►
From YouTube: Kubernetes SIG Security Audit 20210721
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
All
right,
it's
four
after
I'm
gonna
start
because
yeah
there's
only
a
few
of
us
on
the
call
here,
there's
only
three
of
us
on
the
call.
So
most
of
you
have
known
that
we
are
reviewing
proposals
and
we,
I
do
have
an
open
pr
to
extend
our
vendor
selection
date
to
august
10.,
and
this
is
from
a
private
call
we
had
on
monday
just
because
it
will
take
some
time
for
negotiations.
A
The
main
thing
I
want
to
talk
about
is
suggesting
to
change
the
cadence
to
this
meeting
to
just
once
a
month,
so
the
two
other
six
security
sub
projects
are
also
at
once
a
month
currently
and
they
work
async
through
the
slack
channel
and
so
our
for
this
sub
project.
Once
the
vendor
has
been
selected,
which
is
after
august,
10,
it's
pretty
much
just
it's
just
most
of
the
work
is
going
to
be
on
the
vendor.
A
So
so
I'm
proposing
this
and
just
just
changing
the
meeting
once
a
month.
What
are
people's
thoughts
so
and
interesting?.
B
A
A
That
that
is
true-
and
that's
just
I
think,
that's
just
going
to
be
more
on
the
private
side
more
on
more
and
more
ad
hoc
meetings
with
the
with
the
with
the
review
team.
A
But
in
terms
of
this
side
I
could
also
bring
this
up
to
260
as
well
and
with
what
aaron
what
the
last
audit
was
like.
If
there
was
frequent
communication
between
between
the
vendor
and
I'm
sure
there
is
there,
there
will
be
and
there's
some
projects
and
what
that
in
and
how
that
should
work
throughout
this.
You
know
the
next
till
the
end
of
the
year.
A
So
I
do
believe
that
is
true
that
that
there
is,
there
will
be
some
so
lots
of
lots
of
comms
between
the
vendor
and
this
sub
project
and
from
what
I
gathered.
The
vendor
was
also
added
to
the
slack
channel
as
well.
To
like
ask
questions
on
the
private
side
channel
to
on
that.
We
currently
have
so
we
would
communicate
it
through
that
way
as
well.
B
A
A
Yes,
I'm
thinking,
but
I
would
have
to
to
clear
up
history
on
that
and
if
we
do
go,
go
about
that.
So
the
last
from
what
I
said,
the
last
private
slack
channel
they
had
was
a
working
group,
private
stack
channel
and
I
believe
they
started
at
when
they
when
they
did
select
the
vendor.
A
I'm
actually
not
really
sure,
but
I'm
also
proposing
to
also
to
to
go
through
that
list,
see
who
people
are
still
active
on
or
still
want
to
participate
in
that
group
as
well,
because
we've
had
people
who
just
joined
for.
Like
you
know,
a
single
meeting
and
just
and
they've
asked
me
joining
into
that
sideshow.
A
So
we'll
get
in
touch
with
everyone
who
is
still
involved.
Who
is
in
that
side
channel?
They
would
still
like
to
be
involved.
A
Also
agreeing
to
you
know
to
a
few
to
this
to
the
security
release
process
as
well.
So
there's
a
few
things
that
goes.
That
goes
with
that,
as
well.
Just
not
just
cleaning
up
that
slash
channel,
but
also
reviewing
who's
currently
in
there,
seeing
if
they
want
to
continue
with
that
slash
channel
and
if
they
do,
they
have
to
agree
to
these
to
this
quicker
release
process
and
with
the
embargo
for
cvs
as
well.
Since
those
things
will
be
discussed
in
that
private
side
channel,
so
yeah,
so
that
what
so?
A
B
So,
just
to
put
a
fine
point
on
so
as
we
get
into
the
phase
of
post
scoring
and
vendor
selection.
We
get
a
vendor
and
of
course,
there's
probably
some
linux
foundation,
cncf
wrangling,
legal
and
financial
discussions.
But
once
a
vendor
is
selected
and
announced.
B
B
A
I
actually
wanted
a
separate
private
stack
channel,
but
I
was
that
request
was
denied
because
they're
they
do
like
to
limit
the
number
of
private
slack
channels,
so
that
was
that
was
my
deal
scenario
was
to
have
a
separate
private
stack
channel
for
the
vendor
and
for
and
for
people
and
for
folks
that
invest
in
the
sub
projects.
But
yeah.
A
Well,
cool
all
right,
so
those
are
the
only
key
things
I
want
to
talk
about.
You
know
we'll
definitely
I'll
get
in
touch
with
aaron,
who
was
the
who's
kind
of
like
the
emeritus
advisor
for
the
sub
project,
about
continued.
A
In
with
the
with
the
vendor,
after
vendor
selection,
so
for
those
who
are
new,
we
have
a
rfp
ops
for
third-party
security
audits.
We
have
four
vendors
who
submitted
proposals
and
the
vendor
selection
date
has
been
moved
to
august
10..
So
the
review
is
underway
to
select
the
vendor.
B
A
I
have
not,
and
I've
contacted
all
the
vendors,
no
negative
feedback
at
all:
okay
cool
yeah,
all
right,
so
that's
pretty
much
it
any
other
comments
or
questions
or
discussion
topics.
Anyone
else
wants
to
bring.
A
A
All
right
well,
thank
you
very
much
for
your
time.
There
is
a
private
slack
channel.
If
you
want
to
ping
me
on
the
kubernetes
channel.
Could
ping
me
at?
I
think
it's
just
real
hanno.
A
Listening
chats,
if
you
have
any
questions
all
right
well,
I
will
have
this
the
this
meeting
for
two
weeks
from
now,
because
I
do
want
to
consider
moving
to
a
different
cadence
after
vendor
selection
and
once
once
I
confirm
what
the
process
is
during
the
audit,
so
we
still
continue
on
schedule.
So
all
right
well
have
a
good
day,
and
I
will
talk
to
you
in
a
few
weeks
or
if
not
on
slack.