►
From YouTube: End Users Working Group (February 16, 2023)
Description
Meeting notes: https://docs.google.com/document/d/1KQalBRzfRBvsqh73JUYfp1KG-AJdXcv2Z8LTIFoQP8c
A
B
C
B
A
Area
nope
I
am
in
Irvine
Southern,
Bay
Area,
almost
right
I
think
it
kind
of
something
like
that:
yeah
I,
recently
I've
I'm
now
starting
to
work
at
a
left.
So
that's
why
I
work
with
a
lot
of
people
from
Austin,
because
I
work
with
Tim
sirwik,
who
was
in
Austin.
B
A
B
B
B
B
D
A
A
D
B
F
You
know
if
I
wasn't
wearing
earphones.
I
would
have
brought
down
my
kubra,
which,
which
would
really
I'll
tell
you
what
I'll
just
show
you
real,
quick.
B
D
B
All
right,
maybe
one
more
minute
and
then
we'll
love,
get
going.
D
B
All
right
for
those
of
you
there,
if
you
haven't,
can
you
please
update
your
attendance
on
the
Google,
Doc
foreign
and
then
from
this
group?
Do
we
have
a
scribe
volunteer.
D
B
All
right,
why
don't
we
get
going
first
thing?
If
you
see
my
head
going
back
and
forth,
it's
not
because
I
have
a
nervous
tick,
but
because
of
the
fact
that
our
security
team
allows
us
to
view
Google
docs
on
our
work.
Computer,
but
I
have
to
keep
my
personal
computer
open
if
I
want
to
edit
Google
Docs.
B
So
that's
what
this
is
about
anyway.
Thank
you
all
for
joining,
while
our
inestimable
leader
is
on
vacation
himself,
I'll
Shepherd,
this
one
call
and
he'll
be
back
for
the
next
one.
I
myself
have
been
gone
for
three
weeks,
so
I
am
doing
a
little
bit
little
bit
of
catch
up
here,
but.
B
Thank
you
as
far
as
as
for
today's
agenda,
let's,
let's
start
with,
do
we
have
any
new
joinings
today
who
would
like
to
introduce
themselves.
B
G
Aaron,
yes,
Aaron
whistling
I'm
a
work
at
Microsoft,
I'm,
A,
Cloud,
Advocate,
working
on
open
source
and
Linux,
and
now
developer
advocacy
organization.
G
H
G
C
B
Right
well,
Aaron
nice,
to
have
you
be
a
part
of
the
team
here.
D
I
Mike
Lieberman
I'm
from
kusary
supply,
chain,
security,
startup
and
also
I'm,
a
member
of
the
salsa
steering
committee
and
the
supply
chain.
Integrity
working
group
and
a
maintainer
on
Fresca.
B
Awesome
thanks
Mike
towards
the
end,
we'll
ask
for
updates
from
other
sigs,
and
it
sounds
like
it'd
be
great.
If
you
could
share
a
little
bit
about
what's
going
on
in
in
salsa
and
then
what
was
the
other
one
you
mentioned.
B
I
As
the
Fresca
project,
okay,.
B
It'd
be
great
to
get
updates
on
those
all
right.
So
from
last
week,
I'm
looking
at
last
week's
agenda,
we
had
some
updates
on
the
GitHub
pages
and
the
taxonomy
updates
anything
we
need
to
follow
up
with
on
on
those
two
topics.
Today,.
C
Yeah
there
was
I
took
an
action
last
week
to
set
up
the
start
of
some
issue
templates
in
the
repo
and
I
never
got
the
required
access
to
do
that
so
I.
If
I
I'm
happy
to
do
my
action
but
I,
just
don't
I,
don't
have
whatever
the
required
access
level
is
into
this
repo.
So
if
somebody
can
do
that,
that
would
be
great
I
could
do
my
action.
E
Yeah
operations
at
openssf.org,
CC,
Andrew
and
Jonathan,
so
they
can
say
yeah
we
approve
and
then
Khalil
will
get
on
that.
B
C
B
Right
anything
on
the
taxonomy
update
from
the
last
call.
C
B
H
Yeah
I
had
an
agenda
item
that
I
just
stuck
in
there
within
the
last
five
ten
minutes
so
and
a
couple
of
the
other
working
groups
and
Sig
meetings.
We've
been
going
over
and
I've
mentioned
this
a
couple
of
times
before
over
the
last
few
months,
but
with
the
taxonomy
updates
done
in
this
particular
working
group.
H
We've
been
talking
about
it
and
we
think
it
might
be
a
great
idea
to
take
some
of
this
stuff
join
with
the
best
practices
group
join
with
supply
chain.
Integrity
create
like
a
create
a
Sig
around
uniformity
and
taxonomy
across
the
entire
tea
of
the
open
ssf.
H
H
We
can't
effectively
tell
that
story
if
everyone
is
speaking
with
a
different
language,
so
we
thought
it
might
be
best
to
get
everybody
together
and
then
proposing
that
here
as
well.
We
talked
about
another
signal,
the
working
groups,
everyone
seems
to
say,
hey.
Maybe
this
is
something
we
could
try
I'm
leaving
it
on
the
floor
here.
Let's
say
everyone.
B
H
H
We
could
come
in
here
and
decide
well
what
does
that
language
mean
to
us?
So
it
should
be
something
that's
kind
of
ongoing
as
new
technology
emerges
as
old
wishful
thinking,
type
of
Technology
becomes
more
realistic
right.
This
might
be
a
good
position
for
us
to
have
a
space
where
we
talk
about
that
understand
what
that
means
to
us
and
then
formalize
that
language
across
the
entirety
of
the
openness
up.
This
should
be
something
that's
ongoing.
H
B
H
No
no,
but
we
can
I
just
want
to
make
I
mean
in
an
effort
to
say,
hey,
how's,
everybody
feel
about
this
and
then,
if
we
say
yeah
that
sounds
good
put
together
something
because
that
has
to
go
before
the
attack
right.
So
we
can
put
together
something
that's
not
done
in
vain.
B
But
I
think
we
can
agree
it's
it's
certainly
needed
right,
because
we
know
that
there
are
these
multiple
initiatives
going
on,
but
what
you're
suggesting
is
that
it
deserves
its
own
space,
as
opposed
to
being
under
one
of
the
other
existing
groups.
Well,.
H
You
know
what
so
I
even
thought
that
maybe
this
should
be
something
that
sits
as
a
sub
underneath
the
diagram
of
society,
because
the
diagram
of
society
is
putting
together
information
that
can
be
consumed
by
everybody
about
what's
going
across
right
across
all
the
working
groups
and
sigs,
and
everything
that
we
do
I
thought
it
might
be.
A
subcommittee
under
that
I
don't
know,
I
shrug
I
I
feel
like
that
could
be
something
that
we
discussed
in
in
an
attack
me.
H
You
know
something
at
a
larger
level:
I
don't
know,
but
I
can
put
together
a
proposal.
That's
just
the
same.
We'll
love
some
help
with
that.
But
maybe
you
know
I
really
want
to
see
what
the
what
the
rest
of
the
room
feels
like,
regardless
before
we
start
putting
that
in
the
paper
and
then
now
we're
beating
stuff
around
before.
Even
you
know
before
it
even
gets
out
the
door
and
I
apologize.
This
is
my
cardio
time
so
breathe
the
breathe.
B
I
I
A
lot
of
people
are
all
starting
to
come
up,
are
starting
to
create
some
combination
of
supply,
chain,
taxonomy
or
also
a
supply
chain,
ontology
sorts
of
groups,
and
that
sort
of
thing
might
you
know,
and
and
if
everybody
starts
inventing
the
wheel,
even
if
let's
say
the
open
ssf
has
their
understanding,
then
the
CD
Foundation
is
going
to
have
a
completely
different
one.
The
cncf
is
gonna,
have
a
completely
different
one,
and
so
anything
we
can
do
as
like
sort
of
you
know.
I
More
broadly
would
be
super
useful
and
then
I
think
the
other
thing
wanted
to
bring
up
real
quickly
and
I.
Think
it
might
have
been
brought
up
in
a
previous
meeting.
I
was
looking
through
the
notes,
but
there
has
been
a
couple
of
papers
on
folks
who
have
actually
taken
work
from
the
openssf
cncf
and
so
on
and
actually
generated
a
taxonomy
out
of
it
and
so
maybe
sort
of
not
suddenly
blanket
adopting
it
but
sort
of
saying
hey.
I
Does
this
seem
reasonable
to
adopt,
or
at
least
build
on
top
of
might
be
useful.
E
Yeah,
a
while
back
the
education
Sig
had
started
to
work
on
the
mobilization
plan
rework
and
we
found
out.
E
We
had
a
lot
of
inconsistencies
on
how
terminology
was
used
and
actually
avishay
and
Randall
here
helped
start
efforts
around
a
glossary,
and
we've
talked
about
this
briefly
with
the
tack
that
it
would
be
great
if
we
had
a
foundation
level
set
of
terms,
call
it
a
dictionary,
a
glossary,
a
taxonomy
whatever
the
final
word
can
get
sorted
out,
but
it
would
be
great
if
we
had
a
common
repository
in
a
Common
Language
across
all
the
working
groups
and
sigs
and
then
the
same
idea
for
personas
as
well,
because
a
lot
of
us
use
personas
in
our
work,
so
it'd
be
great.
E
B
So
it
sounds
like
it
behooves
us
to
get
something
down
on
paper
or
PPT
or
whatever
we
choose
to
use
right,
but
do
we
want
to
bring
this
to
the
Mike
Lister
level
or
go
up
through
the
up
through
the
TAC
and
Brian
and
others,
and
then
see
where
it
goes?
I.
E
I
think
it
should
go
to
the
tack.
It
definitely
helps
align
with
the
tax
goals
of
trying
to
help
get
consistency
across
the
foundation
and
I
think
they'll
be
very
supportive.
I
know
if
I
was
on
the
attack.
I
would
be.
B
A
Going
off
what
probe
said,
I
can
also
confirm
that
the
Lexicon
did
make
the
official
first
round
of
like
we
do
have
like
permission
to
continue
that
and
develop
that,
and
there
is
funding
for
infrastructure
and
all
that
for
that.
So.
H
I
could
certainly
take
the
first
cut.
We'll
need
some
supports
to
be
a
well.
This
will
be
the
first
one
I've
written
for
open
ssf.
So
if
anybody
has
a
template,
I
can
use
I.
Take
that,
but
I
can
definitely
take
the
first
cut.
E
B
Sir,
and
can
you
copy
that
link
on
the
notes
thanks.
B
F
Oh
I
just
wanted
to
jump
in
real
quick
with
a
trivia
Point
Mikey
was
saying
earlier
that
we
should
look
at
the
software
taxonomy
paper
and
talk
to
the
researchers
they're
here
already.
That's
that's
something.
That's
been
been
discussed
and
has
been
worked
on,
so
you
have
an
excellent
intuition.
I
think.
B
All
right,
thank
you.
A
couple
items
I
wanted
to
see.
If
anybody
has
read
it
came
out
a
few
weeks
ago
by
the
Atlantic,
the
council.
They
do
some
some
good
stuff
here.
It's
called
avoiding
the
success
trap
towards
policy
for
open
source
software
as
an
infrastructure.
I,
don't
know.
If
anybody's
read
that
very
long
paper,
it's
got
I've
just
gone
through
the
highlights
of
it.
They
certainly
like
analogies.
B
They
use
analogy
of
of
open
source
as
infrastructure
compared
to
Water,
Systems,
Capital
markets
and
roads
and
bridges,
but
they
make
some
really
good
good
points
here,
and
this
is
really
a
paper
on
how
to
Advocate
what
we're
trying
to
achieve
with
the
federal
government.
B
They
have
three
points
here:
to
get
the
government
to
walk
the
walk
of
being
responsible,
open
source
consumer
by
establishing
various
program
offices,
develop
an
open
source,
best
practices
framework
through
nist
and
develop
open
source,
mature
companies
and
non-profit
develop
a
standard
for
maturing
open
source
companies
and
non-profits.
B
So
if
you
haven't
I'll
put
the
link
in
here,
or
has
it
already
been
done,
but
it's
it's
a
good
paper.
It's
got
lots
of
lots
of
interesting
information,
it's
not
a
hundred
percent
on
point
for
us,
but
it
gives
I
think
a
nice
industry
View
and
a
nice
view
of
how
we
should
be
advocating
and
what
we
should
be
advocating
towards
the
the
federal
government.
So
I'd
recommend
people
perusing
it
when
they
have
a
few
minutes.
F
F
Thank
you,
Jim
I,
also
added
that
link
to
the
notes
as
well.
Thank
you
for
that
all
right,
yes,
I'll,
plus
one,
the
the
that
people
should
read.
It
I
think
two
things
that
were
really
helpful.
That
came
out
of
it
that
were
important,
because
it's
a
document
aimed
at
policy
makers
they're
the
target
audience
two
things
that
are
very
important
to
take
away
from,
and
apart
from
the
analogies
one
was
they
point
out
that
the
criticality
of
Open
Source
doesn't
come
from
the
authors,
maintainers
suppliers?
F
However,
you
want
to
describe
them.
It
comes
from
the
consumers
and
putting
all
the
burden
on
producers
is
unfair
because
they're,
not
the
ones
who
are
capturing
the
value
and
the
other
one
is
that
they
point
out
that
there's.
This
maybe
goes
to
us
as
well.
Is
that
there's
some
somewhat
of
an
over
focus
on
open
source
as
a
security
risk,
rather
than
like.
C
F
General
Health
of
Open
Source
as
something
that's
critical
to
things.
So
we,
you
know,
we
think
about
Road
and
Bridge
security
and
water
supply
security
and
so
on.
But
we
also
think
about
all
the
other
aspects
of
water
supply.
You
know
making
inefficient,
making
it
work
smoothly,
making
sure
it
gets
the
right
places
and
the
right
people
and
the
right
quality.
F
So
I
think
they
did
a
really
great
job
of
sort
of
explicating.
That
yeah.
K
At
that
point
makes
a
lot
of
sense
when
you
think
about
it,
but
it
seems
it
seems
to
fly
in
the
face
of
some
of
the
criticality
score
calculations
of
like
how
all
the
criticalities
sure
stuff
is
based
upon
statistics
from
the
Repository
and
and
like
that's
really
not
where
the
criticality
comes
from.
It
comes
from
where
the,
where
it's
ending
up
using
being
used,
but
we
don't
have
like
statistical
information,
that's
produced
by
all
these
large
companies
stating
this
is
all
the
pro
like.
F
There
was
I
proposed
a
while
back
I
had
to
back
out
of
it
for
time,
commitments
a
more
General
estimation
sort
of
ranking
procedure,
partly
because
of
that
that
paucity
of
of
end
data
I
think
the
purchasing
power.
The
federal
government
will
be
moving
the
needle
on
s-bombs
over
time,
because
they're
going
to
be
insisting
on
it
and
they
are
the
largest
purchases
in
the
world.
So
pretty
much
everybody
bends
to
their
will
eventually.
F
Well,
that's
a
good
question:
I
think
I,
don't
know
I,
don't
think
so
at
this
point,
but
I
I
won't
be
surprised
if
it
becomes
a
thing.
K
J
Oh
yeah
I
also
threw
a
link
in
the
chat
to
a
recording
done
in
January
by
csis
the
center
for
strategic
and
International
Studies.
They
had
a
a
panel
session
which
is
recorded
and
on
YouTube,
around
government
policies
for
open
source
software
and
and
talk
through
some
of
the
government
policy
aspects.
I
also
have-
and
some
of
you
may
know,
read
me
the
cause
maker.
J
He
moved
into
center
for
Medicare
and
Medicaid
services
in
their
office
at
Digital
Services
to
promote
open
source,
and
we
created
a
slack
Channel
together
when
I
was
with
lfph,
that
I
have
still
have
access
to
that.
Have
other
governments,
Digital
Services
offices,
interest
in
open
source.
So
if
we
wanted
that
as
a
sounding
board
or
invite
Remy
for
this,
I
could
coordinate
that.
J
B
I
think
one
thing
all
this
points
out
is
the
fact
that-
and
we
brought
this
up
before-
we
really
do
need
to
have
some
government
participation
on
this
working
group
right.
So
I
I
think
we
should
all
be
thinking
about
who
we
know
who
we're
connected
to
who's
who's
kind
of
relevant
to
this
topic
and
then
having
that
person
and
maybe
Jonathan
reach
out
and
and
try
and
bring
them
into
this
group.
E
Chrome
directly
to
that
we
could
talk
to
Friend
of
the
show
Dr
s
Baum
Mr
Alan
Friedman.
He
is
a
frequent
open,
ssf
visitor,
and
he
anytime,
you
say
s-bomb
enough
times.
He
shows
up
to
a
call
magically.
So
if
we
keep
saying
it
he'll
make
pop
in,
but
he
would
definitely
be
I.
Think
open
to
coming
and
talking
to
us
and
I
think
he
would
love
that
as
the
kind
of
driving
force
at
CSUB
for
s-bomb
to
may
actually
get
end
user
requirements.
E
Oh
right,
somebody
new
just
popped
in
I
thought
it
was
him,
but
I
think
he
would
be
very
interested
in
kind
of
getting
the
Enterprise
perspective
on
s-bomb
requirements,
and
then
I
was
also
going
to
mention
that,
like
things
like
the
vulnerability
disclosures
working
group,
we're
talking
about
potentially
adopting
the
Upstream
openvex
project
and
then
starting
to
evangelize
that
and
then
like
from
a
foundation
perspective.
E
If
we
can
try
to
find
tooling
to
make
make
it
a
GitHub
action
to
generate
an
s-bomb
at
the
end
of
a
developer's
Pipeline
and
then
it
as
they
fix
an
update.
They
automatically
is
an
action
that
automatically
barfs
out
a
Vex
advisory,
so
we
can
influence
things
at
an
upstream
level
so
that
at
least
the
source
projects
potentially
might
have
these
artifacts.
And
then
it's
a
very
big
debate
in
the
vendor.
Community
I
also
participate
in
a
group.
F
E
First,
the
form
of
incident
response
and
security
teams,
and,
unsurprisingly
many
vendors-
do
not
want
their
s-bombs
public.
So
there's
a
there's
like
two
big
camps
of
we
want
everything
public
versus.
We
want
everything
private,
so
you'll
that'll
eventually
work
itself
out.
However,
it
probably
will
first
be
to
purchasers
of
commercialized
software,
but
ideally,
through
things
like
the
foundation,
you
might
be
able
to
influence
Upstream
to
get
the
core
projects
to
have
these
artifacts.
So
at
least
people
could
start
to
do
some
of
their
own
analyzes.
J
Yeah
I'd
add
to
that
I've
been
involved
in
the
healthcare
sector's
efforts
for
adopting
s-bomb,
specifically
medical
devices,
and
that
gets
into
an
ugly
political
match
around
medical
devices
and
how
they
provide
vulnerability.
Information
to
hospitals
and
organizations
that
buy
them
in
the
first
place
and
who's
responsible
for
the
s-bomb
and
out
of
the
s-bomb
shared,
and
is
that
an
s-bomb
snap
in
time
you
know
versus
another
update
yeah.
B
K
B
That
that
was
really
an
eye-opening
presentation
for
me
when
you
think
about
this
is
a
medium
to
large
one
single
medium
to
large
hospital
that
has
to
create
that
wants
to
create
s-bombs
for
1800
different
medical
devices
for
just
that
one
hospital.
Then
you
begin
to
understand
the
complexity
of
the
issue.
We're
trying
to
address
here.
Yeah.
J
B
Yeah
all
right,
I
had
one
other
topic:
I
want
to
bring
up
and-
and
we've
actually
discussed
this
before,
as
we
want
to
continue
to
broaden
our
our
membership
base
and
actually
broaden
our
our
excuse
me
kind
of
impact
across
the
LF
and
and
the
industry.
We
wanted
to
make
sure
that
there's
a
bridge
with
Finos
and
I
think
you
have
some
good
folks
here.
For
that
conversation,
we've
got
Jim.
We
got
Rob
and
myself
I'm
on
the
board
of
Finos,
so
I
don't
know
Jim
and
Rob.
B
If
you
guys
are
going
to
be
regular
participants
on
this
call
or
not
but
I
know,
there's
an
interest
on
both
sides
on
openssf
and
the
end
user
working
group
and
also
on
Finos
to
make
sure
that
there's
a
strong
bridge
and
we're
kind
of
exchanging
ideas
back
and
forth
I
think
we
need
to
figure
out
how
to
kind
of
institutionalize
that
somehow
make
sure
summaries
of
our
meetings
get
to
get
to
fin
us,
and
maybe
the
output
is
in
the
open
source,
Readiness
working
group
or
some
other
some
other
group
within
finesse.
J
Yeah
absolutely
and
get
30
seconds
on
that
Andrew
I,
think
you're,
also
in
the
education
sector,
Rob
and
I
have
have
been
trying
to
commit
to
having
the
education
sick
and
this
working
group
onto
our
calendars
specifically
and
supportive,
as
as
Andrew
mentioned,
open
source
Readiness,
we
are
developing
both
a
body
of
knowledge,
around
open
source
operations
and
and
Andrew
and
Wipro
were
kind
enough
to
contribute
an
open
source
maturity
model.
That's
in
the
first
stages
of
development.
J
We
have
a
vision
for
Finos
for
Finos
members
financial
institutions
around
creating
you
know
comparable
to
like
a
cmmi
project
management,
Institute,
Etc
body
of
knowledge
of
of
core
consensus-built
activities
and
Education
and
Training
that
constitute
what
we,
as
the
membership
think,
should
be
an
open
source
program
office
and
an
open
source
activities
in
the
organization.
So
more
than
just
the
osbo
constructs
how,
from
a
maturity
model
standpoint
level,
one
through
level,
five
are
open.
J
Source
activities
done
either
talk
level
one
or
fully
integrated,
so
that
you're
proactively
using
open
source
software
for
business
value,
we're
still
in
the
early
stages
of
that.
But
it's
really
exciting
both
to
see
the
level
of
Engagement
from
the
membership
as
well
as
working
with
Andrew
and
others
here
to
to
build
those
bridges
between
specific
security
activity,
specific
training
activities
Etc
that
that
would
inculcate
a
model
that
will
contribute
back
to
open
source
for
everyone.
J
L
We're
already
consuming
open
ssf
materials,
we're
trying
to
put
open
ssf
best
practices,
badgings
on
all
of
our
projects
and
like
embody,
like
the
best
practices
that
you
guys
come
up
with
in
our
open
source
projects.
But
we
want
to
yeah,
as
Jim
says,
we
want
to
try
and
make
sure
we're
linking
off
to
all
the
good
materials
that
get
produced
by
open
ssf,
because
you
know
everyone
sees
you
as
the
experts,
but
perhaps
it's
not
completely
clear
to
ospo's
where
to
go.
They
don't.
L
This
is
literally
something
that
Andrew
brought
up
in
a
meeting
yesterday.
They
need
to
be
led
down
a
path
of
of
a
process,
and
so
we're
hoping
to
provide
that,
for
obviously
the
finance
industry,
but
through
regulated
Industries
generally
I
think
is,
is
kind
of
where
we
see
that
going,
and
you
know
we're
lucky
to
have
Jim
coming
on
board.
Who's
got
a
bit
of
a
healthcare
kind
of
slant
on
on
the
world,
so
that's
pretty
handy
but
yeah.
L
We
definitely
intend
to
try
and
attend
more
of
your
meetings
and
reach
out
to
you
and
and
try
and
make
the
links
because
I
think
yeah.
It's
it's
pointless
us
trying
to
work
in
a
vacuum
here
we
and
in
a
similar
way
we're
doing
that.
We're
trying
to
build
these
Bridges
with
the
to-do
group
as
well,
who
we
see
as
being
equally,
you
know
profoundly
knowledgeable
about
ospos
and
running
open
source
within
an
organization,
so
these
are
like
pieces
of
the
puzzle
for
us,
so
yeah.
Thanks
for
having
us
all.
B
B
All
right,
if
there
are
no
more
agenda
items
or
comments,
then
we
can
adjourn
and
get
some
time
back,
which
I
know.
We
all
appreciate.
F
I
have
a
point
of
order.
We
do
have
notes
from
other
working
groups
and
I
believe
is.
C
E
Had
one
short
thing,
I've
mentioned
it
before,
where
the
vulnerable
disclosure
working
group
has
made
two
coordinated
vulnerability:
disclosure
guides
already,
our
first
guide
was
focused
on
open
source
maintainers.
Our
second
guide
was
focused
on
how
security
researchers
and
helping
them
work
better
with
Upstream
projects.
Well,
our
new
project
is,
we
are
working
on
a
cvd
guide
for
consumers
of
Open
Source,
and
we
would
patches
are
welcome
right
now.
We're
assembling
kind
of
a
table
of
contents
of
topics
we'd
like
to
talk
about.
E
So
if
anyone
has
any
feedback
from
a
consumer
perspective,
what
you'd
like
to
see
out
of
a
guide
like
that?
We
would
love
to
get
that
feedback
and
you're
welcome
to
participate.
As
that
effort
kicks
off,
and
we
start
the
writing.
We
hope
our
Target
is
probably
august-ish
to
get
the
Guide
published
so
we'll
see,
depending
on
how
much
collaboration
we
get
is
how
quickly,
without.
E
Yep,
we
have
an
issue
that
you
can,
if
you
just
want
to,
watch
it
to
track
progress
and
then
I
actually
put
a
link
to
the
the
start
of
the
document
itself
and
we'll
collaborate
very
actively
in
a
Google
Document
and
then
at
some
point,
we'll
cut
it
over
and
make
it
a
markdown
file
in
GitHub.
Like
the
other
guides.
J
Strategically
I,
don't
we're
still
trying
to
kind
of
map
out
what
would
be
like
the
four
or
five
setting
aside
the
training,
four
or
five
Publications
or
guides
to
include
in
a
body
of
knowledge,
to
immediately
reference
kind
of
around
all
things.
Security,
so
it'd
be
great
to
kind
of
have
that
as
a
short
list
and
we'll
go
ahead
and
incorporate
that
into
our
development.