►
A
All
right,
we
have
quite
the
collection,
I
don't
see
krog
so
xavier.
You
may
be
point.
B
Yep,
okay:
let's
check
this
party
started,
then:
okay,
hello.
Everyone
welcome
to
the
best
practices
for
open
source
developers
working
group
session.
Let
me
if
you
don't
yet
have
access
to
the
agenda.
Let
me
quickly
put
it
in
the
chat.
B
Okay,
here
we
go
okay,
so
I
put
the
agenda
in
the
chat.
So
please
add
yourself
to
the
list
of
attendees
of
today.
B
And
we
will
start
as
usual,
with
a
short
presentation
of
new
attendees.
So
if
someone
here
is
new,
please
and
mute
yourself
and
present
yourself.
C
D
I
am
joshua
mulligan.
I
work
at
red
hat,
I'm
a
security
architect.
B
E
F
G
E
I'm
jack
kelly,
I'm
a
infrastructure
engineer
at
control
plane
I
joined
most
of
the
other
open
ssf
calls
just
to
listen
in.
So
it's
good
to
be
here
and
it's
a
nice
to
see
a
fellow
jay
kelly.
B
B
Well,
okay!
Well,
welcome
you
fans!
I
I
hope
you
will
find
a
nice
place
here
or
discussions
about
best
practices
or
personal
yeah
call
for
someone
to
willing
to
scribe
for
the
meeting.
B
When
you
will
skip
when
you
will
speak,
I
will
write
david
if
that's
okay,
okay,
good!
Let's
do
that!
B
So
if
any
of
you
have
something
that
they
want
to
talk
about,
please
list
the
new
items
in
the
agenda.
Okay,
so
you
have
access
to
the
agenda.
Let
me
put
it
again
in
the
chat
for
anyone
or
just
join
okay,
so
put
the
list
of
items
that
you
would
like
to
discuss.
B
In
the
agenda
and
then
we
will
go
to
it
and
then
we
will
start
with
the
working
group
charter.
We
need
to
review
it
to
debate
it
and
eventually
to
get
approval
on
this
chart.
H
I
didn't
really
review
it,
yet
I'm
just
reading
through
it
now
and
I'm
just
wondering
how
it
would
work.
For
example,
in
case
of
you
know,
a
project
like
like
myself,
eskia,
which
is
actually
you
know,
part
of
two
open
source
communities
right,
the
old
wasp
and
as
well
the
openness
step
yeah.
It
is
a
bit
I
think,
conflicting
with
our
and
what
I
mean
are
the
oldest
community
assets,
the
intellectual
property
policy
etc,
and
I
also
don't
see
really
any
so
far.
H
I
I
didn't
really
read
it
that
well,
but
I
don't
see
any
deviations
or
edge
case.
A
B
Okay,
I'm
trying
to
type
at
the
same
time.
So
sorry
about
this
so
david,
you
you're,
saying
that
the
tsc
section
there's
a
technical
steering.
E
A
Don't
I
don't,
do
we
have
a
plan?
Are
we
planning
to
create
one
and,
if
not
probably
I
I
have
to
admit,
I
I'm
wondering
if
the
comment
back
up
to
the
attack
might
be
hey,
we
don't
nobody
has
a
tsc.
Maybe
we
need
to
modify
the
draft
charter
first
and.
I
A
I
do
think
that's
one
thing
we
ought
to
do
and
there
is
some
a
step
on
this
is.
What
is
the
scope
of
this
particular
working
group?
I
there
may
be
one
on
the
read
me,
but
I
think
that's
at
least
a
key
part
of
this.
B
Okay,
so
I
see
in
the
the
chat
at
the
same
time,
eva
you
want
to
to
jump
in
and
tell
us
what
you
think
you
say:
scope
and
primary
part
of
compatible.
So
I
will
put
that
in.
C
No,
no,
hey,
hey
grob
good
to
see
you
too
no
further
comment
than
that.
Just
that
you
know
the
sort
of
minimum
thing.
I
think
the
attack
was
looking
for
our
definition
of
scope
and
a
primary
point
of
contact
from
every
every
working
group.
A
So
I
would,
I
would
move
based
on
that.
The
primary
points
into
contact
in
this
case
should
be
krobe
and
xavier
for.
E
A
A
I
C
B
Okay,
okay,
so
to
get
the
approval,
we
agree
that
we
just
need
to
get
the
scope
and
primary
pot
of
contact
added
to
the
charter
and
then
the
other
proverb
from
the
deck.
I
see
that
jeff
has
raised
a
hand.
G
Yeah,
I
was
just
looking
at
the
scope
in
the
charter
and
I
noticed
it
has
an
enumeration
of
you
know:
activities
like
documentation,
testing
integration.
I
thought
it
might
be
good
to
list
like
tools
there
that
you
know
implement
best
practices
like
scorecards.
G
If
the
scope
is
on
the
readme
and
then
we
we
reference
it.
That
seems
good
too,
but
if
we're
going
to
list
out
things
in
the
charter,
I
think
tools
would
be
a
good
thing
to
list
as
well.
A
G
B
Yeah,
I
remember
we
we
already
had
this
debate
a
lot
about
the
tools
and
yeah.
I
think
we
said
we
said
that.
Basically,
if
I
remember
correctly,
I
think
we
said
yes,
let's,
let's
leave
everything
towards
the
tools
working
group
and
every
time
we
we
have
well,
we
need
to
coordinate
with
them.
Then
we
coded
it
with
them
or
we.
B
B
G
B
Okay,
okay,
so
yeah,
so
for
this
charter
we
will
get
the
scope
and
probably
point
of
contact
added
to
that
we
will
so
I
I'm
asking
this
group
all
of
you
to
kind
of
look
for
look
out
for
a
pull
request
on
this
of
this
charter
and
review
it
together.
I
think,
and
then
after
I
think
that
after
a
few
few
rounds
of
review,
we
will
submit
it
to
the
tag.
That's
okay,.
A
A
The
scope
statement
on
the
readme
has
the
advantage
of
of
talking
about
an
accessible,
identifying
and
creating
an
inventory
of
best
practices.
A
C
C
A
Something
like
let's
see-
and
you
can
see
it
right
within
the
google
text
here-
is
dedicating
to
first
help
identify
and
curate
the
best
practices.
Okay,
raising
awareness
in
education,
we're
raising
awareness
and
education.
B
A
good
start,
yeah.
A
Okay,
so
maybe
we
can
think
around
and
I
don't
know,
is
there
a
way
that
we
can
look
at
and
suggest
offline,
because
I
don't
want
to
try
to
do
all
this
online.
Oh.
B
Yeah
yeah,
but
what
we,
what
we
can
do
is
so
create
the
pr
with
that
and
then
I
think
and
offline.
We
can
all
jump
in
and
and.
D
B
D
Yeah
they
there
is
a
the
linux
security
summit
will
be
held
in
june
in
austin
texas
this
year
and
the
foundation
was
able
to
get
a
to
get
some
space.
So
we
have
allocated
a
track
to
the
foundation
and
they
are
interested
to
know
if
anyone
is
interested
in
participating.
D
It
sounds
like
preferably
physically,
but
also
virtually
in
this
day
of
focusing
on
the
open,
ssf,
so
they'd
like
each
of
the
working
groups
to
come
and
talk
about
what
they're
doing
current
activities
and
plans
to
help
try
to
waste
some
awareness
before
that
conference
gets
into
full
swing.
If
I
miss
any
details,
david
or
jewelry,.
I
I
have
I
helpfully
accidentally
unplugged
my
headphones
right
at
the
very
end
of
that
description.
I
think
that
you
got
it
all,
but
if
anybody
has
any
questions,
please
please
shoot
them
our
way.
We're
definitely
looking
to
know
from
everyone.
I
If
folks,
who
are
planning
on
attending
for
multiple
reasons,
we're
trying
to
get
some
goodies
together,
we
want
to
get
folks
together,
like
you
know,
for,
for
you
know,
after
events
and
that
kind
of
stuff,
so
just
kind
of
having
a
little
bit
of
a
head
count
is
very
helpful.
There.
D
B
I
For
those
who
are
interested
in
virtual
attendance,
I'm
working
to
get
more
clarity
on
what
that
experience
is
going
to
be
like,
and
I
apologize.
I
I
don't
don't
know
all
the
answers
we'll
be
doing
whatever
the
other
events
are
doing
and
I'm
not
just,
unfortunately,
not
fully
briefed
on
what
those
what
that
is-
and
I
hope
to
get
more
answers
for
y'all
by
the
tac
meeting.
D
Everybody
please
consider
it
should
be
a
good
event
and
the
conference
overall,
the
the
security
summit
is
looking
very
good.
I've
had
a
chance
to
review
some
of
the
abstracts
for
the
supply
chain
piece,
there's
some
some
really
good
talks
and
just
kind
of
peeked
around
at
some
of
the
other
mini
summits,
and
they
look
pretty
good
quality.
F
Say
is
the
selected
sessions
about
to
be
announced,
see
rob.
D
I
know
that
the
supply
chain
we
had
the
late
entry
that
we
had
to
go
vote.
I
need
to
cast
my
vote
actually
before
I
run
down
to
my
meeting.
I
think
they'll
be
done.
I
don't
know
the
progress
of
the
other
things
like
the
vulnerability
summit
or
any
of
the
other
little
mini
activities.
I
hope
soon.
I
think
soon.
E
Said
they
were
going
to
announce
a
lot
of
them
on
april
18th,
but
I
think
this
vulnerabilities
one
was
the
one
that
was
the
late
entry
in
general,
so
that
one
might
be
a
little
delayed.
B
Yeah,
so
I'm
reviewing
for
the
vulnerability
once
and
indeed
the
the
the
deadline
is
the
14th
so
thursday
so
and
well.
Yeah
reviewers
are
a
bit
late,
let's
say
so
so
yeah.
I
guess
they
will
announce
that
at
the
end
of
the
week.
B
E
Just
a
quick
note,
I
clicked
on
the
link
and
trying
to
go.
Do
the
registration
for
it.
It
seems
to
only
give
you
options
for
virtual,
at
least
it's
only
giving
me
only
virtual
options,
even
though
it's
supposed
to
be
in
person,
so
the
link
might
need
to
be
updated
somehow
something
to
look
into
for
someone
I'll
track
that
down.
I
Yeah,
probably
so,
I'm
happy
to
happy
to
see
what
that
is
about.
A
Okay,
so
this
is
a
proposed
new
work
item,
so
I've
gotten
several
requests
now
for
the
hey,
there
seems
to
be
a
lot
going
on.
I'm
just
trying
to
develop
some
secure
software.
Can
you
give
me
a
one-pager
now
they're
not
asking
for
all
knowledge
to
be
in
one
page?
What
they're?
A
Really,
I
think,
what
they're
asking
for
is
a
place
to
start
where
you
know
hey,
I
hear
there
are
other
things
like
salsa
and
scorecards
and
training,
and
so
on
give
me
a
a
place
where
I
can
jump
off
to
so
I
have
you
know,
and
so
I
have
attempted
to
create
such
a
thing
well,
for
if
you're
developing
secure
software,
where
do
you
go?
I
think
that
I
can
cheat
slightly
by
having
the.
A
How
do
I
evaluate
software
for
bringing
it
potentially
in
as
a
as
a
separate
one
pager,
but
be
that
as
it
may,
I
I
do
think
that
there's
value
in
having
a
a
single
home
page
where
people
can
go
start
so,
instead
of
just
saying,
hey,
that's
an
idea.
Let's
see
so,
I've
got
here
for
developers
and
then
the
draft
for
evaluation
draft
for
evaluation.
A
Let's
make
sure
correctly
all
right,
so
I
don't
know
if,
if
anybody's
taking
a
look,
if
you
can
just
click
on
the
draft
for
the
developer
guide,
you
know
it's
what's
supposed
to
it's.
What
it's
saying
on
the
tin,
it's
trying
to
be
a
single
page
that
you
can
go,
look
at
click
whatever
and
go
off
to
the
other
things.
A
My
current
theory
is,
you
know
we
need
to
put
it
somewhere,
eventually,
maybe
on
the
open,
ssf,
best
practices
or
maybe
just
a
on
the
open,
ssf
website
itself,
but
the
the
idea
would
be
a
place,
a
single
place
to
start
a
couple.
People
have
already
made
comments
about
it,
and
that's
great.
Thank
you
so,
but
before
we
work
on,
do
any
work
on,
I
I
see
you
yes
crop.
I
I
see
your
hand
up
so
the
question.
D
I
feel
incredibly
strongly
that
this
is
a
work
item.
This
group
should
work
on
those
of
you
that
have
been
here
a
very
long
time
might
remember.
I
proposed
such
a
thing
like
a
year
and
a
half
two
years
ago,
so
I
feel
very
strongly
so
my
strong
endorsement
is
yes.
I
have
already
participated
in
the
document
and
you're
watching
open
source
in
action.
D
We
have
two
gentlemen,
that
I
love
very
dearly
and
we
have
a
little
bit
of
a
disagreement
and
that's
okay,
that's
how
open
source
works,
we're
collaborating
to
have
the
best
solution
for
the
community,
so
I
would
encourage
everyone
to
go
in
there.
Express
yourselves
comment
on
the
document.
Make
suggestions
and
I
think
very,
I
feel
very
strongly.
This
should
be
a
work
product
of
this
group
and
should
belong
here.
B
F
E
E
E
A
We
had
worked
on
that
a
while
ago,
but
I
think
the
the
challenge
is
that
was
really
focused
only
on
alpha
omega.
I
don't
think
there's
anything
wrong
with
alpha
omega
deciding
that
for
funding
purposes.
They
want
to
prioritize
things
differently,
so
I
don't
think
it
has
to
supersede,
but
I
think
that
the
the
the
challenge
with
that
list
is
that
it
was
really
only
intended
for
alpha
and
omega,
and
I
think
we
need
something
for
everybody
now.
A
If
it
turns
out
that
they
do
basically
the
same
thing,
then
I
think
we
should
just
merge
it
all,
but
I
think
the
one
that
we
need
most
is
the
one
that
everyone
uses
and
if
alpha
omega
says
you
know,
you
know
we,
you
know
we
want
to
prioritize
certain
things
differently.
That's
great
alpha
omega
says:
you
know
what
they
did
here
was
great
and
we'll
just
use
that
and
that's
fine
too,
but
I
don't
think
they
have
to
be
or
necessarily
should
be,
the
same
thing.
D
They're
kind
of
for
purposes,
alpha
and
omegas
focus
more
on,
like
a
security
audit,
trying
to
get
a
handful
of
projects
up
to
an
acceptable
level
of
criteria,
whereas
we're
focused
more
broadly
on
helping
developers,
do
a
better
job.
Writing
better
code,
using
better
tools
to
secure
themselves,
a
slightly
different
objectives,
they're
very
related
that
I
you
know
I
I
don't
know
that
there
has
to
be
one,
but
if
we
can
be
harmonized
them
that'd
be
nice
too.
D
E
You
know,
train
and
establish
good
practices
early
on.
You
know
beyond
just
the
security
groups
and
companies,
but
really
starting
to
train
developers
to
be
the
first
stop
for
all
security.
E
But
I'll
put
the
link
back
in
the
I'll
put
the
link
in
the
meeting
notes.
B
Okay,
a
lot
of
people
know
how
to
andreas
eva.
Let's
start
with
you.
C
Two
two
responses:
first
krobe:
I
really
liked
how
you
put
that
for
a
second,
the
the
overlap
between
this
working
group's
charter
and
alpha
omega
is
superficial.
I
think
their
their
scopes
are
alpha
makers
narrower,
as
you
put
it
in
the
impact
it
wants
to
have,
and
this
one's
focused
more
on
the
educational
side,
but
I'd
love
to
see
more
active
communication
between
both.
I
think
there
is
a
lot
of
alignment
there
and
it'd
be
great
to
have
that
any
way
that
that
can
be
formalized
or
operationalized.
C
Yes,
you
know
if
I
can
help
route
requests
around
or
encourage
people
to
cross,
join
meetings,
love
it
and
the
cncf's
secure
software
factory,
ssf
document
came
out
of
the
cncf
tag,
security
or
technical
advisor
group,
hyphen
security.
It
was
focused
narrowly
on
cloud
native
development
models
and
tooling,
and
our
purview
is
necessarily
broader,
but
I
would
love
for
us
to
reference
the
output
of
that
work
and
the
working
group
itself
and
they
might
even
join
the
open,
ssf
or
perform
some
better
collaboration.
Who
knows,
but
more
cross-pollination,
there
is
good.
E
Hi
new
to
the
group
overall,
but
usually
when
I'm
doing
documentation
or
trying
to
point
people
in
a
new
direction,
I
always
have
a
a
one
page
or
something
like
this.
I
think
it's
a
great
idea.
The
the
section
I
also
always
include
is
where
to
look
for
more
information,
and
then
I
link
out
to
those
other
sources,
so
yeah
100
agreed
with
what
everyone
is
saying:
let's
try
and
keep
things
in
sync,
but
also
link,
there's
a
lot
of
great
information
out
there.
E
F
Thank
you.
The
other
thing
I
think
is
worth
considering
is
that
it's
great
that
the
lf
has
made
the
three
training
courses
that
david's
work
so
hard
to
create
available
free
and
we're
now
talking
kind
of
about
a
one
pager,
it
seems
like
there
might
be
a
also
a
somewhere
in
the
middle,
because
I
think
david.
If
you'd
agree,
I
think
the
hours
required
for
that.
Those
three
courses
are
something
like
between
12
and
20,
depending
upon
the
take
rate,
but.
F
So
I
think,
there's
a
an
opportunity
to
try
and
carve
out
something
that's
more
than
a
one
that
pager
developer,
that
might
not
invest.
You
know
a
half
a
week
or
you
know
time
over
a
period
to
try
and
get
them
at
least
onto
an
on-ramp
through
like
a
half
day
course
or
something
like
that
yeah.
Yes,
you
know.
A
B
Yeah
and
just
if
you
look
at
the
document,
you
will
see
that
I
had
kind
of
the
same
debatable
question
in
the
document
you
you
will
see
that
I
was
telling
david
hey.
Perhaps
we
could
add
a
bit
more
of
that
and
that
to
make
it
more
actionable,
etc,
but
then,
on
second
thought,
I
think
that
I
think
that
yes,
we
we
need
the
one
pager.
B
B
A
It's
a
new
one,
but
it's
a
quick
response.
I
totally
agree
on
referencing
the
cncf's
sscp.
In
fact,
that
is
one
of
the
items
that's
linked
in
the
current
draft.
A
What
I
would
propose
I
mean
I
don't
know
if
we
need
to
do
a
formal
vote
or
not,
but
if
that's
a
general
consensus
of
the
working
group,
I
think
what
the
tac
wants
is
whenever
we
start
a
new
project
to
raise
it
up
to
the
attack
and
just
say,
hey
we're.
They
were
currently
planning
to
add
this
as
a
project.
A
Is
this
okay
or
not,
because
we
we're
trying
to
prevent
the
attack
from
being
blindsided
and
sometimes
if
the
work,
if
the
work
just
creates
projects
when
they're
themselves,
there's
not
enough
communication.
A
So
I
would
propose
that
if,
if
the
group
agrees,
which
seems
to
be
happening,
that
either
kroger
xavier
raised
this
up
to
the
attack
ava,
I
know
you're
already
here
so
so
that
we
can
avoid
that
that
potential
issue
right
away.
D
Let's
do
this:
are
there
any
opposing
voices
or
alternate
suggestions?
Otherwise
we
can
consider
this,
as
we
would
like
to
do
this,
so
any
opposing
thoughts.
D
All
right,
so
I
will
take
the
action
item
to
send
the
tac
and
email
thursday
when
I
get
back
home
and
we'll
talk
about
it
at
the
next
call.
If
they
are
interested
to
learn
more
and
I'll
respond
back
to
the
group
I'll
give
you
an
update
on
what
the
tax
says.
How
that
develops
any
questions
or
alternative
suggestions
to
that
course.
D
All
right,
thanks
team,
looking
forward
to
getting
this
thing
wrapped
up
excellent
start
and
please
contribute.
A
Security
guys
I'm
the
constant
troublemaker.
Sorry
about
that.
This
one
isn't
really
a
call
for
this
working
group
to
do
anything
special.
It's
just
that
I
got
contacted
from
the
lead
of
open
chain
open
chain.
Historically,
is
a
it's
an
iso
standard,
iso
ic
standard
for
ingest
of
open
source
software.
Historically,
they
have
focused
on
licensing.
A
A
G
Yes,
so,
as
you
may
recall,
a
few
meetings
back
laurent
presented
that
he
had
worked
with
some
npm
experts
to
develop
a
best
practices
guide
for
npm
and
proposed
that
this
group
collect
these
best
practices
for
package
managers.
G
So
what
we've
done
is
we've
created
a
repo
and
I
have
a
process
there
proposal.
G
That
is
how
these
best
practices
guides
will
be
published,
or
you
know,
proposed
rfc
period
and
then
officially
published
one
of
the
main
concerns
also
of
the
the
npm
authors
was
maintenance,
so
I
did
cover
you
know
what
we're
going
to
do
to
maintain
it
so
laurent
and
I
will
be
like
administrators
or
facilitators
of
the
repo.
You
know
doing
things
like
triaging
issues,
but
not
necessarily
writing.
Writing
the
guides
or
or
keeping
them
up
to
date.
There's
a
few
items
there
in
the
process.
G
But
the
main
thing
is
for
the
proposal
of
new
guides
to
do
that.
We're
going
to
have
like
a
drafts
directory
where
people
can
submit
a
guide
that
they're
working
on
and
then
once
it's
ready
for
review,
there'll,
be
a
review
directory
and
then
we'll
you
know,
send
an
announcement
out
to
the
working
group
or
to
the
mailing
lists
and
say
this.
This
document
is
out
for
review.
G
Please
submit
comments
in
the
form
of
github
issues
and
then
at
a
minimum
of
a
30-day
period
where
comments
can
be
put
in
and
they
all
will
need
to
be
addressed
before
the
guide
can
be
like
marked
as
published,
and
I've
actually
gone
ahead
and
submitted.
I
converted
the
npm
guide
from
google
doc
to
markdown
and
put
it
into
the
drafts
folder.
G
I
even
so.
It's
really
in
step
two
on
this,
even
though
this
is
still
up
in
the
air,
and
it
even
had
an
example
issue.
There's
a
closed
issue
for
where
I
wrote
that
it
was
in
progress
which
would
have
been
step
one
on
the
on
the
process.
A
So
the
goal
here
isn't
to
create
a
package
manager,
best
practices
guide.
It's
the
process
for
creating
guides
from
this
working
group
right.
G
Yeah,
just
you
know
letting
everybody
know
jack,
you
have
your
hand
up.
E
G
Yeah,
so
once
we
have
this
pro,
you
know
this
process
here
I
will
also
be
you
know,
looking
for
authors
for
more
guides.
A
G
The
process
for
this
effort,
this
working
group's
effort
to
create
best
package
manager
guides
that
go
into
this
repository.
A
G
But
you
know
if
somebody
wanted
to
to
use
it,
that
would
be
fine,
but
yeah.
Just
for
this
repo.
You
know
we
wanted
to
have
some
kind
of
process
around
being
able
to
to
to
propose
these
guides
and
get
get
comments,
and
then
you
know
mark
them
as
approved
or
or
published.
A
B
Yeah,
I
think
jackson
had
the
same
confusion,
but
but
I
think
we
discussed
that
when
we
when
we
started
with
the
npm
doc-
and
we
said
oh,
there
is
a
working
group
that
is
going
to
be
formed,
but
it
wasn't
at
that
time.
So
we
said:
okay,
it's
a
it's
a
best
practices
guide
so
and
we
are
the
best
practice
supporting
group.
So,
let's,
let's
start
it
into
the
best
practice
working
group,
so
I
I
think
it's
it
might
be
it
might.
B
It
might
move
to
the
package
manager
working
group
later,
but
but
we
decided
at
that
time
to
to
start
it
within
this
work.
Okay,
yeah.
I
have
a
question
jack,
so
I
guess
that
in
the
in
the
dark
itself
there
will
be
a
there
will
be
a
call
for
two
readers
to
submit
issues
into
the
repo
if
they
see
something
if
they
want
to
give
feedback
or.
G
Yeah,
absolutely
so
so
in
step
four
on
the
process,
the
doc
can
be
like
once
the
authors
are
done,
you
know
in
the
draft
phase,
they
move
to
the
review
phase
and
then
we
will
send
out
an
announcement
to
this.
Well,
it
was
was
this
working
group
and
the
mailing
list,
and
slack
and
say
this
is
kind
of
entered
the
review
phase.
It'll
be
a
minimum
of
30
days
for
comments
to
be
made
in
the
form
of
issues
in
the
github
repo.
B
Okay,
did
your
hand
is
raised.
A
Yeah,
so
coming
back
to
the
one
pager-
and
you
know
presuming
that
this
comes
to
fruition
and
there's
a
bunch
of
docs
created
from
this,
my
vision
would
be
the
one
pager.
A
Would
you
know
if
there's
actual
there,
there
would
say
hey
for
more
information
about
specific
banker
manager
go
here,
and
so
the
the
relationship
would
be
the
details
somewhere
else
and
the
one
pager
helps
people
find
materials
like
this
when
they're
they're
ready
for
use-
and
I
I
wouldn't
automatically
assume
it-
moves
to
the
package
manager
working
group
at
least
initially,
because
I
mean
they're
just
in
formation
until
the
tax
is
a-okay
they're,
not
officially
a
working
group,
and
they
may
want
to
work
on
other
things
first,
even
though
this
may
be
a
reasonable
thing
for
them
to
work
on
eventually.
A
So
I
I
wouldn't
stop
the
train
just
because
there's
another
working
group,
that's
being
that's
being
mooted.
B
E
B
A
I
You
are
wrong
and
they
are
on
the
public
calendar.
Let
me
I
believe
their
next
meeting
is
tomorrow
and
that's
wednesday.
The
13th
at
6
p.m,
eastern
time
us
and
that's
on
the
public
calendar.
They
also
have
a
channel
in
our
slack
workspace
called
securing
underscore
software
underscore
repos,
so
you
can
check
them
out
there
and
they
are
they're
getting
a
github
repo
spun
up
under
our
org
as
well
to
do
their
sort
of
incorporation
work.
So
those
are
the
three
spaces
and
I'll
drop
links
for
you.
I
A
You
yeah,
so
if
I
recall
correctly,
the
usual
rule
for
creating
a
new
working
group
is
they
have
to
meet
a
certain
number
of
times
and
have
you
know
more
than
one
org?
I
don't
remember
the
exact
details,
but
basically
they're
in
the
process
of
that.
I
think
their
next
meeting
either
they've
already
had,
or
their
next
meeting
will
fulfill
the
number
of
meeting
requirements.
Again.
You
probably
know
the
procedural
stuff
much
better
than
I
do
so.
G
Cool
well,
if
we
don't
get
any
feedback
on
the
process,
we'll
move
forward
with
it
and
the
npm
guide
will
be
going
into
like
the
official
review
period
shortly,
and
you
know
keep
an
eye
out
for
that
announcement.
We're
we're
hoping
for
for
comments
on
that
guide.
G
A
A
Yes,
I
have
a
key
project
update.
I
mentioned
this
earlier,
but
it's
one
of
those
things
that
may
not
be
important
to
anybody
else,
but
it
certainly
is
driving
what
I
do
because
of
that.
We
our
our
courses,
our
our
fundamentals
course
is
released
on
both
the
lf
training
platform
and
on
edx.
It's
actually
developed
and
the
skf
folks
also
have
a
copy.
I
I
don't
want.
One
challenge
is
that
edx
has
certain
rules
about
how
updates
can
happen
and
so,
as
a
result,
significant
updates
of
content.
A
They
want
done
basically,
when
you
look
at
the
backing
up
times
and
so
on.
Basically,
we
need
to
have
our
updates
done
by
april
17..
The
lf
platform
can
update
whenever
but,
and
we
can't
update
for
small
things
like
typos
anytime,
but
they
really
want
significant
changes
done
at
by
particular
increments.
So
I
am
currently
in
the
process
of
updating
to
so
adding
all
the
material
from
the
2021
cwe
top
25,
which
is
actually
40
items
and
and
as
a
stretch
goal.
A
I
also
want
to
update
to
the
2021
owasp
top
10
for
web
apps.
If
there's
other
major
changes
that
you
want
to
see
in
those
courses
by
then
please,
you
know
post
a
a
pull
request
or
something
but
we're
gonna
have
to
get
those
in
quickly.
I
all
the
change.
I've
made
a
number
of
changes,
I'm
having
non-trivial
changes,
get
reviewed,
but
other
reviews
are
are
graciously
welcome.
H
Well,
it's
a
bit
of
short
deadline.
You
know.
A
H
Indeed,
you
know
I,
I
would
really
love
to
work
a
bit
more
in
the
future
to
add
more
content
as
well
to
it
because
yeah
I
mean
it
is
already
a
very
impressive
book
that
you
created
in
the
knowledge
but
of
course
yeah.
We
can
always
extend
it
with
more,
so
I
was
thinking
to
indeed
also
dedicate
some
time
you
know
in
like
q3
q4,
but
you
know
at
that
time.
H
I
will
first
reach
out
to
you
to
see
how
you
would
love
to
accept
topics
and
material
and
what
form
and
and
so
on,.
A
Right
and
and
and
love
to
to
have
that
engagement,
so
you
know
don't
don't
view
as
april
17
changes
can
never
ever
be
made
in
the
future
that
that's
not
really
what's
going
on,
but
they
they
want
to
have
changes
in.
A
A
The
fundamentals
course
is,
you
know
aimed
to
be
about
two
days
of
time,
the
plus,
and
it
specifically
points
to
the
skf
for
hey.
You
got
more
time.
You
want
to
do
hands-on.
Hands-On
has
many
advantages.
I'm
never
opposed
to
hands-on
the
challenge
with
hands-on.
Is
that
takes
more
time,
so
we
very
much
point
to
it
and
skf.
I
guess
is
now
including
at
least
a
version
of
the
course.
So
you
know
we're
all
trying
to
work
together
for
different
people's
needs
time
availability.
B
Okay,
so
please
review
the
proposed
changes.
Ideally,
the
link
is
in
the
notes,
yep.
A
B
A
At
this
point,
I'm
looking
more
for
either
merge
requests,
or
you
know,
chat
with
me
and
we'll
try
to
work
out,
but
I
fully
acknowledge
the
time
is
short.
I
can't
change
the
date
easily,
though
so.
Thank
you.
B
H
Yeah
well,
on
the
first
of
april,
we
did
like
the
soft
release
of
the
security
knowledge
framework,
the
new
module,
the
training
platform
module.
Actually,
I
also
used
it
in
the
workshop,
secure
coding
and
offensive
security
at
the
alas
benelux
day
yeah,
and
it
was
actually
yeah
very
well
received
by
the
audience.
H
B
B
Okay,
otherwise
I
can
use
this
three
minutes
to
get
a
coffee
before
my
next
meeting.
So
thank
you,
everyone,
and
so
please,
please,
review
or
look
out
for
the
pr
on
the
charter
and
let's
conclude
that
within
two
weeks
before
our
next
meeting.
Thank
you.
Everyone
welcome
again
for
the
to
the
newcomers,
see
you
next
time,
bye.