►
From YouTube: Best Practices for Open Source Developers (June 7, 2022)
B
A
B
A
A
C
D
Right,
it's
awesome
that
every
time
you're
rushing
at
the
last
minute,
everyone
decides
to
do
a
damn,
update,
yay
zoom,
oh
right.
D
It
knows
it
was
watching
me,
it
knew
I
was
downstairs
grabbing
a
coffee
and
I
was
going
to
be
late
and
had
to
do
it
update
so
welcome
everybody
to
the
very
special
rsa
edition
june
7th
2022
edition
of
the
best
working
group.
D
A
I'm
new,
my
name
is
kara
olive,
I'm,
a
technical
writer
from
google
and
I
technical
writers
tend
to
come
in
from
either
the
technical
side
or
the
writer's
side.
I
come
from
the
writing
and
education
side
where
you
annoy
so
I
just
thought
I'd
listen
in
today
and
see
what
you
guys
are
chatting
about.
A
B
Great,
I
I
tried
to
capture
your
name
correctly.
Did
I
do
that.
D
All
right,
I
think
today
is
going
to
be
an
amazing
call,
but
first
do
we
have
anyone,
that's
interested
in
helping
us
take
notes
and
scribe
today.
C
Sounds
like
mr
wheeler
is
right
on
top
of
it,
but
I
will
assist
when
he
is
when
he
is
otherwise
engaged
or
I
will
trust
you.
D
Many
hands
makes
light
work
absolutely
all
right
if
you
are
interested
in
talking
about
anything.
If
you
have
any
opens,
please
note
those
in
the
agenda.
Our
first
item
we
want
to
do.
Does
anyone
have
any
major
project
updates
they
wanted
to
share
with
the
team.
B
I
don't
know
if
their
major,
but
I
have
two
quick
updates
for
the
badge
in
the
course.
The
fundamental
scores.
D
B
All
right
so-
and
this
is
already
in
the
notes-
because
I
try
to
pre
pre-fill
the
badge-
oh
whoops-
is
there
a
problem?
No.
B
Okay,
I
was
afraid
I
was
I
I
was
afraid
you
were
pointing
your
ear
and
saying
you
couldn't
hear
me,
no,
not
that
that's
ever
happened
on
a
zoom
call
before
so
real
quick
on
the
badge
we
routinely.
B
As
you
know,
as
we
are
trying
to
encourage
all
projects
to
do
we
get
reports
when
there
is
a
vulnerable
dependency
detected,
we
got
a
vulnerability
reporting,
particularly
in
our
web
server
called
rack
and
we
updated
and
fixed,
and
so
on,
probably
more
interesting
on
the
course
kind
of
two
things.
I
don't
think
I've
mentioned
this
before,
but
an
rit
actually
she's
a
sophomore.
A
student
has
offered
to
give
us
a
hand.
B
Her
name
is
olivia
just
has
started
interacting
kind
of
looking
over
and
just
basically
right
now,
just
walking
through
the
whole
course
proposing
editorial
changes
she's.
As
long
as
we
go
that
you
know
different
style,
but
I
believe
already
some
of
her
changes
are
actually
already
deployed,
so
you
know
we,
although
you
know
right
now,
we're
much
more
focused
she's
jumping
into
the
pool.
So
right
now
it's
much
more
focused
on
tech
edits,
but
you
know
what
you
get
enough:
improved
tech
edits
that
makes
the
document
and
the
material
easier
to
understand.
B
We
want
maximum
ease
of
understanding,
for
this
is
at
least
related
to
the
fundamentals
course
I
own
on
openssf
day,
going
to
be
giving
a
short
talk,
half
an
hour
talking
about
education,
talking
about
stream
one
in
general,
but
I'm
working
on
that
presentation
right
now,
so
I
don't
know
exactly
what
it's
going
to
say
yet,
but
I'll
I'll
find
out
soon
and
I
do
plan
to
make
a
secret
announcement.
I
have
mentioned
that
earlier.
So,
oh
it'll
be
good,
it'll
be
good.
B
So,
but
I
I
want
to
have
something
something
new
to
announce
so
you'll
hear
about
it.
If
you
drop
it
open,
that's
that
day,
then,
hopefully
that's
a
that's
a
enough
to
convince
you
to
come,
join
our
fun!
That's
I'll,
be
there
excellent.
D
All
right,
speaking
about
stream
one
once
mr
wheeler
replies
to
an
email,
we
will
be
having
a
new
meeting
on
the
calendar
for
those
that
are
interested
for
the
probably
going
to
be
called
the
education
sig
of
the
best
working
group.
D
Everybody
is
welcome
to
participate,
we're
focusing
in
on
the
mobilization
plan
stream,
one
going
to
try
to
take
an
inventory
of
our
current
assets
in
education
and
awareness,
see
if
we
have
any
gaps
and
then
decide
on
how
what
types
of
tiers
of
things
are
we
going
to
how
we're
going
to
break
this
up
and
attack
the
plan
at
many
different
levels
like
approaching
higher
education
approaching
secondary
education,
doing
boot
camps
at
conferences
webinars,
so
we're
gonna
figure
all
that
out.
D
C
Which
week
do
you
anticipate
having
the
first
meeting?
Would
that
be
this
week
next
week.
D
Next
week,
I
think
it
just
all
depends
on
how
quickly
we
get
an
email
responded
to.
We
decide
on
a
name
for
the
calendar,
but
probably
next
week
and
then.
D
D
E
E
We
already
had
like
10
interactive
laps
that
people
could
do,
but
now
we
also
have
all
the
material
around
it
and
explaining
basically
the
infra
and
altery
part
of
why
and
how
you
should
do
things
with
nice
examples.
If
you
don't
how
easy
it
will
be
for
the
offensive
side
to
actually
abuse
those
type
of
misconfiguration
and
vulnerabilities.
E
Also,
we
spoke
actually
to
the
people
of
github
here
in
the
netherlands,
because
we
also
implemented
the
sso
feature
and
functionality
in
skf,
and
they
want
to
help
us
and
guide
us
a
bit
for
in
like
two
weeks,
I
have
a
meeting
again
with
them
how
to
implement
the
sso
and
federate
with
github,
so
people
are
able
to
log
in
using
their
github
account
actually
yeah.
E
This
is
also
quite
important
because,
after
that,
we
can
actually
work
on
the
yeah,
the
gathering
of
the
metrics
of
who
did
what,
how
many
time
they
spent
in
doing
labs
or
gathering
security
requirements
yeah.
So
that
was
also
very
nice
that
you
know
the
the
people
from
github
panel
are
yeah
going
to
help
and
assist
us
a
bit
in
that.
So
we
can
move
some
yeah
some
ground
there,
a
bit
quicker.
E
Yeah
using
the
whole
key
cloak
and
the
gateway
and
all
that
good
stuff,
so
yeah,
no,
the
ssl
stuff
I
fixed.
Actually
today
I
renewed
these
certificates,
but
that's
not
what
you
meant.
D
This
is
a
project
that
I've
been
working
on
for
a
little
bit
and
it's
designed
to
be
a
one-page
document
for
developers
to
quickly
be
able
to
see
some
of
the
most
impactful
security
things
they
can
do
and
then,
where
there
will
also
be
a
companion
piece
around,
was
it
configuration
and
operations,
david
evaluation,
evaluation.
B
Generating
out
the
other
is
bringing
in
yeah,
we
definitely
need.
Do
you
have
a
link
in
there
notes
yeah.
Let
me
add
that.
D
So,
do
you
want
to
lead
us
through
where
we
are.
B
Sure
I
probably
I
I
I
did
not
accept
changes
so
that
everybody
could
see
what
the
most
recent
changes
are.
It
does
mean
it
looks
like
kind
of
a
mess,
but
I
thought
for
transparency
purposes.
B
It
would
be
better
to
leave
the
changes
in
for
now
after
and
we
can,
during
or
after
this
meeting
you
know,
go,
accept
all
and
see
what
nonsense.
We
have.
I
mean
part
of
the
challenges
here.
We
really
want
to
try
to
make
this
short.
I
know
the
one
page
constraint
is
somewhat
artificial,
but
I
think
it's
helpful
because
it
sure
is
easy
to
move
on
to
many
many
pages
with
this
stuff.
B
So
in
that
spirit
shortened
up
the
top,
you
know,
and
it
already
said
who
it
was
for,
but
sounds
like
some
people.
It
wasn't
so
obvious.
So
now
it's
the
intro
is
just
one
sentence:
here's
a
quick
guide
for
software
developers
for
developing
more
secure
software
throughout
development
building
distribution.
B
And
then,
when
you
see
the
text
down
there,
we
are
very
much
trying
to
whoops.
Why
is
that
number
there
in
there,
okay
trying
to
divide
out
between
making
it?
You
know
providing
specific
recommendations
and
guidance,
but
very
very
little
space.
B
I
didn't
try
that
hard
to
reorder,
mainly
because,
as
soon
as
you
start
moving
stuff
around
everything
is
deleted
and
everything
is
removed.
So
you
can't
really
see
what
changed.
B
So
I
focused
more
on
taking
people's
comments
and
changing
them
up
so
and
and
making
sure
that
they're
there
for
the
most
part.
I
I
think
we,
I
think
we're
cl,
I
think
we're
decently
close.
There
is
a
couple
arguments,
so
let
me
point
out
to
the
commented:
the
yellow
areas,
sorry.
D
Arguments
it
has
a
family
david,
I'm
just.
B
A
B
B
B
So
so
let
me.
A
A
B
That
all
right
all
right,
so
I
so
let
me
just
verbally
point
out
some
of
the
things
that
are
common.
One
was
the
don't
pushing
secrets.
Really
there
isn't
an
argument
whether
or
not
this
is
a
good
thing
to
do.
The
issue
is
we
already
have
a
number
five,
a
user
combination
of
tools
pointing
to
the
guidance
on
security
tools
from
the
open,
ssf
tools,
working
group
and
that
one
already
mentions
the
secret
storage
stuff
and
tools
for
looking
at
it.
B
C
B
Okay,
probe.
D
B
Okay,
very
good,
all
right,
we'll
have
to
be
careful
about
that,
because
we're
trying
to
make
it
short,
but
okay,
let's
just
keep
it
in
and
we'll
see
if
we
can
squish
everything
else
to
it,
the
rapid
updates
and
tests.
B
B
B
Yeah,
so
let's
see
here
make
it
easy
for
your
users
to
update
possible
future
blog
opportunity.
I
totally
agree
in
fact
we
could
probably
make
a
blog
on
each
point.
So
why
don't?
I
just
say
that
that's
true
for
everything
and
I'll
check,
agree
and
yeah.
D
I
came
to
that
realization,
like
two
steps
after
I
made
that
comment
like
well
hell.
Everything
here
should
be
a
blog,
and
that
is
an
opportunity
for
this
group
to
potentially
either
identify
existing
content
or
create
some
new
content
around
these
topics.
B
Yeah
well,
it'd
be
good
to
describe
when
they
apply.
I
think
we
already
did
that
salsa
should
always
apply.
Lfx
is
primarily
if
you're
an
lfx
project.
Cncf
is
kind
of
a
weird
one.
It
was
originally
designed
for
cloud,
but
a
significant
part
of
it
does
apply
to
non-cloud.
B
So
I
I
really
hate
I
mean
you
know
it
takes
a
different
tact,
but
that's
not
a
bad
thing,
so
I
don't.
I
don't
think
we
want
to
do
the
third
party
audit
if
you
can
afford
it.
I
think
that
that's
a
caveat
I
mean
you
know,
that's
really
the
only
reason
I
think
everybody
should
do
a
third
party
audit.
The
only
problem
is
funding
resources,
not
whether
or
not
it's
appropriate.
B
A
My
my
reading
from
the
perspective
of
someone
who
is
not
reading
the
security
domain
is
that
they
will
understand
the
things
that
are
on
the
beginning
and
then
you
have
abbreviations,
abbreviations,
abbreviations,
abbreviations.
If
you
do
not
know
this
stuff,
you
will
say
I
don't
know
what
is
I
don't
know
what
it
is.
I
don't
know
what
it
is.
Okay,
let's
throw
it
away.
B
B
Right
right
now,
I
agree
with
you
that
the
scope
should
be
here.
I
don't
know
of
any
case
where
it's
not
here.
Asvs
applies
to
everybody.
Third
party
applies
to
everybody.
If
you
can
afford
it,
cncf
I'm
going
to
argue
applies
to
everybody.
I
know
that
some
of
it
is
cloud
specific,
but
not
the
whole
thing.
Lfx
security
is,
if
you're
an
lf
if
you're
an
lf
project,
did
I
miss
anything.
B
So
I'm
agreeing
with
your
with
your
statement,
but
I
think
we
get
we
got
it.
We
did
have
to
make
some
changes,
but
hopefully
we
got
it
now.
D
And
potentially
I
I
would
imagine
that
once
we
publish
this,
we
will
work.
You
know
with
the
tack
on
the
governing
board,
maybe
do
a
blog
to
announce
it
and
we
can
provide
some
additional
context
saying
this
is
a
great
beginning
point
and
there's
a
lot
of
other
resources.
We
refer
here
to
blah
blah
show
up
at
the
working
group.
If
you
have
questions.
A
B
And
now
we
could
say
at
the
top
a
semicolon
see
the
see,
links
for
details
would
that
would
that
help?
Because
you
know
because
the
goal
of
this
is
not
to
be
the
final
document
and
the
only
thing
you
read.
C
I
don't
know
I
mean
if
we
have
to
tell
you
to
follow
links
that
are
pretty
obviously
links.
Then
I
have
to
wonder
either
a
whether
you've
existed
on
the
web.
Yet
maybe
you
have
it
or
b
it's
possible
that
our
css
is
messed
up
and
things
don't
look
like
links,
so
we
can't
necessarily
blame
the
reader.
B
C
That
for
that
one,
but
yeah
we
shouldn't
have
to
tell
people
to
follow
links
for
more
information.
Let's,
let's
give
our
our
audience
some
modicum
of
grace
here
and
assume
that,
yes,
they
know
how
to
use
the
internet,
or
at
least
the
web.
B
Sure
I'm
stretching
yeah,
okay,
all
right
so
so
so
mark.
I
I
agree
that
we
need
to
make
it
clear
when
they
apply.
I
think
that
we
did
that
and
if
not,
let's,
let's
circle
back,
you
know
because
obviously
we're
just
kind
of
running
through
the
document
real
quick.
So
I'm
gonna
claim
that
we
did
that.
But
if
you
re-look
at
it-
and
you
find
a
place
where
we
didn't
do
that-
please
re-raise
okay,
does
that
seem.
Does
that
seem
reasonable.
B
A
B
Okay,
yeah
absolutely
yeah.
The
trick,
of
course,
is
we're
trying
to
do
this
in
one
page,
so
we're
not
going
to
get
into
grand
details
but
yeah.
If
it's
only
applies
to
alex
projects,
then
we
should
say
that
let's
see
here,
what
are
the
other,
I'm
looking
at
the
yellow
text?
Oh
wait
a
minute!
You
know
what
I'm
going
to
quickly
look
over
at
our
friends
who
have
clicked
on
the
hey.
Please
let
me
edit
button.
So
if
everyone
can
give
me
just
a
moment
or
maybe
stall
for
me
and.
A
I
can
stall
for
you
for
a
moment.
I'm
just
I
mean
it
sounds
like
you're
coming
to
the
closing
stage
of
this,
and
I
just
have
maybe
one
suggestion
that
could
be
pretty
easy
to
do.
A
There's
a
lot
here
and
I
think
it
might
get
greater
attraction
with
people
if
you
organize
it
a
little
bit
in
terms
of
it,
looks
like
there's
things
that
you're
telling
people
not
to
do
and
then
there's
things
that
are
just
sort
of
you
know
enable
this
throw
this
switch.
You
know
start
using
this
tool,
so
just
sort
of
one-time
actions
of
turn
on
dependable
or
avoid
doing
these
things
anti-patterns
and
then
you
know,
start
auditing
your
projects
for
this
and
start
implementing.
You
know
new
doing
new
practices
going
forward.
A
You
might
wanna
if
you
organized
it
that
way
of,
like
you,
know
these
one
through
five.
Don't
do
this
six
through
11.
B
I
don't
okay,
I
don't
think
we
can
do
that.
One
page.
I
think
that
is
not
possible.
What
we
should
do
is
organize
it,
though
I
totally
agree.
Last
time
we
had
agreed
that
we
would
organize
this
more
or
less
by
the
expected
order
of
events
that
people
will
do
so.
Basically,
some
of
the
easy,
quick
wins
and
then
you
know
the
things
that
we
would
kind
of
hope.
You
know
if
you're
gonna
do
steps
one
through
ten
do
one
first,
then
two
but
here's
the
problem.
B
If
I
tried
to
do
that
with
the
current
document,
then
you
can't
see
the
other
changes,
because
when
you
move
stuff
around
it's
a
delete
of
everything
and
an
insert
of
everything.
So
there
was
no
way
to
see
the
other
changes
made.
So
what
I
would
propose
is,
let's
do
some
quick
fixes,
accept
all
and
then
between
now
and
next
gathering
try
to
work
out
an
order
and
then
hopefully
we
will
can
declare
this
thing
sort
of
a
victory
group.
I
mean
yeah,
I
mean
yeah
exactly
exactly.
B
If
we
can,
it's
not
like
there's
a
deadline
or
bust,
but
I
don't
want
to
be
working
on
this
three
years
from
now
as
the
working
group
work.
So
I
I
want
to
try
to
make
forward
progress
and
complete
in
a
relatively
near
term,
and
I
see
vicki's
hand.
C
I
never
have
anything
to
say
I
know
I'm
so
quiet
demir.
No,
I
think
that
your
idea
to
to
accept
everything
to
kind
of
clean
up
the
doc
and
then
move
forward
is
you
know,
spot
on
diego
team.
Let's
do
that,
but
then,
after
that,
I
in
particular
would
love
to
have
a
pass
of
a
writing
professional
who
also
is
comes
from
the
education
background,
so
cara.
C
I
would
very
much
value
your
input
on
this
afterward
to
especially
since
you
know
this
is
what
you
do
right
and
if
so,
you
were
able
to
take
our
really
great
first
pass
and
see
what
you
can
do
to
make
it
more
accessible
to
the
audience
and
while
also
perhaps
staying
to
that
one
page.
Definitely
that's
our
that's
a
hard
goal.
C
Anything
you
could
do
to
make
that.
I
would
think
that's
amazing.
I
mean
seriously.
I
cannot
understate
how
thrilled
I
am
that
you're
here
we
don't
see
enough
tech
writers
in
in
these
in
these
working
groups,
so
you're
you're,
like
a
unicorn.
Your
solid
gold
unicorn,
is
what
you
are
for
me
right
now.
B
Awesome
and
we
do
have
tech
editors
at
the
alf-
also
that
I
can
sick
this
on
and
having
multiple
eyes
is
awesome.
So,
let's
yes,
so
let's
do
that
the
problem
with
our
tech
cars
in
our
end
is
they
may
not
have
the
technical
background.
I
mean
that's
always
the
challenge.
So
you
know
karen
particularly
sounds
like
you've
got
some
overlap
and
that's
be
awesome.
We'd,
love
to
and
we'd
love
to
have
all
your
input.
So
thank
you.
B
Yes,
okay,
whoops,
and
I
think
the
last
comment
was
deleted
and
I
accepted
a
whole
bunch
of
edits.
So
I'm
kind
of
hoping
that
everybody
can
now
see
the
state
so
are
we
are?
Are
we
good
enough
to
accept
all
changes
and
then
we
can
bicker
about
improvements
from
there
and
maybe
reorders
and
and
draft
improvements?
Are
we
close
enough
for
that
and,
as
I
said,
I
want
at
least
let
people
see
the
changes
that
were
made
to
the
text.
D
We've
got
a
bunch
of
people
thumbs
up
that
are
plus
one,
and
I
think
okay
and
I
had
one
additional
suggestion
david.
I
don't
know
if
we
talked
about
the
audits,
I
don't
know
if
we
want
to
link
like
to
alpha
and
omega,
but
that's.
D
D
B
No,
we
do
not
this.
These
links
should
be
hey,
you're,
reading
this.
Here's.
What
to
do
next
alpha
omega,
isn't
a
do
next!
Okay,
because
alpha
omega
is
looking,
you
know,
because
otherwise
they'll
be
overwhelmed
with
everybody
thinks
they're
important,
and
you
know
what
everybody's
important
everybody
we
got
that,
but
for.
B
That's
right,
that's
right,
but
you
know
there
there
are.
There
are
many
projects
which
are
important,
but
others
are
well
anyway.
I
don't
want
to
actually
cash
shape.
This
is
the
point,
though,
is
that
it
won't
be
helpful.
B
Now
I
guess
we
could
point
them
to
sos.dev,
but
that's
not
going
to
be
enough
to
do
a
code
review
in
most
cases.
That's
going
to
be
you
know,
those
are
for
small
amounts
of
small
focused
activities,
all
right
so
somewhere.
I
will
find
the
button
that
says
accept
all
and
then
what
I'm
going
to
ask.
Is
everybody
please
review
the
new
how
to
in
the
world.
B
D
B
Okay,
fair
enough
all
right
somewhere,
I'm
going
to
find
this
accept
all
button.
I
haven't
found
it
yet,
but
while
we
move
on
to
something
else,
but
I
think
we've
made
big
progress.
Folks
and
now
the
other
document
which
is
kind
of
supporting
doctor
is
the
evaluation.
I
did
work
to
try
to
start
to
clean
that
up
and
shorten
it.
I
think
for
time
I
mean
we
can
take
a
look
if
there's
nothing
else,
for
this
working
group
that
we
want
to
do
today.
B
But
this
is
the
document
I
most
wanted
to
work
on
today
and
we
can
talk
about
what
we
want
to
do
with
the
rest
of
our
meeting
time.
Are
there
any.
D
Additional
opens
or
topics
people
would
like
to
talk
about,
or
we
go
look
at
the
evaluation,
doc.
A
So,
just
before
you
move
on,
I
mean
I
think
you
know
I
I
was
the
one
saying
last
time
we
shouldn't
get
to
the
one
page
by
just
using
a
smaller
font,
but
I
see
dave
actually
said
on
on
the
chat.
There's
a
very
big
margin
now-
and
I
agree
with
that.
So
maybe
we
can
change
that
margin
a
little
bit
and
get
to
the
one
page.
I
think
that
would
be
reasonable.
B
I
I
to
be
honest:
I
was
teasing,
I
wasn't
serious,
but
you
know
what,
if
a
small
margin
change
in
the
end
is,
you
know
solve,
makes
things,
so
this
is
a
good
result
really.
What
I
want
is
a
good
result,
and
you
know
what
I'm.
What
I'm
fearful,
though,
is
that
it's
so
easy
to
move
into
the
300
page
documents,
and
this
isn't
that
the
goal
of
that
so
having
an
arbitrary
one,
page,
really
forces
us
to
throw
away.
You
know
to
prioritize,
I
would
say.
B
That's
right,
that's
right,
and
maybe
somebody
who
is
more
familiar
with
google
docs
can
tell
me
where
the
heck,
the
stinking
accept
all
button
is.
Okay.
Crook
will
help
me.
B
B
All
right,
well,
I
knew
I
knew
it
was
our
thing
in
many
other
things.
Look.
C
B
B
All
the
pink
went
away.
The
document
is:
oh,
my
gosh.
It's
one
page
a
miracle
occurred,
so
we
don't.
We
might
not
have
to
do
the
page
margin,
games
or
the
or
or
the
I
mean,
there's
actually
a
whole
lot
of
games,
the
indent.
How
much
do
you
indent
when
we
have
to
do
kerning
adjustments?
That's
when
things
are
have
gotten
scary,
all
right.
So
why
don't?
I
don't
go
below
and
say
proposed
orderings,
okay,
and
that
way
we
won't.
B
If
you
want
to
propose
changes
to
the
text,
that's
great,
but
if
it's
just
an
ordering,
because
we
can't
see
different
people's
proposals
if
we
embed
it
within
this
document
itself,
because
there's
many
of
us,
let's
do
it
below
and
then
we'll
we.
A
B
Yeah
I
mean
seriously
if
there's
something
that
needs
to
be
re-added
great,
but
we
are
trying
to
keep
this
pretty
darn
short
with
links
to,
and
the
thing
is
we're
not
really
removing
information,
because
we
can
just
link
to
other
stuff
with
more
of
the
details,
but
we're
trying
to
give
people
that
that
starter
place.
Okay.
So
if
you
look
on
the
number
three,
it
says
evaluate
code
before
selecting
it.
B
A
B
A
D
Oops
all
right,
let
us
look
at
evaluating
software.
B
Okay,
in
some
ways,
of
course,
this
is
a
pair
and
you
know
I
will
note
that
one
of
the
bullet,
one
of
the
points
is,
is
there
evidence
that
the
developers
work
to
make
it
secure
and
then
it
links
back
to
the
first
document.
So
both
these
documents
link
to
each
other
and
I
think,
that's
reasonable.
When
you're
developing
you
evaluate
software
to
bring
it
in
when
you're
evaluating
software
you're
looking
for
would
are
they
doing
the
same
sort
of
things
that
you
should
be
doing
yourself.
B
So
I
fully
acknowledge,
there's
cyclic
references
and
I
think
it's
appropriate
okay,
so
again,
there's
a
lot
of
of
lines
and
so
on,
because
I'm
trying
to
show
the
changes
to
the
document,
I
didn't
try
to
delete
the
to-do
at
the
bottom.
B
For
those
who
aren't
familiar
with
how
this
document
was
created,
the
idea
the
group
discussed
creating
a
quick
guide
and
the
problem
was
well.
What
do
we
start
with,
and
so
I
copy
pasted
material
from
the
course
on
how
to
develop
secure
software,
which
has
some
information
about
evaluation.
Now
it's
a
different
context
and
they're.
Not
it's
not
worried
about
one
page.
B
So
now
there
is
a
slight
variance
here.
The
first
page
is
about
developing
software
at
all.
This
one
is
focused
only
on
evaluating
open
source
software
under
the
premise
that
most
the
times
when
you're
reusing
software
you're
reusing
open
source
software.
It's
not
always
true.
It's
not
always
true
got
that.
I
mean
if
you're
running
on,
if
you're
running
on
windows,
you
are
technically
reusing
the
windows
operating
system.
It
is
not
open
source
software
got
it.
B
So
the
theory
here
was
that
for
for
purposes
of
trying
to
get
this
done
within
our
lifetimes
focus
a
little
bit,
and
since
this
is
the
most
common
case,
focus
on
common
case
does
that
seem
especially
given?
This
is
the
openness
up
all
right.
So,
as
you'll
note,
what
has
happened
here
is
basically
attempts
to
really
cut
out
a
lot
of
the
texts.
B
Frankly,
I
have
not
quite
succeeded
in
shortening
this
down.
I
didn't
spend
as
much
we
haven't
spent
as
much
time
on
this
doc
as
the
other
one.
So
really,
I
think
the
question
here
is:
we've
made
a
start
at
this:
it's
it's
not
done,
and
it's
not
as
good
as
shape.
We've
got
a
bunch
of
deletions,
but
I
wanted
to
show
those
before
we
actually
perform
them.
B
If
anybody
had
any
issues,
I
mean
we
can
again
just
accept
all,
and
so
it's
not
quite
so
messy
and
then
repeat,
just
like
we
did
with
the
other
document,
but
I
don't
want
to
do
that
without
at
least
giving
folks
a
chance
to
have
looked
at
it
and
if
you
want,
we
want
to
accept
all
later
to
give
more
people
time
to
review
it.
That's
great,
too
vicky.
C
This
is
another
one
where
I
think
a
lot
of
people
might
not
have
edit
access
myself
in
particular,
so
I
can't
see
all
the
cute
little
pink
lines.
Oh.
B
No
well
how's
this.
Let's,
let's
see
if
we
can
have
more
shared
documents
and,
let's
all
right,
yeah
all
right.
So
hey
lesson
learned
he's
not
on.
Is
she
I'm
sorry.
D
A
kind
of
a
sidebar:
this
is
a
chronic
problem
across
the
groups,
and
maybe
we
need
to
see
if
we
can,
at
a
foundation
level
find
a
way
to
have
appropriately
permissioned
share
and
as
we
drop
files
in
there,
it'll
inherit
the
right
thing.
D
B
A
B
B
All
right,
if
you'll,
if
you'll,
take
the
action
to
talk
to
jory.
I
suspect
this
is
a
quick,
easy
fix,
but
just
we'll
we'll
get
this
to
we'll.
Let
let's
get
this
done
for
now
and
yeah.
Let's
work
out
the
long-term
solution
to
make
things
better.
Okay,
so
same
way
have
any
opening
comments
about
kind
of
the
you
know
I
mean
I
realize
this
isn't
quite
as
further
along,
but
on
the
least
the
direction
we're
going.
It's
basically
the
same
kind
of
process.
B
You
know
we're
taking
some
materials,
we're
adding
it
down
to
try
to
shorten
it
up.
There
are
maybe
things
that
are
missing.
Please
add
them
a
couple:
people
added
things
that
were
kind
of
duplicates
or
belonged
in
certain
categories,
so
I
tried
to
move
them
so,
for
example,
the
review
last
commit
and
its
date
revealing
the
last
date
of
the
commit
is
all
part
of
the
reviewing.
B
You
know
whether
or
not
it's
maintained
and
reviewing
the
last
commit
and
the
install
scripts
are
all
part
of
the
evaluation,
the
software
itself.
So
it's
it
shows
it
as
deleted.
Number
three:
it's,
but
in
fact
what
happened
is
that
moved
into
the
various
sections
that
hopefully
to
try
to
give
it
a
little
structure.
B
B
D
Well,
I
would
cancel
this
sorry
ricky,
like
the
other
document,
if
we
could
transform
these
statements
into
actionable
dialogue,
that
would
be
much
more
useful
to
the
reader.
So
if
we
can.
B
B
All
right,
I'm
just
gonna,
say
change
to
be
active
voice.
Do
x,
change
all
entries.
A
David,
I
I
accepted
some
of
the
changes
this
morning
so
yeah.
So
I
don't
know
if
you
want
to
revert
to
that
version,
for
you
know
the
benefit
of
others,
but.
B
It's
okay.
I
mean
if,
if
you're
the
one
who
made
the
changes
and
accepted
it
in
we,
we
didn't
say
do
not.
You
know
only
make
suggested
changes.
Maybe
we
should
have.
I
try
to
usually
do
that,
but
we
didn't
make
it
a
hard
rule
or
anything.
So
you
know
at
this
point,
I'm
afraid
to
go
backwards
because
multiple
people
have
edited
it,
and
I
don't
know
frankly
that
sounds
like
a
dangerous
game,
undoing
other
people's
changes
so
fail.
D
B
B
B
C
C
B
That's
right,
maybe
I'll,
remember
it
okay,
so
I
mean
you
know,
there's
more
work
to
do
on
this.
It's
obviously
nowhere
near
one
page,
which
is
the
goal
there,
but
you
know
we'll
we'll
keep
hacking
down
to
try
to
make
this
shorter,
preferably
with
more
links.
Okay,
so
we're
making
progress.
D
Yeah,
so
let's
make
that
our
homework
for
next
time.
Please
review
the
document.
Add
your
suggestions.
If
you
have
links
to
resources,
those
are
infinitely
helpful
as
well
and
we'll
make
that
our
topic,
for
is
that
gonna
be
austin.
B
D
I'll
shoot
a
note
out
to
the
group
to
get
your
opinion,
but
there's
a
high
probability
that
we
will
cancel
the
call
for
austin.
B
D
D
So
high
probability,
we're
gonna
cancel
the
call
and
we'll
meet
again
in
july,
but
please
don't
let
that
far-off
date
lull
you
let's
try
to
commit
to
get
suggestions
in
the
next
week
or
two
so
that
we
can
come
back
and
actually
potentially
maybe
get
it
trimmed
down
to
one
page
in
one
meeting.
D
D
All
right,
well
with
that,
I
will
close
the
call.
I
agree
sammy
good
good
call.
Thank
you.
Everybody,
I'm
very
excited
we're
so
close
to
getting
this
little
project
done,
and
we
will
talk
to
you
very
soon,
hopefully
in
austin,
if
not
we'll
talk
to
you
july,
cheers.