►
From YouTube: Kubernetes SIG Security Third-Party Audit 20210106
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Abuse
yeah,
I
didn't
see
the
the
agenda
either.
A
I
figure
we'd
talk
about
once
or
if
the
rfp
is
going
to
be
released
or
sent
out.
I
did
was
not
in
the
last
meeting,
so
I
don't
know
if
that
was
discussed.
B
A
Yeah,
I
replied
the
one
comment
just
a
few
minutes
ago
about
the
about
the
I
think
it
was
from
patrick
actually
was
on
the
call
about
the
hyphen,
so
yeah.
A
So
I
I
replied
to
your
comment
and
it
turns
out
like
use
hyphen
if
it's
a
modifier
and
no
hyphen,
if
it's
more.
If
it's
the
subject,
because
right
in
that
like
in
both
situations,
I
think
it
would
be
that
both
scenarios
would
need
a
hyphen,
and
I
made
that
suggestion
so.
C
Yeah,
I
honestly
it
was
just
the
the
inconsistency
within
two
lines
is
what
caught
my.
C
Yeah
did
we
have
so
in
the
anticipated
selection
schedule?
I
know
we
still
need
dates.
There's
also
questions
can
be
submitted
here.
I
saw
it
was
just
example.com
right
now.
A
I
assume
so
I
guess
those
questions
are
better
for
adam
for
sure
yeah.
I
assume
it
will
be.
D
A
Hello,
so
on
the
slack
channel
adam
chatted
that
he's
gonna
be
10
to
15
minutes
late
to
the
meeting.
Today
I
don't
have
the
google
doc
linked
to
the
agenda,
I'm
not
sure
if
there
is
one
set
up
for
this.
It's
a
project.
Okay,.
A
B
B
E
A
I
might
have
a
concern
on
just
the
so
on
the
last,
the
last
security
audit
to
address
some
issues
with
pod
security
policies,
one
of
the
six
one,
the
six
security
meetings
in
december.
A
So
if
they,
my
concern
is
that
if
there's
any
security
issues
discovered
in
pod
security
policy
that
it's
kind
of
a
short-term
item
that
since
it's
going
to
be
replaced-
and
I
don't
know
if
that's
relevant
or
not-
that
just
might.
D
A
A
B
A
E
D
B
Yeah
there
were
some
discussions,
I
think
in
all
the
videos
in
the
in
the
main,
six
chapters
about
the
replacing
with
the
security
policies
v2
or
the
alternative
was
doing
some
kind
of
guidelines
like
some
kind
of
interface,
that
people
can
use
multiple
kind
of
policy
enforcements
with
a
common
output.
B
So
some
people
would
like
to
use
something
like
gatekeeper
or
ba,
but
some
people
would
like
to
use
something
different,
but
at
the
end
of
the
day,
kubernetes
would
offer
some
kind
of
interface
and
say
your
rules,
and
this
is
respected
enforcement
level
plan.
So
I
think
there
are
a
couple
of
options.
B
D
Red
hat
uses
a
predecessor
to
psp's
security,
context,
constraints,
it's
the
same
concept
and
and
in
fact
the
code
was
contributed
and
I
think
wound
up.
You
know
helping
to
drive
the
psp
design.
So
really
it's
the
same
thing
there.
There
are
a
handful
of
differences,
but
yeah
we,
you
know
we
rely
on
them
on
by
default.
A
D
A
D
D
And
I
I
should
go
weep
on
the
outside.
It's
been
a
while,
since
I've
gotten
to
this
meeting,
have
we
I
don't,
have
we
put
out
a
request
for
have
we
published
the
rfp
it's
supposed
to
be
this
week.
B
I
think
this
was
just
a
catch-up
to
confirm
that
everyone
is
happy
to
publish
the
talk.
There
are
some
minor
details
that
need
to
be
addressed
like
in
the
document.
It
says,
if
you
have
any
questions,
send
your
questions
here
and
it
says
example.com
rather
than
a
specific
repo
that
has
not
been
created
and
the
dates
are
not
specified
for
the
government,
and
I
think
we
are
waiting
for
aaron
to
just
confirm
he
had
the
plan
already
for
that
or
if
we
need
to
create
something
from
scratch.
Now.
A
A
A
B
F
Hello,
erin
hi,
everybody,
I'm
really
sorry,
I'm
late.
I
have
synchronized
my
work
and
personal
calendars.
It
should
not
happen
again.
What
have
we
been
doing?
We've
been
going
over
the
rfp.
I've
been
getting
notifications
in
slack,
so
who
did
I
just
give
access
to
probably.
F
F
We
were
ready
to
publish
right
in
the
in
2020
when
everything
was
on
fire,
like
literally
seattle
was
on
fire
and
we
decided
not
to
because
it
just
felt
like
it
was
not
the
most
important
thing
in
the
world
right
now,
yeah.
So
that's
why
there's
everything
everything
is
ready.
So
if
we
can
all
agree
to
this
rfp
we
can
go.
I
guess
the
one
thing
I
I
didn't
do
is
talk
to
chris
at
the
cncf
and
double
check
that
there's
that
he
still
wants
to
fund
it.
A
Yeah
there
were
just
some
small
minor
things
in
rfp
address.
Some
of
the
comments
just
reminders
to
add
in
the
actual
date
dates
in
the
url
for
the
questions
to
be
submitted
and
you're
wondering
if
that's
going
to
be
a
github,
a
github
url
or
some.
A
F
I
don't
think
I'm
understanding
like
this
link
will
be
replaced
with
the
google
forms
link
and
the
goal.
Forms
link
will
be
like
what's
your
question
and
then
we
will
as
members
of
this
sig
yeah.
That's
that's
fine.
That's
a
solution.
F
Yeah,
in
fact,
that
was
like
three
weeks
of
work
was
just
answering
questions
yeah
and
then
extend
the
rpe
window.
So
people
had
a
gentleman.
D
The
only
other
thing
that
was
mentioned
before
you
joined
in
was
the
psp's
api
going
away
being
deprecated,
and
is
that
something
you
know
how?
How
do
we
want,
whichever
vendor
we
hire
to
think
about
that?
Do
we
want
to
propose
that
they
look
at
alternatives
like
opa,
gatekeeper,
et
cetera?
That's.
F
A
good
question:
no
it's
going
to
any
answer,
but
I.
A
Yeah
and
that
cap
hasn't
been
formalized
yet
too,
that
was
brought
up
in
the
last
or
one
of
the
december
six
security
meetings
I
was
on
and
they
said
they
wanted
to
deprecate
it
by
1.21,
which
is
due
out
in
the
spring
and
hopefully
get
it
replaced
by
end
of
year.
But
no
one.
A
F
I
feel
like
so
I
haven't
worked
at
google
in
over
like
almost
a
year
now
about
no,
I
think
a
year,
and
I
think,
when
I
joined.
B
A
Not
been
posted
yet,
but
they
brought
up
in
the
last
meeting
or
at
one
of
the
december
security
meetings.
I'm
waiting
for
I'm
waiting
for
that
cap
got
it
or
what
not
21,
because
that's
something
I'm
part
of
the
police
team.
So
that's
something
that
I
would
have
to
watch
out
for
and
make
sure
to
know
that,
that's
being
it.
F
A
F
C
Nothing
it
just
it's
very
the
checks
in
the
mail
right.
It's.
A
F
F
So
what
is
the
waiting?
What
is
our
to-do
list?
We
need
to
make
a
form,
a
google
form
for
questions.
We
need
to
define
a
timeline.
That's
probably
the
biggest
thing
that
we
can
collaborate
on.
It
sounds
like
putting
the
other
the
forum
like.
I
could
just
do
in
the
evening
sometime
some
putting
this
rfp
on
the
in
github.
It's
like
a
two
minute
project
finding
out
if
cncf.
F
The
next
step
is
like
what
timeline
do
we,
as
a
group,
feel
like
we
should
run
this
at?
We
can
just
go
back
to
the
old
rfp
and
use
the
same
timeline
from
that
one.
It
worked
all
right.
F
F
Okay,
why
don't
we.
F
I
will
go
look
at
the
old
rfp.
Lift
the
timeline
put
it
in
here,
assuming
we
publish
on
the
next
security
meeting
I'll
make
a
google
form.
That's
like
really
basic.
Like
literally
please
type
your
question
here
and
then
who
are
you?
I
guess
it's
like
well
we'll
need
I
put
the
link
in
and
then
we
will
oh
and
and
I'll
ask
chris.
C
F
The
making
the
form
doesn't
require
any
special
talent,
nor
does
going
and
digging
up
the
old
rfp
and
putting
in
the
the
dates.
So
if
anyone
wants
to
sign
up
for
those
I'll
handle
it
kristen.
F
I'll
whip
up
a
form,
sweet.
Thank
you
and
that's
a
you
know,
that's
personal
weakness.
If
I
see
a
task
as
small
and
not
that
fun,
I
just
want
her
to
do
it
and
then
I
get
buried
in
small
and
fun
tasks.
F
You'll,
be
you'll,
be
a
pro
by
the
end
of
this
all
right
yeah
I
mean
this,
isn't
the
hard
part,
the
hard
part
comes
when
they
start
showing
up
and
we
have
to.
We
have
to
pick
a
vendor.
That's
the
first
hard
thing,
and
the
problem
is,
is
that
I,
I
think
it's
really
important.
We
be
really
transparent
about
how
we
go
about
selecting
said
vendor.
F
I
don't
want
it
to
look
like
there
was
any
kind
of
nepotism
or
favoritism,
but
it's
all
vendor
selection
is
usually
a
private
process.
So,
if
we're
going
to
be
as
transparent
as
we
were
last
time,
we
really
want
to
talk
about
what
criteria
we're
using
and
be
really
forthright
with
that.
I
think
that's
where
we
get
into
the
glasses
so
be
ready
for
a
hard,
hard
problem.
Next,
this
one's
easy.
A
Okay,
there
is
one
thing
I
do
want
to
bring
up
so
one
of
the
things
in
scope
that
refers
to
hacker
one
bug,
bug,
bounty
scope
and
one
of
things
out
of
scope
or
sorry
in
scope,
but
not
eligible.
I
guess
it
will
still
be
in
scope.
A
My
concern
was
that
we
we
I
work
for
rancho
labs
susa
and
we
find
that
a
lot
more
customers
are
using
windows
and
kubernetes
one
of
the
things
that
is
in
scope
and
not
eligible
for
the
bounty
on
hacker
one
kubernetes
bug
bounty
is
the
kubernetes
running
out
windows
item,
and
so
I
know
we're
for
sake
of
our
end
users.
That
would
be
something
it
sounds
like
that
would
still
be
in
scope,
but
just
not
eligible.
A
I
guess
for
the
bug
valley
all
right,
I
guess
let
me
read
this
again
and
make
sure
it
is
in
scope,
but
that's
something
that
would
want
to.
I
guess
see
you
to
be
in
scope
of
the
of
the
audits.
F
Fascinating
I
live
in
linux,
london
same
here,
yeah!
That's,
it's
probably
just
like
my
myopic
perspective.
That
leads
me
to
question
what
you're
saying,
but
I
guess
I
should
believe
you.
D
A
D
A
D
D
D
F
F
Yeah,
which
is
what
makes
me
want
to
say,
let's
not
and
do
it
next
time.
Maybe
I
agree
with.
A
Yeah,
I
kind
of
agree
with
eve
that
I
brought
it
up
but
like,
but
since
you
mentioned
that
it
doubles
the
scope
and
you
know
I'm
like
you
personally,
I
only
only
run
or
use
kubernetes
and
linux,
but
I
just
keep
hearing
that.
There's
an
increase
of.
F
Why
don't
we
raise
it
at
six
security
and
say
hey,
you
know
we
hear
that
you
know
this
would
be
really
expensive
if
we
were
to
try
and
include
it
in
the
audit.
Does
anyone
have
any
data
or
any
anecdotes
about
about
yeah.
B
A
So
I
propose-
and
I'm
going
to
take
this
on-
I
know-
there's
an
end
user,
community
and
kubernetes-
maybe
doing
an
informal
poll
I'll
look
into
this
since
I'm
curious
myself,
okay,
see-
and
this
may
might
be
something
for
the
next
audit,
because
it-
I
probably
you
know,
might
take
some
time
for
me
to
find
the
right
user
community
and
to
take
an
informal
poll,
but
I
will
I'll
take
it
on.
F
F
F
I
I
found
it
yeah
is
it's
not
in
kubernetes.
D
F
Although
now
I
want
to
play
with
it
again
side
project,
okay,
thanks
for
picking
that
up
ray
as
well
as
as
the
the
dates
and
thank
you
patrick
for
the
form
I
have
already
sent
the
message
to
chris.
Is
there
anything
else
we
should
address
before?
We?
Oh
make
sure
you
guys
fill
out
the
doodle
pool
for
six
security
meetings,
because
I
want
us
to
be
able
to
attend
those
and
this
slot's
working
for
everybody.
For
this
meeting,
I
assume
you're
all
here.
This
is.