►
From YouTube: Kubernetes SIG Security Audit 20210609
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Light
turnout
for
this
week,
all
right
all
right.
So,
let's
start
welcome
to
this
week:
six:
a
kubernetes
security,
external
security,
audit
subgroup
meeting.
This
is
a
security
or
sig
meeting,
so
we
do
abide
by
the
cncf
code
of
conduct,
which
pretty
much
summarizes
to
just
to
be
nice
to
everyone,
and
then
this
meeting
is
also
recorded
and
also
uploaded
to
youtube.
So
please
be
cautious
of
what
you
say
and
anyway,
let's
start,
I
put
the
link
to
the
meeting
agenda
and
the
chat.
B
Hello,
thank
you.
Rachel
sweeney
work
with
kubernetes,
obviously
starting
to
really
take
a
deep
dive
into
security,
and
so
I
wanted
to
explore
more
what
the
security
sig
is
about,
and
you
know
I
like
looking
through
the
what
was
it
the
2019
security
audit
and
so
excited
to
see?
What's
going
to
come
out
of
this
and
just
kind
of
wanting
to
see
the
progress
and
all
that
good
stuff,
so.
A
Welcome
yeah,
so
this
is
the
subgroup
for
the
2021
rfp
for
the
external
security
audits.
So
I
have
a
link,
there's
links
in
that
in
the
agenda
over
there
as
well.
So,
let's
start
here,
I
did
get
a
word
from
one
from
a
company
that
did
say
that
they
will
submit
by
end
of
the
week
after
reviewing
the
updates
to
the
rfp.
A
So
I
will
post
it
once
once
they
have
been
once
they
have
submitted
a
proposal
and
just
updates.
We
do
have
two
proposals
in
and
we
have
a.
We
don't
have
a
set
deadline
for
this
rfp.
Just
until
four
proposals
are
in
then
we'll
set
it
to
two
weeks
after
and
we'll
make
announcements
we'll
change
rfp
on
github
for
that
for
that
announcement
as
well.
So
we
should.
A
We
should
get
one
more
proposal
in
which
got
confirmation
today
and
the
rfp
has
been
updated
with
questions
and
answers,
and
so
we
post
that
link
to
that
pr.
A
B
A
And
you
know
feel
free
to
take.
A
look
looks
like
aaron
is
joining
hello,
erin.
A
Right
just
giving
a
running
through
the
agenda,
someone
did
email
me
say
and
did
say
that
they
will
be
sending
a
proposal
in
by
the
end
of
the
week.
So
hopefully
that
will
come
shortly,
so
yeah,
no,
no
put
us
at
three.
A
Okay,
almost
we're
inching
away,
and
so
yeah
the
rfp
update,
has
been
updated.
A
Put
the
pr
in
the
chats
also
made
a
draft
pr
as
well,
so
we
have
a
roadmap
or
we
talked
about
having
a
roadmap
for
security
audits
since
the
past
security,
audit,
2019
and
2012
and
the
2021
proposal
it
doesn't
it's
not
comprehensive
other
kubernetes
components
and
there
are
certain
aspects:
there
are
certain
ones
that
want
to
be
included
like
cluster
api,
so
we
have
a
roadmap
and
it's
draft
mode
right
now,
so
just
feel
free
to
make
your
comments
an
issue
and
feel
free
to
make
any
comments
here
for
any
changes
as
well
put
a
link
to
the
preview
of
the
markdown
table
on
the
agenda
as
well
as
well.
A
It's
currently
draft
because
there's
some
links
I
want
to
to
pull.
I
will
share
on
my
screen,
but
I
don't
have
the
right
to
probably
need
to
get
the
get
the
host
key
from
from
tab
at
the
near
future.
Any
questions
about
those
so
far.
A
All
right
and
lastly,
I
don't
see
anyone
from
the
cluster
api
or
the
security
review
for
the
cluster
api,
but
yeah
just
continue
discussion
on.
We
will
do
a
a
self-assessment
of
the
of
high-level
overview
or
high-level
security
review
for
cluster
api,
I'll,
put
a
link
to
slack
channel
as
well
and
there's
a
tracking
issue
on
github
so
for
maps.
A
Down
in
the
chats,
so
we'll
just
continue
discussion
on
the
slack
channel
and
in
the
tracking
issue
as
well
was
going
to
ask
what
the
next
steps
were
from
those
who
are
kind
of
running
that,
but
I
don't
see
anyone
from
that
group
here.
So
all
right,
that's
that's
pretty
much.
It
that's
light
agenda,
so
pretty
much
tldr
we
will
have
hopefully
get
a
third
proposal
in
some
rfp
has
been
updated.
A
The
road
the
pr
for
the
audit
roadmap
is
in
draft
and
it's
free
to
to
take
a
look
and
make
comments
on
so
open.
The
four
for
any
open
topics,
discussions.
D
Just
regarding
the
road
map,
would
you
prefer
conversation
that
just
happened
on
that
pr?
I
was
just
gonna.
Ask
some
questions
about
like
do
we
want
to
backfill
the
links
on
yeah
stuff,
that's
missing
there
yeah!
That's
why
I
have
yeah.
I
might
need.
A
A
hand
for
that
with
that,
because
I
some
are
pretty,
I
guess
very
they're,
not
as
specific
right.
D
A
C
A
Yeah
I'll
do
definitely
do
that
yeah
I'll
make
that
change
feel
free
to
to
push
to
to
my
fork,
or
you
know,
give
me
comments
if
you
want
to
as
well:
okay
yeah,
because
I've
been
I've
been
rebasing
it
I.
I
know
the
website
on
sickdocs
likes
to
likes
likes
to
squash
your
commits,
but
I
don't
think
the
other
repos
care
about
if
they
wanna
squash
your
commit.
So
I've
been
squashing
my
commits,
but
I
probably
won't
I'll,
probably
stop
doing
that.
C
Patrick
has
get
log
opinions
squash
and
merge
is
just
the
most
anti-git
thing
that
github.
B
C
Is
an
entire
source
management
system
based
around
graph
theory
where
you're
just
like?
We
don't
need
that
piece
of
the
graph.
It
doesn't
make
any
sense
to
me.
However,
I
do
think
rebasing.
Your
personal
branch
to
simplify
commits
is
not
the
worst
thing
in
the
world
before
you
merge.
I
think
squash
and
merge
commits
are
horrible
and
there
should
always
be
a
merge
commit
on
maine
yeah.
No,
no.
I
agree.
Yeah.
A
I
know
yeah
it's
a
it's
a
habit
from
from
sig
docs,
where
they
they
they
have
they
now
they
prefer
to
just
to
squash,
commits
on
a
pr.
They.
D
I
feel
like
the
problem
is
that
if
you
have
a
policy
of
squashing
and
merging,
you
are
allowing
developers
to
not
curate
their
own
history
well
and
like
it
needs
to
be
a
developer
responsibility
that
you
are
curating.
A
nice
com
like
a
nice
pull
request,
sequence
of
commits
that
merges
nicely
but
yeah
so
many
tools.
D
A
Yeah
I'll
need
to
stop
for
the
community
repo.
C
D
Don't
I
I
I
feel
like
all
of
those
it
is
the
right
thing
to
do
if
you
have
curated
the
history
coming
in
right,
like
if
you
are
just
forklifting,
an
old
repo
and
like
merging
it
into
a
new
one,
and
that
old
repos
history
is
still
relevant,
then
yeah.
Why
not
get
supports
multiple
routes
now?
So
that's
fine
to
me,
but
I
think
a
lot
of
it
is
just
like.
A
All
right,
so
I
will
make
those
changes
to
the
roadmap
audit
without
without
squashing,
so
you
will
see
those
additional
commits,
yep
and
yeah,
and
I
will
probably
once
the
links
are
updated
for
the
2019
components.
I
will
take
it
off
from
draft,
so
be
free
for
review,
and
so
let's
prefer
review
now
anyway.
Thank.
A
Okay,
all
right!
Thank
you
once
again,
if
not
well,
I
think
next
week
is
a
six
security
meeting
and
then
we'll
meet
again
in
two
weeks,
and
I
will
update
everyone
on
the
usual
channels
and
slack
to
you
know
with
their
proposals
in.