►
From YouTube: SIG Docs Security Meeting 20200123
Description
For more info see https://git.k8s.io/community/sig-docs
A
All
right,
it
is
Thursday
January
23rd,
and
this
is
the
second
meaning
of
the
resurrected
sigdoc
security
project
and
it
looks
like
we're.
Gonna
have
a
light
attendance,
but
for
you
Zack
and
anybody
else
that
may
join
or
may
watch
this
the
occur
Brady's
code
of
conduct
is
in
effect,
so
TLDR,
please
be
excellent
to
each
other,
and
we
can
pick
up
where
we
left
off.
So,
let's
see
so
like
I
was
saying
last
two
weeks
ago,
last
meeting
circled
back
and
looked
into
a
lot
of
the
things
that
were
left
undone
previously.
A
A
Sad
face
because
that's
all
I
had
to
do,
and
so
at
the
end
of
last
week
or
last
meeting
I
believe
Marky
and
I
were
going
to
sit
down
and
go
through
a
lot
of
these
security
docs
that
Steve
Perry
has
linked
in
this
Google
Doc
I
was
not
able
to
get
ahold
of
him,
so
I.
Think
next
steps
would
be
I,
see
a
Jim
angel.
B
A
A
If
you
do,
if
you'd
like
I
know,
mark
he's
not
gonna
make
it
and
Tim
banister
is
not
gonna
make
it
so
I'm
kinda
I
was
just
kind
of
recapping,
the
first
meeting
where
we
got
you
know
the
few
attendees
up
to
speed,
bringing
Zack
up
to
speed
and
and
seeing
what
we
need
to
do
for
follow-up
and
Jim.
You
and
I
talked
about
this
last
meeting.
I
was
not
able
to
get
ahold
of
Steve.
B
A
A
But
I'll
give
him
another
I'll,
give
another
kick
and
and
see
if
I
can
get
a
hold
of
him,
but
if
not
I
was
just
gonna.
You
know
create
another
copy
of
this
doc
and
add
to
it
so
I
know
Marquis
wanted
to
look
into
that
and
follow
up
on
some
of
those
things
and
much
in
the
way
of
getting
ahold
of
Steve
I
didn't
want
to
go
kicking
down
doors
and
some
of
the
other
cigs.
A
B
A
Gonna
be
we're,
gonna,
be
looking
to
collaborate
and
then
Jim.
What
do
you
think
about
the
bug
bounty
program?
Do
you
think,
aside
from
that
blog
post
there's
some
stuff
we
can
or
should
do
around,
that
the
new
kubernetes
bug
bounty
program,
any
thoughts,
yeah.
B
A
Jim
Jim
had
a
good
idea
of
opening
an
issue
against
the
the
website.
Repo
congratulate
for
you
know
providing
some
more
info
on
the
bug
bounty
program.
Aside
from
just
that,
blog
post
that
went
up,
okay,
I
can
do
that
cool
cool.
Now,
I'm,
not
saying
you
have
to
provide
that
information,
but
at
least
opening
up
the
issue,
and
then
we
can.
We
can
go
from
there.
I
bet
you
because
Tim
banister
is
super
involved
on
the
dock
side
of
things.
I
bet
you
he'd
like
to
see
that
as
well.
A
B
Same
thing,
opening
an
issues
a
good
first
start,
but
if
someone
from
the
security
subgroup
wants
to
own
and
actually
see
you
to
completion,
I
think
that
would
be
even
more
beneficial.
You
know
I
think
opening
issue
sometimes
get
some
heat
and
the
open
source
community,
because
it's
a
lot
easier
than
than
doing
the
work.
You
know
yeah.
A
Yeah
definitely
definitely
so
and
I'm
happy
to
work
with
you
on
that
too
Zac.
Actually,
you
know
going
to
that
blog
post
and
kind
of
typing
up
some
more
formal
instructions
and
and
that's
okay.
B
C
Yeah
I'm
good,
so
action
items
would
be
work
with
you
around
the
the
issue
and
then
open
up
a
basically
a
bug
against
kubernetes
slash
website.
Should
we
and
Jim's
mentioned
something
about
choosing,
basically
like
a
security
champion
to
own
this,
so
should
we
should.
We
also
talk
to
I'm,
not
too
sure
if
there's
a
cig
security
and
maybe
freaking.
A
I
think
I
think
as
long
as
one
of
us
or
both
of
us
at
least
you
know
for
the
few
of
us
on
the
call,
as
long
as
I
think
Zakhar
or
me
as
long
as
we
keep
work
as
long
as
we
do
some
work
on
that
issue,
you
know
cuz,
like
Jim,
said
it's.
It's
been
known
and
a
lot
of
open-source
communities
for
people
just
open
an
issue
and
then
not
want
to
put
in
any
work.
So
I
think.
A
B
I
think
a
bunch
be
a
general
misunderstanding
when
I
was
talking
about,
you
know
getting
a
security
liaison.
What
I
really
meant
was
the
sigdoc
security.
You
know,
since
we
there's
a
subgroup
around
it
and
since
there
is
the
effort
to
kind
of
centralized
security
documents,
it
makes
sense
for
a
member
of
this
smaller
sub
community
to
be
very
active
in
that
BR
and
to
seeing
that
completed
as
opposed.