►
From YouTube: 2022-12-08 Governance Committee private meeting
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
A
A
A
B
C
C
D
Oh
looks
like
we
got,
but
I
don't
know
if
Austin
Cancer's
quorum.
D
Bye
I'm
gonna
get
started.
Trask
you've
got
some
good
stuff
on
here.
G
All
right,
oh
yeah,
okay,
so
yeah
I
wanted
to
start
just
with
the
quick
triage.
While
we
have
people
do
we
have
alelita
today,
okay,
so
probably
can't
unless
Ted
you
remember,
this
I
went
through
and
it
looked
like
everything
was
completed
and
these
notes
were
updated
and
this
is
about
a
year
old.
So.
D
Yeah,
this
can
be
closed
with
the
com
sick
has
taken
over
all
of
this.
G
Potentially,
yes,
I
did
a
search
and
I
didn't
find
any
other
repos
that
were
overriding
security,
MD,
okay,
yeah
sure.
E
G
You
can
just
take
a
look
yeah
just.
G
Yeah
yeah
I
think
I
had
left
comments
on
them
because
I
think
I
I
wasn't
sure
if
this
was
still
needed
or
not
I'll.
G
Thank
you
and
then
this
one
has,
since
we
have
a
bunch
of
these
people
here,
I've
just
gonna,
if
Ted
you
have
to,
then,
if
you
could
transfer
this
the
Java
one
to
the
governance
committee
Morgan,
oh,
we
don't
have
Morgan,
okay,.
G
All
right
that
was
less
than
five
minutes.
This
one
was
the
one
we
talked
about
last
week
and
so
Daniel
had
good
comments.
I
reworked,
I,
reworked
it
I
think
just
at
this
point
need
approvals
on
it.
B
C
I
think
we
had
a
similar
discussion
in
the
past
and
the
most
local
person
or
the
most
opinionated
person
bought
that
was
moved
in.
So
it
might
be
worth
that
it
was
explicit
approval
on
that.
One.
A
G
C
G
G
Yeah
there's
one
document
owned
in
here
by
you.
If
you
could
transfer.
B
H
B
I
added
the
ownership
for
each
of
these
documents
in
this
comment-
and
this
was
just
like
what
I
was
able
to
kind
of
find
or
guess
or
whatever,
so
it
may
only
be
sort
of
accurate.
These
the
documents
that
say,
they're
owned
by
you
know,
for
instance,
Bob
stransky
strikanski,
may
not
be
owned
by
him.
That's
just
who
I
think
owns
each
document.
H
G
Cool
kind.
B
H
I
think
I
think
then
Daniel
it's
owned
by
nacho,
I.
Think
I,
don't
think
it's
owned
by
anybody
at
Apple
necessarily.
B
H
Nacho
nah
he's
the
guy
who
participates
in
the
sift
Swift
I'll
ping
you,
his
ID
I'll
pay.
G
G
And
Daniel
we
can
start
pinging
like
six
six
teams
to
get
the
rest
also
yeah.
B
G
This
was
a
question
I
had
because
I
had
seen
a
couple
comments
on
Community
PR's
about
not
meeting,
that's
not
being
able
to
merge
because
we
didn't
have
enough
approvals,
but
the
repo
setting
is
one
just
requires
one
approval
and
I
didn't
see
anything
in
the
guidelines
about
number
of
approvals
required.
So
wasn't
sure
if
there
was
an
informal
understand.
H
My
understanding
again
and
it's
a
very
good
question.
It
is
because
it's
come
up
before
also
is
that
they
are
they're
at
least
two
approvals
needed
and
that's
kind
of
what
the
ad
hoc
you
know.
Process
has
been,
but
I
I
do
think
that
we
should
call
that
out
clearly
because
usually
there's
at
least
plus
one
two
plus
ones.
B
F
B
H
B
Yeah
I
just
think
that
the
governance
or
the
the
community
repo
in
general,
if
you
take
trask's
PR
as
an
example,
he's
modifying
like
how
to
set
up
a
repo
is
that
does
that
document
constitute
official
policy?
Or
is
it
just
like
a
guide
that
we
published
to
make
things
easier?
There's
no
well.
H
It
is
a
policy
right
I
mean
if
you're
recommending
a
best
practice.
It
should
be
a
policy,
otherwise
it
should
be
just
saying
hey.
This
is
just
an
informal
suggestion
right,
so
at
some
point
it
does
transform
into
a
policy.
If
we
are,
you
know
going
there
in
that
direction,
but
I
agree
with
you
Daniel
that
it
should
be
called
out.
You
know
as
what
it
is.
G
Right,
let's
say
the
actual,
because
there
was
like
the
policy
change,
is
that
people
can
request.
A
G
B
And
then,
even
once
there
once,
the
pr
is
merged
and
it's
just
a
document
in
the
repo
I
think
we
should
be
more
clear
about
what
is
a
policy
and
what
is
a,
what
is
just
editorial
in
the
repo.
H
H
So
should
we
adopt
some
kind
of
an
just
adding
an
issue
on
the
community
Reaper
to
say
Hey,
you
know:
can
we
Define
what's
a
policy
versus
of
the
categories
and
then
just
kind
of
have
that
discussion
on
the
issue.
G
Yeah
I
can
take
this
action
item
to
put
together
a
open
issue.
G
G
Do
TC
members
like
Armin
often
approve
something
but
he's
not
officially
in
the
code
owners
for
Community
repo.
Do
those
count.
H
G
The
I
will
the
only
thing
that
I
I
hesitate
is
like
again
there's
like
calendar.
You
know,
there's
a
lot
of
like
calendar,
little
calendar
updates
and
I.
Don't
I
like
to
be
able
to
merge
things
quickly,
right
and-
and
this
is
not
always
the
most
responsive
repo.
H
Variety
report
should
be
something
we
are
all
actively
looking
at
and
as
we
have
you
know
this
really
good
standing.
You
know
section
where
we
do
review
the
community
items.
I
think
we
should
be
able
to
handle
that
backlog.
B
Yeah
I
agree:
I
think
if,
if
we're
non-responsive
on
the
repo
making
it
so
that
we
don't
have
to
be
responsive,
is
not
the
correct.
H
A
D
G
No
objections,
I'll.
A
D
Yeah
just
two
quick
questions.
People
here
might
know
the
answer
to.
Does
anyone
know
how
to
add
the
otel
calendar
group,
the
calendar
event
I.
E
A
H
Think
the
only
person
who
knew
that
was
segey
and
I
think
he
still
has
access
to
that
and
Morgan
has
added
some
items
to
that.
D
Dress,
okay,
I'll
ping,
Morgan
and
Sergey
about
that
one
easy,
the
other
one
just
does
anyone
here
happen
to
know.
Do
we
currently
have
a
slack,
get
bot
we're
looking
at
putting
in
hotel
announcements,
Channel.
D
We
would
like
to
automatically
repost
like
releases
from
various
repos.
It's
like
just
a
basic
the
volume
thing
for
people
to
follow,
just
curious.
If
it
happens
to
know
if
we've
already
got
one.
If.
A
H
Well,
I
think,
as
far
as
I
know
that
we
don't
have
one
on
any
of
the
Reapers,
because
you
know:
we've
typically
not
gone
and
spammed
our
slack
channels
automatically.
A
H
D
D
Yeah
yeah,
once
we
get
that
set
up,
we
will
announce
the
announcement
channel
as
a
place
for
people
to
post,
really
any
any
substantial
update
to
any
open
Telemetry
related
project.
H
Okay,
I
had
a
just
then
question
for
thinking.
You
know
we
can.
We
have
discussed
this
or
brought
this
up.
You
know
in
the
past
that
it
would
be
nice
to
actually
have
a
off-site
or
some
kind
of
a
brainstorming
session
about
what
we
want
to
accomplish.
You
know
as
a
DC
in
2023.
You
know
as
well
as
invite
the
PC
to
join
in
again.
We
could
do
it,
you
know
online
or
we
could
do
it
in
person.
H
C
Yeah,
so
if,
if
it
can
wait
until
you
calling
you
then
certainly
attending-
and
we
can-
we
can
think
quite
a
few
of
us
that
are
training,
keep
calling
you.
So
we
can
do
it.
F
A
F
C
I
mean
if
you
can
suggest
a
location
and
a
date,
then
I
can
try
to
get
some
budget,
but
I
cannot
promise
sure.
H
C
Oh
yeah,
if
I'm,
the
only
one
that
that's
probably
having
trouble
because
most
of
you
are
in
the
US,
so
then
just
give
me
a
date
and
a
location
and
try
to
get
it
approved.
Otherwise,
I
mean
I'm
fine
attending
online
as
well.
H
A
H
Think
dead
scale
is
happening
right
in
when
is
it
in
Jan
or
Feb
in
La,
so
I
mean
that's,
that's
a
possibility
if
we
want
to
use
a
conference.
Otherwise
you
know
many
of
us
are
in
the
on
the
west
coast.
So
picking.
D
H
A
H
Is
always
great
yeah
and,
and
then
whoever
can
come
can
come,
and
you
know
everybody
else
absolutely
can
join
in
hopefully
remotely,
but
it's
it
I
I
think
it's
a
good
idea
to
again
I
I,
at
least
I.
Think
it's
a
good
idea
to
meet
up
with
this,
because
some
of
the
areas
that
we
want
to
kind
of
dive
in,
given
the
you
know
stage
at
which
the
project
is
it's
continuing
to
grow.
H
You
know
some
of
the
key
areas
that
we'd
like
to
focus
in
on,
based
on
the
discussions
we
had
and
kubecon
Detroit
and
the
community
feedback
that
we
collected
there.
We
kind
of
had
some
areas
that
we
wanted
to.
You
know
propose
as
strategic
areas
for
the
project,
but
there
are
also
other
areas
in
terms
of
Community
Development
as
well,
as
you
know,
just
continuing
to
grow
the
diversity
of
our
project,
contributorship
that
actually.
A
D
Something
that
is
absolutely
critical
for
2023
and
will
require
coordination
on
our
part
is
getting
the
semantic
conventions.
Yep
push
through.
That's
something
I'm,
organizing
I'll
have
a
another
update
for
that
next
week,
but
yeah.
That's
for
me.
That's
like
definitely
a
top
priority,
because
it's
critical
and
it's
not
something
that
will
happen
organically
on
its
own
yep.
H
H
F
A
D
H
That
was
my
only
question
and
I
just
wanted
to
plant
it
in
everyone's
thought
thought
process
so
that
we
can
figure
out.
You
know
like
when,
when
is
a
good
time
after
the
holidays,
maybe
Jan
fresh
bright
and
early
and
then
kind
of
go
from
there.
E
I
know,
but
yeah,
certainly
better
than
upset
New
York
I
just
wanted
to
I
went
through
and
quickly
put
the
as
discussed
at
kubecon.
E
One
thing
I'm
interested
in
helping
Drive
the
community
towards
is
getting
our
ducks
in
a
row
for
graduation
in
2023,
or
at
least
getting
most
of
that
process
done.
I
went
through
I've
done
kind
of
a
brief
audit.
This
isn't
the
exhaustive
one
that
needs
to
be
done
with
all
the
documentation
for
the
actual
Toc
vote,
but
I've
linked.
My
results.
E
E
That
just
seems
given
sort
of
the
scope
and
scale
of
open
Telemetry
and
the
variety
of
you
know:
levels
of
Maintenance
and
and
whatever
you
know.
If
we
try
to
get
an
audit
on
every
single
repo,
then
that's
going
to
be
a
lot
due
to
all
the
different
languages,
so
I
feel
like.
We
will
need
to
do
some
negotiation
around
like
hey.
These
are
the
core
languages
or
whatever,
or
maybe
we
just
pick
go
or
we
pick
go
in
Java
or
something
so
that
that's
kind
of
a.
H
E
H
Can
also
leverage
much
of
the
security
analysis
and
compliance
testing
that
you
know
at
least
I
had
led
at
a
DOT
on
aws's
side.
We
did
put
in
a
lot
of
you
know
and
I
think
also
on
Microsoft
Azure
there's
been
some
amount
of
work
done
on
that
from
what
I
understand.
H
Some
of
those
best
practices
and
or
you
know,
just
security
reviews
that
have
been
done.
E
E
S
that
will
be
like
useful
in
sort
of
preparing
the
packet,
but
I
think
we
I
think
the
big.
In
my
mind,
the
biggest
challenge
is
the
way
that
the
policy
is
written
from
the
cncf
at
least
is
extremely
broad.
It
just
says
the
project
needs
to
have
a
independent
and
third-party
security
out
with
published
results,
but
it
doesn't
really.
H
E
A
C
So
I
was
part
of
the
graduation
process
for
a
year
and
we
had
a
security
audit,
also
I.
A
C
I,
don't
remember
if
it
was
part
of
the
graduation
or
if
it
was
after
that,
but
we
had
a
security
audit
and
the
way
that
it
worked
was
we
had
an
initial
conversation
with
them
with
the
team
doing
the
security
Audits
and.
C
In
the
client,
libraries
are
in
and
I
think
that's
pretty
much
it
configuration
is
not
like
you
know.
If
people
misconfigure,
then
it's
it's
their
fault,
but
we'd
still
like
to
know
what
we
can
do
better
there.
And
then
we
set
up
a
machine,
a
I
think
the
Linux
or
the
cncf
made
a
a
bare
metal
machine
available
to
the
security
or
Auditors,
and
they
set
up
the
collector
everything
they
wanted
on.
C
That
machine,
render
tests
and
provided
a
report
after
that,
we
had
the
chance
of
looking
at
the
report
and
seeing
what
is
relevant.
What
is
not
relevant
for
us
what
we
want
to
tackle
before
making
the
report
public
and
there
was
a
second
iteration
and
finally,
we
we
got
like
a
check
mark,
so
I
think
we
are
definitely
free
to
Define.
What
is
this
code
for
the
audit.
E
C
A
E
D
B
Yeah
I
was
just
going
to
say
that
I
think
you
know
we're
going
to
do
this.
We
sort
of
have
to
decide
what
is
open
Telemetry
from
the
perspective
of
is
open,
Telemetry
a
specification
and
then
all
of
the
clients
just
are
reference
implementations
of
open
Telemetry
or
is
the
project
inclusive
of
the
clients?
And
if,
if
it's
inclusive
of
the
clients,
then
they
need
to
be
included
in
the
audit.
B
I
would
think
at
least
the
API
and
the
SDK,
probably
not
all
the
instrumentations,
because
that's
just
too
much
no,
but
we
may
at
that
point,
it's
almost
in
you
know:
I
I,
think
infeasible
to
audit
all
of
the
clients
and
all
of
the
languages
that
are
being
worked
on
in
the
organization.
So
we
either
have
to
pick
our
high
priority
and
high
impact.
B
You
know
top
three
or
four
language
clients
or
have
a
process
where
each
client
can
be
audited
and
then
added
to
some
list
on
the
website
of
official,
stable,
open
swimming
class
or
something
along
those
lines.
E
Yeah
right
like
we
would
need
some
some
something
we
need
to
plug
in
there
if
we
kind
of
stepped
back
and
said
well,
this
is
just
a
spec,
then
we
can
maybe
get
away
with
that.
I,
don't
necessarily
know
if
that
would
be
that
that
seems
like
a
heart,
I,
don't
know,
I
feel
like
having
it's
going,
the
route
of
saying
like
hey.
This
is
just
sort
of
the
stuff
that
we,
this
is
the
stuff
we
care
about.
B
H
A
H
Say
three
most
popular
I
wouldn't
say
that
they
arrest
or
not,
you
know,
are
just
reference
implementations
because
you
know
as
an
open
source
project
and
and
specifically
in
an
open
source
project,
which
is
this
large.
You
have
to
have
a
security
sick,
as
as
you
have
you
know,
rightly
called
out
and,
and
also
you
know,
have
that
due
diligence,
because
this
project
is
being
used
at
the
scale,
so
I
I
do
think.
H
E
Yeah
I
don't
want
to
that
doc
by
the
way
is
open
for
edits.
If
people
want
to
go
in
and
add
their
comments
to
it
later,
I
don't
know.
H
I
I'm,
sorry
I,
didn't
sorry
yeah
again,
I
I
just
asked
my
question
so
Dustin.
Thank
you
for
the
link.
I
mean
I.
I
would
like
to
add
some
details.
D
We're
out
of
time,
but
respectfully,
just
as
a
final
comment
on
this
I,
don't
think
we
get
to
decide
what
the
criteria
are.
The
cncf
is
going
to
decide
that,
but
I
do
agree
that
maybe
starting
that
conversation
by
just
proposing
you
know
opening
a
ticket
with
them
or
something
to
propose
it's.
The
collector
plus
the
SDK
for
Java
Python
and
go
is
what
we
think
would
be
the
right
criteria
and
then
just
see
what
they
they
say
to
that.
A
D
A
F
And
especially
for
a
lot
of
other
reasons,
think
it
would
be
very
valuable
for
us
to
explicitly
label
some
subset
of
open
Telemetry
as
being
like
core
or
something
I
mean
I,
know,
we've
kind
of
done
that
in
other
ways
and
say
this
is
the
part,
that's
graduating.
Basically,
you
know-
and
this
is
also
the
part
that
we
have
security
Audits
and
the
part
that
has
tender
controls
or
whatever.
F
Frankly,
it's
the
part.
I
would
also
Advocate
that
we
focus
on
more,
but
whatever
I
mean,
but
what
I
know
we're
out
of
time,
but
I
think
that
would
be
a
good
thing
for
us
actually.