►
From YouTube: Kubernetes SIG Security Tooling 20220301
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Today's
first
march,
already
third
month
of
the
year
started-
and
we
are
meeting
today
to
in
our
six
security
tooling
meeting
today-
is
gonna,
be
working
session,
where
we
will
discuss
the
things
we
need
to
do
to
implement
our
first
cap
3203,
but
since
all
of
you
are
also
here,
I
want
to
give
you
all
an
opportunity
to
add
anything.
You
wanted
to
discuss
in
the
agenda.
A
A
B
Hey
hello,
everyone,
my
name
is
joshua,
so
this
is
my
first
six
security
meeting.
I
have
been
planning
to
join
this
one
for
like
a
past
month,
but
due
to
time
zone,
I
couldn't
able
to
change.
So
this
is
my
first
meeting
looking
forward
to
join
and
contribute.
A
Welcome
joshua,
I
think
I've
seen
you
around
in
slack
in
the
past,
if
I'm
not
wrong,
so.
B
A
Okay,
cool
yeah,
so
thanks
for
joining
and
yeah,
we
just
couldn't.
We
alternate
between
working
session
and
learning
sessions
so
for
a
sec
security,
tooling
meeting
which
happens
in
this
time.
So
today
is
our
working
session.
Where
we'll
go
through
the
cap
that
we
have
open
and
then
start
coming
up
with
issues
that
we
want
to
implement
and
then
in
learning
session.
A
Typically,
someone
would
come
up
like
rahul
est
and
netan
mahi
has
done
it
in
the
past
to
share
about
something
they've
been
working
on,
which
is
related
to
kubernetes
security
or
security
in
general,
and
then
we
just
learn
from
them
and
ask
questions,
and
then
we
have
a
recording
for
folks
who
can't
join
so
welcome
and
hope
to
see
you
around
more
and
don't
don't
worry
if
you
can't
join
all
the
meetings
with
time
zone
as
long
as
you
follow
on
slack
and
our
mailing
list,
I
think
you're
fine.
A
Okay
cool,
so
with
that,
if
nobody
here,
I
don't
see
any
new
agenda
in
the
discussion,
so
we
can
jump
straight
to
the
gap
if
everyone
is
okay.
B
A
So,
typically,
all
the
enhancements
are
here
in
kubernetes
enhancements
and
you
start
generally
with
an
issue
which
looks
something
like
this.
There
is
a
template
for
this.
If
you
go
here,
it
you'll
just
see
this
template,
and
once
you
have
this
generally,
each
kept
needs
needs
a
owning
sig.
So
the
we
need
any
of
the
six
in
kubernetes
who
is
ready
to
own
this
particular
cab
from
provisional,
which
is
a
working
dock
to
implemented
state
and
then
walk
through
all
the
graduation
requirements,
etc.
A
So
for
that
typically
to
find
an
owning
sig,
you
will
go
and
talk
to
our
talk
to
sick
chairs
and
sick
leads
in
different
sig
meetings
and
say:
hey,
I'm
thinking
of
doing
this.
Does
this
look
like
a
good
sig
for
you
or
to
own
this
particular
cap
and
then
based
on
discussions,
you
generally
find
a
sig
that
would
want
it,
and
sometimes
they
say
we
don't
need
a
cab.
You
can
just
go
and
implement
it,
and
then
it
just
becomes
easier
and
less
intensive
in
terms
of
going
through
discussions
and
going
through
processes.
A
So
this
is
our
cap.
This
was
also
sort
of
in
the
middle
gray
area,
where
we
weren't
sure
whether
we
need
a
cab,
but
we
thought
it's
good
to
explain
it
since
it's
gonna
be
more
visible
outside
of
the
community,
mostly
to
the
end
users,
and
then
we
also
have
some
integrations
with
sick
gates
and
for
sick
testing
and
sick
talks.
So
we
thought
it
would
be
good
to
have
all
of
that
feedback
compiled
in
one
place
and
then
it
felt
like
kept
would
have
been
a
good
option.
A
A
So
generally,
there
is
a
template
somewhere
here
right
here
and
then
basically,
what
I
did
was
copied
everything
from
markdown
and
started
with
a
hackmd
dock.
First
went
through
some
reviews
and
neo
also
wrote
a
bunch
of
things
related
to
this,
and
then
we
submitted
a
pr.
So
after
the
pr
was
submitted,
we
just
got
a
lot
of
feedback,
as
you
can
see,
30
plus
conversations
so
based
on
that
feedback.
A
So
I
wanted
to
go
through
that
quickly
and
then
work
with
neha
to
start
coming
up
with
issues
that
we
can
implement
individually,
and
my
hope
is
when
the
bigger
sig
meeting
happens
next
time.
We
will
have
the
issues
and
the
status
of
this
kept
into
implementable,
because
we
would
want
the
chairs
with
tabby
onion
to
approve
it
so
once
they
approve
it,
this
can
become
implementable
and
then
we
merge
it.
And
then
the
cap
exists
in
the
enhancement
strip.
A
So,
but
what
what
the
cap
is
about,
maybe
before
I
jump
in
I
want
to
pause.
If
you
have
any
questions
up
till
now,.
A
Sounds
reasonable,
okay,
cool
now,
maybe
you
can
help
explain
the
cap
a
bit
instead
of
just
making
me
talking
all
the
way
and
then
I
can
add
if
you
missed
anything.
D
Yeah
yeah,
so,
basically,
like
I
mean
I
I'll
go
with
very
like
not
maybe
in
very
depth
but
I'll.
Try
to
explain.
Please
add
me
if
I'm
missing
anything,
so
basically
we
have
written
this
kept
to.
D
We
have
to
create
a
list
of
cvs
which
will
be
automatically
generated
or
means
there
will
be
automation
which
will
generate
the
list
of
cvs,
so
cds
can
be
announced
anytime
any
any
day
I
mean
it
can
be
like.
As
soon
as
cv
is
announced,
we
will
have
automation
which
will
generate
one
page
in
the
kubernetes
website,
and
it
will
give
us
the
list
of
all
the
cves
and
that
cve
will
have
the
link
to
the
github
website
more
details
to
the
cve.
D
Also
we
will
have
in
that
doc
page.
So,
basically,
we
are
using
the
automation
so
the
so.
Basically
we
have
the
design
right
now
we
have
like
come
up
with
some
design
tool
or
generate
the
cd
list.
So
if
you
see
all
the
design
details
like,
we
will
have
a
project
which
will
query
the
github
apis
to
get
the
list
of
new
cvs
from
the
github,
then
that
project
basically
will
generate
one
json
doc
from
the
list
of
cv
issues
from
the
github.
D
Then,
as
soon
as
we
have
a
like
a
project
which
will
automatically
fetches
the
list
of
cvs,
we
will
have
some
the
next
next
task
would
be
to
generate
that
list
of
cvs
in
the
kubernetes
website
page.
So
we
are
using
some
yujo
in
the
kubernetes
website
to
generate
that
page.
You
joe
technology
to
utility,
and
basically
we
are
also
like
from
the
project.
We
will
have
automation
to
create
the
pr
automatically.
For
that
we
will.
D
We
will
be
utilizing
the
pr
creator
tool
and
I
think
we
have
changed
the
design.
Last
week
like
we
will
go
with
netlify,
I'm
not
sure.
D
A
D
Okay,
okay,
yeah,
so
so
the
k
website
page
will
be
rebuild
automatically
using
the
netlify
build
hook
so
that
we
have
to
explore
bit
like
there
will
be
a
build,
I
think,
which
will
which
will
be
triggered
automatically
using
the
hoops
to
the
kubernetes
website
page,
and
I
think
this
is
how
our
automation
will
look
like
as
per
the
design
which
we
have
planned.
D
A
Yeah,
I
think
that's
pretty
spot
on
a
couple
of
things.
I've
I
will
add
if
people
are
wondering
this
is
something
I
learned
very
recently
like.
If
you
see
all
the
points
here
are
numbered
one
dot,
one
dot
everywhere
and
initially
I
thought
this
was
a
bad
idea,
because
you
want
the
numbering
to
be
sequential
and
the
editors
used
to
update
it
automatically.
A
Then
I
realized
actually,
if
this
is
seen
when
published,
the
numbering
in
markdown
automatically
gets
incremented,
even
if
you
start
with
one
dot
in
the
editing
and
having
this
is
one
dot
everywhere,
while
you're
writing
the
markdown
file
is
easier
because
if
now,
if
I
want
to
add
another
step
here,
I
don't
need
to
change
the
numbering
for
this
anything
below
the
point.
I
want
to
add
so
that
way
it's
easier
and
when
it's
actually
published
and
rendered
it
actually
shows
up
with
the
incremented
numbers.
So
this
this
is
a
good
practice.
A
I
learned
from
sig
talks
people
where
you
can
just
keep
the
numbering
like
this,
so
I
just
thought
might
be
interesting
for
you
all
in
terms
of
kept.
I
think
nia
covered
most
of
it.
I
see
a
question
on
what
is
a
project.
Is
it
something
like
cronjob
so
yeah?
I
think
that
that
that
is
exactly
what
it
is.
So
raw
is
a
kubernetes
specific,
build
environment
which
allows
us
to
create
scheduled
jobs
and
also
jobs
based
on
events.
A
So
if
I
push
something
it
will
trigger
it
trigger
a
job
and
then
something
will
happen.
If
I
create
an
issues,
then
something
will
happen.
If
I
create
a
pr
something
will
happen,
and
if
I
want
to
run
something
every
six
hours
like
we
do
for
sneak
scanning,
then
that
is
also
something
we
can
do
with
project
okay
cool.
So
with
this
I
think
the
design
details
are
in
place.
A
We
have
a
couple
of
notes
here
where
we
need
some
work
for
me,
nia
I
was
thinking
we
can
use
these
design
details
and
the
notes
themselves
and
sort
of
create
one
issue
wherever
appropriate,
for
maybe
each
of
the
points
or
combine
one
or
two
points
together.
A
A
D
A
Or,
let's
see
they
probably
have
yeah?
Let's
start
with
this,
we
can
rename
it
if.
A
A
Yeah,
it
seems
like
it's
generally
k,
it's
infra,
robot
or
kxci
robot,
something
like
that
and
I
think
the
reasoning
behind
it.
If
I
understand
correctly,
is
if
you
go
here
and
do
ci
bot,
then
it's
actually
an
account
in
github,
so
without
really
knowing
about
where
it's
coming
from.
It
might
be
hard
so
and
looks
like
for
this
robot.
For
example,
it
doesn't
even
have
kubernetes
membership,
so
maybe
that's
why
they
probably
think
of
thought
about
adding
that
prefix,
but
obviously
it's
my
guess.
C
A
Let's
see
oops
and
same
thing,
probably
for
this
one
also,
no,
maybe
the
name
is
different.
A
A
A
And
user
affected-
I'm
not
sure-
maybe
it's
not
mandatory,
so
probably
will
drop
it
and,
generally
writing.
These
issues
is
helpful
to
link
it
to
the
cap
that
we
have
open
so
that
people
have
the
full
context
about
it.
So
we
can
go
here
and
link
our
gap.
So,
let's
see,
if
I
can
find
it
like
this,
sometimes
cross
yeah,
I
thought
so
sometimes
cross
sig
across
repo
autocomplete
doesn't
work.
So
you
have
to
go
like
this
and
I
think
it
has
to
be
issue
3203.
A
So
what
we
need
to
explain
here
is
we
need
a
robot
that
has
push
access
to
and
I
think
the
directory
name
we
had
come
up
with.
Was
this
one?
So
the
reasoning
behind
it
is
basically
we.
We
are
working
working
on
this
cap
as
part
of
tooling
sub
project,
and
then
we
may
have
more
than
one
feed
in
future.
A
D
A
D
A
It
just
you
can
push
it
directly
into
main,
so
that's
what
the
robot
will
have
access
to
do.
The
good
thing
of
doing
this
through
github
admins
from
kubernetes,
is
they'll.
Allow
us
to
they'll
they'll,
allow
us
and
help
us
to
maintain
the
credentials
of
the
robot
in
the
same
way,
they're
maintaining
credentials
of
other
robots.
A
So
that
way,
we
don't
have
to
worry
about
like
what,
if
my
robot
credentials
get
compromised,
because
if
yours
get
compromised,
the
other
robots
will
also
be
compromised
and
the
other
reason
for
not
having
a
4k
is
then
you
would
have
to
keep
maintaining
the
fork.
So
in
case
rebase
conflicts
happen
in
future
and
the
robot
cannot
rebase
automatically.
Then
somebody
has
to
go
manually
and
maintain
the
fork
remove
the
merge
conflicts,
so
that
adds
more
sort
of
work
on
github
admins.
So
that's
why?
D
A
A
So
I
created
this
issue
now.
Typically,
we
talk
about
this
on
slack,
so
we
will
go
to
github
management.
Where
is
it.
A
A
Second
issue
will
be
this
one
directory
under
which
json
blob
exists.
So
this
is
what
I
was
talking
about,
where
we
need
to
add
an
owner's
file
with
a
security
response
committee,
and
I'm
thinking
might
be
worth
adding
is
a
new
alias
for
6
security.
Tooling
leads
this
alias
has,
would
would
have
few
more
benefits
and
were
uses.
A
A
So
that
is
something
that
that
might
be
worth
exploring
for
now,
a
simple
owner's
file
with
security
response
committee
and
neha,
and
me
I
think,
I'm
more
comfortable
with
and
then,
if
folks
are
interested
in
kind
of
this
rotation
phase
or
idea,
we
can
start
experimenting
it
once
this
thing
is
in
place
and
best
way
to
get
involved.
I
think
would
be
one
of
the
issues
that
we
will
end
up
creating
out
of
this.
If
you
can
assign
it
to
yourself
or
ask
us
to
assign
it.
A
And
then
link
the
robot
issue
and
the
kept
to
this
one
so
blank
issue:
this
is
another
thing,
maybe
a
worth
exploring
for
anyone
who
wants
to
contribute.
We
don't
have
a
template,
like
a
general
issue,
template
for
this
repo.
Yet
so
it's
a
blank
issue
anytime.
You
want
to
create
something
if
you
want
to
think
about
what
would
be
a
good
template.
Look
at
some
of
the
general
templates
that
are
in
other
kubernetes
repos
in
kubernetes
work,
see
which
one
makes
more
sense
and
propose
one
of
those
as
a
template.
A
Related
to
kept
three
two
zero
three,
we
need
a
directory
under
which
json
blob
exist,
which
which
will
look
like
this.
A
I
think
we
had
that
directory
name
here.
Yes,
so,
let's
copy
from
here.
A
A
So
this
will
be
somewhat
similar
to
sigrilli's
shadow
program
in
eventually,
where
we'll
have
shad
people
shadow
all
the
work
we
do
in
tooling
and
then
based
on
your
interest
and
your
availability,
you
can
then
help
somebody
else
shadow
and
then
we
kind
of
keep
rotating
like
that.
So
it's
still
something
in
something
in
the
air.
We
will
have
to
see
how
that
how
we
can
kind
of
operationalize
it
a
bit
better.
A
A
So
this
is
the
owners
package
owner's
guide,
our
donors,
file
represent,
etc,
etc,
and,
let's
search
for
alias,
what's
the
time.
Oh
okay,
we
have
five
ten
minutes
more,
so
I
didn't
expect
we'll
finish
everything,
but
at
least
we'll
make
some
progress
and
then,
in
other
write
out
all
the
other
issues.
Later
any
questions
so
far
say
on
what
we
did.
A
A
A
A
So,
let's
see
each
repo
may
contain
at
its
root
and
owners,
alias
files,
so
we'll
have
to
update
that
owner's,
alias
for
aliases
file
at
the
root
and
add
the
six
security
tooling
lead
one
and
then
it's
in
yaml
format,
and
then
you
can
write
it.
Something
like
this.
I
see
a
question
on
chat.
Maybe
how
did
we?
How
did
one
can
find
under
which
repo
to
create
the
issue
for
cap?
A
A
Then
I
searched
using
this
at
organization
level,
and
so,
if
you
start
searching
here
right,
it
gives
you
options,
repo
level
organization
level
all
get
up,
so
I
started
at
arc
level
and
then
search
for
issues
and
pr's
for
that
robot
and
then
found
out
eventually.
Oh
there
is
a
pr
that
adds
this
robot
into
kubernetes
org.
So
let
me
see
where
this
this
pr
is.
Then
I
found
out
it's.
Oh
it's
in
the
repo
of
kubernetes
org.
So
then
I
thought,
oh
maybe
this
is
the
right
one,
but
still
I
wasn't
sure
so.
A
Then
I
went
to
github
management
slack
channel.
I
asked
them
hey.
I
want
to
create
this
robot,
it's
related
to
this
and
I'm
thinking
I
will
create
an
issue
here.
Am
I
going
in
the
right
track
or
not,
and
then
they
will
respond
saying?
Yes,
this
is
right,
or
they
say
no
go
here
and
do
that.
A
So
this
is
how
basically
trying
to
figure
out
some
what
to
do,
and
sometimes
there
are
very
good
documentation
that
you
miss
and
find
which
explain
exactly
what
you
need
to
do
and
then
you
can
just
follow
that
and
it
works.
But
sometimes
it's
it's
not
easy
and
ambiguous
and
then
that's
where
the
community
helps
us
out,
because
people
have
done
it
before
most
more
often
than
not.
A
A
A
Because
I'm
going
to
add
a
help,
wanted
and
good
first
issue
label
here,
so
it
will
be
useful
for
me
to
know
if
this
is
actually
enough
information
for
all
of
you.
A
Okay
sounds
good
and
then
some
obvious
security
labels.
What
else?
I
think?
That's
it
so
one
thing
I
always
get
confused
is
the
labels
help
wanted?
Does
it
have
a
dash
in
between
or
not
so
I'm
going
to
quickly
check
that,
because
I
have
an
issue
I
created
in
the
past,
which
we
closed
or
no,
no,
maybe
it's
open,
which
was
a
good
first
issue
yeah
this
one.
A
D
Yeah
so
as
the
steps
are,
I
mean
the
pr
creator,
whatever
logic
I
understood
from
rajas,
that
remains
the
same.
Until
that
official
cv
json
is
created.
D
Pr
creator:
okay,.
A
A
D
Oh,
you
got
it
about
it
yeah.
This
is
because
after
reading
this
I
I
mean
I
did
not
got
this
point,
but
now
it
makes
sense.
Yeah,
yeah,.
D
Yes,
yes
right
so
so,
first
and
second
step
are
clear
like
if
new
cv
is
announced,
so
this
will
be
like
a
project
which
will
have
which
will
run
our
script
to
just
get
the
github
to
get
received.
First,
and
two
are
clear:
yes,
as
soon
as
that
file
is
created,
the
third
step
or
to
create
a
project
will
be.
It
will
again
a
new
project
right.
A
A
Correct
so
this
part
is
where
we
might
need
help
from
sick
dogs
specifically
on
getting
the
credential
to
trigger
the
build
hook,
and
then
we
will
have
to
inject
it
in
in
the
pro
job.
So
that's
that
seems
like
the
unknown
part
right
now.
I
think
triggering
the
build
hooks
seems
straightforward
from
what
I
read,
but
I
could
be
wrong.
D
A
D
A
Yes,
I
think
we
can
do
it
also
on
push
to
main
in
general
for
the
repo,
because
it
I
don't
think
we
will
push
to
main
and
a
a
lot
unless,
like
our
security,
repo
starts
becoming
very
busy.
So
if
it's
simpler,
we
can
do
that.
A
That's
at
least
what
I'm
thinking,
but
if
it
is
possible
to
just
be
specific
and
say
only
trigger
it
when
this
particular
file
changes,
I
think
if
we
have
an
example
of
that
in
an
existing
projob,
we
can
do
that,
but
other
example
would
be
probably
easier
to
find.
So
I'm
okay
with
that
for
now
and
then
the
script
that
will
be
needed
in
the
pro
job
would
be
just
the
curl
command,
with
the
secret
to
trigger
the
build
hook
that
will
rebuild
the
website.
I
think
that
will
be
it
if
I'm
not
wrong.
D
A
Yeah,
this
is
a
periodic
job,
but
the
way
to
inject
the
secret.
This
was
how
it
was
done.
So
we
worked
with
kate
sinfra
on
this
issue
and
said:
hey.
We
want
this
secret
to
be
added.
Can
you
please
add
it
for
us?
Oh,
I
got
the
wrong
link,
so
we
went
here
and
once
we
told
told
them
that
hey
this
is
what
we
want
to
add.
A
Then
they
went
ahead
and
added
this
as
an
external
secret.
I
think
we
shared
the
actual
sneak
token
on
email,
if
I'm
not
wrong
to
them,
so
that
they
were
able
to
get
it
and
actually
inject
it.
This
insertion
of
secret
is
very
privileged
action,
so,
like
only
people
from
kate's
infra
who
are
tech
leads,
if
I'm
not
wrong,
were
able
to
insert
that
secret,
so
they
they
inserted.
A
D
A
Be
another
issue:
yeah
okay
sounds
good,
so
yeah.
If
you
want
to
create,
go
and
create
these
three,
we
do
we
need
to
find
how
to
inject
the
secret
or
we
need
to
get
the
secret.
First
then
request
the
kids
infra
folks
to
inject
it,
but
the
job
itself
can
be
run,
can
be
written
without
the
secret
for
now
and
we
can
put
it
in
draft
pull
request
when
until
the
secret
is
added
and
then
after
that,
this
will
happen
automatically.
A
Oh
no,
we
need
an
update
here,
so
we
want
to
reflect
what
is
in
the
json
file
in
seek
security
on
the
k
website,
also
right.
So
that
part,
I
think,
is
missing,
so
we'll
need
that.
So
I
had
an
example.
Somebody
showed
me
about
this.
A
It's
in
one
of
the
slack
threads,
but
let
me
find
it
some
other
place
if
my
search
result
yeah
okay,
so
this
is
the
one
where
I
found
an
example
where
they're
pulling
data
from
another
repo
but
showing
up,
but
it's
showing
up
on
kubernetes
dot
dev.
So
if
you
go
here.
A
C
A
Yes,
okay,
so
the
dot
md
actually
will
not
be
needed
when
the
hugo
netflix
5
works,
because
it
will
render
it
as
html,
but
I
admit
I
was
missing
an
s.
So
this
is
this
content.
It
shows
up
if
you
see
on
the
dns
of
kubernetes.dev
or
the
domain
name
at
least,
but
this
actually
is
not
part
of
the
contributor
site
website.
A
A
Contributors,
so
so,
let's
search
for
this
contributors
guide
and
expectations
this
one
so
see.
This
is
the
same
content.
If
I'm
not
wrong
code
review
expectations,
thanks
code
review
expectation
thanks,
yeah,
so
that's
what
we
need
to
do
for
our
thing,
also
where
we
need
a
file
like
this
called
seek
security,
and
then
we
need
to
have
something
like
six.
Security,
tooling
feeds
official
feed,
dot,
json,
and
then
here
I
think
it's
if
I'm
not
wrong.
A
A
A
Right
here,
okay,
so
then
it
will
show
up
here,
so
it
will
be
docs
reference
issues,
security,
official
feed,
dot,
json.
So
that's
where
that's
how
it
will
look
like
in
the
issue,
but
this
seems
easy
because
it
just
feels
like.
Oh,
I
need
to
make
a
one
line
change.
The
actual
code
I
found
was
in
some
other
place
that
actually
copies
and
pulls
all
of
that
data
from
external
sources.
A
A
So
they
they're
doing
something
like
this
pulling
it
as
needed,
and.
A
If
the
link
path,
so
this
might
be
more
complicated
than
we
need,
but
this
is
a
good
example
of
how
they
could
render
it
from
a
different
location
into
ours.
So
we
can
look
at
this.
I
don't
know
exactly
how
it
will
look
like
for
us.
Maybe
it
will
be
way
simpler,
but
this
is
the
relevant
code
where
we
we
would
want
to
look
at
and
update
as
needed,
and
then
this
is
another
one.
This
might
be
more
relevant
to
us.
A
So
files
within
external
source
directory
should
be
csv
formatted,
which
we
saw
they
were
so
it
was
a
comma
and
the
first
one
was
basically
the
source
and
the
last
second
one
was
destination
if
I'm
not
wrong,
or
maybe
the
other
way
around
and
then
based
on
that
they're
pulling
it
from
the
repo
and
after
that,
my
best
case
is
there
is
some
find
and
replace
going
on
where
it
will
pull
all
the
content
from
there
and
then
put
it
into
appropriate
a
location
when
they
are
generating
the
content
and
then
by
this
and
then
the
reasoning
behind
this
is
this
generate
content
dot
sh
gets
called
somewhere
when
the
website
is
building
from
my
my
understanding
and
that's
why,
when
the
website
gets
built,
they
will
pull
that
content,
that's
in
the
other
repo
and
then
once
the
website
is
generated,
it
will
show
up
in
the
website.
A
Otherwise
it
wouldn't
show
up
because
it
doesn't
exist
in
this
repo
to
be
to
be
fair.
So
that's
that's
the
tricky
part
that
we
will
have
to
figure
out.
I
am
okay
nia.
If
you
want
to
look
at
it
more
and
kind
of
get
more
information,
or
I
can
also
try
and
open
a
pr
for
it,
since
we
have
other
things
also
to
implement
before
this
actually
comes
up.
D
Yeah
yeah
that
would
be
like
first
I'll
complete
the
first
two
maybe
work
on
that.
Then
we
can
like
check
this
afterwards.
Maybe
you
can
just
create
the
issue
for
this
with
all
the
links
you
mentioned
now.
Okay,.
D
Later
yeah
exploring
it
later
more
yeah.
D
I
have
is
like
I
have
already
have
a
huge
work
which
we
did
right
bit
off.
Yes,
so
that
will
need
the
json.
So
yes,
I
mean
this
is
the
json
file.
This
is
not
the
actual
table
right,
correct.
D
The
actual
file-
okay,
okay
yeah,
but
when
you
yeah
this
yeah,
because
I
need
the
json
file
that
will
be
in
the
last
step.
A
A
A
A
D
A
One
more
question
looks
like
you
already
know
the
format
of
your
json.
I
think
so.
Do
you
have
the
graph
pr
handy
now
we
can
look
at
it
quickly.
D
A
Okay,
yeah,
send
me
the
link
instead
of
me,
sharing
giving
you
share
access
might
be
quicker.
That
way.
C
A
D
This
will
be
the
json
which
we
will
create
from
the
project
in
the
first
and
second
step.
We
mentioned
right.
A
D
A
Right
right
so
I
mean
it's
fine,
we,
we
are
tracking
this
to
125
release
anyway,
so
we
have
time.
D
A
A
Joshua
has
a
question:
I'm
interested
in
working
on
good
first
issues.
Will
folks
work
on
the
issue
or
wait
for
chair
to
approve
the
cap
and
work
once
it's
once
it
gets
approved.
A
I
I
see
I
or
I
heard
a
soft
approve
last
week
when
we
were
meeting
where
folks
were
like
this
sounds
good.
We
should
implement
market
as
implementable.
A
A
I
think
it's
okay
to
start
working
on
the
good
first
issues
for
now,
but
if
you
want
to
be
sure,
like
100
percent
wait
until
we
meet
next
or
until
the
cap
gets
merged
and
then
once
it's
merged
in
implementable
state,
then
we
know
for
sure
that
we
have
a
go
ahead
to
implement
it.
And
then
you
can
actually
start
implementing
on
the
good
first
issue.
So
you
know
at
least
they
are
going
to
get
merged.
D
Will
pushed
her,
we
will
need
that
secret
token
also
work
right
that
external
secret.
You
talked
about
yes,.
D
A
It
seems
like
something
from
k
website
that
they
have
to
generate
manually
for
somebody
external
to
be
repealed
the
website,
so
they
will
have
to
ask
him
like
hey.
Do
you
have
the
token?
This
is
how
we
added
it
added
the
sneak
token
last
time,
so
we
want
to
add
the
same
edit.
The
same
way
next,
this
time.
For
this
build
hook
token,
and
then,
based
on
that,
we
can
add
it.
D
Okay,
okay,
so
fine,
fine,
maybe
I'll,
create
the
issues
for
this
first
first,
one
is
clear:
second
issue
will
be
the
project
basic
security
and
also
it
will
trigger
netlife.
This
will
be
the
second
issue.
I
think.
A
Right,
I
think
best
way.
Maybe
for
now
is
have
the
draft
prs
ready
where
we
are
assuming
the
tokens
exist,
the
github
token
for
robot
to
push
the
build
to
build
hook,
token,
to
trigger
the
website
and
then
once
those
things
happen
in
background,
then
we
can
make
it
ready
for
review
and
merge
it.
So
that
way
we
know
it's
gonna
work,
because
the
secrets
exist
now.
A
And
just
if
it
helps
you
can
create
an
issue
first
for
those
two
pr's
which
explain
what
you're
going
to
do
in
the
pr,
so
that
we
can
link
the
issues
to
the
issue
that
we
might
need
to
create
or
to
get
the
token
for
the
robot
from
github
admins.
A
We
might
need
another
issue
to
get
the
token
from
sick
dogs
and
put
it
in
sick,
put
it
in
the
sick
gates
in
fractional
secret
manager.
So
for
them
to
know
what
we
are
doing,
I
think
having
a
issue
before
the
pr
will
help.
Otherwise,
they'll
have
to
look
in
the
pr
and
try
to
explain
understand
what
is
going
on.
D
A
D
D
D
C
D
A
A
A
A
Cool
so
see
you
until
next
time
we'll
meet
around
mid-march
unless
something
else
comes
up.