►
From YouTube: End Users Working Group (August 18, 2022)
Description
Meeting notes: https://docs.google.com/document/d/1KQalBRzfRBvsqh73JUYfp1KG-AJdXcv2Z8LTIFoQP8c
A
Finally
found
the
the
document,
the
agenda.
A
I
think
it
was
justin
that
he's
not
able
to
attend.
Unfortunately,
today.
D
He
won't
be
able
to
attend
in
general
because
he
has
a
standing
commitment
at
this
time.
E
F
A
Indeed,
so
I've
posted
the
link
to
the
the
agenda
document
in
the
chat.
If
people
want
to
go
and
take
a
look,
if
you
could
also
add
your
name
to
the
list
of
attendees,
that
would
be
great.
D
A
All
right,
thank
you,
so
let
me
give
it
one
more
minute
and
then
we'll
go
through.
Is
anyone
anyone
interested
in
being
the
scribe
this
week.
B
D
A
A
All
right,
let's
kick
off,
so
doesn't
currently
look
like.
We
have
any
new
friends
on
the
group
today,
one
of
the
things
that
I
think
we
should
be
doing
as
we're
getting
a
bit
closer
to
being
made
a
a
fully
fledged
group
is
getting
sort
of
additional
members.
I
know
I'm
in
touch
with
a
lot
of
other
people
and
I'll
be
inviting
people
to
the
group
too.
A
Hello,
fuzzy.
A
No
worries,
if
you
take
a
look
at
the
the
chat
room,
we've
posted
a
document,
a
link
to
the
agenda.
Thank
you.
A
Yeah
you
want
to
take
a
quick
look
at
that.
We're
literally
just
started
and
we're
at
the
point
of
introducing
new
friends
to
the
group.
Do
you
entertain
me
yeah
right
time?
Do
you
want
to
maybe
introduce
yourself.
C
Fantastic,
my
name
is
peter
singh.
Everyone
knows
me
as
fuzzy
on
the
internet.
E
Randall's
brought
me
along
to
the
recent
meetings
and
I'm
personally
enjoying
the
the
fact
that
I'm
here
and
I'm
really
enjoying
the
likes
of
these
projects,
that
these
guys
have
got
going
and
like
to
get
involved.
Basically,
and
I
also
don't
drink
so
yeah.
A
Fantastic
all
right
thanks
very
much
so
thanks
for
obtaining
that
good,
okay.
So,
let's
start
with
the
first
agenda
item,
if
that's
okay,
so
vicky,
do
you
want
to
give
us
a
bit
of
an
insight
into
the
ssc
framework.
D
A
D
So
this
came
up
in,
I
believe
it
was
the
best
practices
working
group
earlier
this
week.
Microsoft
has
released
a
whole
new
project.
Officially,
it's
a
specification
for
a
framework
for
open
source
software
supply
chain
usage
for
how
how
to
find
and
use
open
source
in
a
secure
way.
D
The
project
made
a
little
presentation.
They
had
a
have
weekly,
no,
not
weekly,
regular.
Let's
go
with
that
community
meetings
they
will
be
having
they
will
be
trying
to
get
into
open
ssf
under
some
working
group
or
other
at
the
moment
of
the
existing
working
groups.
The
best
fit
for
that
is
the
best
practices
working
group,
but
I
believe
that's
just
because
we're
not
official
yet
because
really.
D
About
consuming
open
source-
and
so
it
may
make
more
sense
for
that
to
be
under
our
group.
However,
it
is
brand
brand
new.
They
only
held
their
very
first
community
meeting
this
week
and
they're
still
getting
their
feet
under
them.
D
D
That
document
includes
links
to
the
specification
itself
and
their
github
repo,
which
is
where
it
lives.
So
I
just
wanted
to
mention
it
to
you
all
in
case
you
wanted
to
have
a
look.
They
will
be
presenting
officially
to
open
ssf
people.
Let
me
drop
a
link
to
that.
If
someone
hasn't
there,
we
go,
they
will
be
presenting
officially
to
open
ssf
working
group,
one
or
more,
I
believe
krobe
is
helping
to
coordinate
that,
so
they
can
figure
out
where
they
want
to
live
under
the
open
ssf.
D
So
I
made
sure
that
they
knew
that
we
were
a
going
concern,
we're
soon
to
become
an
official
working
group
and
prognose
to
make
sure
that
this
working
group
is
a
part
of
that
scheduling.
So
we
can
try
to
have
only
one
demo
from
them
for
multiple
working
groups
rather
than
having
them
do
the
same
demo
three
plus
times.
D
So
we
can
see
whether
it
would
be
a
good
fit
for
open
ssf
in
general
and
then
where
it
should
fit
as
a
project
under
which
work
and
randall
you've
had
your
hand
up
for
quite
a
while.
G
Actually,
looking
for
because
there's
actually
another
part
of
this
vicky
that
I
was
actually
going
to,
let
you
in
on
from
michael,
so
I
don't
know
if
you
want
to
I'll
send
it,
but
I
don't
know
if
you
want
to
get
michael
in
touch
with
chris,
because
there
is
another
part
of
this
that
was
presented
yesterday
by
michael
in
the
security
integrity
meeting.
So
he
wanted
to
present
to
a
few
different
places.
G
D
D
Yeah,
if
you
could
just
send
them
to
the
slack
channel,
so
everyone
could
see
them.
That
would
be
great
and
michael
was.
C
D
Call
on
the
community
call
this
week,
so
I
just
probably
didn't
have
the
time
to
bring
that
up
as
well.
But
it's
good
to
know.
There's
another
piece,
I'm
sure
crow
will
be
hearing
about
that
soon
as
well
and
I'll
make
sure
that
he
gets
to
see
the
the
slides
once
you
share
them.
So.
G
Just
I
just
sent
them,
but
just
for
the
record.
I
know
that
michael
wanted
to
keep
this
kind
of
in
like
a
small
group
of
people,
so
I
think
this
is
small
enough,
but
I'm
just
letting
everyone
know
that
he
did
kind
of
say
like
it's
not
final.
G
A
Thanks
andrew,
you
got
your
hand
up
as
well.
H
Yeah
randall,
if
you
have
some
details
on
the
tool,
that'd
be
interesting,
because
I
went
through
this
and
be
interesting
if
they
are
pitching
as
a
specification,
it's
more
of
a
process.
H
Today,
at
least
I
know
it's
been
in
effect
at
microsoft,
for
I
believe
two
almost
three
years
now
so
there's
obviously
a
lot
of
real
world
implementation
that
has
gone
into
this,
but
definitely
would
like
to
understand
them
more
about
this.
This
tool
or
solution
that
you're
referencing.
G
This
is
actually
so
from
my
understanding.
This
is
part
of
their
implementation
at
microsoft
that
they're
trying
to
move
out
yeah.
This
is
why
it's
so
azure
focused,
but
I
know
that
that's
not
like
a
huge
thing,
that's
just
an
idea,
and
I
know
that's
based
on
the
fact
that
openssf
has
azure
credits,
but
but
from
my
understanding
this
is
one
of
the
ways
that
they
take
that
framework
and
implement
it
at
microsoft.
C
G
H
Right
yeah,
it
is,
and
just
again
going
through
a
brief
run
through
on
the
document.
There's
a
lot
here
that
that
may
be
useful
for
end
users.
G
And
that's
the
thing
real
quick.
Let
me
point
out
so
the
big
thing
with
this,
because
they
have
a
part
there
where
they
can
compare
frameworks.
The
big
difference
with
this
framework
is
that
it
covers
end
users
like
most
of
our
other
frameworks,
are
more
on
the
producer
side
of
things,
so
this
is
one
that
actually
covers
both
sides
of
the
argument.
F
A
G
A
Seen
the
the
list
of
the
list
of
personas
and
the
different
use
cases
that
I
sort
of
sent
around
a
couple
of
times,
I
think
it
was
on
the
chat,
I'm
just
interested
if
that
satisfies
those
sort
of
use
cases,
or
is
it
additional
use
cases?
I
have.
G
H
It
doesn't
have
some
of
the
risk
and
compliance
use
cases
that
would
be,
you
know,
make
it
completely
relevant,
say
for
a
highly
regulated
industry,
given
the
fact
that
it
came
from
microsoft,
but
there's
there
are
a
lot
of
steps
in
this
process
here
that
would
be
useful,
be
under
like
definitely
have
to
understand
the
implementation.
From
a
tooling
perspective,
better.
H
G
A
All
right,
very
good!
That's
that's
really
interesting!
I
think
it'd
be
useful
to
get
some
more
more
detail
about
that.
So
a
couple
of
actions
coming
out
of
it
excellent
vicky
anything
further
on
that
one.
D
No,
this
is
great
and
I'm
really
grateful
to
randall
for
bringing
just
the
other
side
of
that
project.
D
So
we
know
that's
a
something
that
we
can
have
a
look
at
and
once
I
have
a
chance
to
look
at
the
slides,
I
will
either
reach
out
to
michael
or
or
krobe
or
or
both
frankly,
to
see.
What's
going
on
with
that.
B
So
since
I'm
taking
notes,
I
I
put
on
that
randolph
and
microsoft
to
the
end
user
slack
channel
to
kind
of
keep
us
all
updated.
Should
I
change
that
to
vku
reaching
out
or
do
we
want
to
kind
of
continue
in
the
end
user
stack
channel
from
here.
G
Thank
you,
I
do
think
vicky.
They
need
a
little
bit.
The
whole
microsoft
team,
including
adrian,
needs
a
little
bit
of
orientation
about
how
open
ssf
works,
because
I
don't
think
that
they're
necessarily
clear
on
like
where
what
goes
where,
because
I
know
that
yesterday,
we
kind
of
hijacked
the
meeting
with
this
presentation.
I'm
not
trying
to
be
like
that
about
it,
but
it
is
true.
D
Yeah,
no,
I
I
understand
which
is,
I
know
that
both
michael
and
ava
were
in
the
the
call
on
tuesday.
So
it's
not
like
they're
lacking
for
open
ssf
experience
in
their
group.
It
just
could
be
that
there
wasn't
enough
communication
in
advance
and
that
sort
of
stuff,
when
you
know
we're
people
communication
is
hard.
That's
fine,
fair.
D
G
A
Very
cool
all
right,
so
if
we
can
move
on
the
agenda,
then
I
think
that's
that
has
that
one
covered
next
one
we
have
is
meeting
frequency.
So
we've
had
a
few
suggestions
about
timing
and
we've
settled
on
seven
pdt,
but
in
terms
of
meeting
frequency.
Any
suggestions
on
how
often
to
me
I
I'd
suggest,
like
biweekly,
but
any
any
thoughts,
otherwise.
B
A
H
We
have
a
lot
of
a
lot
of
initial
work
to
keep.
You
know
to
build
the
momentum
and
to
grow
this
community,
so
I
think
the
more
frequent
the
better
right
now.
A
Excellent
sounds
good
to
me
so
noted.
Thank
you
very
much
so
next
gender
item,
so
great
news
becoming
a
real
working
group
right,
so
this
this
formed
some
time
ago
a
loose
band
of
people
right,
but
I
think
we're
now
getting
to
the
point
where
I
believe
this
is
the
fifth
meeting.
We've
got
in
there
the
the
list
of
steps
to
go
to
become
an
official
working
group.
A
I
think
if
we
open
that
up,
I
think
we
need
to
start
talking
to
a
tech
sponsor,
but
I
think
we've
we've
hit
the
other
goals.
So
if
you
look
at
it
become
incubating,
we
need
to
have
met
at
least
five
times
at
least
five
interested
individuals
from
at
least
three
different
organizations
attending
regularly.
A
I
believe
we've
we've
also
met
that
agenda
or
that
item,
so
the
next
step
is
to
look
for
a
tax
sponsor
and
I
think
that's
really
where
we'd
be
heading
next.
I
know
that
I
think
there
was
attack
member
that
attended
last
last
session.
If
that
was
correct.
Unfortunately,
I
was.
A
H
C
F
A
Yeah
and
I
think
it
would
really
be
useful
to
to
provide
that
voice
directly
into
the
attack
that
I
think
it
would
be
one
of
those
main
steps
right,
jack,
yeah.
F
Yeah,
I
I
see
one
of
the
purposes
of
the
group
is
continuing
to
lobby
for
the
view
that
the
needs
and
interests
and
perspectives
of
end
users
are
distinct,
that
we,
we
just
have
different
dna
when
it
comes
to
thinking
about
these
problems
from
from
vendors
who,
who
necessarily
have
a
different
view.
So
it's
important
to
have
both
sides
of
the
coin
represented.
A
Yep
fully
agree,
we
agree.
So
next
step
is
to
approach
members
of
the
tech.
I
can
take
that
as
an
action
unless
anyone
else
is
supremely
want
to
take
that
one.
A
Great
so
I'm
gonna
reach
out
to
brian
and
sort
of
identify
a
member
of
the
attack
who's
interested
in
working
with
us
as
we
go
through
the
incubating
process
and
become
a
regular
attendee.
So
that'll
be
an
action
that
I
can
take
on.
F
Is
there
is
it
possible
that
we
raise
it
at
the
next
tac
meeting
next
week?
I
believe
it
is.
I
don't
see
an
agenda
for
that
meeting
yet
so
we
could
probably
sneak
in
at
the
top
fantastic.
D
I
would
also
propose
that
we
do
that
and
get
it
in
front
of
all
of
the
tap
members
at
once.
H
Yeah,
I
I
think
it
should
be
seated,
maybe
with
a
conversation
or
two
with
a
couple
of
attack
members
beforehand.
So
even
if
it's
a
formal
agenda
item,
it
would
be
nice
to
make
sure
that
it's
not
a
completely
new
topic
for
these
folks
yep.
So.
A
I
can
do
that,
so
I
can
do
that
part
seed
it
with
a
couple
of
them.
Talk
to
brian
great
idea,
get
on
the
main.
The
agenda
for
next
week,
though
as
well
so
do
both
sounds
like
a
decent,
decent
idea.
B
Yeah
and
there's
this
thread
where,
like
when
we
at
spotify,
started
to
get
involved
that
you
are
on
as
well
jonathan.
I
think
it
might
make
sense
to
because
I
believe
bob
is
on
it
already,
so
we
can
make
sure
to
kind
of
close
the
loop
on
that
one.
B
No
I'll
reply
back
to
that
thread
kind
of
just
so
that's
the
informal
way
of
reaching
out
and
who
will
maybe
we
have
someone
volunteer
to
be
on
the
big
stack
meeting.
F
B
I'll
just
add
both
of
you
check.
A
Absolutely
sounds
good,
so
next
step,
I
think,
selecting
a
chair
and
and
likely
a
vice
chair.
I
I
think
is
a
working
group.
It
makes
sense
to
do
that.
So
I'd
like
to
put
my
name
up
for
chair
is
anyone.
D
A
Thank
you.
I
really
really
appreciate
that.
It
is
something
that's
really
really
really
important
to
me
to
make
sure
that
this
works.
So
I
appreciate
that
support.
I
I
do
think
that
we
need
a
vice
chair,
though,
as
well
any
any.
H
Vicky-
and
I
talked
about
that-
I
I
there's
been
a
recent
reorganization
actually
in
our
cto
office,
which
is
frankly
free
to
up
some
of
my
time.
So
I
would
like
to
put
my
name
forth
for
the
vice
chair
position
and
and
I
promise
to
try
and
and
work
as
hard
and
as
smart
as
vicky.
A
B
One
thing
I
wanna,
so
we
have
robert
because
we
missed
kind
of
introducing
him
at
the
beginning
of
the
caucus
he
jumped
a
bit
late.
He
he's
recovering
from
being
sick,
so
I'm
not
gonna
put
you
on
the
spot,
but
kind
of
wanted
to
highlight
that
he'll
be
joining
a
lot
of
the
upcoming
conversations
on
my
behalf.
B
So
I'm
not
adding
kind
of
my
name
just
yet,
and
I
know
that
he's
looking
to
possibly
joined
this
one,
but
we
are
definitely
interested
in
helping
out
in
any
way
that
we
can.
So
if
we're
saying
like
for
now,
we
have
jonathan
as
chair.
Was
it
andrew?
Yes,
andrew's.
B
Here
so
is
this
kind
of
like?
Are
we
making
it
official
right
now?
Is
this
how
okay
and
kind
of
want
to
highlight
that
robert
will
also
be
joining
from
spotify
iran
and
someone
else
as
well
will
be
joining
called
daniel.
A
Excellent
excellent,
really
look
forward
to
your
support
and,
as
we're
saying
I
think
now
is
the
time
we
can
start
to
bring
in
additional
members
to
the
team
and
the
working
group
sort
of
advertise
a
bit
as
we
start
to
make
a
a
formal
working
group
from
it
very
good
and
hope.
You
feel
better.
Robert.
A
We'll
see
you
next
time
around
excellent
okay
through
the
agenda
next
item,
drafting
an
announcement
blog
post
so.
D
Yeah
I
threw
this
on
the
agenda
yesterday.
I
just
wanted
us
to
be
ready
for
that,
and
I
know
that
writing
can
take
time,
especially
with
all
the
other
things
we
have
on
our
agendas.
D
So
if
we
have
just
a
quick
and
and
not
dirty
a
quick
and
clean
blog
post
that
we
can
have
ready
to
hand
to
jennifer
and
say
look,
we
are
official
now,
please,
let's
make
a
big
stink
about
this.
D
I
think
that
would
be
very
helpful
for
openssf
and
for
us-
and
thankfully,
we've
done
a
lot
of
the
groundwork
for
that
with
the
document
we
have
for
the
definition
and
the
missions
and
the
goals,
and
so
we
can
certainly
use
that
as
a
basis
to
help
to
tempt
everyone
to
come
and
join
us.
A
Great
show
does
anyone
want
to
take
take
a
first
stab
at
collecting
some
of
that
that
material
yeah.
G
D
A
Very
cool
thanks
guys
and
the
next
one
up
is
the
the
name,
the
name
contest.
I
think
we
have
a
winner
right.
A
So
if
we
scroll
back
up
on
the
chat,
we
had
a
couple
of
different
options:
we
had
end
user
working
group
downstream
working
group,
big
picture
deployment
and
operations
and
consumer
and
by
a
landslide
victory.
I
think
we
have
end
users
working
group.
H
F
I'm
in
favor,
I
think
the
main
objection
that
folks
had
was
that
it
may
cause
confusion
about
whether
we
mean
end
users,
the
human
beings
or
end
users,
the
the
organizations.
And
so
when
we
wrote
the
mission
and
the
vision
we
made
sure
to
mention
organizations
to
tamp
down
on
the
confusion
so
yep.
I
think
your
next
acceptable
cost
for
the
otherwise.
You
know
simplicity
and
obviousness.
A
A
So
next
to
gender
item,
where
to
start
so
I
think
it's
useful
to
sort
of
put
together,
maybe
a
roadmap.
We
already
have
effectively
our
outline
our
mission
statement,
but
I
think
it
would
be
useful
to
start
to
pull
some
of
those
threads
and
try
and
figure
out.
You
know
what
are
the
steps
and
milestones
or
roadmap
to
start
to
make
that
happen.
D
I
should
put
my
hand
up
like
a
good
little
citizen,
but
I
was
typing
thanks
to
fuzzy,
so
I
didn't
have
a
chance
to
do
that.
So
I'll
just
say.
Thanks,
fuzzy
and
then
mention
that
the
document
we
have
already
includes
at
the
bottom
a
list
of
potential
deliverables.
H
Yeah,
I
updated
that
this
morning,
just
added
a
couple,
a
couple
of
items
to
it.
I
think
there
are
two
that
are
important
we
want
to,
or
it
behooves
us
to
to
get
a
couple
more
traditional
end
user
consumers
on
the
working
group.
So
I
I
think
putting
together
a
list
of
folks
would
be
helpful
and
then
the
other
is
creating
collateral.
That's
relevant
for
end
users,
because
so
much
of
the
open,
ssf
collateral
collateral
is
focused
on
producers.
H
H
F
Great
call
related
to
that
we
could
ask
whether
they
have
any
sort
of
sales
material,
because
you
know
one
of
the
functions
of
the
open
ssf
is
selling
memberships
to
itself
as
it
were.
H
B
And
my
in
my
experience,
it's
been
more
like
there's,
not
there's
nothing
like
on
the
technical
side
of
what
you
would
get
out
of
it
outside
of,
of
course,
all
of
the
products
that
openness
is
doing,
but
there's
nothing
like
a
group
or
forum
or
something
that
you
can
be
a
part
of
and
which
is
a
lot
of
what
we
are
trying
to
get
out
of
this
group.
So
I
think
it's.
B
It
would
be
really
great
if
we
start
adding
that
to
the
marketing
material
as
it
would
get
us
get
people
interested,
because
it
was
a
struggle
for
me
to
see
okay.
So
what
do
I
get
out
of
this?
Like?
Is
there
some
forum
a
lot
of
those
people
that
they're
marketing
to
or
organizations
they're
in
other
organizations
as
well,
that
do
have
indies
or
forums?
B
So
maybe
an
action
item
or
a
potential
deliverable?
Oh
well,
actually,
actually
action
item
would
be
to
reach
out
to
whoever
puts
this
marketing
material
together.
Yep.
A
I
I
think
I
can
also
have
a
couple
of
documents.
I
could
pull
into
this
as
well:
sort
of
primer,
material,
sort
of
threat
models,
the
the
persona
document.
We
have
some
sort
of
location
where
we
can
store
store
that
and
if
interest,
I
could
bring
that
in
there
as
well.
A
G
A
We'll
do
absolutely
excellent,
so
some
good
insights
there
to
start
with
draft
deliverables
and
bring
more
people
in
excellent,
okay
and
we're
just
a
little
bit
over
time,
any
other
business
that
people
want
to
to
raise.
B
D
B
I'll
also
help
out
vicky
I'll
do
a
round
today
of
looking
at
it
so
I'll,
add
both
of
our
names
as
an
action
item.
D
A
Excellent,
I
think
we've
done
quite
a
lot
of
actions
and
made
a
lot
of
progress
today,
any
anything
else,
any
other
any
other
items.
G
D
B
A
All
right,
thank
you
very
much.
Well,
if
there's
no
other
business,
I
think
we'll
close
there,
but
thank
you
very
much.
I
think
it's
been
really
useful.
I'm
I'm
really
excited
about
getting
this
off
the
ground
and
look
forward
to
a
successful
attack
meeting
next
week.