►
From YouTube: Best Practices for Open Source Developers (May 24, 2022)
A
B
A
C
A
All
right
folks,
I
posted
a
link
to
our
agenda
in
the
zoom
chat.
If
you
have
not
yet
please
mark
your
attendance
and
if
you
have
any
opens,
you
would
like
to
add
first
off.
Let
me
ask:
is
there
anyone
interested
in
helping
us
scribe
the
meeting
notes?
We
have
a
couple
of
us
that
tap
away,
but
if
anyone's
interested
in
helping
thank
you
vicky,
please
feel
free
to
participate
in
the
note
taking
now
do
we
have
any
new
friends
that
wanted
to
introduce
themselves
today
and
say
hello
to
the
group.
A
Let
us
move
along,
as
you
have
any
items
you
want
to
add,
as
opens,
please
go
ahead
and
type
away.
Let's
get
a
brief
update
from
our
it
used
to
be
called
projects,
things
that
used
to
be
called
member
projects.
If
you
would
like
to
provide
some
updates,
mr
wheeler's
been
busy
tippy-tapping
away.
You
want
to
start,
sir.
B
Sure,
first
of
all,
open
ssf,
best
practices,
badge
no
change,
see
that
was
easy
right,
yeah
yeah,
we'll
we'll
probably
have
some
more
changes
and
updates
for
the
fundamentals
course
actually
quite
a
bit
going
on.
In
spite
of
the
fact
that
I've
been
completely
overwhelmed,
the
washington
dc
thing
we've
been
working
for
a
while
a
big
update
of
the
sql
injection
section,
which
has
finally
landed.
It
separates
the
whole
concepts
of
parameterized
versus
prepared
statements
in
some
libraries.
B
B
We
have
some
draft
early
prs
from
olivia
and
I'm
very
sorry
I
don't
know
how
to
pronounce
your
last
name.
Galoci
gallucci,
I
believe
anyway,
rit
student
has
started
proposing
pull
requests.
We
thank
her
we're
gonna
start,
we've
already
started
reviewing
them
and
I'm
gonna
do
a
teaser.
We
plan
to
have
an
announcement
on
open
ssf
day
about
ways
to
further
disseminate
the
the
fundamentals
course
materials.
How
you
ask
well
come
to
open
ssf
day
and
find
out.
D
D
Is
dave
russo,
I
don't
know
my
camera's
not
working
for
some
reason:
okay
anyway,
so
general
question
david.
If
if
if
there
are
folks
like
some
of
my
cohorts
here,
we've
been
talking
about
who
want
to
contribute
some
additional
information
to
the
the
fundamentals
course
such
as
maybe
threat
modeling?
B
B
We
would
love
to
hear
improvements
to
the
course
so
yeah,
that's
and
that's
how
we
do
it
now,
once
the
that
the
pull
requests
are
merged,
there's
a
separate,
weird
process
to
actually
get
them
out.
Oh,
my
goodness,
you
have
a
face.
It
worked
shocking.
I
know.
Okay,
how
do
you
have
a
face?
You
probably
have
a
body
attached
to
it.
C
B
So
anyway,
after
it's
merged,
there's
a
weird,
complicated
process
to
get
it
from
github
out
to
edx
and
to
the
lf
training
site.
The
good
news
is
that
it
is
not
your
problem,
it
is
my
problem,
but
it
is
not
your
problem.
So
so,
really
from
your
point
of
view,
it's
the
get
it
to
get
up
and
once
it's
merged
in
on
the
main
line,
and
it
is
the
main
branch
then,
as
I
said,
there's
some
weirdness.
So
we
have
to
be
careful
when
we
do
emerge.
A
A
B
B
A
A
Ruby
groovy
all
right.
Let
us
move
on
to
our
opens.
As
I
teased
moments
ago,
there
is
a
new,
exciting
potential
project
we
all
could
get
to
work
on.
If
you
were
not
aware,
the
foundation
went
to
washington
dc
and
met
with
members
from
the
white
house
and
other
government
officials
to
talk
about
a
open
source
software
security
mobilization
plan.
A
A
Have
we
see
a
couple
head
nods
all
right,
so
I
would
like
to
talk
with
the
group
about,
in
particular,
a
stream
one
which
is
a
deliver
baseline,
secure
software,
development,
education
and
certification
to
all
work
stream,
and,
let's
open
up
with,
has
anyone
had
a
chance
to
read
stream
one?
What
are
your
thoughts
about
some
of
the
ideas
proposed
in
there.
D
A
I
am
very
glad
that
you,
you
must
be
my
straight
woman
again.
I
am
so
before
we
move
on
when
we
are
done
with
our
discussion
today.
I
am
going
to
propose
to
the
group
that
this
working
group
adopts
stream
one
as
a
special
interest
group
and
a
any
number
of
us
could
participate
to
do
exactly
what
you
question.
Vicky
is
refine
that
proposal
zero
in
on
where
we
can
add
value
and
make
plans
for
the
future.
A
So
you
know
if
we
think
we
want
to
have
some
education
for
all
levels
of
education.
You
know
a
person
to
graduate
student
great
if
we
want
to
focus
in
on
other
stuff.
That's
what
a
a
group
a
subgroup
of
us
could
work
on,
and
I
can.
I
will
set
up
a
series
of
dedicated
meetings
for
us
to
continue
to
refine
that
if
people
are
interested,
I
think
I
saw
did
I
answer
your
question.
Ish.
C
B
Yeah,
so
I
actually
led
the
discussion
there,
but
lead
is
probably
the
wrong
term.
I
I
heard
yeah
yeah.
Well,
I
didn't
even
heard
them.
I
was
there
in
the
front
trying
to
observe
the
next
cat,
but
there
were
there's.
You
really
need
to
look
at
the
notes
and
my
thanks
to
the
folks
who
took
the
notes.
I
did
not
and
it
was
good.
You
know
helpful
stuff.
B
One
thing
that
really
struck
me-
and
I
copied
it
in
here-
is
the
separating
of
university
k-12
boot
camps
and
all,
although
it's
not
really
noticed
also,
you
know
also
continuing
education,
because
a
lot
of
folks
they're
already
out
there
and
you
know.
So
how
do
you
know?
How
do
you
reach
these
different
groups
of
folks,
I
think
was
there's
many
many
things
that
were
noticed,
but
I
think
that's
that's
one
of
them.
E
Yeah
I
mean
I
was
lucky
enough
to
be
included
on
some
of
the
discussions
with
that
stream.
One
together-
and
you
know,
some
of
the
things
we
talked
about
early
on
is
the
variance
in
in
curriculum,
not
just
college
and
potentially
the
training
and
certification
that
exists,
but
also
bringing
this
to
a
broader
group
of
people,
some
of
the
underrepresented
groups
within
the
industry,
trade
schools.
E
E
It
really
needs
to
be
broken
out
into
phases,
but
you
know
my
opinion
and
certainly
always
up
for
debate
is
that
we
can't
limit
the
scope
to
you,
know
a
specific
area
and
say:
okay,
well,
we'll
tackle
college,
because
that
seems
like
the
most
relevant,
but
I
think
the
special
interest
group
can
solve
that
problem,
and
I
I
want
to
be
included
in
that.
Please,
and
you
know,
want
to
contribute
as
much
as
I
can
there,
but
I
think
that
that's
where
we
really
need
to
define
this
a
little
bit
further.
E
You
know
that's
just
one
of
the
ones.
I
know
off
the
top
of
my
head,
but
certainly
so
I
think
just
in
in
general.
This
is
a
hugely
important
initiative
and
we
have
an
opportunity-
and
hopefully
vicky's
contacts
and
the
other
group
can
open
some
doors,
but
but
definitely
include
me
in
those
conversations,
because
I
want
to
help
out
as
much
as
I
can
excellent.
A
We
would
start
off
with
refining
the
scope
and
goals
and
then
eventually,
that
group
could
move
into
either
collecting
crafting
content.
It
might
spin
off
into
little
groups.
Maybe
we
have
a
group
focused
on
academia.
A
group
focused
on
kind
of
the
boot
camp
type
thing,
so
we
will
figure
out
how
we
proceed
afterwards.
A
A
B
A
F
A
Yeah,
I
have
not
heard
anyone
throughout
any
of
my
conversations.
Building
the
document
or
through
the
tact
anyone's
really
mentioned
any
kind
of
interest
aside
from
couple
the
folks
here
on
the
line,
but
that
doesn't
mean
that
people
won't
be
willing
to
contribute
if
they're
part
of
a
different
group,
we'd
love
to
have.
Of
course,
all
patches
are
welcome.
F
F
I
I
actually
strongly
support
david's
point
there,
because
you
know
I'm
involved
in
some
standards
organization
where
everything
is
by
numbers
and
it's
absolutely
horrendous
when
you're
a
newcomer,
you
know
it's
like
this
is
sc38,
and
it's
like.
What's
that?
Oh
it's
cloud!
Well,
can't
you
just
call
it
cloud,
then.
A
A
A
A
A
Agreed-
and
I
guess
there
is
a
gentleman
that
is
located
in
hong
kong-
that
has
an
affiliation
with
the
open
ssf
for
linux
foundation
and
I
I
believe
he
got
nominated
to
be
the
sig
lead
and
coordinator.
So
ideally,
that
person
would
be
our
conduit
between
the
two
groups
unless
we
had
any
people
that
had
chinese
linguistic
skills
were
interested
in
participating.
F
So
if
I
may
add
a
little
bit
here
because
I
have
you
know,
I
share
some
background
with
brian,
with
the
hyperledger,
where
we
both
work
and
and-
and
you
know
some
of
this
is
actually
can
be
as
simple
as
the
communication
tools
we
use.
People
in
china
can't
really
use
doc,
google
docs,
for
instance,
just
as
a
starter
and
semi.
You
know,
instead
of
slack
they
use
wechat,
which
you
know
most
of
us
don't
use,
and
so
there
are
things
that
are
so
simple
like
this.
F
That
just
makes
it
easier
for
them
to
to
talk
to
one
another,
and
it
has
been
said
before
it
can
be
the
language,
but
I've
had
colleagues
at
least
two
said:
it's
not
often
the
language,
that's
the
most.
You
know
the
biggest
barrier,
it's
really
more
like
time
zones
and
then
their
focus
and-
and
you
know,
there's
a
so
there's
a
whole
group
of
things,
and
I
mean
our
experience
for
the
hyperledger.
Is
we
set
that
up
and
we
were
not
too
sure
it
would
work
out?
Obviously
we
had
similar
concerns
about.
F
F
D
A
Yeah
very
good
point
we'll
need
to
figure
out
process
and
meeting
checkpoints.
Those
of
if
anyone
is
interested
in
help
providing
some
type
of
liaison
function.
Even
if
it's
meeting
with
the
sig
leaders
there'll
be
some
additional
potential
time
commitments
for
us
to
sync
up
with
those
folks
to
make
sure
and
also
having
as
our
non-mentioned
the
tools
to
be
able
to
share
data
back
and
forth
will
be
something
that
needs
worked
out.
D
A
A
I
feel
that
would
be
a
better
means,
but
I
think
this
is
an
interesting
way.
We
potentially
kick
start
it
try
it
out
and
while
the
tool
like
wechat
isn't
a
tool,
we
could
use
other
places.
We
could
at
least
potentially
use
this
as
a
template
to
spin
up
other
sigs
that
are
focused
in
on
different
areas
around
the
globe.
I
saw
vicki's
hand
first.
C
Sorry
got
distracted
by
little
beeps
from
side.
There
was
an
individual
on
the
hash
general
channel
this
morning
asking
whether
members
from
africa
were
welcome
and
I
think
this
would
be
a
great
opportunity
to
reach
out
to
them
and
say:
yes,
please
join
the
best
working
group,
the
best
practices
working
group.
It's
right.
B
D
B
C
A
B
Yeah
so
too
quickly.
I
actually
did
reply
specifically
about
the
hey
white,
china,
specifically
and
brian's
reply,
and
I
think
he
just
replied
to
everybody
who's.
Basically,
I
mean
it's,
it's
not
the
there's,
a
moral
opposition,
but
he
thought
that
china
in
particular,
was
one
of
the
most
challenging
and
therefore
was
one
that
needed
help
the
most
or
first
or
whatever,
because
of
things
like
you
know
the
great
firewall
and
so
on.
As
far
as
africa
I
mean
obviously
hey
you
know
more
the
merrier.
B
I
will
quickly
note
that
the
best
practices
badge
we
actually
have
a
start
at
a
swahili
translation,
but
our
swahili
translator,
well
I'll
call
him
out
now
now
he
basically
has
has
stopped
contributing
recently.
So
I
will
shake
my
finger
because
I
mean
you
know
I
I
may
have
his
pay.
You
know
with
the
zero
on
top.
I
don't
know
what
the
new
number
is,
but
you
know
but
but
you
know
we
would
love
more.
You
know
you
know,
translation
work
is
actually,
I
think,
one
of
the
more
obvious
for
really
worldwide
participation.
B
There's
a
number
of
languages.
We've
got
a
lot
of
materials
where
just
translating
them
would
be
a
huge
improvement.
I
realize
that
doesn't
solve
all
interaction
problems.
Things
like
can't
access,
google
docs,
which
is
to
my
knowledge.
You
know
I
mean
that's
a
china
problem.
I
don't
think
that's
an
africa
problem,
but
you
know.
Certainly
there
are
challenges
in
many
places.
C
B
A
A
A
A
B
Yeah:
okay:
let's
do
it
unmuted
this
time
yeah,
so
I
I
think
for
many
of
us
we
were
totally
overwhelmed
by
the
gathering
in
washington
dc.
So
I
at
least
for
me
yeah
exactly
I
I
just
for
those
of
you
didn't
know.
I
had
a
10
hour,
zoom
meeting
with
brian
just
you
know,
to
to
cr
to
turn
all
the
various
pieces
into
some
flowing
hole.
B
So
I
have
not
really
had
time
to
work
on
this
and
I
think
that's
the
truth
for
many
other
folks,
so
I
would
propose
let's
just
keep
working
on
this
for
the
next
two
weeks
and
revisit
this
when
we've
had
a
chance
to
actually
really
really
take
it
take
some
work
at
it.
I
I
don't
think
it'll
take
that
that
this
is
not
a
a
multi-year
endeavor,
but
I
think
many
of
us
have
been
too
distracted.
B
A
B
B
A
F
F
B
You're,
absolutely
right
and
and
by
the
way,
I
believe
that
the
only
way
we
can
achieve
something
that
isn't
one
point
font
is
by
not
trying
to
list
everything
in
in
this
directly,
but
instead
linking
out
to
these
other
materials
right,
but
so
so,
basically,
this
is
that
if
you
look
at
a
pyramid,
this
is
the
top.
This
is
the
top
piece
that
brings
you
to
everything
else,
but
for
a
lot
of
folks
who
don't
have
the
background?
A
A
All
right,
ladies
and
gentlemen,
thank
you
for
your
time
and
conversation
today.
You
will
see
a
note
from
me
about
with
a
doodle
invite
to
try
to
find
some
time
for
the
first
of
the
sigs,
and
then
please
also
do
your
homework
and
review.
The
one
page
document
provide
any
last
feedback
on
that,
and
you
will
also
see
a
note
to
mr
bellandorf
talking
about
the
china
developer
sig
and
hopefully
that
will
be
the
first
of
many
potential
expansion
opportunities
to
get
our
content
in
the
hands
of
developers.