►
From YouTube: OpenSSF Identifying Security Threats WG (March 1, 2023)
Description
Meeting notes: https://docs.google.com/document/d/1AfI0S6VjBCO0ZkULCYZGHuzzW8TPqO3zYxRjzmKvUB4/edit
A
A
B
Hi
I
guess
I'm
new
in
this
group,
I'm
Matia,
I
work
in
reproducible
builds
mostly
on
the
piano
stuff
and
the
mirror
mostly
to
to
look
around
in
this
group.
So
to
look
if
what
you
work
off
on
is
relevant
to
us
or
as
a
it's
actually
interesting,
so
to
say
for
sure,
I
glanced
at
your
notes.
It
looks
interesting,
so
I'm
looking
forward
to
get
more
for
you.
Thank
you.
A
A
C
Last
week,
the
summit
very
successfully
we
had
several
attendees,
we
recollected
all
the
feedback
from
both
of
the
rooms
of
on
our
working
table
round
tables.
So
what
is
coming
next
from
it
is
generate
the
report
of
the
event
and
present
it
to
the
attack
members
and
the
other
thing
that
we
are
not
only
with
the
outcomes
with
the
team
and
the
main
ideas
that
we
recollected
from
this
work
will
mini
Summit.
D
Button
yeah,
it
was
very
successful.
It
might
add
just
one
more
comment
about
20
people
over
20
participants
from
different
foundations
like
Eclipse,
Foundation,
openjs,
node.js
foundation
and
the
call
you
know
and
J
some
of
those
GCC
tool
chain.
It
was
very
successful
and
can't
wait
to
share
more
details
with
the
team
and
everybody.
A
D
It
was
not
recorded,
I
think
it.
You
know,
you
know
I
think
with
the
next
step
is
to
summarize
it
and
then
in
a
way
we
can
publish
it
either
by
blog
or
report
or
in
some
way
to
send
a
message
to
the
community
how
it
happened,
what
we
discussed
and
what
with
the
next
step,
could
be
right,
I
think
that
making
like
each
cell
shared
this
can
happen
again
sometime
soon
or
maybe
in
a
bigger
format
that
can
benefit
everybody
in
open
source
Community
to
understand
what
open
ssf's
doing.
F
Yes,
I:
do
we
had
a
great
actually,
a
good,
really
good
meeting
on
Friday
Rob
was
able
to
present
a
a
a
better
look
at
at
the
dashboard.
In
general,
we
had
great
conversation
around
some
of
the
features
that
that
we'd
like
to
have
added
well
to
the
dashboard,
a
little
bit
more
content
in
some
areas.
F
Also,
we
had
a
discussion
about
the
potential
to
request
funding
for
its
maintenance
and
upkeep
once
we
do
have
something:
that's
something
that
that's
that's,
ready
and
and
workable
and
and
put
into
to
a
production.
So,
like
I,
said
great
meeting
as
far
as
that's
concerned,
we'll
have
a
follow-up
where
we're
looking
at
more
creatures.
We
also
have
additional
help
with
a
lot
of
the
work.
A
A
A
So
we,
when
the
when
the
mini
Summit
happened,
there
was
a
survey
that
was
done
and
that
survey
is
which
had
some
questions.
That
was
talking
about
specific
practices
that
the
maintainers
do
like.
Do
they
use
tools,
or
how
often
do
they
have
do?
They
have
a
dedicated
security
team
and
how
often
do
they
meet
and
how?
What
happens
if
there
is
a
security
incident
and
how
do
they
react
when
some
vulnerabilities
are
reported
and
so
on?
So
there
were
different
topics
that
were
covered
yesterday
and
myself.
A
We
were
planning
to
do
that.
Do
a
focused
survey
on
that
and
and
so
right
now
it's
in
the
planning
phase,
we're
working
with
or
yes
India
is,
is
connecting
with
crop
to
also
get
like
get
his
feedback
regarding
this,
but
at
some
point
would
maybe,
in
the
next
meeting
or
so
we'll
share
the
the
the
the
frame
framing
of
the
survey,
and
we
would
appreciate
opinion
from
other
people
regarding
this
or
if
you
have
any
thoughts
on
like
whether
this
kind
of
survey
has
been
done.
A
E
A
E
E
A
Think,
there's
only
one
or
two
that
had
or
out
of
those
response,
only
one
or
two
projects
had
a
like
a
dedicated
security
team
and-
and
so
so
it
was,
and
during
the
conversation
at
the
mini
Summit
at
the
room
where
you
were
in
and
at
our
room.
Also,
one
of
the
themes
that
were
emerging
was
many
of
these
projects
actually
started
very
simple
or
very
small,
but
they
have
now
been
like
because
of
fame
fame
happened
and
adoption
happened.