►
From YouTube: End Users (September 15, 2022)
Description
Meeting notes: https://docs.google.com/document/d/1KQalBRzfRBvsqh73JUYfp1KG-AJdXcv2Z8LTIFoQP8c
C
B
Not
like
you
knew
right,
I
didn't
have
my
camera
on
or
anything
I
am
doing
great.
A
A
A
Good
very
good
got
a
couple
of
things
on
the
agenda,
but
I
think
I
think
we're
making
some
progress
so
I
had
a
good
conversation
with
a
couple
of
us
got
together
and
went
through
the
goals
document.
So
hopefully
we
can
make
some
progress
today.
D
C
D
A
And
some
people
from
I
think
was
Volvo
was
going
to
turn
up
a
couple
of
car
companies.
D
A
Okay,
someone
very
kindly
added
it
to
the
bookmark.
C
A
C
D
B
C
C
D
F
G
A
Thank
you
very
much
indeed,
and
this
everyone
else
wants
to
take
a
look
at
the
agenda.
The
link
is
in
slack
and
if
you
want
to
just
add
yourself
as
an
attendee,
oh.
A
Very
cool:
well,
let's
make
a
start.
If
that's
okay,
I
think,
as
I
said,
Andrew
is
coming
a
little
bit
later
up.
A
Hey
everyone,
so
if
you
make
your
presence
known
on
the
the
agenda
that
we
put
into
the
check
and
chat
and
slack,
that
would
be
appreciated
and
sorry
was
it
Dan,
you
only
said
subscribe,
yep
excellent,
your
the
level
of
note
taking
was
a
exemplary
last
time.
So
this
is
all
very
good.
Thank
you
very
much.
So
any
news
you
set
the
bar
that
high
right
there's
only
one
person
that
can
actually
do
that
now
so
right,
any
any
new
friends
that
would
like
to
wave
and
say
hello.
C
H
Yeah
sorry
I
I'm,
not
that
familiar
with
zoom
and
I
saw
that
you're
using
the
raising
hand,
feature
and
that's
why
I
stopped
yeah
cool,
so
I'm
yonos
I'm
from
I'm,
based
in
Sweden
I'm
from
Romania
I,
was
invited
to
join,
like
maybe
two
weeks
ago
and
I
tried
to
look
for
someone
else
and
not
sure
where
that
ended
up
going.
But
for
now
I
decided
that
I
can
join
myself
and
yeah.
H
Looking
forward
to
to
meet
you
and
see
and
yeah
hopefully
contribute
in
some
useful
Management
Group.
E
D
E
Long
time
listener,
first
time,
contributor,
I
have
spent
most
of
my
career
in
customer
service,
helping
end
users,
so
I
thought
this
would
be
an
amazing
way.
I
can
execute
on
my
passion
so
looking
forward
to
working
with
the
group.
A
Very
cool
and
welcome
it's
unusual
to
see
you
without
the
without
the
Hat
very
good
right.
Anyone
else!
A
Everyone
should
have
just
handy
a
tin.
A
Excellent,
all
right,
so
we've
got
the
agenda.
First
thing
on
the
agenda
is
to
take
a
look
at
the
goals
documents.
Let
me
drop
that
into
the
chat.
A
A
But
if
people
take
a
look
at
that,
so
we
had
a
off
off
cycle
meeting
between
myself,
Randall
and
Andy,
and
we
did
a
review
and
see
there's
some
additional
commentary
in
there
now
as
well.
So
we
can
certainly
accept
that.
But
if
you
take
a
look,
we've
got
the
end
user
working
group
mission
and
goals,
draft
Mission
and
initial
state
of
deliverables
I
think
the
main
goals
there
were
really
from
when
we
started
this
group
and
effectively
I.
A
It's
a
link
to
the
blog
post,
where
we
announced
the
the
group,
and
we
also
have
in
there
a
list
of
suggested
deliverables
going
from
Persona
document
in
lists
of
controls
to
establishing
a
matrix
showing
different
team
members
and
how
we're
going
to
assign
ourselves
to
you
know
working
with
a
particular
working
group
or
bringing
in
additional
perspectives
to
that
group.
A
Additionally,
I
think
one
of
the
things
that
we
had
during
that
call
was
the
promotion
of
best
practices
and
Outreach.
So
as
we
build
up
potential
best
practices
within
the
group
effectively
having
an
Outreach
a
number
of
people
that
would
perhaps
go
and
provide
that
best
practices
or
Outreach
capability
to
different
groups,
whether
that's
Automotive
or
Pharma,
or
government
or
different
foundations,
and
such
so
I
think
that
was
I.
Think
that
was
Andy's
recommendation
to
a
good
one.
A
Nonetheless,
so
any
any
feedback
or
comments
on
that
goals
document
was
anyone
able
to
take
another
look
at
it
during
the
off
cycle
thumbs
up
from
krobe.
A
Subs
from
Jack
and
Andy
and
Randall
and
George
so
going
forward,
are
we
in
a
position
I
mean
to
to
accept
this
as
the
goals
and
missions
if
I
I
think
there's
some
grammatical
changes
from
Jason
I,
always
through
an
update,
it
sounds
like
we've
got
approval
that
this
looks
like
a
decent
goals
document
yep
all
right
job
done,
so
we
will
minute
that
as
such
and
roll
on
with
that
one
great
next
item
on
the
agenda
is
Andrew
intro
to
the
email
content.
Do
you
want
to
take
a
look.
G
Go
first
on
clarification,
point
of
clarification
when
something
like
this
I
mean
you're
talking
about
prove,
you
know,
approving
it
as
a
goals
document.
Is
it
how
fluid
Can
it
can
it
can
a
document
like
this
be?
Can
it
continue
to
evolve?
Do
you
see
documents
like
this
as
being
living
documents
that
we
continue
to
evolve?
Okay,
okay,
I
just
want
to
make
sure
I.
D
B
B
Oh
question:
the
goals
document
now
that
it
has
been
approved,
who
is
going
to
volunteer
or
be
volunteled,
to
move
it
into
GitHub
where
it
can
live
on
the
repository.
Everybody
can
find
it
and
it
is
easier
to
iterate
on.
A
G
It
could
be
both
I'm
more
than
happy
to
check
it
in
to
GitHub
and
turn
it
into
markdown
yeah.
That
is
something
that
I
do.
I
have
a
conversion
of
Google
docs
into
markdown.
It's
you
know,
I
have
that's
part
of
my
rate
card,
so
yeah
I
can
do
that.
No
problem,
and
also
yes,
I
agree.
It
should
be
there.
Yeah.
A
Yep
me
too,
so
great
thanks,
Dan,
thanks
for
putting
that
through
and
I
think
any
of
the
other
artifacts
we've
still
got
working
on
now
that
we've
got
GitHub
set
up,
we
we
should
put
them
in
there
too,
very
cool
all
right,
thanks
that
we
will
get
that
done
over
to
you.
Andrew
second
item
intro
to
the
email,
content,
review
and
approval.
I
I'm
still
trying
to
get
I
got
on
late,
so
I'm
still
trying
to
get
set
up
here
and
pull
up
the
dock.
We've
got
one
ahead
and
then
come
back
to
me.
A
Sure,
okay,
so
the
next
one
was
SSC.
So
last
last
meeting
we
had
the
team
from
Microsoft
I
think
Jay's
actually
on
here
as
well
present
on
the
SSC.
We
had
another
couple
of
comments
after
that
meeting
around
potential
updates
to
the
SSC.
One
was
around
keep
me
honest
here,
but
one
was
around.
Removing
Microsoft
trademark
I
think
was
on
one
part
of
it
and
the
other
was.
Can
we
extend
it
to
have
vendor
software
as
well
into
the
SSC
I?
D
Oh
I
just
realized,
realize
Jay's
here
would
probably
say
the
same
thing
I'm
about
to
say,
which
is
that
it
got
voted
into
supply
chain
Integrity.
Yesterday
it's
been
uaint
that
came
up
that
came
about
from
as
I
understand
a
discussion
within
the
SSC
Cults
to
to
sort
of
decide
which
work
group
they
felt
they
were
most
most
related
to
yeah.
F
So
the
the
two
we
voted
in
the
community
meeting
and
that
was
that
the
suggestion
of
of
David
Whaler
to
go
ahead
and
vote
vote
in
that
which
working
group
does
the
the
do
the
masses
feel
like
it
belongs
in
we
presented
the
three.
F
You
know
the
end:
users
best
practices
supply
chain,
Integrity
every
well.
The
majority
went
with
supply
chain,
Integrity
working
group,
so
that
was
working
group
that
we
that
we
went
well
I
went
to,
and
then
they
voted
in
yesterday
to
bring
the
to
bring
the
SSC
into
that
working
group.
F
C
F
One
yes
yeah,
so
so
that
that
was
that
was
the
second
part.
I
was
going
to
say
it's
not
saying
that
this
working
group
can't
say
hey.
We
wanted
to
what.
If
what
the
next
stop
and
I've
already
put
it
on
the
agenda
for
the
attack
next
week,
the
tech
has
to
ratify
from
there
and
then
the
tech
can
decide
which
working
group
they
feel
is
best.
It
best
goes
into
and
then
and
that'll
be
the
working
group
that
it
goes
into.
F
But
but,
as
I
said
before,
regardless
of
where
it
lives,
there
will
be
a
Sig
creative
forward
and
all
all
of
everyone
can
work
on
it
in
that
sick.
So,
regardless
of
where
it
lives,
it
doesn't
mean
that
all
three
working
groups
can't
have
a
hand
in
shaping
and
and
making
it
a
better
document
and
making
sure
we
we
fill
gaps
and
are
able
to
adequately
Bridge
it
with
with
salsa
towards
our
ultimate
objective,
which
is
which
is
a
complete
supply
chain.
Security
specification,
yeah.
F
H
A
Yep
I
guess
so
I
mean
how
do
we
want
to
proceed
with
that?
I
mean
suddenly
I'm
interested
in
it
I
think
a
number
of
other
people
on
the
call
are
interested
in
it.
We
can
put
that
forward.
I
guess.
G
We
could
I
mean
just
say
no
matter
where
so
from
just
picking
up
on
what
Jay
said,
it's
gonna
end
up
in
a
sink,
so
that's
a
special
set
of
calls.
G
We
can
make
it
a
standing
agenda
item
in
this
call
to
feedback
on,
or
you
know,
to
maybe
have
an
update
and
feedback
on
the
progress
of
that
you
know
like
so
if
we
could
effectively
put
work
with
the
attack
to
to
suggest
that
that
it's
like
a
joint
project,
I,
don't
know
clearly
the
the
the
the
people
I
think.
The
point
is
that
people
that
are
in
this
group
should
be
inputting
onto
that
into
that
document.
G
No
matter
what
100
it's
it's
the
end,
it
needs
to
have
the
input
from
the
from
the
underground.
A
Yeah
I
think
most
of
us
are
going
to
be
doing
that
so
that's
100,
Vicky
I,
think
you're.
First
up.
B
Yeah
so,
first
of
all,
I
don't
think
this
needs
to
be
a
Sig.
It
can
just
be
a
project
because
that's
what
it
is,
so
we
don't
need
to
jump
through
any
sort
of
Sig.
B
Or
the
project
itself
doesn't
need
to
jump
through
any
sort
of
Sig
Hoops
there.
That's
not
a
problem
right
that
just
adds
an
extra
layer
of
bureaucracy
that
is
not
necessary
for
something
like
this.
It's
a
project
right,
no
problem.
C
H
B
Might
want
to
put
on
his
tack
hat
and
see
whether
he
can
give
us
some
advice
on
the
direction
this
might
go.
E
So
if
this
is
managed,
like
all
the
other
work
within
the
foundation
which
I
have
no
belief
that
it
won't
be
generally,
the
meetings
are
open
to
everybody
who
wants
to
contribute
where
it
lives
in
the
foundation
is
paperwork
and
there
are
some
reporting
requirements,
so
the
the
SSC
would
need
to
get
updates
to
a
particular
working
group
so
that
that
working
group
could
report
in
every
quarter
to
the
attack.
But
you
know
where
it
lives
doesn't
matter
where
it
lands.
I
was
going
to
participate
anyway.
E
I
think
I
feel
a
great
deal
of
value
and
Merit
in
this
effort.
I,
don't
care
that
it's
not
wouldn't
necessarily
live
in.
One
of
the
working
groups.
I
participate
in
so
I'm
going
to
go,
find
out
where
this
lives
from
a
tech
perspective
attack,
leaves
decisions
of
the
working
group
really
up
to.
You
know
that
all
the
groups
are
empowered
to
make
their
own
choices.
Now,
if
there's
like.
E
Or
something
that's
very
controversial
or
might
contain,
like
a
like
you're
spinning
up
a
new
community
like
a
Sig
store
type
thing,
there
may
be
some
additional
interest
from
the
attack,
but
generally
it's
kind
of
a
gentle
person's
agreement.
Is
you
know
if
the
working
groups
are
free
to
manage
themselves?
E
It'd,
be
great
that
you
report
out
to
the
tack
hey
this
decision
was
made.
This
is
what
we're
going
to
do
so
that
way,
the
tech
and
the
governing
board
are
informed,
but
there's
no
requirement
to
get
their
approval
if
the
groups
decide
now,
if
there's
an
argument,
there's
a
fist
fight
between
end
users
and
the
supply
chain
that
would
go
to
the
tax
for
adjudication,
possibly.
I
Yeah
you
know
I
was
hoping
it
would
come
into
the
end
user
working
group,
but
if
it's
in
its
own
project,
where
we
obviously
have
everyone,
has
full
access
to
participate
and
contribute,
that's
that's
fine
and,
as
I
think
about
it,
it's
not
really
end
user
specific
right.
It's
a
process
that
can
be
applied
for
any
developer
of
software.
That
could
it
needs.
It
needs
our
end
user
input
into
it
to
make
it
more
tailored
for
our
use
cases,
but
it
does
really
fit
for
any
anybody
developing
software.
I
A
A
But
one
of
the
key
approaches
that
we
have
as
a
working
group
is
that
this
we're
going
to
be
spreading
out
to
multiple
different
working
groups,
because
we're
going
to
have
to
so
I.
You
know
I
think
we're
probably
going
to
be
a
situation
with
where
the
majority
of
the
end
user
working
group
is
about
to
join
the
Integrity
working
group
to
to
to
work
on
this
right.
But
I
do
think,
there's
going
to
be
a
lot
of
a
lot
of
working
on
it.
F
Fantastic,
fantastic
and
and
yeah
it
doesn't
have
to
be
a
sick.
It
could
just
be
a
project.
I
was
only
going
with
that
because
of
the
way
salsa
was
constructed.
But
but
aside
from
that
doesn't
even
matter
project
is
fine
with
me
and
everyone
involved
is,
is
a
is
a
for
me.
Everyone
being
involved
is
a
requirement
because
they
they
stock.
Both
of
these
documents
can
only
be
made
better
when
we
go
together
now
and
I'll
and
I'll
die
on
that
Hill.
That's
a
hill
I'll
die
on.
A
Very
good,
all
right,
so
anything
else
to
play
out
on
that
conversation,
yet
grope.
E
But
potentially
this
group
might
appoint
a
certain
number
of
people
to
always
go
to
that
call
and
represent
this
group's
interest,
and
you
could
make
it
or
try
to
make
it
a
requirement
of
the
SSC
folks
that
they
always
will
reach
out
for
input
from
the
end
user
working
group.
Just
to
make
sure
that
you
get
that
connection.
Yeah.
A
That's
not
a
bad
idea
and
that's
actually
something
we
called
out
in
the
the
goals
document
is.
We
were
going
to
put
together
a
matrix
of
different
individuals,
different
working
groups
that
we
were
going
to
want
to
cover
and
I
think
this
project
will
single
whatever
it's
going
to
be
yeah
we're
gonna,
have
a
whole
whole
bunch
of
people.
Turning
up
to
that
so
good
advice,
crap
things
like
all
right.
Let's
close
that
one
out
then,
and
back
to
you
Andrew
for
your
intro
email,
okay,.
I
I
was
having
slack
problems,
so
I
had
put
the
the
intro
email
at
the
bottom
of
the
goals.
Document,
I,
hope
everybody
I
see
some
folks
had
a
chance
to
edit
it
Jason.
Thanks
I
see
you,
you
spent
some
time
going
through
it.
So
the
purpose
here
is
is
really
as
we
go
out
and
recruit
more
end.
Users
I
wanted
us
to
have
something
to
to
use
as
a
framework
to
do
so.
That's
as
simple
as
it
gets.
So,
if
anyone
wants
to
please
go,
please
go
through
it.
I
It's
a
summary
of
the
working
group
and
our
goals.
It's
also
a
summary
of
the
open,
ssf
or
an
intro
of
the
open
ssf.
We
will
be
reaching
out
to
people
who
may
not
have
any
background
even
in
the
issue.
So
I
wanted
to
put
some
links
to
the
overall
issue
around
software
supply
chain
security.
There's
a
lot
of
good
content
in
there.
Obviously,
it
can
be
edited
as
needed
by
anyone,
but
I
wanted
us
to
give
something.
A
Put
my
own
hand
up,
but
I
I
liked
it
right.
I
went
through
it
reviewed
it.
It
makes
a
lot
of
sense
to
me
see
Daniel,
making
a
few
minor
changes
in
in
real
time
there
to
it.
G
No
go
ahead:
I
I,
just
thought,
I'd,
I'm
I
feel
like
I'm,
always
the
one
who
who's
like
hey.
When
you
have
an
acronym,
it
doesn't
matter
how
much
everybody
knows
it
like
spell
it
out.
The
first
time
you
use
it,
I
feel
like
I'm
becoming
that
person
partially
because
I'm
coming
into
this
space
kind
of
from
a
lateral
space.
G
So
I
don't
know
a
lot
of
the
actress
but
like
just
so
that
people
like
anyway,
just
just
something
to
keep
in
in
mind,
especially
when
you're
sending
something
out
to
people
who
don't
know
like
because
this
might
be
going
to
people
who
don't
know
hope
nests
app
right.
So,
let's
spell
it
out
just
make
sure
that
people
know
yeah
Dan.
I
A
Very
good,
so
what's
the
next
next
action
on
that
that
email
on
that
product,
we
more
discussion
required
on
that.
Are
we
happy
as
a
group
to
sort
of
prove
that
for
the
intro
emails
we
sent
through.
I
I
will
try
and
embed
it
in
the
slack
channel
so
that
everyone
has
access
to
it
there
if
I'm
still
having
slack
problems
due
to
how
our
company
locks
it
down.
I
may
ask
someone
to
do
it
for
me.
A
Very
cool.
All
right
next
item
is
the
personas
deliverable,
so
one
of
the
deliverables
that
we
have
as
a
group
since
we
just
voted
on
it
is
a
list
of
a
list
of
personas.
A
A
Just
grab
the
link
to
it
so
I
don't
know
whether
we
can
I
think
it's
more
just
a
request
for
people
to
take
a
look
at
it.
At
this
point.
A
Paste
the
link
into
the
chat
there
I
can
put
an
off-cycle
meeting
to
go
and
do
another
review
and
maybe
report
back
to
the
next
one.
The
other
point
I
had
was
I.
Think
there's
another
group
that
are
interested
in
doing
this
somewhere
as
well
within
the
ossf
I,
don't
recall
which
one
it
was
it'd,
be
I,
think
vulnerability,
management
or
something.
J
It
was
the
it
was:
the
vulnerability
management,
one
that
I
highlighted
last
time.
Yeah
yeah
we
had
this
I
I
sent,
did
I
put
it
in
the
document.
Jonathan
I
thought
I,
maybe
I
didn't
I
was
going
to
put
a
link
to
the
other
one
in
this
document,
just
so
that
we
had
it
all
linked
together.
J
I
I
forgot,
this
is
an
important
enough
topic,
it'd
be
nice
and
particularly
with
with
Crow
who's
on
here.
Talking
about,
you
know,
representing
the
attack
I'm,
sorry
Crow.
The
voices
are
particularly
strong
today
it
appears-
hopefully
that's
the
Hat's
working
for
you,
but
if
I
think
it'd
be
nice
to
get
a
Persona
document,
that's
agreed
upon
by
all
the
working
groups,
because
otherwise
everyone
is
going
to
have
their
own
slight
variation
and
that
really
will
screw
up
projects
like
SSC.
E
As
Jason
mentioned,
there
is
prior
art
that
has
been
around
for
a
year
and
a
half
or
more
so
I
would
prefer,
instead
of
Reinventing
the
wheel
to
augment
that
I
very
much
agree
that
we
should
have
a
foundation
level
artifact
and
that's
something
one
of
the
other
groups
I
get
to
work
with
the
education
Sig
is
we
have
identified,
there's
a
need
to
have
a
foundation
level
dictionary
of
terms,
so
that
was
something
we
were
going
to.
You
don't
need
to
have
the
attack
approve
it,
but
it's
definitely
something
we
can.
E
You
know
mention
to
them.
This
is
something
we
would
like
to
do
and
then
find
some
so
some
somewhere
to
put
it
and
it
may
probably
it
might
not
be
best,
served
inside
a
working
group
repo.
It
might
need
to
be
a
level
or
so
up
that
way
everybody
can
find
it.
But
that's
we
can
work
out
those
details,
but
yeah
wherever
we
can
kind
of
work
together,
I
love
it
and
you
know
I
would
be
glad
from
the
vulnerability
group.
D
A
B
So
in
all
the
groups
that
I
work
with
this
question
of
definitions
and
the
like
and
commonalities
using
the
same
terms
across
all
of
open
ssfr,
it
comes
up
frequently
and
not
simply
an
open
ssf
groups,
frankly
in
CC
groups
and
ietf
groups,
and
a
bunch
of
other
things
right,
everyone's
talking
about
getting
all
on
the
same
page
and
using
the
same
terminology
which
I
am
all
in
favor
of
despite
the
tone
of
my
voice,
I'm
just
kind
of
tired
of
hearing
it
everywhere.
B
So
while
it's
not
something
for
this
group,
but
because
this
group
has
a
stake
in
it,
I
do
think
it
will
make
sense
for
open
ssf
to
create
a
new
working
group.
Just
for
these
shared
things
across
all
of
open,
ssf,
to
standardize
terminology
to
standardize,
personas
to
standardize.
You
know
the
things
that
we
as
a
an
organization
are
going
to
be
used,
but
most
especially
to
give
everyone
a
One-Stop
shop
for
where
they
can
find
these
things
right
and
whom
they
can
ask
and
whom
they
can
contact
if
they
need
something
new.
B
But
I
do
think
it
would
be
something
that's
going
to
be
incredibly
valuable,
not
only
to
open
ssf
but
especially
to
the
overall
ecosystem.
B
A
E
I'm,
taking
the
action
right
now,
I
just
opened
up
the
next
tack
agenda.
I'll.
Add
that
as
an
item,
anyone
interested
in
lending
their
voice
to
the
proposal.
Please
show
up
to
the
next
Tac
meeting,
which
will
be
Tuesday
at
11,
A.M,
Eastern,
Time.
B
That
is
currently
on
my
calendar
and
I
can
still
make
it
to
that
one
try
and
find
better
words
by
then.
My
words
are
failing
me
today.
A
That'd,
be
great,
so
that'd
be
like
a
a
joined,
joined
up
working
group,
a
discussion
and
talk
about
collaboration,
but
also
specifically
about
personas,
and
then,
if
we
can
get
a
group
together
to
go
and
look
at
the
personas
I'd
be
happy
to
dive
into
that
with
anyone
else,
including
the
vulnerability
management
team.
Looking
at
I
remember
looking
at
this
before,
there
is
some
overlap,
but
I
think
there's
a
lot
more
focus
of
it.
A
A
B
B
Should
necessarily
stop
any
work
on
that
particular
effort?
It's
it's
a
document.
It
can
be
edited
wherever
it
happens.
To
live.
It's
just
that
eventually,
it
may
potentially
be
taken
over
by
another
group
which
could
be
good,
but
if
this
is
something
that
is
important
to
the
end
users
group-
and
it
is
then-
and
it
is
a
deliverable
of
the
end
user
group-
that
this
document
exists
wherever
it
is-
please
I
would
say
I
would
advise,
go
ahead
and
work
on
it.
B
Now
right,
go
forward,
don't
wait
on
the
attack
and
that's
not
at
all
informed
by
the
tech,
potentially
taking
a
long
time
to
get
to
some
things
as
they
work
through
others
in
their
backlog.
Right
I.
Just
don't
want
this
group
to
get
stalled
waiting
on
another.
No
reason
these
can't
move
in
parallel.
A
Yeah,
don't
agree
so
so
I
mean
a
little
action
could
be
you
know
to
to
reach
out
to
yourself
Jason
and
try
to
figure
out
if
we
can
get
a
couple
of
people
to
work
with
us
on
that
document
in
in
between.
Perhaps
I
can
take
that
action
I'll
find
out
who
else
in
vulnerability
management
will
want
to
pair
up
on
that,
I
will
take
that
crope.
J
E
J
E
Link
to
the
MD
file
further
up
in
the
meeting
agenda.
A
Yep
very
good.
Thank
you
right.
So
next
item
in
the
agenda
is
additional
updates
and
work
and
notes
from
other
working
groups
as
anyone
would
anyone
like
to
step
forward
and
give
a
bit
of
an
update
on
other
working
groups
that
they
have
attended.
That
would
be
a
useful
of
note
for
end
users.
Jack.
D
D
At
that
point,
I'll
need
to
find
someone
else
to
Champion
it,
because
I
will
be
away.
19Th
of
October,
yes,
19th
of
October
I'll
be
I'll,
be
away
basically
for
for
November,
so,
unfortunately,
I
won't
be
able
to
to
Champion
attack
afterwards.
But
that's
that's
the
state
of
play
at
the
moment.
A
Pretty
cool,
thank
you
very
much
Jay.
Do
you
want
to
give
up
maybe
an
update
on
the
sort
of
putting
on
the
swap
an
update
on
the
the
SSC
community
working
group.
F
Yeah
sure
so
we
did
have
our
technical
meeting
recently
as
well.
Now
community
meeting,
we
got
some
All-Star
stuff
that
were
that
we're
looking
at
we've
also
are
deciding-
and
this
was
as
a
result
of
the
meeting
and
after
the
meeting
Adrian
and
I
talking
we're
going
to
be
working
on
some
name
changes
as
well,
but
we
did
consider.
F
We
are
considering
the
vendor
stuff
and
and
a
lot
of
the
third
party
stuff
that
we
talked
about
before,
and
our
main
priority
was
to
make
sure
that
that
the
framework
was
brought
into
the
openness
and
stuff
so
we're
so
we're
we're
accomplishing
that
and
then
and
that
and
I.
Think
I.
Don't
have
the
notes
in
front
of
me
after
that,
we're
going
to
be
working
on
a
joint,
Vlog
post,
so
joint
blog
as
well
and
I
say
joint,
not
really
joint.
F
But
the
idea
is
I'm
already
working
on
one
for
salsa
I'll
be
doing
one
for
the
SSC
and
I
think
I'm
going
to
combine
the
two
and
I
and
and
I'm
almost
tempted
to
wait
until
it's
officially
in
the
in
the
working
group.
So
this
can
be
done
through
the
openness
and
stuff
I.
F
Think
it's
a
great
story
to
tell
and
and
I
think
that's
how
I
want
to
I
want
to
watch
watch
March
forward
with
that
I
think
I
think
that's
what
came
out
of
the
last
the
last
Community
and
Technical
meetings.
F
I
know
we
went
over
a
lot
of
the
controls
as
well
and
I.
Think
that's
where
we
came
out
with
making
sure
that
we
included
the
vendor
stuff
that
we
talked
about
before
excellent.
A
All
right,
thanks,
Jake
anyone
else,
any
other
updates
from
any
notable
working
groups.
A
It's
twice
twice:
nope
all
right,
so
moving
on
right.
So
if
we'll
get
to
any
other
business,
I
think
we've
gone
through
the
majority
of
our
agenda.
There
we've
approved
the
goals
document.
We've
approved
the
email,
we're
going
to
go
through,
have
an
off
cycle
on
the
Persona
document
and
then
discuss
that
with
the
attack
to
move
that
forward
and
SSC
is
also
moving
forward
in
parallel.
But
we
support
that
so
very
cool
actually
made
some
progress
so
any
other
business.
A
G
G
It's
also
interesting
to
me
to
note
that
it
calls
for
you
know,
besides
kind
of
well
one
one
thing
it
clearly
is
calling
for
a
framework
that
you
know
that
seems
to
map
very
closely
onto
what
Jay
is
talking
about
with
SSC.
So
it's
fine.
It
feels
like
that.
Those
two
things
need
to
plug
together
and
I.
Think
open
ssf
is
very
well
positioned
to
be
the
The
Forum.
To
do
that,
I
think.
That's,
probably
not
accidental
the
that's
good
and
then
the
other
thing
was.
G
G
I,
don't
know
whether
this
is
the
right
Forum
to
raise
this,
but
I've
been
raising
this
to
whoever
is
interested,
but
a
lot
of
these
things
depend
have
a
dependency
on
the
package,
URLs
back
right,
Earl
and
there
has
been
some
ongoing
or
there
is
a
new
issue
in
the
Pearl
spec
issues
list,
but
she
has
been
raised
by
one
of
the
maintainers
of
that
spec,
which
is
about
improving
the
level
of
governance
around
the
Pearl
spec,
because
right
now
it
has
very,
very
lightweight
to
no
governance
and
I
think.
G
G
Some
of
that
is
is
in
this
governance
issue
that
I
put
a
link
to
in
the
minutes.
So
if
you
feel
strongly
about
this,
this
might
be
something
you
might
want
to
take
a
look
at
I.
Don't
know
if
it's
really
an
end
user
issue,
but
it
is
certainly
something
that
permeates
all
of
the
work
that
we're
doing
on
software
supply
chain,
especially
when
it
comes
to
things
that
have
to
do
with
s-bombs.
A
Definitely
I
agree
Vicki
over
to
you.
B
So
I've
been
aware
of
the
issue,
but
haven't
bothered
to
read
it
to
this
point.
I've
had
a
few
other
things
going
on,
but
just
back
information,
Philippe
nextby
and
the
rest
of
the
team
that
came
up
with
Pearl.
It
is
intentionally
low
governance,
low
low
overhead-
it's
always
has
been
since
the
very
beginning.
B
So,
while
undoubtedly
it
needs
to
mature
a
bit
in
that
direction,
I
think
more
people
waiting
into
this
conversation
is
going
to
be
complicated
and
make
things
really
difficult
to
actually
come
to
an
agreement,
especially
with
a
community
community
that
started
out
as
intentionally
low
touch
low
friction,
low
governance,
I
counsel,
everyone
to
definitely
keep
their
eye
on
it,
but
just
know
that
the
people
who
are
there
having
these
conversations
know
what
they're
talking
about.
They
may
not
need
additional
folks
sea
lioning
in
to
give
their
two
cents.
G
I
totally
I'm
all
about
layaway
governance.
Let
me
just
make
let
me
just
be
clear:
I'm
not
calling
for
people
to
come
in
and
and
what's
the
word
I
don't
know
dog
pile
on
that
issue,
and
but
so
I
don't
know,
I
mean
yes,
I'm,
just
raising
it
to
people's
attention.
I
do
think
the
problem
of
it
being
released
under
MIT
licenses,
as
opposed
to
something
like
the
community
specification
license,
is
a
real
problem
because
it
could
lead
to
patent
issues
down
the
line
that
are
going
to
cause
everybody.
G
An
enormous
amount
of
pain
and
I've
been
there.
Oh
I
just
want
to
make
sure
that
that
is,
I
won't
try
and
raise
that
to
people
to
I'm
trying
to
kind
of
I'm
being
kind
of
a
chicken
little
a
little
bit
on
this,
but
but
I'm
not
call
I,
don't
think
it
needs
like
some
kind
of
heavyweight
governance
thing
it
just
needs
like
somebody
needs
to
be
aware
that
this
thing
needs
a
proper
specification
license
and
in
an
IP
thing
around
it.
B
Well,
I
mean
the
people
who
created
this
are
highly
cognizant
of
licenses
and
their
impact.
B
Informed
decision
and
I
think
that
might
be
a
separate
issue
to
open
is
to
start
the
conversation
around
the
licensing
separate
from
the
governance,
because
it's
it's
a
legitimate
concern.
If
not
to
get
it
changed,
then
at
least
to
get
it
documented
why
it
is
the
way
it
is
so
people
will
understand,
because,
frankly,
I
don't
have
that
information,
but
I
do
know
that
Philippe
and
the
team
they
know
how
these
things
work,
which
means
they
made
a
decision.
B
But
why
right-
and
that
could
be
really
useful
there
to
know
that
one
also.
There
are
plenty
of
legal
experts
out
there
who
believe
that
the
MIT
has
an
implied
patent
clause
in
it.
There's
a
doc,
a
an
art.
You
know
I'm,
not
a
lawyer,
I,
just
love
them
they're
great
people,
but
so
there
are
there's
an
article,
for
instance,
on
opensource.com
from
around
2018
19,
or
something
like
that
from
one
of
red
Hat's
lawyers
I,
don't
believe
it
was
Fontana.
B
B
But
getting
that
out
into
the
community
and
having
that
conversation
and
being
prepared
for
it
is
I
think
a
good
idea,
so
certainly
opening
an
issue
about
it.
I
think
maybe
wait
until
the
governance
stuff
is
settled,
so
they
don't
have
to
be
fighting
a
battle
on
two
fronts.
A
No,
no
very
good
different
point.
I
I
just
wanted
to
raise
so
I'm
going
to
be
going
through
the
SSC
document,
a
lot
with
just
more
of
a
sort
of
deep
review
and
coming
up
with
more
comments
and
I
know.
Jay.
We
were
going
to
get
together
again
a
couple
of
times
yeah.
So
it's
going
to
open
that
up
to
others,
and
maybe
if
people
are
interested
in
having
an
off
cycle
meeting
to
discuss
that
I
will
I
will
publish
a
time
that
was
really
it.
A
Very
cool
all
right,
any
anything
else,
any
other
business,
no,
all
right.
A
lot
of
ground
covered.
We've
made
some
decisions,
that's
good!
So
thank
you
very
much
a
couple
of
off-cycle
meetings
coming
through
and
we
will
catch
up
in
a
couple
of
weeks.
Thank
you
very
much.
Everyone.