel,
which
is
not
a
very
it's,
not
a
very
effective
way
of
letting
people
know
what
I'm
not
going
to
be
covering.
A
Same
here,
yeah
we
and
we'll
give
ops
genie
a
run
like
it's
usually
meant
for
on-call
type
thing,
but
it
it
does,
handle
the
calendar,
scheduling
and
things
like
that,
which
is
one
of
the
reasons
that
you
know
we
went
for
it
and
we
get
it
for
free
through
the
cncf.
So,
okay,
I
guess
let
us
give
it
a
pilot.
A
I
actually
think
red
hat
uses
it
internally
as
well.
Okay,
so
might
might
have
like
kristoff
or
others
might
know.
Okay
have
more
but
yeah
I'd
say
let
the
github
admins
just
give
it
a
spin,
and
then
we
can
go
from
there
cool
any
other.
Github
management
related
thingies.
C
A
Okay-
and
that
takes
us
at
this
point
to
open
mike
and
pj.
E
Hey,
can
everyone
hear
me
yep,
yep,
okay,
perfect,
so,
first
of
all
been
a
long
time
since
I
joined
this
meeting
so
just
wanted
to
give
a
shout
out
to
all
of
you.
You
really
do
a
lot
of
work
and
really
keep
the
community
alive.
So
thanks
thanks
a
lot
with
that.
I
just
wanted
to
give
some
context.
I
put
some
notes
as
well
in
case
it's.
It
helps
so
I've
been
in
security
for
a
while
now
and
very
recently,
he
started
collaborating
and
became
an
associate
src
member.
E
So
because
of
that,
this
kind
of
fell
into
my
lab
because
it's
it
has
common
benefits
for
both
the
groups
and
committees.
E
This
is
mostly
to
do
with
how
src
manages
vulnerabilities
that
show
up
to
them,
and
then
they
have
to
figure
out
how
to
find
people
who
might
know
something
about
the
code
that
is
potentially
vulnerable.
E
So
what
the
src
team
noticed
or
observed
in
the
last
few
months
or
maybe
couple
of
years
is
two
things
happen
because
of
the
security
context
being
not
part
of
the
owner's
file.
So
first
is
it
gets
forgotten
because
it's
a
standalone
file
and
then
it
as
a
result
of
that
the
data
is
still
most
times
and
the
second
is
sometimes
the
security
contacts
are
considered
as
actually
src
people
for
that
repo.
E
So,
with
those
two
problems,
one
of
the
suggestions
coming
from
src
was:
can
we
merge
the
security
contacts
into
as
a
separate
field
in
the
owner's
file
and
and
then
that
way,
because
owner's
file
is
more
up
to
date
than
security
contacts,
and
we
have
a
maintainers
tool
now
that
can
kind
of
recycle
through
all
the
old
contributors
who
are
not
active
or
things
like
that
and
the
other
thing
was,
we
will
make
it
optional,
because
most
times,
approvers
and
reviewers
are
also
part
of
security.
Are
the
same
people
who
are
security
contacts.
A
So,
overall,
like
I,
I
like
this
idea,
I
actually
made
a
similar
suggestion.
Many
many
moons
ago.
The
the
general
thing
is
would
be
to
talk
to
the
github
management
and
sync
testing,
because
there
was
a
lot
of
back
and
forth,
adding
even
emeritus
approvers
things
that
essentially
two
owners
file
that
prow
can
ignore.
A
I
can
dig
up
some
of
the
old
threads
or,
like
you
know,
if
you
go
2k
community
and
search
or
like
hate
community
and
the
old
mailing
list,
and
search
for
like
emeritus
of
proverbial,
to
find
more
context
there.
I
think,
as
far
as
like
driving
a
path
forward,
it'd
be
getting
sign
off
from
github
admins,
getting
sign
off
from
sig
testing
and
prow
and
then
it'd
be
going
to
like
kdev
for
a
wider
community
consensus
on
it.
A
My
my
general
concern
is
honestly
owner's
files
are
not
kept
up
to
date,
they're.
They
are
kept
more
up
to
date
than
let's
say
the
security
context
in
the
root
directories,
but
they
are.
A
We
have
a
huge
issue
with
keeping
you
know,
approvers
and
and
reviewers
current,
and
a
lot
of
it
has
been
like
a
lot
of
the
removal
of
an
active
people
has
been
sinking
traffic's
going
in
and
basically
removing
people
from
the
work.
A
So
I
don't
know
how
much
of
a
net
benefit
it
might
be
outside
of
potentially
being
able
to
develop
some
better,
better
tooling
on
it.
My
default
would
be
in
terms
of
you
know.
Looking
for
security
contacts
would
be
looking
at
the
approvers
in
that
that
space
because
they're
and
then
looking
for
the
most
active
approvers.
A
E
A
D
And,
and
certainly
from
perspective
of
of
that,
I'm
in
favor
of
not
not
having
to
create
a
generic
tool
that
can
then
be
versioned
to
track
security
contacts
as
well
yeah,
and
that
would
be
the
advantage
of
lumping
it
into
owners.
A
E
Next
step
in
in
general
people
seem
not
averse
to
the
idea
or
even
like
the
idea.
The
next
step
would
be
github.
Admins
are
getting
like
discussion
started
with
data
admins
talking
to
sick
testing
in
terms
of
how
pro
is
going
to
look
like
if
we
have
this
new
field,
if
they
need
to
do
anything
there
and
then
having
some
sort
of
a
lazy
consensus
with
kdf.
E
A
The
way
you
might
be
able
to
at
least
cut
down
on
that
is
limit
it
to
the
named
sub
projects
that
come
out
of
cigs.yaml.
A
E
Got
it
yeah
and
we
were
thinking
of
the
security
context
being
an
optional
field,
also
to
your
point
about
approvers
being
maybe
the
default
ones.
So
if
we
don't
have
one
that's
active,
we
were
thinking
of
just
keeping
the
field
blank.
Sorry.
D
A
D
And
presumably
this
means
that
then
the
security
contacts
file
will
become
a
generic
template.
That
will
be
the
same
for
all
repos.
So
just
basically
say:
please
consult
the
owner's
file
contact.
The
people
security
contacts
there.
If
there's
no
security
contacts
listed
contact,
the
approvers.
A
One
one
other
potential
option
to
cut
down
on
the
number
of
like
things
he'd
have
to
update
would
be
to
request
a
security
contact
per
sub
project.
A
So
that
way,
it'd
just
be
an
update
to
the
generator
in
k
community,
because
there
will,
like
we've,
actually
been
talking
about
this
in
steering
with
like
sort
of
sub.
A
The
idea
of
like
sub-project
leads
or
points
of
contact,
because,
especially
this
happens
more
like
kk
and
test
infra,
where
you
have
lots
of
various
different
directories
that
are
actually
part
of
one
sub-project,
and
you
have
just
like
a
couple
people
that
have
that
cross-directory
expertise,
so
that
could
that
could
be
another
option
to
consider
and
there
might
be
a
lot
less
sort
of,
like
you
know,
updating
of
the
various
files
while
still
getting
you
know
things
relatively
update
up
to
date
and
6.
keeping
things
up
to
date
and
6.
yaml.
E
Right
so,
if
I
understand
correctly
you're
saying
instead
of
like
merging
the
two,
we
could
have
something
defined
in
the
6.0
as
like
a
project
security
contact
and
that
same
github
handle
is
then
reflected
back
in
the
security
context.
File.
A
It
didn't
mean
like
removing
a
security
context
file
together,
it'd
be
it'd,
be
pointing
like
them
towards,
like
we'd,
update
the
generator
to
list
it
in
the
various
like
sigrid
me's,
and
things
like
that.
So
I
don't
know
if
that
would
help
your
use
case
like
solve
your
problem,
but
at
least
would
help.
You
know
limit
the
amount
of
things
that
have
to
be
updated.
E
Right
and
but
that
would
I
think
that
makes
sense,
would
that
mean
like
the
sick
chairs
of
that
who
own
the
sub
project
would
have
to
find
someone?
Who
will
be
that
person.
A
E
E
Okay,
okay
I'll
take
that
as
good
good
to
go
for
now.
So
on
the
second
proposal.
Basically,
this
the
first
one
really
solves
one
problem
of
the
state
data
on
github
handles
the
other
problem
src
faces
is
the
github
handles,
do
not
provide
a
way
to
have
private
discussions
when
we
are
triaging
vulnerabilities.
E
There
is
not
a
single
point
of
contact
who
will
go
through
the
whole
triage
and
triage
sometimes
seems
like
six
months.
So
one
of
the
suggestions
there
was
since
most
or
all
or
most
sub
projects
are
aligned
with
once
one
or
more
owning
sick.
E
We
could
create,
or
you
reuse,
if
a
one
exists-
a
private
mailing
list
where
six
chairs
are
part
of
it
by
default,
and
obviously
the
contributors
at
kubernetes
dot.
Io
are
part
of
it
for
moderation
and
other
things
and
any
time
let's
say
especially
src
found
it
difficult
for
sub
projects
and
vulnerabilities
related
to
that,
like
ingress
in
nginx,
for
example,
where
they
weren't
able
to
figure
out
like
whom
to
reach
out,
what's
the
right
way
to
connect.
E
So
if
we
had
that
mailing
list,
they
would
know
using
six
dot
yaml,
which
sub
project
belongs
to
with
sig,
and
then
they
would
reach
out
to
that
mailing
list
and
then
based
on
the
chairs
understanding
of
the
sub
project.
They
would
then
add
more
people
who
are
relevant
to
that.
So
these
this
basically
does
two
things.
One
is
adds
an
extra
responsibility
on
maybe
already
overburdened
sick
chairs
of
being
accountable
for
all
the
vulnerability
disclosures.
So
that's
something
we
need
to.
E
I
think
do
a
pulse
check
and
see
if
people
are
comfortable
with,
and
the
second
thing
is.
It
gives
us
some
level
of
continuity
and
flexibility
on
chair
side,
because
a
mailing
list
can
be
updated
if
the
chairs
rotate
it
themselves
out
without
src
needing
to
worry
about
it,
and
it
gives
a
src
some
guarantee
that
somebody
in
the
mailing
list
is
always
going
to
know
what's
going
on
with
that
sub
project.
E
So
they
don't
need
to
continue
to
find
and
remove
and
add
new
people
so
that
that
was
the
second
proposal
and
to
your
point,
about
security
contacts
for
a
sub
project.
We
could
ask
chairs
to
delegate
that
responsibility
to
that
person
for
sake
or
sub
project,
and
then
they
could
have
be
part
of
that
mailing
list
as
well.
A
So
I
would
I
would
not
I
do
like
the
last
idea.
We
already
have
the
sig
chair
every
sig.
Every
community
group
has
a
private
mailing
list.
I
would
I
would
recommend,
like
engaging
the
private
mailing
lists
and
like
for
specific
security.
You've,
always
let
the
chairs
and
tls
loop
in
the
specific
people
into
each
individual
thread.
A
A
So
I
do
like
this
idea,
I'm
plus
one,
but
I
would
probably
use
it
as
another
thing
to
get
over
to
kubernetes
that
I
o
managed
at
least
like
leads
groupless.
A
The
other
thing-
and
I
know
we've
had
a
couple
other
conversations
about
this-
is
the
the
the
one
thing
with
the
the
race
leads
list.
Is
that
or
various
leads
lists
and
access
to
security
vulnerabilities?
That
brings
in
the
whole
export
control
conversation
again
so
that
that
might
be
another
separate
conversation.
E
I
I
just
if
not,
I
think,
the
only
thing
I
was
hoping
to
get
some
guidance
from
all
of
you
is
like
this
is
definitely
going
to
come
as
a
surprise
if
we
suddenly
start
pivoting
to
that
mailing
list
from
src
perspective,
but
all
chairs
would
be
more
surprised.
So
I
was
wondering:
is
there
a
way
to
like
do
a
pulse
check
in
maybe
a
chairs
meeting
or
some
survey
sort
of
format
where
we
ask
them?
Is
this
something
you
will
be
willing
to
do
or
is?
E
Would
this
be
something
that
you
would
be
delegating
as
a
dedicated
named
role
and
then
based
on
their
feedback?
We
could
kind
of
decide
if
you
really
want
to
do
it.
E
I
think
many
people
would
be
one
person
I
know
for
sure
is
going
to
be.
Is
tabby
and
tabby
also
happens
to
chair
six
security,
so
might
be
the
right
person
to
talk
about.
E
A
E
A
Only
the
chairs
and
teals
are
invited
but
like
if,
if
it's
something
put
on
the
agenda,
I'll
say
it's
like
update
the
invite
and
send
it
to
you.