►
From YouTube: OpenSSF Diagrammers Society (May 4, 2023)
Description
Meeting minutes: https://docs.google.com/document/d/14i9v7WuQcLzWpvLe9B0sl-kf90JLwxNwrZkRXLWmEdQ/edit#heading=h.9m0zi4b0wnne
A
A
C
B
C
A
C
F
B
E
E
The
slides
that
I
asked
for
Vision
on
from
our
design
team
were
related
to
our
onboarding.
Whenever
we
welcome
a
new
member,
they
were
starting
to
get
a
little
stale
and
one
of
the
graphics
that
we
have
in
there
is
one
of
the
the
OG
the
original
kind
of
here's
everything
in
the
open
ssf.
That
was
kind
of
hard
to
dig
into
hard
to
read.
B
B
C
C
C
B
B
B
No,
it
changed
it
changed
this
week,
we're
getting
recorded.
You
know
what
this
was
public
information.
We
got
a
a
formal
letter
from
a
lawyer
from
the
gnu
folks
saying:
please
don't
use
gnu
as
part
of
their
name
now,
I
think.
Frankly,
if
we
want
it
from
a
legal
perspective,
I
think,
first
of
all,
let
me
let
me
make
a
preface
I'm,
not
a
lawyer,
I,
don't
even
play
one
on
TV,
okay,
my
understanding
is
that
doing
work
to
support
somebody
else's
thing
and
mentioning
their
name
saying
I'm
going
to
help.
B
This
is
reasonable
use
because
you
know
it's
a
you
know.
You
know
you're
referring
to
something
that
has
a
trademark
and
therefore
it's
okay,
to
use
a
trademark
to
refer
to
the
thing,
however,
regardless
as
a
general
policy,
the
LF
does
its
best
to
try
to
work
with
people
and
not
cause
unnecessary
problems.
So
as
soon
as
they
raise
the
hey,
we
don't
like
you
using
the
name
I,
although
we
could
have
possibly
fought
it
back.
Basically,
we're
not
we're
here
to
be
helpful.
B
These
projects
not
cause
stirs
and
problems
that
just
doesn't
make
any
sense.
So
we
just
said:
oh
okay,
well
we're
surprised
by
that
they
normally
aren't
like
that,
and
we've
worked
with
them
before.
But
okay,
if
that's
what
you
want,
let's
rename
them
it's
not
even
a
project
so
much
as
it's
a
funding
vehicle.
So
fine,
if,
if
renaming
it
is
what
they
would
like
to
do
great,
let's
go.
Do
that
and
make
sure
their
logo
doesn't
have
a
canoe
and
just
you
know
just
make
it
really
really
clear.
B
E
B
Exactly
right,
that's
exactly
right
and
while
I
think
there
are
other
formats
having
something
where
I
can
go,
click
and
get
where
you
can
go
click
and
give
a
presentation
on
I
mean
I'll,
have
to
admit.
There's
I,
guess
a
slightly
selfish
viewpoint,
but
I
don't
think
it's
just
me.
I
think
all
of
us
at
one
time
or
other
are
suddenly
asked
hey.
B
What's
this
open
ssf
thing,
please
explain,
and
while
there
are
many
other
reasons
to
have
the
results
of
the
diagram
or
Society
I,
think
being
able
to
show
up
and
hear
some
diagrams
that
attempt
you
to
help.
You
understand
something
with
a
lot
of
moving
Parts
I
think
is
I.
Think
it's
really
helpful.
It
certainly
helps
me
and
my
expectation
is
it
helps
others.
B
So
if
the
diagram
of
society
wants
to
have
other
results,
that's
awesome,
but
if
one
of
those
formats
could
be
a
presentation
that
makes
it
really
easy
for
a
lot
of
us
by
the
way
Brian
likes
to
call
this
a
circus.
So
I'll
have
to
pull
up
my
standard
circus
tickets
here
for
my
grandfather's
grandfather's
circus.
C
E
E
E
Feedback
that
they
gave
no
no,
this
is
this
is
part
of
our
retainer.
This
is
not.
We
did
not
pay
for
this
specifically,
but
yes,
it
is
just
a
change
of
colors.
What
I
asked
for
was
in
response
back
to
this
is
like.
Can
we
break
this
down
into
like
a
different
format
where,
like
maybe
we
put
boxes
or
kind
of
clean
it
up
in
some
ways
and
make
the
text
a
little
more
legible?
E
B
Yeah
so
I'm
recording,
but
as
far
as
I
I'm,
not
I'm,
not
terribly
private,
about
this
matter.
I
like
10
of
males,
I'm,
colorblind
I,
can't
see
colors,
but
I
have
trouble
distinguishing
some,
especially
if
they're
small
you
know.
So,
if
you
give
me
a
big
Swatch,
I
can
see
color
differences
if
they're
small
little
boxes,
hello,
it
gets
harder.
B
But
since
there's
a
fairly
large
number
of
people
who
have
colorblindness
and
my
particular
one
is
the
most
common
I
think
it
will
be
helpful
where
we
can
to
try
to
use
more
distinctive
colors.
Even
for
those
who
have
more
struggle
with
color
blindness
is
because
I
said
it's
fairly
common,
then
that'd
be
these
colors.
Just
you
know,
I
can't
tell
the
difference.
B
F
Yes,
so-
and
this
is
a
almost
piggybacking
on
what
with
what
David
was
saying,
I
think
if
this
is
going
out
and
and
formally
in
any
type
of
way
what
we
did
before
for
accessibility
purposes
as
we
italicize
some
things,
we
bolded
some
things
color
wise
like
these
colors.
They
they
look
snazzy
but
the
the
the
the
the
they're
all
they
all
look
the
same
they're
the
same
color
with
different
gradients.
F
They
got
to
be
different,
different
colors
on
different
gradient
scales.
They
they
can't
and
then,
after
that,
it's
got
to
be.
You
know
and
then
I'm
talking
about
just
for
accessibility
purposes,
also
a
legend
of
what
the
arrows
mean,
what
the
boxes
mean,
what
the
dotted
things
mean,
what
the
little
small
squares
mean.
E
B
I
often
I
often
do
use
this
slide,
but
what
I
do
is
I,
don't
go
through
every
detail.
What
I
usually
do
is
say:
hey.
You
know.
Code
starts
with
source
code.
It
gets
built
producing
packages
focusing
on
those
things
at
the
top
and
then
noticing
that
there's
a
bunch
of
working
groups
that
produce
a
bunch
of
sigs
and
projects
which
associate
around
those
things
or
the
back
channel
from
those
processes.
B
Now
once
I
say
that
I
can
then
say,
I
can
talk
about
any
one
of
these
specifically
now
most
The
Times
They,
don't.
But
the
fact
that
it's
on
this
chart
makes
it
super
easy
to
jump
in
and
explain
if
they've
got
a
specific
interest,
because
some
folks
have
specific
interests
showing
them
that
there's
a
broader
thing
it
lives
in
I
mean
you
know
a
stupid
example.
You
know
OSS
fuzzing.
Oh,
that's
part
of
the
securing
tooling
working
group
and
look.
You
can
see
that
and
show
where
it
is
in
this
chart.
B
F
Don't
think
you
can
have
this
slide
without
the
two
previous
ones.
I'll
tell
you
that
I
think
the
first
Slide
line
just
gives
you
an
outline
of
of
what
of
of
outline
of
the
working
groups
period.
So
these
are
the
working
groups.
The
second
slide
gives
you
what's
happening
under
each
working
group
and
that's
where
you
begin
to
introduce
a
further
introduced,
the
what's
bolded
with
italicized
the
colors
of
each
working
group.
F
Right,
I,
don't
think
that
this
Slide
by
itself
can
live
successfully,
but
I
think
this
slide
has
a
as
a
story
based
on
the
sum
memory
told
of
the
first,
and
the
second
is
key
and
I
think
that
all
three
of
these
as
a
way
to
for
a
incomer
and
a
person
coming
in
if
you're
saying
this
is
the
open,
ssf
I,
think
that's
a
great
story
to
tell
the
three
sides
together.
I
think
this
last
one
by
itself
will
confuse
a
living
hell
out
of
people.
You
need
the
other
two.
B
About
Jay
said
it
better
than
I
did
and
I
will
admit
by
the
way
that,
although
I
didn't
say
it
as
clearly
as
he
did
when
I
present
I
do
actually
present
all
three
in
sequence,
because
the
first
one
actually
is
under
easy
understand.
I
mean
that
first
one
I
mean
yeah.
Okay,
you
know
hey,
there's
these
a
government
board
attack
a
bunch
of
working
groups
that
actually
doesn't
cause
anybody.
Any
troubles
and
the.
F
C
C
F
E
B
Although
I've
forgotten,
what's
the
name
of
the
guy,
who
does
images,
who
shows
the
the
map
of
the
French
troops
going
off
to
fight
Russia,
Napoleon
Gulf
to
fight
Russia,
there
is
a
view
there
are
a
number
of
folks
who
actually
believe
that
busy
slides
can
be
really
really
helpful
if
they
show
all
the
information,
because
then
that,
basically
is
helpful
for
sure,
for
is
it
for
what
probe
is
talking
about?
You
know
it's
a
it's
a
backdrop
for
you
to
talk.
B
C
E
C
Oh
and
and
if
people
follow
the
rules
like
they
should,
this
could
be
a
very
simple
exercise
of
grabbing
all
of
the
working
group,
tack
updates,
where
they
provide
all
this
information
about
their
active
projects
and
just
be
a
matter
of
copying
and
pasting.
But
I
don't
know
that
that
has
consistently
been
executed
across
the
all
groups.
C
C
A
E
And
then
I
there's
other
other
than
the
cicd
view.
If
there's
anything
else,
we
want
to
pass
along
to
the
design
team.
At
this
point
it
might
not
necessarily
be
already
embedded
within
a
slide
deck
that
we
give
regularly,
but
if
there's
something
that
we
want
to
have
them
work
on
important
for
everybody
at
this.
C
F
A
B
So
why,
while
you're
looking
I
added
some
notes
for
things
today,
so
colors
need
to
make
them
more
distinct,
especially
for
colorblind
colors
need
to
be
the
same
for
each
working
group
across
all
three
slides.
You
need
to
add
a
key
for
CI
CD
slide.
I,
think
that
made
the
key
may
be
a
separate
slide.
Frankly,
unless
we
can
slip
it
in.
D
F
D
B
G
B
B
I
do
agree
with
you,
Crow
I,
think
in
the
short
term,
actually
probably
today,
and
if
you
want
I
could
even
add
a
proposed
pull
request.
Do
the
link
but
I
think
we
can
link
from
the
best
practices
to
this.
So
at
least
it's
easily
more
much
more
easily
found
in
the
longer
term
if
we
can
find
a
way
to
put
it
on
the
website.
That
would
be
awesome,
but
the
only
way
to
do
that
is
to
make
it
uneditable
I
think
that's
a
trade
not
worth
making,
because
we
know
it's.
B
B
Exactly
one
person
has
access
to,
and-
and
you
know,
but
don't
worry
it
only
takes
it'll
only
take
us
a
two
week
or
four
week
turnaround
to
make
a
change.
I'm,
not
saying
that
this
has
ever
happened
in
my
previous
organization.
Mind
you,
but
but
but
imagine
that
facts
could
happen
in
some
organizations
but
and
I
really
you
know,
but
but
I
think
that's
a
key
issue
is
that
if
we
can't
update
it,
then
we're
going
to
constantly
be
stuck
with.
Oh
hey,
Matt
welcome
yeah.
B
What
what
just
if
you're,
quick
context
for
you
Matt
the
GTI
for
per
request
of
the
free
software
Foundation,
has
been
renewed
to
the
court
dual
infrastructure
to
the
CTI,
where
the
C
has
become
core
and
adding
new
working
groups
adding
new
projects
changing
things.
It
happens
all
the
time.
So
we
just
need
to
be
prepared
for
that.
C
C
B
C
E
Yeah
I
mean,
if
there's,
if
there's
specific
feedback
on
any
of
it
in
terms
of
like
what
we
can
do,
I
mean
I.
Think
then
the
the
obvious
Next
Step
will
be
website
as
well.
Get
a
nice
diagram
going
there
and
once
again,
I'd
love
it
to
not
just
be
an
image.
I
would
prefer
it
be
embedded
where
we
can
easily
edit
yeah.
C
E
C
C
B
B
C
B
F
B
C
From
there,
okay,
yeah
and
then
I
will
work
on
getting
that
the
Plumbing
appropriately
set
from
the
tack
to
the
diagrammers.
But
again
we
mentioned
it
in
the
last
call
that
there
is
a
proposal.
A
couple
of
us
are
working
on
to
create
kind
of
a
centralized
working
group
that
would
account
for
things
like
personas
and
taxonomies
and
then
I
would
propose.
This
gets
slid
under
there.
F
F
B
All
right,
you
know
what,
because
this
was
originally
cobbled
from
a
presentation
I
gave.
The
first
slide
has
my
name:
why
don't
I
just
remove
my
name
from
it?
I?
Don't
it
doesn't
matter,
and
then
people
can
put
their
name
in
or
not?
Okay,
but
I,
don't
I'm,
not
ashamed.
I'm
very
glad
I
was
able
to
help,
but
it's
a
group
effort
and
I.
Don't
want
putting
my
name
here
to
interfere
with
somebody
thinking
they
can
use
this
all
right,
so
I
will
I
will
get
that
done.
Yeah.
D
F
I
think
it's
wonderful
and
I
think
it's
wonderful,
because
it
takes
everything
that
that
we're
doing
across
this
one
is
just
basically
across
salsa
and
then
S2
c2f,
but
then
the
foundational
element
underneath
a
zero
trust
principles
which
I
thought
was
something
that
was
like
really
cool
that
that
Daddy
did.
We
just
got
to
make
sure
we
get
the
clearance
on
or
I.
Well,
we
scrub
it
enough
to
where
it's
it's.
It
could
be
put
to
what
we
want
to
do
here
in
the
in
the
openness
and
stuff
I'm.
F
C
I'd,
love
and
I
think
an
evolution
of
this
group
in
the
future
will
be
working
with
the
assorted
working
groups
trying
to
help
them
articulate
themselves
applying
against
things
like
the
cyber
security
framework
or
ssdf
things
like
that
to
try
to
help
show
those
connections.
I
love
the
idea
look
forward
to
seeing
it
absolutely
yeah.
B
A
question
on
the
dot
on
this
openness
of
intro:
everybody
can
can
access
this
I
believe,
okay,
yeah
anybody
can
comment
on
it.
In
fact,
I
don't
know
if
we
want,
maybe
eventually
we
don't
do
that,
but
that's
how
we
are
right
now.
Is
there
anybody
who
wants
edit
access
to
it
that
doesn't
have
edit
access
to
it
yet
crowbe
I
know
you've
got
it.
Jay
I
know
you've
got
it.
Jennifer
I
know
you've
got
it.
Is
who's
missing.
B
F
B
A
F
A
B
B
B
G
B
G
B
B
B
D
C
So
we
do
have
some
people,
so
there
will
be
like
the
best
practices
is
working
on
like
source
code
management,
hardening
guides
kubernetes
itself.
We
probably
would
defer
to
the
project,
but
we
do
have
like
the
education.
Sig
is
probably
going
to
work
on
some
type
of
collateral
educational
materials
on
how
an
operator
could
config
Harden
their
kubernetes
instance.
B
What
I
tell
people
in
general
is
the
open.
Ssf
is
not
here
to
rewrite
all
open
source
code
in
the
universe
and
taking
over
all
the
open
source
projects.
Okay,
this
is
not
me.
I
I
say
that
laughingly,
because
I
think
most
people
understand
that
can't
possibly
be
work.
So
we
know
it
can't
be
that
so
individual
open
source
projects,
we
expect
them
to
work
on
their
own
security.
So
if
the
goal
is
hey
kubernetes
I
need
to
you
know
it
has
a
bug,
I
need
it
fixed.
B
B
On
the
other
hand,
if
you're
looking
for
guidance
on
how
to
write
code
that
you
know
the
Cooper
is
in
these
instants
might
use
absolutely
happy
to
provide.
You
know
various
kinds
of
guidance,
I
think
the
overlap
is
and
things
like,
Alpha
Omega,
where
and
critical
projects
where
we
identify
some
projects
that
are
important
but
again
we're
not
taking
over
a
project.
D
B
Exactly
now,
where
there's
overlap
is
things
like
Hey?
How
do
you
use
kubernetes
securely
if
the
kubernetes
folks
have
a
guidance
doc
on
how
to
use
kubernetes
security
for
securely,
for
example,
we
would
say
fabulous,
you
know,
and
you
know
big
thumbs
up
and
I
think
in
general,
when
you're
talking
about
guidance
for
a
very
specific
tool,
I
think
that's
generally
best
handled
by
the
folks
who
make
that
tool,
but
when
it
suddenly
crosses
over
to
how
do
you
create?
B
You
know
software,
but
in
a
much
more
General
way,
then
I
think
I
mean
we're
not
if
somebody
else
wants
to
do
it.
That's
fabulous
we'll
point
to
it,
but
it
certainly
would
be
within
scope
for
us
to
do
it.
Okay,
thanks
yeah,
but
we,
for
example,
I
mean
your
obasp.
Is
that
there's
actually
o
r
star's
representation
on
the
governing
board?
If
owas
has
something
cool,
that's
helpful
or
you
know
cncf
or
something
else.
We
are
delighted
to
refer
to
it.
B
C
Wherever
possible,
we
try
to
Federate
with
good.
You
know
external
things.
If
there's
ever
a
collaboration
opportunity,
you
know
we
would
definitely
we
wouldn't
turn
away
the
cubes
folks
if
they
wanted
to
have
us
help
craft
something
but
yeah
again
that's
kind
of
their
wheelhouse.
We
leave
them
to
it.
D
B
C
C
Won't
be
affiliated
with
the
open
ssf,
it's
more
a
broader
industry,
thing,
oems
and
ibvs,
and
things
got
it
and
then
they're
like
who's,
the
fellow
from
Red
Hat.
There
is
a
very
active
open
source
firmware
project.
They
do
some
really
good
work
and
that
that
group
we
would
partner
with
but
yeah
it's
like
firmware
and
such
there
is
no
body
yet.
A
B
G
G
Crate
bills
and
materials
that
then,
would
can
be
translated
to
salsa,
but
very
early
conversations
anyways,
but
build
group
is
basically
like,
creates
firmware
and
you
basically
it's
like
a
checklist,
and
it
said:
I
want
these
device
drivers
for
this
architecture
and
it
builds
you
a
embedded,
Linux
image.
Basically.
B
So
generally
you're,
not
you
know
you're
you're,
installing
software
at
build
time,
but
you
know,
then
you
then
you
burn
it
in
and
hopefully
don't
have
to
make
many
changes
once
it's
out
in
the
field
so
and
they
again
they
end
up
generating
s-bombs
and
got
to
make
sure
that
all
the
components
actually
work
together
and
all
that
good
stuff
and
and
I
think
the
embedded
world
is
really
fragmented.
There's
a
thousand
different
organizations
and
very
very
hard
to
keep
track
of
everybody.
Yeah.
G
It
sounds
like
that,
like
this
group
has
a
has
a
standard
log
format
they
put
out
and
it
would
be
a
simple
I'm
talking
about
mapping
it
to
an
s-bomb,
and
so
it
can
be
uploaded
into
pensy
track.
That's
the
goal,
and
so
then
diffs
or
Deltas
over
time,
and
they
can
be
connected
to
mvds
stuff
like
that.
So
right.
B
G
B
B
B
I
will
post
the
pr
that
I,
just
oh
I,
actually
already
did
I
posted
a
PR
that
I
will
add
a
link
to
the
the
slides
from
the
diagrammer
society
page
and
then
I
guess
I
I
would
prefer
there
be
some
way
for
somebody
to
find
the
diagrams
without
looking
at
the
diagram,
Society
page
but
I
guess
maybe
you're
not
comfortable
doing
it
from
the
tax.
So
I.
C
B
C
E
B
B
Now
Amanda
doesn't
like
that
approach.
But
if
you
don't
like
that
approach,
then,
as
I
said,
there's
the
easy
way
and
there's
the
hard
way.
That's
the
easy
way.
The
hard
way
is
figuring
out
what
your
alternative
is
and
the
open
ssf
main
websites
a
WordPress
document,
a
WordPress
system
which
is
which
is
everyone's
favorite
and
figuring
out
how
to
make
turn
those
diagrams
into
something
else
is
is
kind
of
rough,
so
I'm
not
sure
how
to
deal
with
that.