►
Description
Meeting notes: https://docs.google.com/document/d/1KQalBRzfRBvsqh73JUYfp1KG-AJdXcv2Z8LTIFoQP8c
A
B
C
B
A
B
A
B
E
F
B
B
B
A
B
B
B
B
Do
they
I,
don't
I,
don't
I
mean,
then
of
course
you
would
also
have
something
like
maybe
commit
hooks
on
the
on
git
I'm,
not
sure
this
could
be
code,
Snippets
right
or
maybe
even
plugins,
I'm,
not
sure
I'm,
not
very
familiar
with
this,
with
the
architecture
of
git
in
terms
of
get
extensions
or
plugins
or
the
like
for
Garrett
I.
Guess
there
are
some.
So
maybe
do
we
first
question?
Do
we
miss
hear
something
on
that
front?
The
data
flow.
B
Yeah,
but
this
I'm
not
sure
whether
those
GitHub
actions.
So
since
we
speak
here
of
this
in-house
development
environment,
not
one
that
is
running
running
in
the
cloud,
I'm,
not
sure
whether
those
GitHub
actions
from
the
marketplace
can
be
really
installed
on
the
Enterprise
GitHub
Enterprise
system,
for
example,
and
whether
there
is
any
comparable,
Marketplace
or
so
for
forget
or
Garrett
I.
Don't
think
so.
E
B
Well,
I
think
what,
when
we
came
up,
we
kind
of
decided
we
focus
on
source
code,
Management
systems
that
run
in-house
and
the
most
prominent
being
git
and
I
wonder
whether
we
are
missing
here.
A
data
flow
I
do
not
want
to
cover
really
organizations
storing
their
source
code
on
the
file
system.
Also,
I,
don't
think
that
would
be
very
meaningful.
C
C
C
And
that's
because
it
does
a
better
job
of
handling
large
assets
so,
depending
on
what
you're
trying
to
do
just
like,
where
you're
at
and
what
you're
trying
to
develop
git
is
very
good
with
text
based
files
and
smaller
files,
keeping
track
of
a
lot
of
really
small
files.
The
problem
is
that
when
you
start
getting
to
that
larger
size,
yes,
you
have
git
lfs,
which
is
not
like
a
complete
part
of
git,
it's
kind
of
an
add-on,
but
nevertheless
it's
still
not
a
complete
solution
for
most
video
game
development,
workflows.
C
C
A
C
C
Okay,
I
could
be
wrong.
I
could
be
wrong,
and
just
so
you
know
Henrik
one
of
the
guys
that
I'm
trying
to
bring
to
your
meetings
is
be
in
Webster
who's.
A
colleague
of
mine
at
LF
he's
our
Kernel
Security
guy
so
like
he
would
be
able
to
tell
you
like
right
up
front
and
no
problem,
but
he's
very
opinionated
in
that
regard,
but
you'll
be
able
to
tell
you
up
front,
but
from
my
understanding,
yes,
Mercurial
is
not
something
we
can
discount
because
Community
wise
there
are
people
that
use
it
and
it
is.
B
C
B
B
C
I
know
a
good
example
of
that
would
be
linear.
Linear
is
very
popular
right
now
and
that's
what
it
does
it,
basically,
where
it's
a
project
management
software
that
works
on
gits
web
hooks
get
githubs
web
hooks.
So
you
could
like
manage
GitHub
through
your
PM
now,
which
is
what
all
everyone's
doing
at
our
left
now
we're
at
LF
training.
C
One
of
the
guys
that
we
work
with
comes
from
versel,
and
apparently
it's
very
widely
used
at
Versailles,
like
their
whole
business,
depends
on
linear.
So
he
he
was
like.
Let's
use
linear
and
then
like
it
caught
on,
because
now
we're
trying
to
like
you
know,
make
sure
that
we're
not
being
shall
we
say,
as
lacks
with
timings
and
whatnot,
trying
to
be
a
little
nail
down
timings
a
little
bit
more
so
yeah.
B
C
And
then
your
manager
can
go
in
and
like
check
how
fast
you're
going
and
stuff
like
that
that
GitHub
has
kind
of
a
difficult
part
doing
sometimes
because
more
issue
based
and
they
do
have
apps
or
project
stuff
too,
but
it
gets
real,
complicated
and
we're
also
getting
in
a
real
GitHub
specific
stuff
that
for
the
record,
but
the
thing
about
GitHub
about.
If
I
could
be
honest
with
you
from
a
community
perspective,
it's
very
hot
and
cold.
A
C
B
C
B
C
It's
a
linear,
linear
runs
the
app.
So
all
you
really
need
to
do
is
Grant
it
permission
to
access
the
information
in
your
instance
of
GitHub,
whether
that
instance-
and
this
is
with
GitHub
Enterprise
or
not,
and
I
could
I.
We
could
I
have
someone
that
we
can
confirm
this
with
that
works
at
GitHub.
That's
kind
of
our
contact
for
these
types
of
questions,
but
from
my
understanding,
GitHub
Enterprise
is
just
a
self-hosted
instance
of
GitHub,
whether
or
not
it's
hosted
by
Microsoft
or
GitHub,
or
you
I.
From
my
understanding.
B
I
I
think
there
are
some
some
limitations
in
terms
of
functionality
for
the
for
the
for
GitHub
Enterprise,
so
I
think
it's
not
the
same
feature
set
being
available
for
well,
for
if
you
run
it
locally
and
also
I,
wonder
whether
and
and
and
this
the
question
whether
you
can
connect
to
a
remote
GitHub
application
run
by
and
operated
by.
Linear
is
maybe
one
of
those
Rich
restrictions
yeah.
If.
C
I
could
be
honest
with
you
Henrik
from
a
security
perspective.
It's
the
way
it
all
comes
together
is
really
nice,
but
it
really
does
make
you
wonder
like
oh
like
how
does
this
actually
go,
because
it's
actually
it's
one
of
those
things
where
it's
kind
of
like
too
nice.
You
know
what
I
mean
so
yeah,
but
it
would
be.
It
would
be
a
great
I'm,
pretty
sure
that
the
app
itself
is
hosted
by
linear
I.
C
A
C
B
C
B
E
D
D
B
Even
though
I
think
it
is
a
decentralized
right,
you
can
kind
of
have
multiple
remotes
and
so
there's
no
really
it's
just
a
matter
of
how
you,
your
workflow
and
your
definition,
whether
you
consider
one
of
those
being
a
central
one
or
not,
but
I
think
in
principle.
It
would
allow
for
a
decentral
approach.
So.
F
B
I
I
think,
if
I
think
even
there
are
two
types
of
GitHub
applications,
the
one
as
you
say
that
is
kind
of
impersonating,
the
user
from
whom
he
the
GitHub
app
received
a
token
or
so,
and
then
there
is
another
type
where
the
GitHub
application
has
its
own
service
user.
That
is
not
linked
to
to
an
end
user
account,
but
I'm
not
sure
whether
this
makes
how
much
difference
this
makes
in
terms
of
you
know
threads
on
the
for
the
organization.
But
let
me
let
me
just
write
this
down.
C
C
I,
don't
know
where
that
is,
but
I
think
that,
if
you're
going
to
end
up
using
one
of
those
third-party
source
code,
management
tools,
then
to
a
certain
degree,
I
would
say
refer
to
your
vendor,
like
what
your
vendor
is
actually
saying
and
I
think
that
we
should
focus
on
git,
because
otherwise
we're
going
to
end
up
going
down
a
lot
of
branches.
That
really
some
are
somewhat
vendor
specific.
C
G
C
B
Yeah
so
in
general,
I
sympathize
much
with
focusing
on
git
the
open
source
versioning
control
system,
rather
than
addressing
the
problems
that
come
with
one
of
a
commercial
offering.
So
so
this
is
I
like
this
very
much
I'm,
just
wondering
about
the
kind
of
the
market
or
the
the
the
market
presence
of
GitHub
Enterprise
by
whether
this
is
Justified
just
by
the
sheer
number
of
users
that
that
you
know
makes
a
development.
C
E
H
Yeah
I
would
suggest
wherever
possible,
let's
focus
generically
on
the
process
and
the
general
capabilities,
and
then,
if
there's
something
unique,
that
GitHub
or
gitlab
offers.
That
would
be
a
particular
interesting
threat
for
us
to
examine.
Then
we
could
do
that,
but
let's
try
to
be
as
generic
and
focus
on
kind
of
the
pure
process
as
possible.
Okay,.
B
All
right,
but
my
knowledge
so
other
than
that
in
scope,
auto
scope,
so
I
think
a
lot
of
the
problems
we
have
discussed.
Indeed,
in
the
context
of
the
developer
machine
also
applied
to
you
know
the
system
running
the
Version
Control
System,
such
as
there
should
be
kind
of
a
defined
process
for
what
you
install,
having
vetted
components
and
so
forth.
So
there,
a
lot
of
those
probably
will
also
apply
in
the
same
way
to
to
the
source
code
management
system.
B
C
G
B
So
I've
never
created
a
post
commit
hook
on
a
git
server.
Is
this?
You
would
just
have
kind
of
a
script
right
that
you
that
you
deploy
and
some
in
some
directory,
similar
to
the
pre-commit
hooks
that
you
would
have
on
a
developer
machine.
You
have
these
other
extension
points
or
directories
for
post
chromatics
on
the
good
server
right
correct.
B
C
G
H
C
B
C
H
But
that
you
know
that
that
is
a
very
prime,
a
choice
Target
for
an
attacker
that
essentially
everything's
in
one
spot
the
distributed.
You
know,
there's
we'd
have
to
talk
through
how
authentication
and
authorization
to
push
things
around
works,
but
there's
I'm
sure
other
techniques
of
somebody
sneaking
malicious
software
in
because
of
its
decentralized
nature.
B
H
C
G
C
E
H
B
H
I
would
suggest
maybe
we
bring
this
back
to
the
the
end
user
working
group
with
a
couple
questions
and
you
give
them
some
homework.
Saying
hey.
You
know
we're
looking
at
our
model
and
we'd
like
to
know
we
we
think
there
are
two
styles
of
Version
Control
in
on
an
Enterprise,
and
could
you
all
provide
us
feedback.
F
H
D
B
B
H
H
B
C
I,
don't
think
you
could
do
that
with
Git
on
its
own
I.
Think
you
would
need
an
external
software,
because
I
think
it
by
itself
comes
as
a
distributed
software
so
like
we.
So
that's
what
I'm
trying
to
say
so
like
like
there
wouldn't
necessary,
like
you,
wouldn't
have
like
I,
don't
even
know
if
GitHub
I
think
it
does
have
organization
level
features.
But
beyond
that,
like
I,
don't
think
it
has
very
much
in
terms
of
like
what
GitHub
has
you
would
need
that
GitHub
element
to
have
like
a
centralized
Repository.
B
C
C
But
that's
what
I'm
saying
by
convention?
That's
a
GitHub
thing:
that's
not
a
git
thing
because
get
like.
If
you
see
how
the
kernel
uses
git,
they
don't
use,
get
they
use
GitHub
as
a
mirror,
but
they
don't
use
GitHub
centrally
they
use
git
like
it
was
intended.
I!
Think
and
that's
what
I'm
trying
to
say
they
use
it
very
differently
with
most
organizations
don't
use
it.
That
way.
A
C
C
If
you
go
to
colonel.org
like
they
use
get,
they
use
more
like
they
rely
on
pgp
and
stuff
like
that
and
different
types
of
security
measures
that
are
just
different
and
they
are
compatible
with
Git
Hub.
But
obviously,
GitHub
gives
you
a
lot
more
features,
but
a
lot
of
those
features
are
not
fully
part
of
git.
If
that
makes
sense,.
H
Well,
and
keep
in
mind
that
the
kernel
development
is,
you
know,
the
largest
software
development
project
on
the
planet
is
open.
Source
is
very
different
than
how
a
traditional
Enterprise,
potentially
they
might
borrow
some
of
those
techniques,
but
they're
not
going
to
follow
exactly
how
the
the
Upstream
correct
internal
folks
develop.
H
H
Generally
want
to
have
you
have
things
like
business
continuity
and
disaster
recovery?
So
you
don't
want
software
randomly
sprinkled
across
the
organization.
So
if
something
happens,
You've
Lost
That
ability
to
you
know
reinstall
those
things.
So
you
know
the
in
an
Enterprise.
You
have
different
standards
and
controls.
C
H
Price
no
I,
I'll
reach
I
have
a
friend
that
is
a
security
coach
within
a
large
bank
here
in
the
US,
so
he
coaches
development
teams
and
he's
a
developer
by
trade,
so
I
can
actually
maybe
see
if
I
could
drag
him
into
this
conversation
to
kind
of
see
how?
How
is
your
organization
doing
these
types
of
things
to
kind
of
give
us
that
perspective.
G
C
E
C
B
C
Would
it
be
an
idea
Henrik
just
out
of
curiosity
to
maybe
survey
the
end,
User
Group
maybe
make
a
short
survey
of
how
people
use
git
and
then
that
way
we
could
at
least
know
what
would
be
the
most
applicable
thing
to
do,
because
I
don't
disagree
with
you
that
most
people
probably
use
GitHub
Enterprise
on
a
dedicated
instance.
However,
it's
hard
to
separate
because,
like
that's
a
that's
like
it's,
that's
it's
in
a
way,
that's
its
own.
Animal
is
what
I'm
saying
like.
G
I
would
also
disagree
with
your
analysis
that
most
people
are
using
go
to
the
Enterprise
on
a
dedicated
instance.
I
know
they
get.
I
was
heavily
I've
I've
heard
through
the
grapevine
that
GitHub
is
heavily
pushing
towards
trying
to
get
people
onto
their
SAS
instances,
because
they,
you
know
it's
it's
easier
for
them
to
keep.
You
know,
reoccurring,
Revenue,
sort
of
subscription
model
questions.
A
A
H
A
G
B
G
E
B
G
A
D
D
D
B
B
So
from
I
mean
on
the
developer
machine,
what
we,
what
we
did
is
we
listed
all
kind
of
ways
on
how
malicious,
open
or
third-party
components
and
open
source
components
could
end
up
on
a
developer
machine.
I,
wonder
whether
we
can
do
the
same
for
the
source
code
management
system,
we
kind
of
said
what
components
there
are.
B
Who,
how
do
they
get
there
they're?
Typically,
the
setup
we
have
discussed
and
would
be
installed
by
this
by
the
administrator
right
installed
and
configured
I
think
also
post
commit
hooks
here
require
the
administrator
to
become
active
to
to
deploy
those
shell
script.
There's
nothing
that
you
know
that
developers
themselves
could
kind
of
configure
install
extend
on
on
the
central
git
server.