►
From YouTube: OpenSSF Diagrammers Society (December 1, 2022)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
A
You
could
Mark
your
attendance
and,
if
you
have
any
items
you'd
like
to
discuss
today
or
any
diagrams
to
share,
please
do
so
I'm
going
to
rush
over
and
feed
my
cat
before
he
gnaws
my
leg
off.
I'll
be
right
back
and
we'll
get
rolling.
A
C
A
Everybody,
it
is
several
minutes
after
the
hour.
Welcome
to
the
December
1st
edition
of
the
diagram
of
society.
Do
we
have
any
one
that
is
new
would
like
to
share
a
little
introduction.
A
We
have
two
items
to
talk
about
today.
We
have
Matt
has
I
believe
finished
his
homework.
He
was
developing
a
mind
map
diagram
to
share
with
us.
We
looked
at
last
time.
We
hopefully
we'll
see
some
more
stuff
today
and
I
would
like
to
talk
about
the
Sig
Charter.
A
D
That
would
be
scary,
so
I
mean
I,
I've
posted
the
slack
channel
for
everybody.
It's
all
CL
I
mean
open
an
issue.
I
I
link
the
the
Mind
map.
That's
in
my
GitHub
drive,
so
hopefully
she'll
be
able
to
get
it
yourself
and
also
in
the
issue.
You
know
pointed
to
the
the
App
Store,
where
you
can
get
the
x-mind
application.
If
you,
if
you
care
to
manipulate
it
yourself
directly
Etc,
but
let
me
share
here:
I,
don't
have
my
usual
multi-screen
set
up
so
you'll
see
some
clutter.
D
Apologies,
so
my
homework
was
I
had
three
more
work
groups
to
take
a
look
at.
So
let
me
zoom
in
on
those
work
groups.
D
So
the
first
four
group
that
I
had
to
finish
mapping
out
was
the
identifying
security
threats,
work
group
and
identified
three
code
projects
as
well
as
Alpha
Omega
being
discussed,
or
you
know
hopefully
reporting
back
to
the
to
that
work.
Group
again
I've
carried
over
my
if
I.
If
I
there
are
clear
tags.
If
I
went
into
the
actual
groups
meeting
notes-
and
they
said
we
are
working
on
this
part
of
the
mobilization
plan
with
this
tool
or
whatever
I
included,
that
reference
or
tag
as
well
in
but
I.
D
Think,
like
I,
said
the
next
step,
as
I
said,
the
previous
week
would
be
for
us
to
get
a
subgroup
of
this
team
together,
maybe
go
through
all
of
the
work
products
and
work
groups,
and
you
know
have
a
discussion
of
you
know.
Does
this.
D
You
know
how
do
we
classify
the
work
being
done
relative
to
the
mobilization
plan
and
or
perhaps
a
taxonomy
like
the
likes,
like
devops
lifecycle
like
I
I
created
down
here,
so
the
taxonomies
are
kind
of
nested
below
the
the
breadth
of
the
of
them
of
the
Mind
map,
it's
more
of
like
an
organization
structure,
but
the
tags
I
was
trying
to
work
towards.
Were
these
tags
initially
and
again,
there's
there
could
be
other
tagging
systems.
We
can
add
along
the
way.
But
again
this
is
to
get
an
inventory.
D
You
know
you
know,
as
our
already
seeing
as
we
commented
last
week,
there's
a
lot
of
things
in
red
that
are
basically
things
that
need,
in
my
mind,
need
to
be
fixed
because
the
relationship
or
governance
is
unclear
that
there
are
referenced
work,
products
that
are
not
well
known
or
or
or
watched
after,
if
you
will,
that
needs
some
some
type
of
Correction,
so
red
and
orange
needs
some
kind
of
fix
and
I
think
that
David
chimed
up
last
week
that
you
know
we'd
be
looking
at,
especially
you
know.
D
Salsa,
Etc
and
I
think
that
it's
actually
kind
of
ironic,
because,
as
a
tree
view,
you
can
actually
see
kind
of
where
things
are
out
of
balance
and
I.
Think
that
you
know
once
we
start
extracting
the
tags
and
and
seeing
where
the
like
a
the
Venn
diagrams
are
the
waiting
the
weighted
Venn
diagrams.
Are
that
we'll
see
a
lot
of
non-coverage
of
the
mobilization
plan?
If
you
will
so
a
lot
of
things
come
out
of
it.
D
So
this
concurrent
project
is
like
not
I
also
have
some
ad
hoc
relationships
and
notes,
and
things
are
taken
as
well.
For
example,
there's
some
tags
like
there's
a
lot
of
claim
tags,
as
you
can
see,
there's
in
the
mobile
in
their
notes.
They
claim
this
is
actually
David's.
D
Suggestion
from
the
519
meeting
was
that
they
he
believed
that
this
group
was
working
on
things
from
through
two
five
and
seven,
but
I
left
it
there
for
us
to
to
validate
that
those
those
claims
or
whatever,
because
the
group
did
not
necessarily
endorse
that
David.
Just
made
that
comment,
it
was
recording
the
meeting
notes.
D
Then
the
vulnerable
disclosure
was
the
next
to
last
work.
Group
I
looked
at
the
osc
OS
cert
Sig
I.
Basically
I
had
this.
You
know.
Basically
it
looks
like
the
work
group
itself.
D
The
readme
probably
needs
to
be
updated
to
acknowledge
the
OS,
assert,
Sig
and
also
this
and
acknowledge
the
sub
teams
below
it
potentially
and
give
you
know
linkage
to
those
activities
Etc.
That's
why
that's
in
red
text,
in
terms
of
the
projects,
I
have
a
lot
of
a
lot
of
projects
that
I
know
I've.
Seen
in
the
meeting
notes
that
I'm,
you
know
not
sure
what
their
status
is,
the
the
unified
list
and
yeah
again
I'm
well
aware
probe,
is
you're
leading
one
of
the
leaders
in
the
group.
A
But
well
this
what
a
interesting
side
effect
of
this
it
showcases
the
need
to
have
consistent
paperwork,
regardless
of
you
know
how
all
this
stuff
gets
organized.
It's
a
there's,
a
substantial
amount
of
administrivia
that
needs
done
to
be
able
to
help
inform
exercises
like
this
yeah.
D
It's
kind
of
ironic,
because
the
last
work
group
is
is
actually
it's
actually
kind
of
funny
to
me
so
I'll
get
to
that
in
a
second.
But
to
close
the
vulnerabilities
closure
work
group
out
there
I
found
a
lot
of
proposals
that
are
interesting
as
issues
they're
they're
in
the
notes
they
were
called
PR
they're,
actually
issues
in
the
GitHub,
so
I
mean
again.
It
goes
back
to
you
know
and
and
depending
on
what
week
you
show
up
at
the
work
group.
D
You
know
you
might
you
might
they
might
not
have
been
discussed
in
the
last
meeting.
They
might
have
been
discussed
two
meetings
ago,
so
you
know
you
know
how
do
we
track
these
things
more
consistently?
And
you
know
from
a
you
know
from
a
structural.
You
know,
process
point
of
view
type
of
thing,
but
the
end
user
group
I
was
referring
to
so
it's
actually
kind
of
amusing,
because
they've
been
established
for
some
time
now.
D
Yet
their
readme
is
still
just
the
template
and,
what's
worse,
is
the
only
thing
that
they've
changed
the
template.
They
link
to
meeting
notes
that
from
July
that-
and
so
this
is
this
all
I
made-
these
are
the
things
that
are
right
above
basically,
so
let
me
zoom
in
a
little
bit
here.
If
you
want
to
read
along.
D
So
basically,
the
readme
links
to
the
meeting
notes,
which
are
not
the
meeting
notes.
They're.
The
meeting
notes
are
someplace
else.
They
reference
issues
and
things
from
tag
security
from
scene.
You,
reference,
CNC
work
products
and
work
issues
that
have
no
presence
in
openssf
I,
don't
know
where
to
find
them.
D
Anyways
I
found
the
meeting
I.
Just
noted
I
found
the
meeting
notes
only
by
going
to
the
slack
channel.
To
be
honest,.
D
Because
I've
not
attended
the
end
user
work
group,
yet,
ironically,
they
have
three
proposed
projects.
They
have
they're.
They
plan
to
work
on
architectures
and
submit
that
back
to
the
attack
they
have.
A
taxonomy
of
attacks
of
attacks
is
called
the
taxonomy.
It
doesn't
really
have
a
formal
name,
I
guess
and
the
supply
chain
initiative.
There's
another
proposal,
all
the
links
again.
D
If
you
get
the
Mind
map,
all
these
links
will
actually
link
you
to
the
actual
documents
themselves,
the
actual
proposals
or
guides
or
whatever
they
may
be,
or
the
code
it
will
bring
to
the
link
to
the
repos.
D
The
there's
also
some
they
have
a
list
which
is
interesting,
because
this
list
is
actually
kind
of
interesting.
Let
me
just
bring
it
up,
so
it
looks
like
they
created
a
spreadsheet
to
try
and
figure
out
what
are
the
root?
What
other?
What
are
the
work
groups
actually
doing
that
they,
the
end
user
worker,
might
be
interested
in
so
it's
kind
of
the
a
nice
way
to
close
out
this
mind
map.
D
Is
that
the
the
need
for
some
type
of
you
know
Clarity
around
the
organizational
structure
and
the
work
products
is
clearly
just
needed
and
the
end
user
work
group
can
track
effectively,
so
they
created
their
own
list
if
you
will
anyway
kind
of
amusing
but
yeah,
but
the
end
user
recoup
you
know,
ironically,
is
the
least
accessible
in
terms
of
what
they're
and
the
most
opaque
as
to
what
they're
working
on
I
found
and
I
had
to
dig
quite
a
bit
to
look
find
out
these
things
and
go
pouring
back,
maybe
weeks
into
meeting
notes,
because
there
was
no
consistent
review
of
these
work
products.
D
If
you
will
they're
kind
of
like
proposed
somebody
uploaded
something,
then
they
would
drop
for
weeks
and
there
was
no
mention
of
them,
so
I'm
not
really
sure
what's
going
on
there.
So
that's
about
it!
That's
why
I
finished
it
I
closed
out,
I
may
have
adjusted
if
you
added
a
few
tags
on
some
of
these
work
groups,
but
I
again,
I
uploaded
it
again.
It's
an
invitation
for
us
to
take
this
and
go.
D
A
Thank
you
for
doing
this
Matt.
It's
very
interesting
one,
quick
question.
My
proprietary
closed.
Source
operating
system
does
not
have
an
app
store.
A
Could
you
potentially
export
that
as
a
some
kind
of
image
file?
Just
so
I
could
take
a
peek
at
it.
D
A
And
those
tools
are
really
cool,
but
I
haven't
bought
one
and
you
know
no
app
store.
C
B
C
B
D
C
D
A
B
First
of
all,
Matt
man
that
that
what
you
did
there
is
phenomenal
I
I
it
it
lines
everything
out
so
smooth
that
I
can
say
that
I
can
sit
here
and
say
it
would
we
we
could
literally
take
each
one
of
these,
because
I
saw
a
few
and
I
I,
I'll,
say
discrepancies,
but
that
but
I
I
think
it's
just
for,
like
I
think
crop
hit
the
nail
on
the
head.
B
What
this
does
is
it
forces
us
to
take
a
look
at
each
one
of
these
and
kind
of
you
know,
because
of
the
lack
of
documentation
or
because
of
the
lack
of
rigor
around
the
governance
of
some
of
these
things.
We
really
don't.
You
know
to
know
where
things
are
actually
sitting
what
their
actual
classification
is,
for
instance,
Alpha,
Omega
I
believe
is
no
longer
if
it
was
before
I'm,
not
sure,
but
it's
no
longer
a
project
under
the
identifying
security
threats
working
through
I
think
that
project
sits
sits
aside
right
even.
D
B
No,
no,
the
the
only
same
about
them
is
that
the
the
one
of
the
you
know:
Michael
scovilla
who's
who's
partnered
with
Michael
Windsor
for
Alpha
Omega
just
happens
with
Michael
Scoville
just
happens
to
be
the
the
chair
of
the
identifying
security
threats
working
group
that
but
but
that
is
kind
of
like
a
at
this
point-
is
coincidental
yeah
if
anything
else
right,
yeah
exactly
so
so
so
that
so
so,
but
things
like
that
need
to
be
need
to
be
properly
identified,
because
maybe
at
one
time
that
was
the
case,
I
think
what
might
work
is
if
we
took
each
one
of
these
right
and
I
and
I,
don't
mind
I,
don't
mind
doing
that.
B
Right,
take
take
and
go
one
by
one
doing
a
scrub
right,
just
just
a
hard
scrub,
because
I
think
what
you
have
here
is
great
and
I
and
I
think
it
gives
us
the
opportunity
to
actually
do
that.
A
one
by
one
scrub
go
into
the
working
group
and
actually
say
hey
working
group
chairs.
This
is
what
we're
looking
at
right
talking
directly.
This
is
what
we're
looking
at.
Is
this
correct
and
if
it's
correct
where's
your
paperwork
that
says
so
I'm
not
shrugging.
B
A
He's
newish
to
the
foundation
and
I
imagine
that
they
didn't
onboard
that
working
group
terribly
effectively,
so
he
might
not
know
that
these
are
the
kind
of
some
of
the
expectations
so
I
think
we
can
definitely,
as
Jay
mentioned,
approach
these
different
teams
and
start
to
get
this
corrected
so
we're
all
in.
So
we
have
that
consistency,
which
is
absolutely
part
of
our
goals
here,
is
to
try
to
help
explain
what
the
heck's
going
on
here.
What
is
all
the
things
we're
doing
here
as
collectively
the
open,
ssf
yeah.
C
I
agree
with
you,
crop
I
think
my
experience
has
been
exactly
like
this.
It's
it's
really
more
accidental.
It's
like
it's
not
like
anybody
who
has
you
know
the
the
wheel
of
being
outlawed
or
something
like
this
like
they.
They
it's
not
because
they
are
trying
to
play
outside
of
the
rules.
They
just
don't
know
the
rules
or
what
the
expectations
are
and
if
we
help
them.
Typically,
my
experiences
they're
very
happy.
We
help
them
get
in.
You
know
things
straight.
Yep.
B
Yeah
I,
don't
necessarily
think
that
it's
it's
I,
you
know
they
got
stood
up
as
a
working
group,
so
I
mean
to
know
procedurally
right
verbally
verbally
to
know
hey.
This
is
the
steps
you
need
to
take.
That's
one
thing
after
the
fact,
though,
you
know
I
mean
you
get
started,
you
get
moving
and
things
you
and
because
you're
moving
fast,
you
may
forget
the
doctor
eyes
and
cross
the
teams.
B
It's
happened
to
a
whole
bunch
of
working
groups.
There
were
a
couple
of
them
that
I
just
jumped
in
and
started
doing
stuff
like
I
was
like
yeah.
We
gotta
get
this
fixed
in
one.
You
know
that
one
hand
washes
the
other
at
this
point.
So
so,
like
that's,
why
I
wrote
the
comment
if
I
saw
it
next
week
before
the
end
of
the
year,
we'll
get
them
right.
B
But
but
you
know,
paperwork
is
paperwork
I,
don't
mind
doing
it
at
this
time
of
the
year,
I
don't
mind
at
all.
At
this
time
of
the
year.
D
I
mean
I
I
mean
I
would
as
I
would
go
as
far
as
to
say.
If
you
know,
if
I
would
have
now
that
now
that
I
have
this
I
would
I
would
be
happy
to
go
work
with
somebody
to
go
to
each
of
the
work
groups
and
say:
let's
update
your
readme.
Let's,
let's
put
these,
you
know,
let's
you
know,
you
know,
fix
some
your
meeting
notes
and
make
sure
your
calendar
entry
is
correct
and
do
some
of
these
things
you
know
yeah.
B
Let's,
let's
do
it,
let's
do
it,
I
mean
I
I
try
to
attend
this,
as
as
many
other
working
groups
means
as
possible
anyway,
and
for
nothing
else
just
to
be
in
the
meeting
yeah.
Let's
do
it.
D
A
Yeah
and
it's
something
as
easy
as
potentially
showing
up
and
requesting
it,
some
teams
might
respond
well
to
an
issue
or
a
PR,
so
yeah.
D
I
thought
about
mentioning
it
on
the
Fresca
call
yesterday
morning,
saying:
hey
guys,
you
got
these
problems,
we
need
to.
You
know
because
they're
talking
about
taking
it
to
the
next
level
in
terms
of
attestations
and
and
things
I
was
thinking
like
what
we
need
to
get
the
base.
You
know
you
guys
have
five
people
at
your
at
your
call
and
you're
not
growing,
because
people
can't
find
you
they
don't
know
what
you're
working
on
and
you're.
You
know
so
well,.
D
Know
it's
no!
It's
it's
that
Pro!
It's
a
project
on
the
supply
chain,
Integrity
work,
it's
a
project
under
there
and,
like
I,
told
people
in
my
in
my
in
my
company.
It's
like
it's
it's!
As
you
noted
Jay,
it's
due
to
certain
individual,
like
Mike
Lieberman.
It's
we
have
in
in
Michael
scavada.
We
have
this
cross.
We
happen
to
have
this
cross-pollination
that
binds
us
together,
but
it's
a
weak
binding.
You
know.
B
I
guess
what
I
mean
by
that
in
turn,
so
being
I,
I'll,
say
still
being
relatively
new,
but
the,
but
the
the
great
part
about
that
is
having
to
go
through
procedural
things
and
processes
and
procedural
items
around
the
newness
and
the
reason
why
I
say
it's
about
Fresca
is
because
I,
don't,
like
you
say,
they're
a
project
right
with
it.
Would
you
have
cigs
and
you
have
projects
am
I
understand
projects
have
a
code
Centric.
B
A
The
the
attack
changed
some
of
the
definitions
slightly
and
it's
going
to
change
again
because
Alpha
and
Omega,
for
example,
used
to
be
a
Sif,
a
special
funding
initiative.
But
now
it's
going
to
be
called
an
Associated
project
associate
project,
so
there'll
be
some
further
slight
adjustments.
B
A
And
I
don't
think
the
tech
in
my
groups-
we've
talked
about
it,
but
I,
don't
know
that
everyone
took
the
change
and
distributed
that
information
to
the
working
group.
Saying
that
there's
some
changes
in
classifications.
We
have
a
new
graduation
model
from
incubating
to
your
main
line
to
graduated.
So.
A
D
It
goes
back
to
the
authority
some,
you
know.
Some
groups
believe
that
the
work
all
the
authorities
at
the
working
group
and
they
have
they
their
10-minute
presentation
every
few
months
to
the
attack
is
sufficient
and
so
I
still
see
comments
in
a
lot
of
me
notes,
saying
like
oh
there's,
literally
things
in
the
salsa
positioning
group,
where
we're
saying
you
know,
we
should
have
this
blog
reviewed
by
the
tech.
That
means
by
lazy
consensus
at
least
notify
the
attack.
This
blogs
can
be
posted,
so
people
can
know
to
read
it.
D
You
know
I
can
say,
stop
the
presses.
If
there's
something
blatantly
wrong
right,
that's
the
goal,
and
yet
that
was
brought
up
by
Melba
in
a
meeting
and
the
meeting
notes,
and
somebody
actually
said:
no,
we
don't
have.
We
don't
know
anything
to
the
attack.
We
can
publish
we,
you
know
our
own
working
group.
We
have
the
authority
here.
B
B
B
That's
it
is
the
courser
we
look,
but
at
least
it
gives
the
tact
an
opportunity
to
to
to
have
it
to
opine
on
anything
blog
related
about
something
technical
coming
out
of
the
the
open
ssf,
but
but
I
think
when
we
go
back
and
talk
about
all
of
these
items,
but
if,
in
anything
else,
it's
not
to
say
hey
slap
on
the
wrist,
you
can't
do,
it
is
to
say:
hey,
that's
fine.
Let's
make
it
right
right,
according
to
whatever
new
processes,
new
procedures,
new
classifications,
Etc,
we
get
everybody.
This
is
our.
D
Is
a
great
example
because
to
me,
that's
the
most
important
project
because
they're
putting
all
the
pieces
together
for
and
that
they're
going
to
map
to
salsa
and
do
all
these
things
right,
but
that's
all
under
Mike
Librium,
but
the
best
information
about
Fresca.
None
of
it's
found.
None
of
it's
found
under
open,
ssf,
branding,
it's
all
from
parth
Patel
or
from
like
Lieberman
or
at
you
know
conference.
You
know
at
giving
it
conferences
that.
B
D
Know,
maybe
not
even
part
of
the
openness
suck
data
at
an
open
source,
so
I
mean
we're.
You
know
we
need
to
encourage
these
groups
to
publish
under
the
open,
ssf
Banner,
as
some
people
come
to
us
for
the
source
information.
So.
B
So
what
you
just
described
right
there
right,
if
that's
the
case
but
they're
reporting
in
as
project
slash,
Sig,
slash
whatever
status,
underneath
a
open,
ssf
working
group.
That's
a
problem
and
that-
and
that
means
that
the
tech
doesn't
have
visibility
or
governance
over
what
its
working
group
is
doing
regarding
the
ebb
and
flow
of
projects
and
sigsaw
or
whatever
it
is
coming
through.
C
C
The
problem
is
more
gray
than
that
J,
because
it's
not
exactly
like
there
is
another
Sig
there
is
a
Sig
I
actually
attend
some
of
their
meetings.
You
can
attend
the
working
group,
The
Stig
at
the
the
Fresca
meetings,
but
as
Matt
says,
the
way
they
are
going
at
putting
together.
Fresca
is
made
of
bits
and
pieces
that
come
from
all
over
the
place,
and
it's
not
very
clear
where
you
know:
where
is
the
the
the
the
ultimate
source?
If
you
will
for
okay?
So
what
does
it
mean
to
actually
Implement
Fresco.
D
Well,
yeah,
it's
about
endorsement,
so
I
I
know
that
you
know
they're
integrating
Technologies,
you
know,
spiffy
Inspire
is
integrated
now
so
so,
basically,
we
need
an
understanding
that
our
if
we
created
a
representation
or
even
any
implementation,
that
people
can
use
that
we're
bringing
in
you
know
componentry
now
the
thing
that
recently
they're
they're
committing
to
it's
already
on
their
on
their
own
readme
but
they're
formally
committing
to
Q
cue
as
the
means
to
shift
left.
The
dynamic
variable
is
an
extra
schema
validation
for
the
yaml
files
used
to
configure
Fresca.
D
So
you
know
we
need
to
be
aware
of
these
technology.
I
know:
Michael
scovetta,
you
know,
does
a
great
job.
You
know
in
terms
of
Alpha
Omega
at
documenting
the
tool
chain
and
the
expectations
and
worrying
about
that,
like
especially
like
code
use
of
code
ql
like
that
but
I,
but
this
group
is
just
strictly
trying
to
get
it
working
and
add
all
these
security
things
without
regard
to
Bringing,
In
other
Technologies
and
having
a
larger
discussion
about
bringing
them
in.
C
And
by
the
way,
on
the
issue
of
the
blog
post
review,
I'm,
sorry
to
tell
you
guys
that
this
issue
was
never
completely
resolved
by
the
attack.
I
actually
have
done
some
investigation
because
I
wanted
to
know
the
exact
status
a
while
ago.
I
looked
into
it
and
if
you
look
in
the
tag
minutes,
there
is
a
there
is
one
day
when
it
was
specifically
discussed,
but
there
there
was,
you
know,
opinion
of
the
tech
members
was
asked
and
the
people
present
actually
were
in
favor
of
having
the
tag
be
notified.
C
That's
right,
and
in
fact,
in
parallel
to
that,
the
the
process
we
put
in
place
specifically,
is
you
know,
least
the
ability
to
publish
a
Blog
as
one
of
the
benefits
of
being
a
working
group
and
or
the
you
know,
in
open
ssf.
So
you
know
I
can
see
why
people
might
feel
like
hey.
They
are
totally
entitled
to
post
whatever
they
want.
Yeah.
B
We
were
when
we
were
ready
to
do
the
blog
for
s2c2f
as
part
of
her
process.
It
was
before
we
finish
this.
Let's
give
the
tech
a
day
or
two
to
review,
and
that's
how
the
blog
went
to
the
private
to
the
private
Tech
email
for.
D
D
C
C
A
The
blogs
that
is
a
very
solvable
problem.
We
can
create
an
issue
in
the
tax
repo
and
force
the
public
conversation
and
debate
and
voting
through
that
issue.
So
that's
something
that
we
can
definitely
get
some
resolution
on
yeah,
but
they're
all
they're.
A
This
is
all
open
source
and
there
are
a
lot
of
very
strong
opinions.
It
will
just
take
some
time
to
persuade
everyone
of
the
a
consistent
approach.
A
A
It
would
have
been
nice
to
have
a
heads
up
as
a
tech
represented
I
would
have
liked
to
have
known
so
I
could
have.
You
know,
provided
feedback
or
at
least
given
my
organization,
a
heads
up,
hey
this.
D
There's
a
notification
process,
they're
going
to
define
the
intent
to
produce
a
Blog
announcement
and
then
that
just
gets
you
know,
corporate
membership
to
say
you
know
to
let
them
know
this
tool
is
coming
out
and
that
they've
used
it
or
tried
it
that
they
can
comment
on.
You
know
write
a
quote
or
whatever
it's
just
it's
just
nice
to
have
that
yeah,
that's
cool!
That's
yeah!.
C
A
But
this
is
again
with
the
blogs.
In
particular,
we
can
open
up
an
issue
with
attack
and
get
them
to
have
that
conversation
and
come
to
a
decision.
D
Somebody
want
to
roll
up
our
sleeves
and
go
Branch
Branch.
A
That
moves
me
to
my
next
item.
I
I
had
presented
our
petition
to
the
TAC
to
become
adopted
as
a
Sig
directly
underneath
them,
and
they
were
in
general
in
agreement
with
that
proposal,
but
they
require
us
to
have
our
Charter
finished
and
you
have
all
of
our
paperwork
done.
So
somebody's
actually
kind
of
holding
us
accountable,
which
is
awesome
so
I,
would
love
for
everyone
to
take
a
look
at
the
charter
very
quickly.
A
If
you
can
and
potentially
we
might
be
able
to
get
consensus
on
being
able
to
adopt
it,
and
that
will
let
us
move
forward
and
what
that
will
allow
us
to
do
is
to
start
to
carve
off
time.
As
we've
identified
this
list
of
problems
with
mass
diagram
and
the
other
conversations
we've
had,
we
can
go
to
the
taxing
we
found
these
problems.
How
would
we
like
to
address
these
going
forward?
Just
gives
us
a
little
more
ability
to
execute.
A
So
the
charter
I
updated
the
other
day
with
some
names
and
whatnot,
but
this
is
essentially
boilerplate
from
the
foundation.
There's
several
things
you
need
to
to
fill
out.
So
if
you
this
should
look
very
similar
to
anyone.
That's
looked
at
any
of
the
openssf
working
group
or
Sig,
or
project
charters.
A
A
B
I
mean
unless
there
needs
to
be
anything
specific
put
in
this
Charter
related
to
I
mean
this
I
mean
it
looks
the
same
as
as
every
other
Charter
I
mean
there's
no,
unless
there's
something
special
that
needs
to
be
put
here
just
because
of
the
nature
of
of
what
we're
of
what
we're
doing
directly
underneath
attack
right
I
mean
I,
I,
I
I
think
this
is
fine.
A
Yeah
and
that
they're
exactly
right,
Jay.
This
is
exactly
the
same
and
I
if
we
need
to
make
it
different,
we
can
but
I
I,
don't
see
a
need
at
this
time
personally,
but.
D
B
Mean
what
what
well
go
ahead.
B
Was
gonna
say
what
what
I
mean
we
could
I
mean
we
as
there's
five
of
us
here?
What
what?
What
constitutes
that
do?
We
need
a
quorum
of
some
sort
of
I
mean.
Is
it
I
mean
we
I
mean
we
give
a
thumbs
up
and
let's,
let's
keep
it
moving,
I
mean
if
there's
if
there
needs
to
be
a
change
later
on,
we
could
vote
on
that.
The.
A
Only
repeat,
participants
that
aren't
here
today
are
Ava,
David
and
Randall
everybody
else.
A
The
the
four
of
us
have
been
here
pretty
much
from
the
beginning,
so
that
would
be
kind
of
the
model
of
how
I'm,
using
with
my
other
working
groups.
Is
that
the
you
know
we
track
attendance,
and
you
know
those
people
that
show
up.
You
know,
earn
the
right
to
be
contributors
and
voters
and
I
would
consider
you
know
the
four
of
us
that
have
been
here
the
whole
time.
A
That's
you
know
that
it'll
be
three
additional
people
I'd
like
to
consider
their
opinions.
David,
Ava
and
Randall
since
they've
also
been
here
very
consistently
okay.
A
Will
do
that
I
will
create
an
issue.
I
will
send
that
issue
to
the
mailing
list
and
the
slack
Channel
and
let's
say,
what's
today:
Thursday,
let's
give
it
until
if
I
could
have
everyone
Express
their
opinion
by
like
next
Tuesday
that'll
be
great.
C
A
Yeah
that
that
will
be
another
administrative
task
that
I
will
bear
bless.
You
bless
you
I.
C
Because
the
Chowder
is
pretty
well
written
that
way
that
it
also
provides
for
the
bootstrapping,
which
is
so
often
in
the
issue
right.
It's
like
well,
you've
got
to
stop
somewhere
and
so
there's
a
way
to
get
to
the
TSC,
but
you
can
stop
with
nothing
and
so
I
think
this
is
an
important
aspect.
We
we
have
to
have
yeah.
A
If
you,
how
I
would
document
that,
if
you
take
a
look
at
the
vulnerability,
disclosures
working
group
and
scroll
down
to
the
governance,
section
is
how
this
would
get
listed.
C
A
I
personally,
keep
track
of
all
the
groups
that
I
participate
in
that
you
know
everyone
that
comes
so
that
I
have
so
I.
Have
the
ability
to
understand
who
who
shows
up
and
who
is
just
kind
of
occasionally
passively,
showing
up.
C
A
C
Well,
it
was
good
we've
got
to
Rosario,
maybe
we
can
give
her
a
chance
to
introduce
herself
and
I,
don't
know
if
she
got
the
right
picture
of
what
this
is
supposed
to
be
I
think
we
are
a
bit
of
an
odd
group
in
that
way.
Some
groups
are
more
structured
than
this,
but
this
is
a
pretty
small
group,
and
so
we
allow
ourselves
to
you
know
wander
around
a
little
bit,
but.
E
No,
it's
totally
fine
hi
everybody
I'm
Rosaria.
This
is
the
first
time
I've
joined
this
group.
So
thanks
for
letting
me
join
I
work
at
indeed
and
I
am
very
new
to
open
source
I
joined
the
open
source
program,
office
and
I'm,
starting
to
plot
my
way
here
and
I
was
asking
some
questions
to
see
Rob
here
directly,
so
just
to
ask
what
the
group
was
doing
and
I
think
I
I
summarized
it
pretty
accurately.
E
I
think
this
is
great.
I
did
give
some
feedback
that,
as
a
newcomer
here
to
this
wonderful
world
of
Open
Source,
it
has
been.
It
hasn't,
been
easy
to
understand
the
strategy
and
understand
what
the
priorities
are
and
what
group
is
working
on.
What
and
I
also
get
the
sense
that
there
are
some
overlap,
but
everybody's
working
really
hard
to
work
toward
more
of
a
secure
environment.
So
I
think
this.
The
initiative
of
this
team
is
is
awesome
and
I
think
it's
needed.
C
C
I
will
dare
say
since
we're
in
the
small
community,
especially
that
it's
more
of
a
mess
than
a
typical
organization
is,
and
this
has
to
do
with
the
fact
that
this
organization
was
not
funded
initially,
and
so
it
grew.
It
grew
organically
for
a
year
before
you
know,
companies
like
hers,
decided
to
really
take
this
seriously
and
put
a
bit
of
structure
around
it,
and
so
now
we're
trying
to
you
know,
set
a
structure
around
something
that's
already
in
Flight,
which
is
a
lot
harder.
E
E
C
C
Okay,
what's
going
on
here
and
at
different
point
in
time,
so
we
had
slightly
different
experience,
but
we
kind
of
all
felt
some
of
pain,
trying
to
figure
out
what's
going
on,
and-
and
this
is
why
we
are
very
interested
in
this
exercise
of
trying
to
map
everything
and
Matt
deserves
a
lot
of
credit
because
he
actually
has
been
going
further
than
anyone
else
has
done
before.
On
that
front
and
and.
B
C
Are
we're
still
discovering
stuff,
which
is
amazing
right?
It's
like
wow
we're
two
years
into
this
now
and
we're
still
discovering
bits
and
pieces
that
actually
apparently
belong
to
opennessa.
But,
don't
always
you
know,
behave
like
they
are
all
it's.
B
A
All
right
folks,
thank
you
for
your
time
and
attention
look
for
an
email
and
slack
message
from
me
about
the
vote,
so
we
can
get
officially
ratified,
so
we
can
start
taking
action
and
starting
to
get
some
of
these
Corrections
that
you
know,
Matt's
exercise
helped
identify
for
us
sounds.