►
From YouTube: Kubernetes SIG Security Meeting 20201130
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
C
A
I
I
just
learned
that
I
had
used
the
wrong
urls
for
months,
there's
like
the
cncf
security
and
that's
different
from
this,
so
yeah
that
was
welcome.
B
D
I've
made
you
co-hosts
so
that
in
case,
I
get
booted
off
for
some
reason
that
somebody
with
access
to
the
administrative
and
monitoring
tools
will
still
be
in
the
meeting.
B
You
all
right,
we'll
give
we'll
give
a
minute
or
two
for
people
to
come
in.
D
Please
go
ahead
and
put
yourself
on
the
meeting
attendance
if
you
haven't
come
around
and
go
ahead
and
and
if
you
want
to
give
a
a
quick
introduction
to
yourself
with
you
know
who
you
are,
what
the
what
the
correct
way
to
address
you
is,
and
you
know
what
you're,
what
you're.
D
We'll
call
it
we'll
call
it
started
when
my
clock
ticks
over
to
203.
I.
D
Guess
all
right,
we'll
call
it
officially
started,
then
we'll
go
through
optional,
optional
introductions,
if
you
want
to
because
it
looks
like
we
do,
have
a
few
people
here
that
haven't
necessarily
met
everybody
before
so
I'll
start
with
that,
I'm
I'm
tabitha
call
me
she
I'm
one
of
the
coach
chairs
and
I
am
here
to
help
to
make
a
space
inside
kubernetes
for
the
cool
things
that
y'all
want.
D
We'll
just
go
down
the
go
down
the
list.
If
anybody
else
wants
to
give
a
quick
shout
out
to
themselves
so
that
we
can
all
know
who
we're
dealing
with.
F
G
C
I'll
go
next,
I'm
jeremy!
I
work
at
vmware.
I
use
he
him
pronouns.
I
my
team
runs
kubernetes
in
a
variety
of
compliant
environments,
with
different
security
constraints
and
policies
applied.
So
we're
just
looking
to
to
be
more
involved
and
give
back
where
we
can.
H
My
name
is
pop.
He
him
I
work
for
cystic
and
I'm
just
here
to
just
basically
just
learn
from
all
you
giants
here.
G
Eric
smalling,
with
sneak,
formerly
pepto,
wish-
formerly
docker-
formerly
I
bounce
around.
So
I
think
my
second
or
third
time
on
this
call,
but
this
is
my
first
experience
in
a
sig,
so
I'm
still
learning
as
it
goes
too.
A
I'm
al
I
work
something
that
has
nothing
to
do
with
security.
Actually,
I'm
here
to
see
what's
up
and
see
how
I
can
help.
I
D
J
I'm
aaron,
you
see
him.
I
am
trying
to
to
help
support
the
third
party
security
audit.
I
helped
run
it
last
year
and
I
want
to
kick
it
off
again.
We
I
got
kind
of
trashed
by
the
holidays
and
I'm
just
picking
it
back
up
again
looks
like
we'll
be
meeting
on
wednesdays,
given
a
doodle
pool.
If
you
want
to
get
involved,
feel
free
to
reach
out
to
me
on
slack
on
I'll,
be
sending
out
a
calendar.
Invite
today.
D
Awesome
yeah
ping
me
erin
if
you
need
any
help
with
like
getting
that
on
the
shared
calendar
or
anything.
Thank
you.
D
Awesome,
it
seems
like
we've
seems,
like
we've
gotten
around
the
room
and
and
hit
a
lot
of
new
people
and
a
few
familiar
faces.
So
do
we
want
to
go
and
hear
what
avita
has
to
say
about
doc's
sub
project
how's?
It
been
going
senator.
E
Hi,
everyone
hope
everyone
had
a
good
thanksgiving
our
holidays,
so
we
are
going
to
kick
a
kick
off
our
first
subgroup
meeting
on
thursday
december
3rd
at
2
p.m.
Est
we
are
planning
to
meet
bi-weekly
and
first
focus
would
be
to
work
on
the
ckx
related
material
and
also
I'm
gonna
put
a
little
bit
more
into
security
hardening
guide.
E
So
if
folks
are
interested
to
contribute-
or
if
you
have
any
thoughts,
help
me
I'm
going
to
create
an
issue
so
that
we
can
put
all
of
our
thoughts
out
there
and
it's
there
like
I'll
link
the
issue
later.
I
want
to
ask
couple
more
things
regarding
that
I'll
circle
back
and
I
will
send
you
the
slack
post
today
and
maybe
a
tweet
I'm
still
thinking
about
it.
E
D
We
can
do
whatever
we
like,
but
I
think
that
it
might
be
easier
for
everybody
if
the
sub
projects
have
their
own
google
docs
and
then
maybe
we
can
put
links
to
all
of
them
at
the
top
of
the
main
meeting
notes
doc.
So
that
that
way
we
won't
step
on
each
other,
but
also
there
can
be
like
a
one-stop
link.
That
can
be
the
only
link
anybody
has
to
really
know
because
you
could
follow
everything
out
from
there.
D
So
if
that
works
for
you,
then
you
could
go
ahead
and
create
the
meeting
notes
doc
for
your
subproject
meetings.
And
if
you
want
to
talk
to
me
about
like
the
the
permissions
and
the
sharing
settings
and
things
like
that
on
the
the
document
to
make
it
easier
for
yourself
in
the
future,
there's
some
stuff
under
under
github
kate's
community
somewhere
in
there
there's
a
ton
of
docks
there.
D
So
if
you
want
to
talk
a
little
bit
about
that
happy
to
to
talk
to
you
about
that
offline
to
help,
you
feel
like
you've
got
it
set
up
right.
E
Thank
you,
so
I
also
wanted
to
let
all
the
folks
know.
If
you
join
the
security
mailing
list,
you
will
get
the
automatic
invite
for
the
dogs
too.
So
everyone's
welcome
and
please
come
the
first
time
we
will
all
have
fun.
D
All
right
thanks
thanks
a
lot,
I
suppose,
we'll
before
we
before
we
move
out
of
this
and
and
into
the
discussion
area.
Does
anybody
have
anything
else
that
they
want
to
add
to
the
list
make
sure
that
nobody
gets
gets
their
concerns
missed.
J
I
have
I
have
one
it's
primarily
about
the
third
party
audit,
but
it
it's
kind
of.
I
don't
know
we
can
we'll
touch
on
it,
and
if
people
want
to
break
out
and
talk
about
it,
that's
okay,
too,
we
actually
have
had
money.
We
have
money
for
this
and
that
budget
expires
at
the
end
of
the
year
and
we'll
have
to
look
for
money
again.
J
If
we
don't
spend
it,
and
I
suspect
it
will
be
more
difficult-
a
lot
happened
in
2020
that
prevented
us
from
like
really
making
a
ton
of
progress.
We
we
actually
do
have
an
rfp
ready
and
we
could
start
now,
but
I
just
want
to
call
out
that
that
is
a
kind
of
a
risk
to
the
greater
kubernetes
security
initiative
is
that
this
may
not
happen
this
year,
which
means
getting
funding
for
it
next
year
will
be
harder,
but
I'm
happy
to
keep
pushing
along
with
everybody
else.
D
That's
an
important
thing
to
have
noted
because
yeah,
based
on
your
experience
with
it
last
year,
how
how
concerned,
are
you
if
the
folks
who
were
involved
in
this
pushed
on
it?
How
likely
do
you
think
it
would
be
that
we
could
actually
get
something
moving
in
time
to
use
the
budgeted
money
like
has
the
ship
already
sailed
or
or
if
we,
if
we
get
it
moving,
can
we
make
it
work?
We'd.
J
Have
to
negotiate
an
interesting
contract
whereby
you
know
we
get
the
money
budgeted
early
and
like
set
aside
for
the
for
the
year
we
can
publish
the
rfp
hell,
we
could
publish
it
today
if
we
wanted
to.
I
think
the
bigger
concern
is
acquiring
bids
in
december.
J
I
personally
have
never
worked
for
a
pen
testing
company,
but
I
think
it's
a
tough
time
of
year
for
them
right
now
that.
J
J
D
Okay,
yeah,
I
would
say
I
would
say,
please
feel
free
to
talk
to
us,
especially
especially
me
and
ian
about
what
we
can
do
to
help
with
that,
because
I
don't
know
what
the
budgeting
rules
for
that
look
like,
but
I
think
it
definitely
is
something
that
kubernetes
would
benefit
from
having
and
yeah
like
everybody
has
seen
what
2020
was
like.
So
I
would
love
to
help
you
with
that
conversation
in
in
whatever
way
that
I
can
and
I'm
sure
that
he
would
too
thank.
J
J
A
assuming
my
slack
message
is
well
received.
We'll
have
a
sub-project
meeting
next
wednesday.
If
anyone
wants
to
jump
in
and
contribute,
I'm
trying
to
set
it
on
the
off
weeks
from
this
meeting
so
that
we
don't
overwhelm
people.
D
Okay,
so
then
that
would
be
like
on
the
ninth.
D
And
also
reach
out
to
us
about
getting.
You
know
like
the
like
slack
channel
going
like
I
said
if
you
need
any
help
with
getting
the
the
meeting
on
the
calendar
permissions
on
the
documents,
any
of
that
kind
of
paperwork
stuff
like
absolutely
here
to
be
a
resource
for
you
on
that.
D
Well,
thank
you.
I
guess
we'll
move
on
then
and
I'll
say.
First
thing
to
bring
up
is
paperwork
there's
quite
a
bit
of
of
administrative
work.
That
needs
to
be
done
in
terms
of
pring
people.
D
You
know
peering
sub
project
owners
into
yaml
files,
creating
directories
in
different
repos,
adding
people
to
owner's
files,
creating
github
teams
ian-
and
I
have
been
working
on
that
and
the
the
large
series
of
prs
is
mostly
complete
and
at
the
time
when
we
were
ready
to
pr
it,
we
realized
we
were
going
to
set
ourselves
up
for
a
bunch
of
merge
conflicts.
D
So
we
took
we
said
discretion
was
the
better
part
of
valor
and
did
not
file
the
pr
that
would
generate
a
heap
of
merge
conflicts,
but
instead
we
will
be
cleaning
that
up
and
expect
to
see
that
landing
in
a
couple
of
days,
so
patrick
the
owner,
alias's
question
yeah.
We
absolutely
should
precisely
who
can
change
over
time,
but
we
should
have
some
beginnings
of
like
owner,
aliases
entries
and
things
like
that
in
the
next
couple
of
days.
Thank
you
so
much
for
asking
about
it.
D
Actually,
not
there's
there's
documentation
which
is
pretty
extensive
but
incomplete,
and
then
the
rest
of
it
is
things
that
people
know
from
being
hanging
around
the
various
kubernetes
repos.
So
there's
there's
an
extent
to
which
I
get
the
feeling
that
every
every
new
sig
has
their
own
unique
experience
of
getting
all
the
paperwork
in
because
they
are
born.
Rarely
enough
and
kubernetes
changes,
often
enough
that
I
think
the
the
list
of
what
to
do
is
different
by
the
time.
D
Somebody
else
does
it,
but
we
just
do
our
best
with
it,
and
you
know
when
we
inevitably
find
something
that
we
missed,
we'll
fix
it
project
board.
I
don't
think
that
we
have
a
project
board,
although
I
believe
that
we
could
make
one
like
perhaps
under
kubernetes
community,
and
that
should
be
pretty
easy
to
do
and
get
permissions
and
things
for
into
place
once
we
have
the
teams
and
owners
files
and
owner
aliases
and
things
like
that.
D
So
zavita,
let's
come
back
and
talk
about
this
after
we
get
that
initial
pr
landed
to
get
everything
in
and
then,
if
there's
any
changes
that
we
need
to
make
to
like
who's
on
what
list
and
whatever
that
should
be
easier
because
it'll
just
be
changing.
You
know
one
one
or
two
things
here
and
there.
E
Sounds
good
to
me.
Thank
you,
oh
yeah.
My
initial
I
just
was.
I
wanted
to
ask
this
because
the
prs
are
going
to
be
all
over.
Okay
website
has
its
own
thing
and
kkk
is
a
different
thing,
so
I
just
wanted
to
know
if
there
is
one
place
where
we
can
see
everything.
D
Yeah-
and
I
do
not
believe
that
there
is
currently
one
place
where
we
can
see
everything,
because
it's
relatively
easy
to
go
into
the
github
like
issue,
search
or
whatever,
and
look
for
the
security
tag,
but
as
far
as
I'm
aware,
that's
a
per
repo
thing
and
so
having
like,
like
a
project
board
that
we
can
throw
references
on
to
so
that
there's
one
place
to
look
and
track
things,
even
though
it's
across
a
bunch
of
repos
seems,
like
seems,
like
it'll,
be
a
good,
a
good
step
forward.
E
D
So
some
some
interesting
news
pot
security
policies
have
been
in
beta
for
a
very
long
time
and
have
been
deprecated
for
a
very
long
time
and
a
lot
of
really
smart
people
have
been
arguing
about
what
to
do
about
them
again
for
a
very
long
time
and
at
the
last
sig
off
meeting
somebody,
I
would
say
who,
but
the
ex
which
person
it
is
slipped
my
mind,
and
I
don't
want
to
embarrass
myself
by
saying
the
wrong
person,
but
somebody
pulled
together
a
great
document
with
different
potential
future
options
for
what
to
do
about
pub
security
policy
and
the
the
meeting
got
into
discussion
about
where
that
should
go
and
ian-
and
I
were
in
attendance
at
that
meeting
and
we
shared
a
lot
of
feelings
about
what
the
potential
future
for
pod
security
policy
could
be
and
got
really
good.
D
Engagement
with
that.
And
so
now
we
have
an
outstanding
promise
to
the
folks
at
sig
off
to
come
to
them
with
a
cap
for
something
cool
to
replace
pod
security
policy.
Obviously,
this
is
a
thing
that
touches
a
ton
of
different
people's
interests
and
affects
a
broad
range
of
people
who
are
using
kubernetes.
It
affects
distributions,
it
affects
release
team
and
affects
cigars.
D
It
affects
a
ton
of
things
and
so
clearly
we
will
put
our
best
thoughts
into
it,
but
certainly
we
will
not
produce
the
best
possible
thoughts
if
it
is
just
the
two
of
us.
So
I'm
imagining
this
being
a
couple
of
step
process
with
like
starting
off
with
writing.
D
Just
like
a
google
doc
talking
about
what
you
know
what
we
could
see
the
design
looking
like
and
then
sharing
that
around
the
community
for
other
people
to
add
to
I'm
kind
of
using
the
let's
collect,
use
cases
for
side
cars
discussion
that
was
happening.
I
believe
in
I'm
bad
at
this.
D
I
forget
which
sig,
which
sig
it
was
happening
in,
but
there's
a
there's
a
sig,
that's
working
on
trying
to
get
a
formal
definition
for
how
to
do
side,
cars
and
there
was
like
a
an
information
gathering
about
you
know
what
kinds
of
things
people
would
want
to
see
in
it.
That
sort
of
thing-
and
I
I
personally
have
liked
that
model.
So
the
the
initial
informal
goal
that
we
have
had
is
to
have
something
that
some
number
of
people
have
looked
at
to
bring
to
the
sig
off
meeting.
D
Then
you
know
please
come
and
talk
to
me
and
dean
coldwater
on
slack,
so
that
we
can
combine
our
powers
and
produce
something
that
is
delightful.
D
We
talked
about
owner
aliases
nathan.
Do
you
want
to
do
you
want
to
talk
about
what
you've
been?
What
you've
been
thinking
about?
Having
like
a
like
a
social
get-together
learning
group.
F
Yeah
for
sure
I
I
posted
in
a
slack
something
of
an
idea,
but
I'll
recap
again.
I
think
there
was
a
lot
of
people
through
some
of
their
introductions
to
saying
you
know
really
interested
in
learning.
F
I
would
put
myself
in
that
camp
squarely
at
you
know
in
the
security
curious
space,
let's
say,
and
I
think
it
would
be
really
neat
to
have
a
group-
that's
a
little
even
lower
commitment
than
just
showing
up
to
the
sig,
where
it's
a
little
bit
more
about
getting
getting
things
done,
but
maybe
you're
sort
of
like
I
don't
even
know
if
I
like
this
and
it'll
be
neat
to
have
a
a
social
space.
F
Maybe
something
that
is
is
got
an
activity,
so
you
know
if
anyone's
interested
they
can
show
up.
It
can
be
a
bit
of
a
front
door
to
say
hello
and
maybe
learn
a
little
bit
about
security.
That's
certainly
the
the
spot.
I'm
in
I
don't
have
a
hard
idea
of
what
that
would
look
like,
but
I'm
curious
about
other
people's
opinion.
F
But
the
idea,
basically
is
a
place
to
you,
know,
come
say
hello
and
also
come
try
to
break
something
together
with
people
and
maybe
learn
a
little
bit.
If
you
can,
I
think
the
ideal,
especially
for
those
that,
like
me,
are
very
beginner
is
maybe,
if
there's
more
experienced
people
that
we
can
trick
into
showing
up,
we
can
learn
a
little
bit
about.
F
F
A
Do
you
think
some
material,
like
kubernetes
security,
getting
started
learning
path,
something
something
like
that
would
be
helpful.
F
I
can
think
of
a
few
things
like
that.
That
already
exists.
I
know.
Kubernetes
goat
is
like
this
lovely
security
tutorial,
that's
super
fun
and
at
kubecon
also,
I
forget
who
had
organized
it,
but
there
was
like
this
capture
the
flag,
that's
all
in
code
and
was
a
wonderful
project
as
well.
So
I
think
I
I'm
not
especially
in
a
great
position
to
know
some
of
the
existing
resources,
but
I
know
they
do
exist
and
I
bet
someone
more
experienced
than
me
can
tell
me
what
they
are.
H
Yeah,
I
think
that's
a
good
entryway
for
folks
to
come
into.
You
know
security
as
we
know
right
now.
Is
it
yes,
we
know
and
love
it
very
much,
but
it's
you
know,
there's
you
got
to
bring
the
fun
right
and
so
having
those
type
of
things
that
capture
the
flags.
You
know
that
would
be
fantastic,
so
bringing
that
social
element
and
I'd
love
to
help
with
that
nathan.
D
I
believe
there
were,
I
believe
there
were
two
yeah
yeah
the
there
was.
There
was
one
put
on
by
trend
micro,
I'm
not
sure
what
the
venue
of
that
one
was,
and
then
there
was
one
at
the
at
the
cncf
security
cloud
native
security
day
day,
zero
event,
and
I
don't
know
if
that
one
was
actually
put
on
by
control,
plane,
io
or
if
it
was
put
on
like
personally
by
again
I
am
the
worst
at
names
but
sublimio
on
twitter.
Who
is
it
great?
D
Thank
you.
Thank
you
yeah.
I
don't
know
if
that
was
put
on
like
personally
by
by
andrew
martin
and
some
people
or
if
that
was
put
on
by
control
plane,
I
o,
but
I
heard
that
that
one
was
really
fabulous
there
are.
There
are
a
ton
of
of
existing
resources
like
chiefy's.
H
D
Game
which
you
can
just
deploy
into
a
local
kind
cluster
and
play
with
there's
a
write-up.
If
you
want
to
follow
it
or
you
can
close
your
eyes
and
and
just
try
to
learn
by
going
brad,
brad
giesemann
and
jimmy
musta
and
peter
benjamin,
and
I
at
kubecon
in
san
diego,
did
a
workshop,
which
you
can
run
yourself
by
going
to
secure,
kubernetes.com
and
walk
through
it.
D
I
posted
a
workshop
in
the
form
of
a
ctf
challenge,
walkthrough
from
a
ctf
challenge
that
I
ran
at
diane
initiative
over
the
summer
and
dropped
some
some
links
into
some
of
these
things.
It
sounds
like
there
is
a.
It
sounds
like
there's
a
little
bit
of
enough
of
a
group
here
that,
like
this,
could
have
some.
A
Legs:
let's,
let's
create
a
dock
in
the
in
our
repo
and
just
call
it
like
awesome,
kubernetes,
security
or
something.
Then
we
can
list
all
the
things
and
over
the
next
few
weeks,
maybe
we
can
all
go
over
and
see
what
you
like
and
then
we
find
like
a
direction
for
the
group
from.
D
D
Like
I
mean
I'll
just
you
know,
talk
our
way
through
it
and
and
have
fun
and
learn
something.
So
I
I
really
like
that.
Please
feel
free
to
use
the
slack
channel
for
that.
That's
completely
within
the
within
the
boundaries
of
what
we're
doing.
A
As
someone
who
likes
giving
talks
way
too
much
something
else,
something
else
we
can
do
is,
as
we
put
together
this
stuff
as
we
put
together
this
stuff
and
we
learn
it,
we
can
set
up
a
cncf
meetup
and,
like
I'm
an
ambassador,
I
can
just
get
all
the
stuff
from
cncf
itself,
so
we
can
set
up
a
meetup
and
then
like
every
week,
one
or
two
of
us
shares
what
they
learned
over
the
past
month
or
so
like,
basically,
nothing
new,
nothing
extraordinary.
Just
like
oh
yeah.
D
Yeah,
if
it
really
grows,
then
it
could
get
to
the
point.
Like
other
meetups,
where,
where
there
is
enough
just
people,
energy,
that
that
you
could
reasonably
have
somebody
with
some
little
thing
to
present
every
time,
just
like
as
long
as
there's
a
big
enough
pool
for
those
people
to
be
drawn
from
yeah.
F
Tabitha
is
there
any
thing
that
you
know
any
structure
for
creating
a
subgroup
that
we
could
sort
of
pattern
after
I
haven't
contributed
much
to
any
other
cigs
or
anything.
So
I'm
curious
if
we
could
make
a
little
space
as
a
word
doc
or
something
I'm
not
sure
what
the
I
don't
know
how
to
pattern
match
against
what
other
people
have
done.
That's
what
I'm
asking
about
so
that
we
can
find
a
forum
to
think
about.
I
think
it
sounds
like
this
there's
a
bit
of
work
in.
Oh
what?
F
D
Yeah
yeah
there's
there's
definitely
governance
kind
of
tools
within
the
kubernetes
governance
model
that
could
be
used
for
that.
Like
you
know
this,
this
could
potentially
be
a
thing
that
some
project
inside
sig
security
could
could
handle
it's
relatively
easy
to
spin.
G
D
A
sub
project,
so
I
guess
my
personal
direction
like
the
like,
not
speaking
with
my
chair
hat
on,
but
just
like
as
a
person
who
tries
to
do
things,
I
guess
I
would.
D
I
guess
I
would
start
to
try
and
collect
resources
and
people
on
an
informal
basis
and
then
see
like
feel
really
good,
that
the
thing
has
legs
and
then
go
and
then
go
in
and
fill
out,
paperwork
and
and
turn
it
into
something
more
official.
D
Yeah
yeah
like
like
I
would,
I
would
be
inclined
to
to
think
of
it
in
a
we
can
get
support
by
adding
structure
kind
of
way.
So
that
is,
that
is
only
a
suggestion
based
on
my
own
personal
thoughts.
D
But
if
it's
helpful
cool-
and
you
know
we-
we
are
here
like
as
chairs
we're
here-
to
to
help
by
providing
access
to
those
kind
of
resources
so
like
if
that's
yeah,
if
you,
if
you
need
a
a
place
to
host
a
zoom,
so
that
you
can
have
your
meeting
like
that
as
a
that
is
a
thing
that
we
can
do
so
so
yeah
and
like
we
can,
we
don't
have
to
have
all
of
the
like
governance,
tooling,
figured
out
before
being
able
to
do
that,
like
we
can
just
put
an
ad
hoc
thing
on
the
calendar
and
put
a
zoom
for
it
and
send
an
email
to
the
listserv
and
post
a
message
on
the
slack
and
be
like
hey.
D
D
What's
going
to
work
for
us,
so
I
I
like
the
I
like
the
idea
that
I
think
l
started
us
off
with
of
should
we
get
a
doc
like
in
one
of
our
repos
with
links
to
you
know
where
we
can
start
to
collect
links
to
these
sorts
of
things.
D
That's
another
thing,
that'll
be
easier.
Once
we
get
first
draft
of
all
this
paperwork
in
so
that
that
way
we
can
approve
each
other's
prs
into
there
and
really
use
that
repo,
like
our
own
shared
working
space.
So
I'd
say
in
the
you
know,
upcoming
days
until
that
gets
done,
you
know
feel
free
to
just
make
a
google
doc
share
it
with
each
other
drop
a
link
to
it
in
the
slack.
F
Sure
I'll
start
that
dock
and
share
it
and
just
put
some
spaces
to
list
out
resources
that
you
know
about
and
then
maybe
ideas
for
what
the
structure
could
be.
F
D
Ellen
says:
explain
it
like
I'm
five
for
those
subgroups
and
projects
and
things
so
yeah
we
can.
We
can
certainly
do
that.
There's
right
now,
there's
basically
three
like
sub
groups
that
are
starting
to
come
together.
I
guess
an
important
thing
to
note
is
the
entire
sig
is
just
starting
to
come
together.
D
I
think
that
this
is
our
third
meeting
and,
of
course,
it's
been
been
punctuated
by
holidays
and
kubecon
and
and
all
sorts
of
other
things
so
yeah
we're
definitely
still
a
baby
sig
and
from
like
kubernetes
governments
as
data
structures
kind
of
standpoint,
a
sig
is
an
object
that
exists
to
hold
sub-projects
and
sub-projects
are
an
object
that
exists
to
hold
work,
and
then
the
people
make
sub
projects
in
order
to
hold
the
work
that
they
want
to
do
so
right
now
we
have
got
zavita
is,
is
sub
project
owner
for
this
sub
project
for
improving
security
documentation,
and
if
you
savvy
thought,
do
you
want
to
take
a
minute
and
kind
of
talk
a
little
bit
about
what
the
documentation
sub
project
does.
E
Sure
so
before
this
a
little
bit
of
background,
there
was
a
documentation,
security
subproject
that
was
a
part
of
sick
docs
and
they
were
working
on
improving
the
topics
related
to
security
in
the
website
and,
unfortunately,
due
to
lack
of
attendance
and
ownership,
it
was
put
down
and
then
later
realized
sick,
sickness
security
was
brutal
like
but
like
in
an
existing,
and
this
seemed
to
be
a
better
place
to
do
that,
and
also
the
website
labs
certain
guidelines
on
typically
like
no
hardening
guide
or
like
no
production,
ready,
checklist
or
stuff
like
that.
E
So
this
project
will
help
in
if
it's
a
leader,
it
will
help
in
improving
and
if
it's
not
there,
we
will
add
more
particularly
related
stuff
to
the
website
itself.
So
that
is
working
out.
D
Thank
you.
Thank
you,
so
much
other
other
sub
subprojects
that
have
some
some
things
happening
with
them.
Right
now
are
the
the
sub
project
to
do
the
third
party
security
audit
aaron,
if
you're
still
on,
if
you,
if
you
would
want
to
do
like
a
30-second
intro
to
that.
D
Okay,
well
I
can.
I
can
try
to
do
my
best
to
to
explain
that
unless
there's
somebody
else
on
that
would
like
to.
D
So
last
year
a
working
group
was
doing
a
third
party
security
audit
of
kubernetes
like
codebase,
so
they
put
out
a
request
for
proposal.
A
few.
A
few
security
auditing
firms
responded
to
it.
A
couple
of
firms
were
selected,
went
through.
D
You
know,
source
code
auditing
and
you
know
ultimately
produced
a
report
that
now
lives
in
github
under
kubernetes
community
sig
security
there's
a
directory
in
there
with
the
with
the
results
of
that
third-party
security
audit,
and
I
believe
that
that
was
initially
done
as
sort
of
a
one-time
thing
and
as
that
was
winding
up,
there
was
the
realization
that
it
would
be
of
a
good
benefit
to
kubernetes
to
do
so
on
a
regular
basis,
and
so
within.
D
Like
the
kubernetes
governance
model,
a
working
group
kind
of
starts
up,
has
a
task
finishes
its
task
and
then
closes,
whereas
a
sub
project
can
exist
to
do
work
in
perpetuity,
and
so
if
the
third-party
security
audit
is
to
be
a
thing
that
happens
over
and
over
then
like
within
the
governance
model,
the
natural
place
for
that
to
live
is
in
a
subproject
of
a
sick
that
has
interest
in
that
area,
and
so
aaron
is
leading
that
subproject
to
continue
repeating
that
process.
D
You
know,
get
get
different
security,
auditing
vendors
involved
and
get
them
to
look
at
the
kubernetes
code,
and
you
know
write
up
the
lessons
that
they
learned
from
it.
A
A
question:
is
there
room
for
anyone
to
participate
in
that,
or
is
that
like
something
that
specifically
the
company
that
gets
accepted
to
do
it's
gonna
do
and
it's
like
a
closed
doors
kind
of
thing.
D
I
can't
speak
to
this
nearly
as
well
as
he
could,
but
I
will
try
to
do
my
best.
My
understanding
of
that
of
that
project's
goals
are
to
get
a
like
a
a
commercial
assessment
of
kubernetes
by
those
sorts
of
places
like.
I
believe
that
the
previous
one
was
done
as
a
team
by
trail
of
bits
and
atria's
partners.
K
Yeah,
it's.
That
is
mostly
a
formal
process.
That
is
sort
of
closed.
I
mean
they
will
eventually
release
the
report,
but
there's
not
really
an
opportunity
to
contribute
to
that.
However,
if
you
are
interested,
kubernetes
does
have
a
vulnerability
rewards
program,
so
you
by
yourself
can
always
go
and
look
for
stuff,
whether
in
the
source
code
or
whatever.
We
have
well-defined
rules,
there's
money
to
be
involved
and
if
you
find
an
issue
just
file
it
at
hackerone.com.
K
And
that's
the
in
that's
the
place
where
the
product
security
committee
will
triage
it
and
try
and
reproduce
it.
D
And
then
there
are
a
couple
of
sort
of
embryonic
sub-projects
which
are
not
exactly
sub-projects
yet
but
show
signs
that
they
could
become
sub-projects.
One
of
them
is
related
to
tooling.
There
is
a
slack
channel
security.
Tooling.
Does
anybody?
That's
actually
here
want
to
talk
about
any
of
the
tooling
ideas.
G
I'll
I'll
talk
about
the
the
group
for
a
second
and
the
first
meeting
ian
suggested.
We
have
that
group
and
I
jumped
into
it,
and
she
said
hey,
why
don't
you
lead
it?
I'm
like
okay,
so
we
really
haven't
defined
what
it
is
exactly.
G
My
first
thought
was
that
it
would
be
a
good
place
to
have
a
catalog
or
clearinghouse
of
kubernetes
related
tool,
security
tools,
but
I'm
open
to
any
other
suggestions
as
far
as
is
taking
that
different
directions
or
or
what
so,
I
think,
I'm
the
de
facto
care
of
it
right
now.
If
there
is
one
but
happy
to
share
those
duties
with
anyone
who
knows
what
they're.
G
Yeah
patrick
actually
chimed
in
right
away
when,
when
we
started
and
mentioned
that
he's
working
on
some
stuff
around
that
I
don't
I'm
open
either
way.
My
thought
was
originally
user,
centric
tooling,
but
I'm
sure
we
could.
We
could
do
both
or
if
there's,
if
that's
a
better,
you
know
we
could
do
whatever
we
need
to
do.
D
And
you
know,
as
my
as
chair
I'm
here,
to
help
you
all
accomplish
things
sort
of
point
of
view.
I'll
say
these
are:
these
are
all
fine
and
also
you
know,
there's
nobody
there's
nobody
standing
with
a
suit
and
a
clipboard
saying
this
has
to
be
accomplished
that
that
has
to
not
be
accomplished
and
so
yeah.
You
know
the
the
potential
working
group
exists
there
as
a
way
to
help.
You
have
a
place
to
do
things
that
you
want
to
do
to
make
kubernetes
better
and
now
you
know
nathan
and
others.
D
We've
been
we've
been
talking
about
whether
some
kind
of
a
periodic
educational
get-together
could
end
up
becoming
one
of
the
formal
functions
of
sig
security
and,
and
it
might
we'll
see,
we'll
see
how
it
goes
so
that
does
that
help
ellen.
A
B
So
that
is
the
end
of
what
we
have
on
the
list
here.
Does
anybody
want
to
bring
anything
else
up
while
we're,
while
we're
still
all
together.
K
K
D
Tim-
and
I
have
been
talking
about
that
on
slack
like
and
my
understanding
is
that
it'll
be
taken
up
at
psc
meetings
as
time
allows,
and
eventually
we
will
all
reach
a
mutually
agreeable
decision
about
what
will
move
over
into
the
public
space
of
being
dealt
with
within
the
sig
and
what
will
stay
in
the
in
the
private
space
of
the
psc
and
that
that
hasn't
been
decided
yet,
but
that
there's
no
need
to
rush
about
it.
So
tim.
If
there's
anything,
you
want
to
add
to
that.
C
No,
not
really,
I
agree
with
everything
you
said.
I
guess
the
one
thing
I
would
add
is.
C
We
don't
need
to
wait
for
some
formal
decision
on
this
if
people
are
excited
to
get
more
involved
with
some
of
the
stuff
that
the
psc
works
on,
we
have
a
bunch
of
issues
filed
in
our
security
repo.
I
can
drop
a
link
to
that
in
the
chat
in
a
minute
or
in
the
agenda
doc.
Maybe-
and
so,
if
that's
something
you're
interested
in,
feel
free
to
take
a
look
at
those
and
maybe
eventually
we'll
break
out
into
some
sub-project
working
groups
and
can
talk
about
those
in
more.
D
D
Well
then,
lacking
anything
else,
I
would
say
thank
you
all
so
much
for
coming
and
sharing
your
excitement
for
things
that
you
want
to
do.
Thank
you
for
your
patience
with
some
of
the
some
of
the
logistical
parts
and
we'll
see
each
other
on
slack
and
we'll
get
back
together
in
a
couple
of
weeks
to
report
where
we
are
and
what
we
can
all
do
to
help
each
other.
So
thank
you
all.
So
much
for
coming
have
a
good
one.