►
From YouTube: Kubernetes SIG Security 20211118
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello
good
morning,
my
video
is
really
weird.
Today
my
name
is
ian
coldwater.
I
am
co-chair
of
kubernetes
security.
Welcome
to
the
meeting
first
thing
we
are
going
to
do
today
is
try
to
find
a
note
taker,
because
we
have
somebody
to
volunteer
to
take
notes
every
time
who
would
like
to
volunteer
to
take
notes
today.
A
Awesome,
thank
you
very
much.
I
really
appreciate
it.
It
really
helps
the
meeting
go
and
happen.
There
is
also
a
box
here
for
slack
thread
creator
which
I
think
got
created
when
I
was
out
on
medical
leave.
So
if
anybody
knows
what
that
means,
and
if
anybody
wants
to
be
the
slack
thread
creator,
that
would
be
absolutely
fantastic.
C
A
C
I
think,
just
when
I
know
about
it
that
that
updates
pretty
much
what
there
is
and
it's
still
in
in
the
vendor
selection
world.
But
but
hopefully
I
think,
there's
progress
happening
and
should
emerge
soon.
Cool.
A
All
right,
vendor
selection,
progress
check.
That's
exciting,
excited
to
see
more
about
that:
okay,
sig
security
docs.
I
would
love
to
hear
from
you.
E
E
I
asked
the
group
the
last
minute
and
he
volunteered
so
I
just
want
to
highlight
and
say
like
this
is
why
I
love
this
community
more
and
this
is
an
amazing
place
and
if
you
want
to
be
a
part
of
it,
please
join
us,
and
this
is
our
own
plug,
I'm
just
starting
that,
but
honestly,
I'm
so
so
like
grateful,
and
I
figure
that
it
will
bring
smile
to
everyone's
face
and
moving
on
to
the
updates,
I
do
have
a
request
for
reviews.
E
The
first
one
is
a
amazing
tutorial
that
pushkar
put
together.
I
think
this
is
for
the
psp
of
pod
security
standards
replacement
tutorial.
For
that
I
always
get
confused
with
the
name.
It's
pss
ps,
it's
a
lot
of
things
going
on
in
my
head,
so
it's
the
psp
replacement.
Sorry,
I
forgot
the
feature
name.
I
the
replacements.
It's
going
a
bit
better
and
1.23,
so
he
put
together
an
amazing
tutorial.
E
So
go
check
it
out.
Add
your
review.
Try
it
out
comments
and
feedback,
anything
that
you
like
pod
security
admission.
Thank
you
so
much
pushkar
and
the
next
up
is
a
request
for
this
amazing
thread
model.
Any
draft
post
for
kubernetes
admission
control
that
already
put
together
it's
out
there.
We
have
been
getting
good
reviews
and
if
you
haven't
looked
at
it,
you
want
to
take
a
look
at
it.
Leave
your
comments
and
feedback.
Do
it
before
december
3rd.
E
After
that
we
are
looking
to
create
a
pr,
and
after
that
comes
the
winter
break,
and
the
blog
post
is
going
to
be
targeted
for
january.
So
would
appreciate
if
you
could
all
go
check
it
out
if
you
like
it,
give
a
thumbs
up
plus
one.
If
you
have
comments
feedback,
if
you
have
breakfast
feel
free
to
create
a
thread
or
tag
us
in
just
let
us
know,
that's
all.
F
One
more
shout
out
a
apart
from
the
tutorial
is:
there
is
a
good
blog
post
coming
in
from
lackey
and
jim,
which
also
covers
some
of
the
different
things
of
how
to
use
psa
with
123.
A
Cool
all
right
pushkar,
I
think
you're
already
talking
about
security,
tooling,
I'd
love
to
hear
a
report
back
from
all
of
you.
F
Yes,
so
I
think
the
biggest
most
visible
update
for
us
was
we've
been
trying
to
move
some
of
our
stuff
once
the
seek
security
repo
was
created
so
now.
The
first
part
of
it,
which
is
moving
existing
content
from
sig
community
kubernetes
community
to
kubernetes
security,
is
now
done.
We
had
a
new
contributor
who
did
all
of
the
grunt
work
of
moving,
so
many
different
files
into
different
internal
new
repo,
so
it
just
merged
today
and
the
new
six
security
repo
now
looks
good.
F
It
feels
like
there
is
a
lot
of
content
there
already
so
and
really
happy
to
see
that
the
next
thing
after
that
is
going
to
be
now
renaming
and
fixing
some
old
links
to
the
new
links
or
for
the
docs
and
then
a
couple
of
prs
that
we
had
put
on
hold
for
this
move
to
happen,
will
now
be
unblocked
and
then
we'll
be
able
to
move
those
also
in
security,
so
really
happy
about
that.
F
It's
very
exciting.
Yes,
definitely
me.
F
Yep
yep,
plus
one
on
both
second
one
I'll,
actually
be
very
brief,
because
ours
has
added
a
topic
in
discussion
also
later
on
this.
F
So
luckily,
there
were
some
fail
safes
on
kubernetes
side
which
made
it
not
a
big
deal,
but
that
has
led
to
some
idea
where
we
could
maybe
potentially
detect
these
kind
of
scenarios
for
all
the
vendor
depth.
So
we
probably
discuss
it
in
when
we
go
to
the
discussion
channel
more,
but
just
wanted
to
share
that
and
looking
forward
to
working
with
folks
in
kate,
square.org
and
other
places
who
would
want
to
work
with
with
us
on
this
next
one
is
a
quick
update
on
learning
session
that
happened
last
week.
F
F
I
believe
the
recording
should
come
up
soon,
once
tabby
posted
I'll
post
it
back
on
slack
and
the
last
update
mostly
for
ian
and
tabi,
is
we
have
a
pr
linked
in
that
meeting
minutes
about
a
label
that
we're
trying
to
add
for
all
the
official
cv
is
recognized
or
announced
by
src,
so
I
believe
at
least
the
work
is
ready,
but
looking
for
lg
tms
and
approves
there.
A
D
What's
what's
the
url
for
the
new
repo.
F
All
right,
cool,
okay,
so
maybe
we'll
move
to
self-assessments.
This
should
be
brief.
F
We
had
our
third
session
last
week
and
we'll
have
one
more
in
the
coming
wednesday,
where
we'll
wrap
up
all
the
three
in
scope,
data
flows
for
cluster
api
and
then
we'll
just
put
our
heads
down
or
enjoy
our
holidays
and
do
some
async
work
and
come
back
and
meet
in
chan
to
discuss
and
review
the
report
that
all
of
us
have
collaborated
and
written
on
and
then
a
really
relevant
pr
that
is
also
ready
for
review
is
a
github
issue,
template
that
is
getting
created
to
create
some
sort
of
like
a
wait
list
or
a
tracker
for
any
similar
requests
that
have
come
and
will
come
in
future
to
do
self
assessments
from
a
security
perspective
for
all
kubernetes
sub
projects.
F
So
I
I
got
some
lg
tms
from
some
folks
in
the
call
today
which
is
looking
for
an
approve
there
with
that
I'll
stop
and
happy
to
answer
any
questions,
but
thank
you
for
all
the
people
who
have
contributed
in
all
of
these
updates.
I
can't
really
do
anything
by
myself
so
really
appreciate
everyone
chiming
in
and
doing
a
lot
of
good
work.
C
I
thought
the
I
thought
the
thread
from
tim
oakley
was
really
interesting
and
it
wasn't
one
I'd
thought
of
before
about
a
github,
username
being
renamed
and
then
people
relying
on
that
as
being
somewhere.
I
pull
code
from,
but
it
makes
sense
right
because
it's
just
a
repo
name
and
and
if
github
let
you
take
names
that
have
been
moved
or
deleted,
then
the
problem
is
going
to
exist.
A
F
Yeah
agree-
and
I
think
that's
a
good
segue
for
the
next
topic,
also
because
it's
pretty
much
the
same
thing
we
are
discussing,
and
I
wanted
to
welcome
arsh,
who
is
joining
first
time,
maybe
today
from
kkk
its
code
organization,
sub
group
under
sig
architecture.
F
I
know
him
through
my
day
job
and
some
of
the
work
has
done
in
community
he's
built
a
community
project
called
deb
stats.
That
does
a
lot
of
good
work
on
that
so
I'll.
Maybe
maybe
you
can
quickly
introduce
yourselfers
and
we
can
discuss
more
about
what
your
your
thoughts
on
this
particular
thread.
G
Hey
folks,
I
am
ash.
G
I'm
super
happy
to
be
attending
this
for
the
first
time
and
I
really
like
the
thread
which
pusher
pinged
me
on,
and
I
found
that
this
topic
was
super
interesting
and,
I
think,
like
I
am
getting
this
feeling
of
getting
involved
with
this
thing
more
in
the
future.
But
we
are
coming
back
to
the
topic,
so
I
want
to
give
everyone
a
bit
of
context,
so
apparently
the
tool
that
pushkar
talked
about
depstart.
G
What
that
does
is
that
it
analyzes
like
if
you
have
a
go
modules,
enabled
project
it
will
analyze
its
dependencies
and
produce
stats
like
the
number
of
dependencies
the
project
has
or
the
number
of
transitive
dependencies
and
all
that
kind
of
things.
So,
but
as
part
of
that
tool,
we
also
have
access
to
all
the
dependencies
right.
G
So
we
were
wondering,
like
I
had
this
initial
thought,
maybe
that
instead
of
you
know
creating
something
new
and
setting
up
ci
pipelines
for
that,
since
we
already
run
this
tool
on
any
pr
which
gets,
we
run
this
tool
periodically
on
the
head
of
kk,
so
we
could
have
a
sub
command
for
this
tool
where
we
like
go
through
each
of
the
dependencies
and
somehow
check
the
account
name
right
and
that
way
we
can
just
if
we
find
that
an
account
is
compromised,
then
we
can,
you
know,
alert
folks.
F
A
There's
a
question
in
the
zoom
chat
too
about
how
would
one
detect
like
race
condition
between
you
know
last
scan
and
somebody
picking
it
up
again,
I'm
wondering
if
something
like
I
don't
know
how
technically
not
sensible.
This
is
like
a
heartbeat
might
kind
of
make
sense
if
there
are
like
dependencies
that
we're
looking
at
if
it's
just
like
pinging
periodically
to
make
sure
that
it's
not
404,
and
I
don't
know
that
that
solves
that
problem
entirely.
But
I
don't
know.
G
Yeah,
so
on
that
pinging
hard,
we
think
so.
Currently
the
periodic
job
runs
once
every
six
hours
right.
So
I
think
six
hours
is
enough
room
that
we
can't
expect
that
someone
if
for
an
account
to
get
lost
and
someone
to
reclaim
it.
I
don't
think
that
is
possible
in
six
hours,
but
I'm
not
technically
sure
on
this.
So
I
think
if
we
ping
every
once
every
six
hours
and
we
are
getting
an
okay
response,
it
should
be
a
good
enough
method
to
check.
A
There's
a
suggestion
in
the
zoom
chat
that
I
think
is
kind
of
interesting
from
benjamin
floyd,
who
mentioned
something
in
the
agenda
about
having
trouble
with
headphones.
So
I
don't
know
if
you
want
to
speak
out
louder.
If
you
want
me
to
speak
for
you.
A
H
Right
so
yeah,
I
don't
like
the
idea
of
having
a
time
polling
based
security
check
on
the
integrity
of
those
repos.
G
H
So
if
I'm
an
attacker,
I'm
in
this
I'm
going
to
generate
a
list
of
all
the
dependencies
of
kubernetes
right
and
I'm
just
going
to
watch
those
repos
and
if
our,
if
our
heart
beat,
is
every
six
hours,
I'm
gonna
ping
it
every
two
and
that
way
I
can
just
instantaneously
hit
it
with
a
an
automated
attempt
to
compromise
that
account
name
and
stick
a
repository
there
before
the
next
heartbeat.
H
I
wouldn't
manually,
take
that
over
and
then
assume
that
I'm
going
to
have
enough
time
to
generate
that
I'd
have
that
prepared
ahead
of
time.
So
that's
why
I
think,
from
from
our
perspective,
to
avoid
the
supply
chain
attack,
there's
figure
out
a
way
and
yeah.
I
agree
that
the
current
versioning
and
pinning
and
dependency
management
systems
are
not
very
good
they're
not
built
for
this.
H
A
So
the
big
attackers
now
do
know
it's
six
hours
and
you
know
which
is
sort
of
the
flip
side
of
security
through
transparency
right
the
idea
of
it
being
an
additional
tool.
A
You
know,
makes
sense
if
the
existing
one
doesn't
have
the
capacity
to
handle
that
for
building
additional
tooling
into
it.
I
guess
my
next
question
is:
who
wants
to
build
that
and
does
the
person
who
maintains
the
existing
tool
want
to
do
that
too,
because
you
know
we
can
think
of
ideas
of
things
to
be
built
all
day,
but
is
anybody
wanting
to
take
that
on.
F
Okay,
so
it
seems
like
good
next
step
would
be
for
people
interested
to
gather
around
a
google
doc
that
maybe
looks
similar
to
a
cap
start
coming
up
with
ideas.
That
would
make
sense
and
really
solve
the
problem
that
we
are
trying
to
solve
and
then
see
where
it
goes
and
get
people
more
excited
with
more
details
when
we
have
it
on
google
doc.
A
That
that
would
be
the
only
excuse
for
that
fun.
I
think.
Okay,
I'm
not
trying
to
shut
down
discussion
either.
If
people
have
continuing
thoughts
on
that
pushker.
Do
you
wanna
create
the
google
doc?
If
you
haven't
done
it
already.
A
Okay,
if,
if
folks
want
to
take
the
discussion
on
that
to
google,
docs
and
and
whatnot
next
on,
the
agenda
is
a
question
from
pj.
Should
we
make
this
part
of
the
meeting
agenda
template
and
it
is
a
link
to
the
kanban
board
of
issues
that
we're
tagged
in
yeah.
F
Yeah
yeah,
it's
basically
anything
related
to
our
sick
that
people
in
the
group
have
worked
on
or
something
that
we
have
reviewed
or
etc.
So
the
main
idea
behind
that
was
people
who
can't
join
the
meetings
and
are
going
through
the
meeting
minutes.
Apart
from
what's
already
in
the
meeting
minutes,
they
can
look
at
the
tracker
and
see
oh,
this
is
to
do,
but
this
also
looks
exciting
to
me.
A
I,
like
the
collaborativeness
and
the
openness
of
that
idea
of,
like
of
making
it
a
sort
of
more
open
process
for
people
to
get
involved
in
it
to
see
themselves
getting
involved
in.
I'm
not
entirely
sure,
with
this
amount
of
coffee
left
what
the
logistics
are
of
everybody
assigning
things
to
themselves,
but
I
don't
know
that
that's
a
deal
breaker
in
terms
of
putting
it
in
the
template,
because
I,
like
the
idea
of
having
it
be
a
you
know,
open
collaborative
process
that
people
can
put
themselves
in.
F
Yeah,
I
was
thinking
about
that
like
this
could
be
a
first
step
and
then,
if
people
start
assigning
themselves
and
then
if
they
need
more
information,
we
meet
every
month
or
so
in.
As
part
of
this
meeting
or
a
separate
meeting
and
start
talking
about
the
issues
and
answer
any
questions
that
people
may
have.
A
Does
the
existing
issue
triage
process
that
we're
all
working
on
have
mechanisms
for
people
to
assign
themselves?
I
I
guess.
A
Yeah
I
have
I
have
sort
of
similar
questions
about
how
that
I
think
how
that
integrates.
I
think,
as
part
of
the
agenda
template,
I
think
one
thing
that
I
can
see
it
being
immediately
useful
for
is
like
what's
sig
security
up
to
right
now,
like,
if
you
know
as
a
sort
of
mechanism
to
encourage
discussion
or
having
you
know,
people
have
a
thing
to
look
at,
or
you
know
just
like
get
a
handle
on
what's
going
on
right
now.
A
E
I
think
I
am
in
favor
of
what
ian
said
that
we
can
add
like
what
what
security
I
I
do
have
we
can
add
what
the
sig
is
up
to
and
what
are
the
new
issues
and
stuff
like
that.
E
I
have
one
one
request:
if
we
are
going
to
do
the
triage,
I
just
don't
want
to
look
at
the
project
board
and
say
like:
is
this
being
worked
on
or
like
the
monotonous
things
I
I
want
it
to
be
useful
to
everyone
like
pick
an
issue
and
talk
through
it,
so
that
at
least
someone
can
pick
it
up
like
if
they
don't
have
the
context,
and
we
should
also
time
if
we
are
going
to
go
around
that
route.
E
We
should
always
time
box
it
or
keep
it
in
the
last
10
minutes,
15
minutes
that
folks
can
drop
off
if
they
don't
want
to
be
a
part
of
that
or
if
they
or
running
late
for
meetings
and
things
like
that.
Those
are
my
two
suggestions
and
it's.
It
would
be
nice
to
have
something
like
now
that
we
have
a
lot
of
issues
and
we
don't
have
a
lot
of
contributors.
This
is
one
way
to
actually
like
say,
like
we
have
these
many
issues
in
prs
and
we
need
help
and
here's
your
context.
E
It's
just
not
in
the
paper
or
it's
not
the
paper.
Sorry,
I'm
a
paper
pen
kind
of
person,
so
I
always
think
like
that.
It's
in
the
github
ratio-
and
you
can
read
this
and
then
this
is
the
little
background,
information
that
we
discussed
and
it
should
help
to
get
you
started
and
things
like
that.
H
This
is
a
way
out
in
left
field
there,
but
I
was
thinking
of
like
basically
having
a
task
on
the
board
that
we
pass
around
between
meetings
like
this,
that
somebody
takes
it
for
two
weeks
and
then
kind
of
curates
or
watches
the
the
tasks
we're
gonna
do
a
self-assignment
just
to
say:
hey,
there's
somebody
that's
watching,
but
we
don't
want
to
overload
anyone.
You
know
contributor
here
with
that
task.
You
know
indefinitely
that
way.
There
would
be
some
some
kind
of
a
checks
and
balances
there.
H
I
guess-
and
the
second
I
guess
comment
there
would
be
that
as
someone
new
to
the
community,
I
would
love
to
participate,
and
so
you
know
I'm
looking
to
team
up
with
somebody
with
more
experience
here
where
I
don't
feel
comfortable,
just
grabbing
a
task
like
that.
I
don't
know
the
process
or
or
how
that
is
going
to
affect
the
current
contributors,
but
I
don't
know
that
everybody
that
would
go
and
find
that
board
would
have.
That
kind
of
you
know
pause
to
say.
H
Well,
let
me
figure
out
how
this
works
first
right,
so
I
think
it
would
lead
to
some
inconsistency
and
some
some
potentially
separating
under
the
radar
or
you
know
bypassing
process.
That's
there
for
a
reason.
A
Generally
speaking,
the
community
process
for
sig
security-
and
I
don't
want
to
be
the
only
person
speaking
to
this-
is
that
we
are
really
open
as
a
community
and
we
want
to
do
things
collaboratively
and
we
encourage
that.
We
encourage
new
contributors
and
people
to
work
together.
A
I
have
more
thoughts
on
this,
but
I
would
love
other
people
to
talk.
First,
actually.
F
One
thing
that
has
worked-
and
maybe
it
could
be
something
that
we
can
adopt,
is
somebody
who
is
more
familiar
with
the
community.
The
cigs
and
the
work
that
is
needed
creates
and
creates
a
github
issue,
but
instead
of
assign
it
assigning
it
to
themselves,
they
just
say
like
if
it's
a
very
beginner
issue
or
they
are
happy
to
mentor
the
person
who
wants
to
who
is
new
to
the
community
and
wants
to
start
contributing.
F
We
just
tag
it
as
a
good
first
issue
or
help
want
it,
and
then
what
that
ended
up
happening
doing
is.
There
are
many
new
contributors
who
don't
know
where
to
start,
but
really
want
to
contribute,
are
always
tracking
on
those
two
labels
and
for
one
of
the
refactors
that
we
just
talked
about.
This
happened
where
out
of
nowhere
the
person
who
actually
worked
on
this
said
hey.
F
I
want
to
work
on
this,
but
I
might
need
some
context
and
then
I
was
a
reporter
and
I
said
yes,
let
us
know
what
you
need
and
then
they
started
working
on
it
continued
to
make
progress
opened
a
pr.
We
reviewed
it,
tabby
reviewed
it,
and
then
everything
looked
good.
We
got
some
reviews,
we
made
some
changes,
so
that
might
be
something
we
could
explore
as
a
potential
option,
but
I
agree
like
if
somebody
wants
to
create
an
issue.
F
They
shouldn't
potentially
use
the
tracker
as
a
source
for
creating
new
things
that
potentially
are
useful.
It
could
just
go
to.
They
could
just
go
to
a
repo
that
is
more
relevant
and
then
start
there.
So
these
are
just
my
thoughts.
A
Yeah,
I
really
like
the
idea
of
having
good
first
issues.
If
we
don't
have
those
already
like.
That's
that's
an
awesome
thing
to
have.
You
know
we
should
be
doing
that
yeah.
A
A
Now,
as
like
a
separate
thing
from
the
segoth
meeting,
and
I
don't
know
how
many
prs
they
have
to
go
through
versus
how
many
pr's
we
have
to
go
through,
you
know,
but
it
seems
like
it's
been
working
really
well
for
them
as
a
thing.
So
that
is
also
a
thing
to
just
like
look
to
and
think
on.
F
F
It
can
be
part
of
every
other
six
security
meeting
where
the
last
20
minutes
or
so
is
just
bug
triage
and
if
folks
want
to
drop
off
and
not
really
interested
in
contributing
at
that
time,
they
can
drop
off
at
the
back
triage
phase
and
others
can
continue
to
discuss
it,
and
then
that
becomes
sort
of
part
of
the
meeting.
And
if
six
months
from
now
one
year
from
now
our
sig
expands
and
we
have
a
lot
of
them.
Then
we
can
have
a
separate
meeting
that.
A
Makes
sense,
I'm
not
necessarily
like
I
said,
suggesting
a
separate
meeting,
I'm
just
thinking
on
it.
I
think
that's
really
smart
and
like,
if
you
know-
and
I
think
it's
a
good
idea
to
have
the
tracker-
be
part
of
the
meaning
that
we
have
right
now,
because
right
now
there
are
people
who
are
looking
at
it
because
they're
in
the
habit
of
looking
at
it
and
maybe
more
people
who
don't
necessarily
know
that
it
exists,
or
you
know,
know
to
look
to
it.
A
D
I,
like
the
sig
tracker-
I
I
guess
I
would
second
the
other
person
I've
been
listening
in
on
this
sig
for
gosh
close
to
six
months
and
I'd
like
to
start
contributing,
but
I'm
not
comfortable
with
the
process.
So
it'd
be
great
if
there
was
some
documentation,
even
if
it's
outside
of
this
community,
if
there's
like
general
documentation,
I
could
look
at
and
get
a
feel
for
how
to
get
involved
with
something.
A
For
a
clarifying
question
for
sig
security,
specifically
or
for
kubernetes
contributions
in
general,
or
what
are
you
thinking.
D
I
I
think,
kind
of
both
really
because
you
know
I'm
just
not
I'm
just
not
familiar
with.
You
know
everything
from
the
how
we
tag
things,
and
I
mean
I,
you
know
just
what
are
the
you
know?
What
are
the
standards
and
how
do
you
I
mean
just
I'd
like
to
dip
my
toe
into
a
project
and
and
see
how
I
could
contribute,
but
I'm
not
even
sure
how
to
start.
You
know
effectively.
A
That
makes
sense.
I
hear
that
and
there's
also
a
comment
in
the
zoom
chat
from
benjamin
floyd,
who
said,
I
would
find
it
nice
to
have
an
ambassador
of
sorts.
You
know
like
back
in
school
when
they
called
someone
out
of
class
to
help
show
the
new
kid
around,
and
I
fair
enough.
A
I
feel,
like
I'm
hearing
a
theme
from
folks
in
this
meeting,
that,
like
maybe
having
more
kind
of
new
contributor
onboarding
for
folks
who
are
not
sure
where
to
start
in
a
somewhat
slightly
more
formalized
way
than
we
are
currently
doing
it,
which
is
really
you
know
just
like
holler
at
us,
and
we
will
help
you
through
it
or
at
least
having
more
written
down,
is
a
thing
that
people
want.
H
Yeah,
it's
it's
definitely
one
of
those.
You
know
there's
for
the
folks
that
have
been
here
a
long
time.
I
think
right,
you're
a
little
bit
desensitized
to
the
amount
of
content
that
is
out
there
and
and
just
it's
quite
overwhelming
right.
So
yes,
this
sig
meeting
is
is
right.
It
would
have
been
awesome
to
be
like
hey.
This
has
been
the
new
kid
like
you
know,
welcome
to
the
security
class.
These
are
the
you
know.
H
These
are
the
folks
right
and,
and
so
like
the
example
of
the
previous
thing
right,
I
was
looking
for
a
way
to
jump
in
there,
but
I
don't
exactly
want
to
jump
in
and
say
hey.
I
have
no
idea
what's
going
on
right,
so
pairing
up
with
somebody
that
doesn't
know
that
process
a
little
better
than
me,
so
that
right
I
can
perpetuate
that
forward,
would
be
really
cool
and
maybe
that's
something
across
sig
community
right,
there's,
there's
the
community
or
the
contrib
x
folks.
I
guess
that
may
be.
H
I
guess
have
more
visibility
across
more
groups
for
that,
because
there
are
definitely
groups
didn't
want
to
participate
in
and
then
there
are
some
that,
like
the
security
I
do
so,
but
I
don't
even
know
where
to
get
started
with
that.
A
A
As
I
said,
the
way
that
we've
been
doing
that
so
far
is
pretty
informal
like
come,
hang
out
in
the
slack.
Come
talk
to
us
express
interest
in
contributing
like
we'll
hook
you
up
like
you
know,
but
I
also
hear
that
people
maybe
want
a
somewhat.
You
know
somewhat
more
documented
version
of
that.
So
okay
noted
yeah.
A
For
sure
yeah,
no,
no,
definitely
totally
valid.
Not
you
know
just
sort
of
thinking
out
loud
of
like
okay
noted
that
that
is
a
thing
that
people
want
leads.
Do
we
want,
maybe
want
to
like
just
like
hang
out
amongst
ourselves
and
try
to
talk
through
that
a
little
bit
at
some
point
of
like
how
we
want
to
go
about.
Maybe
doing
that.
A
G
So
more
context
on
that
is
sig.
Docs
has
a
role
for
a
new
contributor
ambassador
and
whoever
serves
as
the
new
contributor
master
is
basically
responsible
for
shepherding
any
new
contributors
who
are
interested
or
even
like
just
calling
out.
If
there
are
people
who
don't
know
about
the
sake
in
general
and
basically
helping
folks
out,
so
there
could
be
a
role
like
that.
That's
really
cool.
D
F
A
If
you
haven't
taken
a
look
at
kubernetes.dev,
there
is
a
site
that
is,
I
think,
specific
to
kind
of
contributor,
onboarding
and
privilege
stuff
that
you
might
find
useful
yeah.
That
makes
a
ton
of
sense.
Thank
you
for
for
bringing
that
up.
I'm
going
to
think
on
that
and
talk
to
other
folks
like
tabby,
who
isn't
here.
A
Who
is
the
co-chair
about
how
we
can
help
that
happen
and
if
folks,
who
are
not
leads,
want
to
continue
to
contribute
ideas
and
speak
to
that,
I
would
love
that,
because
it's
not
all
about
the
leads
here.
It's
about
everybody.
A
A
Also
for
the
folks
who
are
contributing
a
lot
of
really
good
content
to
the
zoom
chat.
If
you
want
to
see
that
into
the
slack
chat,
I
think
that's
what
the
slack
thread
is
for,
because
zoomstat
is
a
ephemeral
and
will
go
away
after
this
meeting
is
over.
E
And
I
wanted
to
add
one
more
thing
we
used
to
do
this.
I
don't
know
when
it
fell
off
the
in
general,
like
we
used
to
call
out
like
who's
the
new
contributor
in
this
meeting.
What
do
you
want
to
learn
or
like?
Are
you
here
like
tell
anything
like
why
are
like
what
is
interesting,
you're
here
to
learn
you
are
here
to
absorb,
you
want
to
contribute,
and
things
like
that.
Actually,
that
helps
a
lot
later,
also
to
get
in
touch
with
them.
E
A
I,
like
that
yeah,
I
think
I
don't
think
we
stopped
doing
it
on
purpose.
I
think
I
think
it's
just
like
I'm
going
to
stick
it
in
the
template.
Right
now
is
what
I'm
going
to
do
so
that
we
all
remember
to
do
that.
E
I
think
it
just
fell
off
like
we
like
it's,
not
intentional,
but
it's
just
like
you
know.
After
a
while,
I
remember
like
when
pushkar
was
hosting
the
meeting
the
last
time.
I
think
we
went
around
the
room
one
one,
one
time
like
all
of
us
reintroduced
whoever
was
old
like
like
always
there
in
the
meeting
we
introduced
new
people,
we
welcome
the
new
people,
so
it's
like
at
least
you
get
to
know
the
name
of
the
person
like
if
they
want
to
they're
looking
for
help.
E
It
helps
me
I'm
I'm
very
bad
at
following
up
on
slack
and
I
get
confused
with
emails,
and
even
now
I
got
confused
posting
in
the
slack
thread
or
in
the
zoom
chat.
So
I
think
I
did
like
I
posted
here,
even
though
I
know
that
I
have
to
do
it
there,
so
it
little
things
help
me
the
little
exotics
like
this
actually
helped
me
so.
A
Yeah,
that's
huge,
and
I
appreciate
you
calling
it
out.
I
just
stuck
introductions
into
the
agenda
so
that
we
can
have
that
be
a
thing
that
we
continue
to
do.
We
have.
It
is
11,
44
central
time
right
now,
which
means
technically.
I
think
we
have
15
more
minutes
of
this
meeting.
Do
we
want
to
do
like
late
introductions
as
sort
of
a
means
to
add
stuff
or
just
like,
add
context
for
ourselves,
because
I
don't
think
we
have
anything
else
up
for
discussion
right
now,
unless
I
missed
something
we
don't
so.
A
H
I'm
ben
floyd,
I
am
in
transition
between
jobs
at
the
moment
and
my
previous
role
didn't
give
me
a
lot
of
opportunity
to
contribute
to
open
source
community
work.
H
So
I'm
looking
forward
to
jumping
in
there
where
I
have,
I
guess,
benefited
a
lot
from
the
kubernetes
platform
and
not
really
been
able
to
contribute
in
a
way
that
that
felt
like.
I
was
returning
what
I
was
getting
so
that's
kind
of
what
I'm
I'm
here
doing.
I
love
to
break
things,
so
I
will
always
come
with
that:
attacker
mentality
and
yep,
and
that's
that's
about
it
and
I'm
definitely.
I
guess
generally
not
afraid
to
go
off,
mute
and
show
my
ignorance
of
the
situation.
A
D
Well,
I
can,
I
can
jump
in.
I
I've
been
hanging
out
with
you
guys
for
about
six
months
and
I'd
love
to
find
a
project
that
would
use
my
experience
and
skills
primarily
in
cryptography
or
network
security.
So
anyway,
I've
been
working
as
a
software
engineer
and
in
security
for
a
good,
solid
30
years.
I
would
say
so,
but
I
have
to
say
I'm
not
completely
familiar
with
how
kubernetes
checks
in
and
checks
out
and
all
the
labels
and
stuff
like
that.
D
So
I
like
to
get
do
a
project
where
I
start
getting
familiar
with
all
that
stuff.
I
Time
I
I
can
go,
my
name
is
asaf,
I'm
very
new
to
the
community
at
probably
the
second
or
third
meeting.
Definitely
learning
this
and
observing
for
some
weeks
before
I
can
make
any
meaningful
contributions,
so
just
here
to
observe,
learn
from
others
all
over
the
documentation,
etc.
So,
hopefully,
in
the
next
couple
of
weeks,
maybe
some
small,
meaningful
contributions.
I'll
definitely
would
want
to
do
that,
so
I'm
just
kind
of
in
a
learn
and
observe
mode.
At
this
moment.
A
B
Hello:
everyone,
I'm
rahul,
I'm
I
work
for
a
company
called
aquinox.
We
work
on
runtime
security
again.
This
is
my
first
meeting
in
this
in
this
community.
Really
nice
really
glad
to
be
part
of
this
community.
I
have
been
part
of
other
communities
like
idf
standards
for
past
10
years.
J
I
was
gonna
say
this
is
eric
multan,
my
first
attendance
to
this
call
and
right
now
I'm
just
learning
what
you
guys
are
up
to
and.
K
Hello,
everyone.
This
is
amit,
I'm
a
freshers.
I
am
a
college
passover
and
I
am
doing
training
in
eriksen.
K
So
as
a
presently
I'm
preparing
for
ckn,
where
I
came
to
know
about
kubernetes
and
all
of
these
things,
so
I
am
quite
quite
bit
into
it
and
after
some
of
my
one
of
my
friends
and
looking
onto
this,
I
go
through
the
some
six
and
find
out
the
securities
quite
interesting
to
me.
So
it
is
my
first
meeting,
although
and
thank
you
for
having
me
and.
A
A
Hi,
I'm
ian
I'm
the
co-chair
of
six
security
here
and
our
co-chair
tabby,
who
is
usually
here,
is
not
here
this
week,
but
is
awesome
and
yeah.
A
D
I
also
want
to
thank
you
for
being
one
of
the
leaders
of
these
meetings,
because
you've
been
great,
actually
you
and
tabby
and
and
the
others
who
have
led
some
of
these.
A
Yeah,
we
really
pride
ourselves
here
at
six
security
in
creating
a
welcoming
inclusive
community
that
encourages
new
contributors
and
contributions
and
collaborative
like
work,
and
we
really
want
this
to
be
an
open
environment
that
people
feel
welcoming
and
excited
to
contribute
to
so
super
glad.
You're
here
and
yeah
super
glad
to
work
excited
to
work
with
you.
D
E
Hi
everyone,
my
name
is
avita
and
I
am
a.
I
lead
six
security
documentation
project,
I'm
here
to
learn
more
about
security.
I
my
career
interests
changed
and
I
couldn't
practice
security
for
a
long
time
and
when
this
group
was
founded-
and
I
just
showed
up
volunteered-
and
I
got
to
work
with
all
the
amazing
folks
here-
who
I'm
actually
super
grateful
every
day
and
for
and
I
look
forward
to
this
meeting
and
look
forward
to
working
with
everyone
learning
it's
not
that
I
know
a
lot.
E
It's
just
that
being
here
and
sharing
the
knowledge
is
super
important.
So
if
anyone
feels
that
they
don't
know
anything
and
they
are
like
no,
they,
how
can
they
contribute?
Don't
don't
worry.
This
is
a
super
safe
place.
You
can
always
say
like
I'm
here
to
learn.
Can
you
teach
me
how
this
is
done?
E
F
Definitely
plus
one
savita
has
been
very
good
role
role
model.
For
me
to
be
honest,
I
I
work
for
vmware
and
lead
the
tooling
sub
project.
I
actually
not
very
long
term
long
time,
member
for
the
community,
so
I
joined
or
became
more
active
in
february
or
march
of
this
year
and
just
been
trying
to
get
my
head
around
everything.
F
Slowly
slowly
got
used
to
stuff
and
it's
it's
completely
been
surprising
pleasantly
for
me
in
terms
of
the
openness
of
the
community
and
I've
asked
very
naive
and
beginner
questions,
and
I
have
gotten
good
responses
and
then
slowly
so
late
has
really
helped
me
build
up
the
knowledge
or
something
that
I'm
hopefully
able
to
share.
So
one
thing
I
wanted
to
offer
at
least
from
my
side
for
anyone
who
is
new
and
wanted
to
figure
out.
F
What's
really
going
on,
how
we
can
start
is
in
the
six
security,
tooling
meetings
we
have
two
every
month
and
one
of
them
which
is
coming
up
next
on
tuesday,
which
is,
I
believe,
november
30
after
thanksgiving,
is
going
to
be
actually
a
working
session
for
45
minutes
and
I'll
just
open
it
up.
For
all
of
you
who
want
to
contribute
and
don't
know
where
to
start
and
any
questions
you
have
anything,
I
can
help
out.
F
I'm
happy
to
do
that
in
front
with
a
screen
share
happy
to
walk
you
through
different
paths
as
a
contributor
and
basically
answer
any
questions.
So
you
should
get
the
calendar
invite
for
that.
If
you
subscribe
to
the
google
group
or
for
six
security
and
if
you
don't
know
how
to
subscribe
to
the
google
group,
that's
fine
as
well
so
I'll
share
the
link
to
the
google
group
and
then,
as
long
as
you
have
an
account
on
google,
you
will
be
able
to
subscribe
it
and
the
calendar.
A
Yeah
big
appreciation
to
to
all
of
you
to
our
awesome
leads
and
to
the
new
contributors
who
are
just
coming
in
here
and
to
everybody
who
puts
in
the
work
to
make
sync
security
happen,
because
it's
really
important
and
I'm
really
glad
that
we're
all
here.
Working
on
that
together.
A
I
hope
that
somebody,
I
I'm
saving
the
zoom
chat
and
I
might
just
stick
it
into
the
slack
thread
for
like
posterity,
because
there's
a
lot
of
really
good
zoom
chat,
and
I
think
that
we
were
wanting
to
move
some
of
the
really
good
ephemeral
chat
into
a
less
ephemeral
format.
So
I
might
just
stick
that
text
file
into
slack.
If
that
makes
sense
for
me
to
do
and
yeah
do,
people
have
any
last
minute
thoughts
whatevers
for
the
last
five
minutes
of
this
meeting.
H
It's
no
offense,
but
I
hope
that
I
get
to
contribute
to
other
groups
more
than
this
one
so
that
we
don't
end
up
with
a
really
insecure
ball.
H
Thank
you
all
for,
for
being
so
inviting
that
is
definitely
encouraging.
I
appreciate
it.
A
Declare
this
meeting
probably
over
for
now,
because
it's
almost
at
time
anyway,
unless
anybody
else
has
any
burning
things
that
they
want
to
say
in
the
last
minute
or
so
I'm
going
to
stick
the
zoom
chat
file
into
the
flat
thread
so
that
we
have
it
for
the
record.
I'm
super
happy
that
all
of
you
are
here
and
excited
to
get
to
work
with
all
of
you
to
help
make
this
project
and
the
world
more
secure.
So
thank
you
all
for
being
here
and
working
on
it
together
and
yeah.
D
A
A
Or
we
can
link
it
into
the
agenda.
Also,
that's
probably
the
smarter
way
to
do
it.
A
Awesome,
thank
you
all
so
much.
I
hope
you
have
a
wonderful
couple
weeks
and
I
will
see
you
on
the
slacks
and.