►
From YouTube: Security WG meeting - Jan 3 2019
Description
B
B
So
that's
one
announcement
and
then
there's
a
second
announcement.
The
modules
working
group
wanted
to
get
in
touch
with
the
realms
people
who
work
in
tc39
there's
some
stuff.
If
anybody
wants
to
join
calls
from
the
tc39
side
with
some
security
stuff,
just
get
a
hold
of
me
and
we
can
get
you
added
to
the
invite
list.
That's
it.
Okay,.
A
A
C
D
C
A
C
One
five
years
so
I,
actually
that
that
to
me
I've
totally
reached
out
to
Davis
we
talked,
we
tried
to
schedule
for
for
ticket
was
last
row
two
weeks
ago,
but
we
both
kind
of
had
to
reschedule
again
and
basically
it's
still
the
same
shadows.
I
haven't
had
a
chance
to
connect
with
him
I'm,
just
gonna,
try
and
ping
him
again
see
if
you
get
his
availability
and
just
work
on
it.
C
So
the
idea
with
that
is
just
to
try
and
see
if
we
can
float
some
of
those
vulnerabilities
from
academics
or
any
resources
that
he
has
to
the
to
the
hacker
one
program
or
basically
just
to
PR
them
to
their
vulnerability
at
the
rates.
That's
it,
but
I
need
some
information
from
here.
First
about
it,
so
it
still
stable.
We
can
probably
remove
this
security
working
group
agenda
at
this
point.
Okay,.
C
E
D
C
Yeah
yeah,
that's
the
one
with
Sam,
so
I'll
try
to
summarize
it
as
we
went
a
little
bit
a
lot
forward
and
then
big
pink
back
with
some
jumping
in
and
you
know
rightfully.
Okay
I
just
want
us
about
a
change.
So
the
idea
is
that
we
are
going
to
do
two
things
that
are
potentially
gonna,
be
breaking
or
movie
database.
One
is
moving.
C
The
data
base
of
the
runner
abilities
to
the
different
triplets
vladimer
is
created
and
will
own
the
process
for
that.
So
all
the
volumes
will
just
move
to
somewhere
else
anyway,
and
these
tickets
specifically
kind
of
says
that
we
are
going
to
also
change
the
ID
so
that
we
can
also
regenerate
the
report,
ideas
automatically
and
not
manually.
C
What
I
think
Sam
was
pointing
out
and
rightfully
as
well
is
that
I
don't
think
we
have
made
it
clear
that
we
are
also
going
to
change
all
the
reports
ideas.
So
if
I
report
a
Kiwi
created,
like
you
know
what
the
incremental
one
like
five
four
one,
five
or
something
like
that,
I
was
assuming
that
we
are
going
to
also
change
those
as
well
like
retro
actively,
and
we
can
have
I
detailed,
a
patch
that
we
can
kind
of
seal,
still
save
some
compatibility.
For
example,
we
can
still
leave
like
old.
C
You
know
original
ID,
something
and
then
just
take
the
original
one,
and
we
can
also
also
yeah.
We
can
also
create,
like
a
CSV
export,
with
like
a
mapping
between
the
old
int
in
use.
So
anyone
is
like
working
on
a
database
or
integrating
with
it.
He
has
like
a
really
easy,
CSV
or
JSON
upgrade
path
to
just
random
map
it
internally,
if
you're
doing
that,
so
I
think
we
should
probably
anyway
do
that,
regardless
of
what
we
decide
but
I
think
the
end
of
the
bottom
line
of
what
I'm
trying
to
say.
C
A
I
guess
there's
there's
two
possible
to
things
like
one
is
changing
the
format
of
the
ideas,
IDs
can
break,
say
an
existing
tool
or
something
right
and
then
I
guess
if
if
then,
on
the
other
hand
so
like
that
would
stop
you
even
if
we
left
the
old
one.
That
would
stop
you
from
getting
updates
right.
What.
A
C
A
C
A
C
C
C
Also
generally,
okay,
with
that
I
mean
we
can
do
it
as
a
gradual
step
like
we
can
just
keep
the
old
ones
as
they
are
and
the
new
ones
you
know
will
create
in
the
new
way
and-
and
you
can,
we
can
move
all
of
that
at
once,
and
then
afterwards
we
can
also,
you
know,
say
you
know.
The
next
three
months
are
also
making
a
change
to.
C
A
I
think
and
why
I'm
in
my
mind,
it'd
be
good
to
if
we
can
leave
the
old
ie
if
the
new
and
old
don't
conflict,
then
leaving
the
old
ones,
there
doesn't
really
hurt
anything
just
doing
that
and
duplicating
them,
like
I.
Think
you'd
want
to
be
able
to
get
all
the
ideas
using
the
new
format
so
that,
if
you
change
your
tool
to
use
the
new
format,
you're,
not
you
know
only
getting
part
of
the
data.
A
A
C
Is
okay,
but
the
thing
is
that,
right
now
we
have
for
each
report
like
an
actual
ID
field
right
and
I'm,
going
to
change
it
for
them.
So,
like
it's
format,
change
for
the
new
reports
right,
okay,
I,
don't
want
to
call
them
like
new
ideas,
because
that's
just
going
to
be
confusing.
You
know
when
we
change
those
as
well
new
new.
What
is
once
right.
C
D
Is
there
any
problem,
because
I
mean
that
that's
gonna
be
super
kind
of
tricky?
What
I
will
say?
Yes,
he
is
like
what,
if
we
do
a
cutoff
points
tomorrow
or
whatever
is
ready,
and
then
we
start
using
the
new
IDs
so
up
to
the
report,
730
something
will
t
be
all
IDs
and
then
after
that
will
be
the
new
IDs
yeah.
D
D
C
D
C
Yeah,
so
this
is
the
suggestion
that
we
can
go.
It
I
think
this
is
kind
of
the
the
bottom
line
of
of
this.
The
only
thing
is
that
we
were
so
first
of
all
from
us
who
would
have
to
support
you
know
from
the
test
and
the
validations.
You
know
to
kind
of
fields
right
like
an
ID
one
and
the
string
one
and
it
doesn't
everything
and
any
way
to
like
I,
think
Michael
said
it.
It
might
break
someone
consuming
it
anyway,
because
it's
like
it's
like
a
different
format.
Your.
E
A
D
D
C
So
I
think
we
think
that
was
Michael
asking
before
we
do
socializing,
if
that's
what
I
understood
from
it,
but
like
yeah,
we
did
that
like
not
three
months
ago
or
something
like
a
controller,
remember
exactly
when
even
more
maybe
so
I
feel
like
if
we're
all
in
agreement
on
this
I'm
gonna
roll
it
out,
I
will
obviously
do
it
more
before
we
are
actually
going
to
do
it
like
I,
wouldn't
give
like
you
know
a
couple
of
weeks
for
the
one
to
just
catch.
This
might
even
open.
C
C
C
C
Okay,
but
we're
gonna,
so
I'm
gonna
comment
on
the
issue
to
basically
agree
with
Sam
on
doing
this,
and
as
as
a
gradual
change
like
fine
I,
will
not
update
everything
and
I
think
afterwards
like
if
we
we
can
consider,
maybe
just
making
also
the
old
ones,
gives
the
new
ideas
or
something
that
would
make
sense.
It.
A
A
C
The
two
vulnerabilities
to
the
different
security,
advisories,
ripples
right
and
the
other
one
is
just
yeah
formats
and
also
discussed
the
discussing
this
with
polymer
I
think
we
said
that
between
us.
We
don't
really
want
to
tie
the
two
changes
together.
So
we
can
like
just
apply
all
the
the
new
format,
and
you
know
whenever
we
move
to
the
new
repo.
We
just
think
those
as
well
so,
okay.
A
D
D
C
D
C
A
C
C
We
can
see
if
you
know
some,
what's
the
status
for
some
of
them,
so
so
I'm,
seeing
a
lot
of
CVS
that
are
are
in
a
status
of
needs,
action
which
usually
means
that
we
didn't
give
them
enough
information.
So
it
could
be
stuck
for
that.
So
we
should
probably
go
ahead
through
that
list
and
I'll
ping
you
on
the
slack
channel,
with
the
exact
models
that
we
have.
That
needs
the
action
and
everyone
can
just
work.
Ie
I
created
what.
D
D
A
A
The
other
thing
I
will
mention
is
there's
they're
setting
up
a
CNA
conference.
They
have
one
like
I
think
once
a
year
for
CNAs,
and
since
we
act
as
the
note
CNA,
we
could
send
somebody.
So
if
anybody's
interested,
let
me
know
and
I'll
forward
them
on
the
email
that
I
got
saying:
hey
participate
in
the
poll
or
whatever
for
the
timing.