►
From YouTube: Kubernetes SIG Security Audit 20210804
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
B
C
Hello
there's
the
agenda
super
super
light,
but
do
you
wanted
to
talk
about
one
item
so
obviously
the
vendor
proposals
review
is
still
underway.
It's
just
two
missing
scores.
One
of
them
is
mine
and
we'll
have
have
mine
towards
the
end
of
today.
C
We
had
really
we
released
122
today,
so
part
of
the
release
team,
so
that's
currently
still
in
progress
actually
for
so,
but
I
usually
when
I
talk
when
I've
the
next
steps
for
the
for
the
audits
once
a
vendor
has
been
selected,
I'm
proposing
after
the
vendor
has
been
selected
to
possibly
suggest
to
me
to
change
his
meeting
cadence
to
once
a
month
and
just
work
primarily
a
secret
async.
C
On
slack
once
that's
once
a
vendor
has
been
selected.
I
just
wanted
to
want
to
get
some
thoughts
on
that.
C
Yeah
I'm
also
proposing-
and
I
don't
know
if
this
is
going
to
work
out
because
it's
kind
of
like
not
as
open
source-y
is
to
you
know.
Since
we
have,
we
have
a
separate
private,
slack
channel
that
we
set
up
and
we
have
lots
of
members
in
there.
That's
not
active
I'm
thinking
about
cleaning
cleaning
it
up.
C
So
we
have
primarily
active
members,
active
members
who
are
part
of
the
vendor
proposal
and
who
and
also
add
in
the
selected
vendor
stakeholders
as
well,
so
they
could
communicate
so
it's
kind
of
changing
the
role
that
private
slack
channel
just
just
from
being
a
subgroup.
It
is
still
a
subgroup
conversing
about
the
audit,
but
primarily
using
it
and
for
to
to
talk
to
that
vendor
or
team,
or
to
a
secretly
communicate
with
with
that
vendor.
C
So
it's
wondering
if
what
are
you
guys,
thoughts
on
that
as
well?
Hey
john.
A
C
There's
a
feeling
just
see
up
there.
I
see
the
other
new
people
here.
I
just
want
to
say
welcome
to
everyone.
This
is
the
external
audit
security
meeting,
which
is
a
subgroup
for
stick
security,
and
because
of
that,
we
do
abide
by
the
cncf
guidelines,
which
is
just
pretty
much
to
be
nice.
Everyone
also,
this
meeting
is
also
recorded
on
youtube.
So
just
just
to
be
aware,
not
to
mention
sensitive
things.
C
I
wanted
to
one
just
to
catch
everyone
up
here,
vendor
selections,
still
underway,
just
two
missing
scores
or
reviews.
One
of
them
is
mine,
we'll
get
that
done
today
been
busy
with
the
release
which
is
today
so
also
talked
about
changing
once
we
have
a
vendor
selected
to
changing
this
meeting
cadence
to
once
a
month
and
to
work
async
in
the
slack
channel
once
the
vendor
has
been
selected.
C
Also
thinking
about-
and
I
don't
know
if
we,
if
I
can,
if
I'm
allowed
to
do
this-
is
to
clean
up
that
slack
channel,
because
we
can't
we
were
denied
a
new
private
slack
channel
so
to
have
to
kind
of
repurpose
that
private
snack
channel
still
for
this
subgroup,
but
also
now
with
the
vendor
selected
to
invite
those
vendor
to
invite
that
vendor
stakeholders
to
communicate
with
people
who
are,
you
know,
were
part
of
the
review
process
and
part
of
the
subgroup
so
kind
of
repurposing.
C
That,
instead
of
just
because
we
have
many
members
on
that
private
slack
channel,
who
you
know
who
aren't
aren't
actually
regular
so
just
want
to
get
feedback.
Don't
know
if
that's
possible,
but
that's
something
I
do
want
to.
If
if
we
agree,
that
is
a
good
thing
to
repurpose
that
sex
channel
with
for
the
vendor
that
I
could
look
into.
C
Yeah
yeah,
exactly
because
I
know
it's
not
possible
because
we
we
do
like
to
restrict
they
do
like
to
restrict
private
sac
channels.
I
know
we
can't
get
another
private
sector
so.
A
I
do
think
it'd
be
good
to
have
somewhere,
where,
like
the
vendor,
can
feel
comfortable
communicating
with
a
small
group.
You
know
they're
not
going
to
want
to
necessarily
put
everything
about
the
conduct
of
the
test
in
a
public
channel.
In
fact,
I'm
sure
they
won't
whoever
we,
you
know,
go
for
so
yeah
having
something
where
we
can
say.
A
The
other
thing
I
think
is
is
that
you
know
that
channel
then
flicks
back
to
being
a
more
open
group
after
the
audit.
Can
we
remove
history,
or
is
that
going
to
be
like
there
for
all
time?
At
which
point
you
know
they
still
can't
put
anything.
C
Yeah,
that's
that's
something
you
need
to
look
into
as
well
or
is
removing
history,
or
do
we
want
history
in
that
private
sector?
Slash
channel,
also
like
personally,
I'm
okay
with
not
having
that
history,
but
and
also
kind
of
thinking
to
be
on
a
cycle
for
every
single
audit
run
or
I'll
on
a
cycle
to
kind
of
refresh
that
private
slack
channel.
D
You
know,
is
there
a
standard
for
other
security?
I
don't
know
if
there's
other
private
security
channels,
I'm
presuming
there
is,
do
they
have
any
type
of
standard.
A
Guess
the
question
from
you
would
be:
what
do
the?
What
was
the
psc
know
the
srg?
What
did
they
use
because
they
must,
because
that's
that's
restricted-
that's
got
to
be
like
sensitive,
so
whatever
they
use
seems
like.
We
could,
maybe
because
one
of
the
outcomes
of
this
is
hopefully
going
to
be
new
issues
that
the
vendors
are
going
to
want
to
like
give
us
heads
up
on
and
we
need
obviously
somewhere,
that's
restricted
for
that,
because
you
know
that'll
be
bad.
C
I
totally
agree
100,
I
know.
In
the
past
there
was
a
as
a
working
group
channel,
which
was
since
been
decommissioned,
and
since
this
is
going
to
be
hopefully
an
annual
thing
as
well
and
like
I
said,
I
want
to
kind
of
do
this
refresh
every
single
cycle
of
people
rejoining
and
also
new
vendors
as
well.
So
our
new
vendor
every
single
cycle,
so
I'll,
have
to
look
into
what
that
process
is.
D
The
other
thing
there
is
once
we
have
a
vendor
engaged,
it
sounds
like
we
most
of
them
were
talking
about
going
to
a
weekly
cadence
for
a
catch-up.
So
would
that
be
a
separate
meeting,
you're
thinking
or.
C
I
think
that
would
be
separate
meeting
only
because
this
meeting
is,
I
thought
it
has
178
invitees,
so
that
would
be
a
separate
meeting,
so
yeah
not
recorded
or
most
likely,
not
recorded
like
this
yeah.
A
That
makes
sense
yeah
I
mean
for
me
I
kind
of
agree
with
you.
I
think
that
it
makes
sense
to
if
we
can
to
to
kind
of
like
wipe
the
slate
clean
and
then
to
have
it
for
async
comms
during
the
audit
and
then
be
able
to
say
afterwards.
Okay,
that's
we've
got
we've
captured
what
needs
to
be
captured,
so
we're
not
losing
anything.
We
just
need
to
keep,
but
for
the
stuff
that
just
come
up
during
the
test
around
test
conduct
that
that
is
then
goes
away
again.
C
All
right,
all
good
thanks
for
all
your
your
inputs,
that's
pretty
much
all
I
had.
I
just
really
wanted
to
just
go
over
how
to
proceed
with
the
private
slack
channel
and
I'll
look
into
what
we
can
or
or
cannot
do
with
the
private
slack
channel.
D
C
Yeah
yeah:
well,
I'm
gonna
ping.
The
myself
included
the
other
person
who
needs
to
put
in
the
scores,
and
we
do
have
the
privates
dm
group
that
I
will
update
on
next
steps
with
that
and
we'll
probably
do
a
google
me
just
to
review
one
more
time
as
well.
Just
reveal
all
scores
and
yeah
cool
and
yeah
all
right.
Thank
you
for
that
link.
Yeah
cool
yeah.
C
All
right
yeah,
so
that's
pretty
much
all
I
had
so
I
just
want
to
get
the
last
scores
in
then
we'll
do
google
meets
sometime
next
week
as
well
and
yeah
we'll
take
a
look
into
the
next
steps,
probably
next
week.
So
awesome
sounds
good
all
right.
Well,
thank
you
very
much.
For
your
time
cool
see.
You
guys
cheers.