►
From YouTube: OpenSSF Identifying Security Threats WG (March 18, 2021)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Excellent,
I
have
not
put
my
name
in
there,
but
I
will
need
to
do
that.
So
this
is
david
wheeler,
nothing
else.
I
I
should
look
at
the
agenda,
but
I
think
we
ought
to
at
least
really
talk
about
the
tac
meeting,
because
I
think
that
was
important.
A
Fabulous
okay:
I
am
opening
up
the
agenda
right
now:
cool
okay,
got
it
talk
about
the
talk
meeting.
Okay,
mike
did
you
want
to
kick
us
off.
B
Yes,
so
so
part
of
the
attack
meeting
last
week
where
we
kicked
off
when
we
talked
about
the
so
so
each
of
the
working
groups
are
being
asked
to.
B
Essentially,
you
know,
describe
what
they're
doing
and
the
you
know
current
things
on
the
roadmap
future
things
where
they
need
help,
I'm
actually
ryan.
You
could
probably
talk
talk
to
about
this
from
from
the
other
side,
but
we
so
we
I
presented
last
last
week.
I
thought
everything
went
fine,
you
know
good
questions
and
you
know
we.
I
don't
think
anything
new
that
we
haven't
like
been
talking
about
at
various
times
before,
like
the
name
of
the
work
group.
B
Doesn't
why,
like
you,
have
to
squint
a
little
bit
to
see
how
everything
we
do
falls
into
that
description?
But
I
don't
think
there
was
any.
At
least
there
was
nothing
like
that.
I
recall
being
said
about,
like
you,
know,
hey
you're,
doing
this
thing
and
it
really
provides
no
value
or
it's
like
it's
silly
or
anything
like
that.
C
Yeah,
I
I
agree
with
that.
I
think
it
went
really
well
so
just
kind
of
give
some
background
for
everybody
else
on
here.
C
Discussions
with
the
vulnerability
disclosure
group
and
and
best
practices
and
kind
of
how
some
of
that
stuff
can
overlap
and-
and
we
can
coordinate
a
little
bit
better,
so
yeah
we've
got
three
more
to
do
next
week.
That'll
be
the
the
final
three
and
going
forward.
Hopefully
we'll
get
some
kind
of
a
rhythm
going
where
we
get
status
from
working
group
leads
a
little
more
frequently
and
kind
of
make
sure
everybody's
coordinated,
but
yeah.
It
was
a
good
start
and
I,
I
think,
yeah
nothing
shocking.
C
A
I
I
think
one
thing
that
I
I
knew,
but
I
think
was
not
necessarily
known
by
all.
Was
I
mean
this
particular
working
group
has
an
opportunity
to.
I
guess:
integrate
some
of
the
work
being
done
by
others,
particularly
some
of
the
best
practices,
things
where
you
know.
A
Basically,
the
the
the
the
security
reports,
the
ci
best
practices,
information,
the
scorecard
information,
all
that
could
go
into
the
overall
dashboard
as
an
integrating
mechanism
and
then,
of
course,
that
information
could
then
get
fed
back
over
to
say
the
vulnerability,
folks
and
the
critical
projects.
A
So
I
I,
I
think,
there's
a
role
as
an
integrating
force
for
the
dashboard,
but
we
gotta
get
it
to
the
stage
where
it's
ready
for
that
role.
Yep
yep.
B
One
thing
that
I
heard
I
think
everyone
mentioned
was
that
resources
were
neat
like
tangible.
Like
you
know,
dev
paid
resources
that
were
like
dedicated
to
doing
work
were
needed
in.
I
think
I
heard
two
of
the
three
or
maybe
even
three
of
the
three
that
that
that
went
so
that
that
message
has
been
communicated.
B
B
We
need
paid
contributors
or
paid,
you
know,
developers
to
go,
develop
stuff.
C
C
We
need
people
to
start
like
really
doing
some
dev
work
here,
yeah,
so
yeah,
certainly
we're
not
the
only
working
group,
but
it's
good
to
get
everybody
together
and
and
see
how
that's
becoming
a
necessity
across
the
board
and
that'll
help
drive.
I
think
a
little
more
urgency
on
the
governing
board
side
to
get
that
budgetary
committee
going
or.
However
it
is
that
they're
doing
it
and
making
sure
that
we
have
the
the
right
process
in
place
so
that
we
can.
C
B
Yeah
ryan:
do
you
know
if
the
member
dues
do
you
know
when
the
freebie
part
of
that
ends
and
members
are
going
to
be
start
because
at
that
point
there
would
be?
You
know
some
fights
yeah.
B
Dollars
coming
in
assuming
everybody
stays
the
member,
but.
C
E
C
Sorry,
right,
yes
yeah
and
then,
but
so
I
don't
know
if
that
means
august
3rd
is
you
know,
2021
is
now
when
we're
gonna
start
collecting
dudes.
So
I
don't
know
the
specifics
of
that.
I
can
circle
back
with
kay.
I
think
she
she's
been
looking
into
that
a
lot
and
find
out,
but
yeah.
Certainly
once
that
happens,
we
will
definitely
have
more
funds,
and
I
know
there's
been
some
funds
donated.
C
Ironically,
from
microsoft
already
we
had
one
of
our
teams
had
some
extra
budget
that
ended
up
being
funneled
over
to
open
ssf.
So
there
is
some
money
there
now,
but
yeah,
the
the
the
dues,
I
think
are
coming
this
year
at
least
last
I
heard
okay
we'll
see
yeah.
A
The
governing
board,
in
the
end
of
course,
is
going
to
make
that
call.
There
are
some
funds,
as
mentioned
from
microsoft,
there's
a
separate
small
pot
that
google
has
offered.
That's,
not
technical,
open
ssf,
but
it's
we
can
probably
do
some
things.
The
lf
has
some
limited
resources.
Hi
the
the
problem
is,
of
course,
you
know
we're
not
talking
vast
amounts.
So
so,
michael,
I
I
think
what
we
really
need
right
now
is,
and
I
think
it's
going
to
have
to
be
you
sorry
to
say.
I
think.
A
B
B
Laundry
list
of
you
know
the
the
the
ux
front
page.
Some
of
it
is
just
cosmetic
stuff,
but
other
things
like
actually
bringing
the
data
regularly
and
refresh
it
and
have
arguments
about
like
metric
x
versus
metric
y
and
and
things
like
that.
But
have
it
be
demo-able
more
broadly.
A
Right
now,
I
I
don't
think
that
you
know
I
I
think
it's
important
to
not
guild
the
lily
as
it
were.
You
know
we.
I
I
think
we
clearly
need
you
know
what
what's
been
done,
as
a
proof
of
concept
is
actually
pretty
awesome.
So
congratulations
for
that.
I
I
don't
think
we
need
to
spend.
You
know
millions
of
dollars
to.
D
A
Something,
but
I
think
we're
going
to
need
somebody
to
write
down
kind
of
that
minimum
viable
real
product.
That's
pr!
I
don't
know.
A
The
real
phrase
yeah
it's
a
minimal,
viable
product,
but
it's
a
minimal,
viable
product,
it's
reasonable
to
use-
and
I
think
we're
gonna
have
to
beg
on
you
to
to
do
that.
First
draft,
because
you
I
mean
you're
the
best
having
implemented
the
proof
of
concept,
your
best
place
to
do
it.
But
if
you
come
up
with
even
a
partial
draft,
I
mean
just
stick
it
on
on
google
docs
or
something
I
think
I
mean
I'd,
be
happy
to
give
a
hand.
A
Other
people,
I'm
sure,
be
able
to
get
a
hand,
but
I
I
I'm
not
sure
where
to
start
compared
to
what
you
know.
B
The
problem
that
I've
run
into
is
like
the
the
design
takes
a
hundred
percent
of
my
energy
and
the
development
takes
100
of
my
energy
and
therefore
it's
so
being
able
to
just
if
someone
were
to
just
tell
me-
and
in
fact
I
I
don't
recall
who
this
came
from,
but
back
like
four
months
ago
when
it
was
like
this
thing
is
way
too
complex.
Can
we
just
do
like
the
bare
minimum
easy
like
that,
was
a
great
trigger
to
like
just
use
graph
on
it?
B
D
It's
looking
yeah,
it's
looking
really
good.
Can
you
guys
hear
me
yeah
yeah,.
D
Heard
I
was
having
some
troubles
with
my
mic.
I
also
want
to
say
yeah,
so
I
I
had
been
thinking
about
the
grafana
thing
recently
and
you
know
it
looks
really
good
and
I
think
that's
a
nice
ui
I
I
was
also
thinking
you
know
in
terms
of
sort
of
machine,
readable
output,
you
know
and
and
sort
of
minimal
viable.
You
know
solution
to
show
people
what's
going
on.
I
I
wasn't
clear
on.
Is
there
a
way
to
you
know
access
this
information
from
some
kind
of
api?
D
Like
I
assume
there
is
I'm
not
super
familiar
with
grafana,
but
I
also
thought
you
know
that
might
cut
down
on
any
sort
of
ui
linking
I'm
not
sure
how
grafana
works,
but
I
seem
to
remember
when
I
tried
to
use
it
that
that
it's
not
you,
know
complete.
If
we're
talking
about
time
sensitivity
of
resource
commitments,
then
you
know
maybe
just
a
a
you
know.
D
Raw
json
api
would
be
enough
to
to
cut
down
on
on
time
commitments
linking
things
together
in
grafana
and
still
you
know
be
able
to
give
give
some
some
solid
results
on
what's
being
done.
B
I
think
that
makes
sense
yeah.
As
I
recall,
the
grafana
like
the
ui
widget
is
defined
as
like
a
sql
query.
You
can
define
it
as
like.
There
are
like
10,
connectors
or
whatever,
but
the
one
we're
using
is
just
sql,
but
the
sql
back
end
is
simple
enough.
Where
adding
an
api
to
just
you
know,
given
a
product,
tell
me
what
you
know
about.
It
would
be,
let's
just
say
trivial,
so.
D
D
Oh,
I
had
one
of
those
like
two
weeks
ago.
I
said
oh
it'll
take
two
hours
and
I
worked
on
that.
I
worked
on
it
for
an
er.
No,
I
said
it'll
take
two
minutes.
I
worked
on
it
for
an
hour
straight
in
the
meeting
and
then
two
weeks
after
that
almost
every
day,
but
so
sorry
tangentially
just
you
said
their
sql
queries,
essentially
right
and
and
sort
of
where
I
was
going,
that
with
the
raw
json
data
is,
I
would
assume
those
sql
databases
aren't
publicly
accessible
right,
so
so
correct.
So
you.
B
Well,
not
really
so
griffon
is
just
it's
installed
locally.
So
there's,
as
I
recall,
just
nginx
reverse
proximity
to
grafana,
so
nginx
could
also
have
like
this.
Url
is
structured
graphana.
You
could
have
api,
you
know
get
package
equals.
You
know,
foo
return,
the
json
for
for
foo.
You
know
in
this
case.
D
F
D
A
A
All
this
stuff
is
really
simple:
json
requests,
the
you
know
github,
of
course,
has
a
way
to
query,
but
I
I
do
actually
agree
with
you
if,
if
the
dashboard
is
going
to
be
the
integration
point
for
security
related
data
than
having
an
api,
so
in
one
place
you
get
what
you
want.
Poof.
B
G
F
B
We'll
just
just
keep
stuff
in.
A
The
bag-
well,
I
mean
okay,
so
we
we
have
limited
time,
but
let's,
but
I
you
know
you
mentioned
you-
know
ty
it
takes
time
for
design.
I
don't
think
you
should
have
to
write
down
a
design.
I
I
I'm
thinking
you
know,
maybe
page
half
a
page
of
what
do
you
what's
left
to
do
for
a
minimum
viable
product?
And
I
think
I
think
actually
api
is
a
reasonable
minimum
requirement.
A
You
know
a
way
to
to
you
know
some
setup
to
vastly
increase
the
number
of
projects
that
are
that
are
polled
and
which
is
more
of
an
operational
income.
Yeah
operational
vastly
increase
number
of
projects.
B
We
could
the
the
the
long
pole
in
the
tent
is
new
piece
of
data
have
to
look
at
it.
How
do
I,
how
would
I
collect
this?
Do
I
need
api
keys?
How
do
I
manage
like
it's?
It's
the
it's,
the
setup.
D
D
I
I
gave
a
little
talk
on
what
we
had
done
at
intel
with
that
similar
sort
of
you
know
open
source,
allow
list
tool
of
what
we
could
choose
and
and
what
we
found
is
yeah,
that
that
repeat
process
of
sort
of
we
were
doing
feature
engineering
but
pulling
in
new
kinds
of
data.
Is
it
can
be
very
time
consuming,
especially
when
you
need
to
rebuild
the
whole
data
set,
but
we
did.
We
were
able
to
get
it
down
from
like
a
couple
days
to
do
the
whole
thing
to
like.
D
I
think
we
could
do
it
in
like
a
couple
hours
and
and
but
but
this
is
I
mean
so
so
that
was
the
data
set
of
like
4
000
records,
though
so
so
I
mean
to
regenerate
the
whole
thing.
Is
you
know
a
little
bit
different,
but
I
think
if
you
sort
of
focus
on
this
idea
of
you
know
having,
I
do
you
guys
have
sort
of
micro
services
behind
this
at
the
moment
or.
B
No
right
now
it
is
a
flat.
It
is
what
is
that
it
is
a
managed
sql
server.
So
at
least
the
cloud
is
managing
the
operations
of
that,
and
then
it's
just
a
vm
with
graphana
installed
on
it.
Okay,.
D
D
D
A
And
some
of
these
things,
you
don't
actually
have
to
do
yourself.
You
know
for
some
of
the
statistics,
data
from
say,
github
or
get
lab
and
just
ask
them
same
for
the
ci
best
practices
badge.
If
you
just
want
to
know
this
current
state
poof,
you
grab,
you
know
it's
a
rest
call
or
you're
done
yeah.
So
for
some
of
this
stuff
we
don't
even
have
to
spin
up
anything
else.
A
We
we
literally
just
have
to
integrate
it
in
yeah,
that's
correct
yep!
So
so
I
I
I'm
thinking
for.
As
far
as
you
know,
I
think
we
need
to
have
something
to
start
with.
I
think
I'm
gonna
pitch
for
the
moment
that
I
would
like
this
tool
very
much
to
be
able
to
answer
some
questions
like
is
it
reproducible?
A
D
A
And
we're
going
to
claim
that
that's
not
the
short
term,
that's
not
the
minimum
viable
product,
that's
the
phase,
two
or
whatever
you
know,
I
think,
having
the
scorecard
in
there
is
relatively
quick
and
straightforward
and
easier
to
get
started,
even
acknowledging
that
we
I'm
sure
we
want
more
longer
term,
but
I
don't
think
we
need
that
to
start
with,
and
that
sounds
good
to
me
yeah.
B
Well,
folks
are
thinking,
I
think
the
thing
that
would
be
most
useful
to
me
is
what
are
the
like?
Basically
just
like
print
this
out
and
write
all
over
and
say
you
know,
this
is
confusing.
This
makes
no
sense.
This
conflicts
with
this.
It
would
really
be
great
to
have
this
thing
here
from
the
context
of
an
mvp.
D
D
B
So
so,
basically
like
ssl
labs,
yeah.
D
A
A
The
only
thing
I
want
so
so,
for
example,
the
the
no
data
works,
just
fine,
that's
thick
enough,
but
the
thin
ones-
I'm,
I
presume
the
x's.
It
looks
like
the
x's
and
check
marks-
are
different
colors,
but
that's
starting
to
get
a
little
rough.
H
A
H
B
H
B
Absolutely
if
you
whatever
examples,
you
have
really
good
copying
other
things,
but
I'm
not
a
ui
person,
so
yeah.
Okay,
I'm
into
that.
A
Okay,
I
I
think
in
the
short
term,
what
we
want
is,
you
know
a
short,
you
know,
get
thing
get
it
so
that
there's
a
pipeline
that
pulls
it
through
fix
up
the
ui
a
little
bit,
and
you
know
I
mean
the
thing
is
we're
actually
tantalizing.
A
lot
of
people
were
very
excited
by
the
proof
of
concept.
It's
it's.
You
know,
it's
not
slidewear!
That's
fantastic!.
A
And
I
think
that
once
there's
wants
us
a
little
further,
I
can
talk
to
the
linux
foundation.
It
folks
you
know
about
about
a
hosting
and
that
sort
of
thing
I
I'm
sure,
there's
a
limit
to
what
we
can
manage.
B
I
mean
it
right
now:
it's
it's
a
small
vm
like
it's.
It's
tiny
little
like
a
a
reasonably
sized
vm
should
capture
should
cover
this
for
a
year.
Okay,
so
that's
kind
of.
A
B
And
postgres
is
kind
of
the
the
underappreciated
awesomeness
that
that
kind
of
makes
things
happen.
I.
A
And
mike,
if
you
I,
I
will
promise
to
give
you
a
hand
if
you
give
me
a
link
of
some
ideas
to
start
with,
but
I
don't
and
I'm
hoping
it
won't
take
too
long,
because
I
think
you
just
kind
of
write
down.
B
A
Not
too
worried
about
this
okay,
but
I
I
think
that
that's
going
to
be
the
triggering
mechanism
for
the
tac
and
governing
board
to
fund
something
as
we've
we
we
need
to
give
them.
This
is
what
we
have
in
mind.
This
is
our
best
guess
for
prices.
A
Everybody
understands
that
trying
to
come
up
with
prices
is
a
big
big
wag,
but
you
know
what
you
gotta
at
least
go
through
the
exercise.
B
Yep
yep
I
mean
even
and
even
if
it
was
from
like
cost
of
death.
If
it
was,
you
know
four
months
of
like
generalist,
dev
time
on
this,
I
think
you
could
make
huge
progress
in
that
and
that
would
oh
yeah,
you
know
whatever
it
is
yeah.
I.
A
I
suspect,
I
suspect,
in
three
months
you
could
make
spectacular
progress
because
you're
not
you're
not
actually
trying
to
create
whole
new
you're
trying
to
integrate
what
exists
exactly
so.
That's
yeah,
you
know
in
theory
not
too
hard.
B
Cool
I'd
like
to
just
just
talk
about
so
I'm
sorry.
Are
we
closed
on
the
dashboard
yep,
okay,
cool
the
threat
paper,
so
I
did
so.
The
threat
paper
went
out
whatever
was
seven
months
ago,
or
something
like
that.
Whatever
it
was,
we
haven't
really
updated
it
substantially,
since
we
probably
should
rev
it
and
consider
a
2-0
release,
or
at
least
I'll
put
it
out
there
that
perhaps
we
should
consider
to
our
release.
B
There
have
been
some
new
things
in
the
news
like
dependency,
confusion,
and
you
know
I
think,
having
another
set
of
eyes
looking
at
it
critically
and
saying
we
are
we're
totally
not
addressing
this
whole
thing.
We've
over
indexed
on
this
or
this
thing
that
we
talked
about
six
months
ago,
has
largely
been
solved
by
x
or
the
recommendation
that
we
have
is
kind
of
out
of
date
or
whatever
it
is,
but
kind
of
planning
for
a
you
know.
Substantial
update,
I
think,
would
be
good.
H
B
Okay,
so-
and
I
would
love
someone
actually
a
mirror,
if
you
could
just
think
about
this
and
do
the
right
thing,
because
it's
github
ain't
great
for
like
versioned
documents
so
right
now.
The
latest
thing
is
this
one,
so
I'll
just
post
a
link
to
this.
A
By
the
way
you
know,
okay,
I
I
I
have
been
trying
to
fight
the
conversion
for
google
doc
and
oh
my.
B
Yeah
I
mean
I
would
really
like
to
be
able
to
like
then
re-pdf
this
and
have
it
not
look
like
we
printed
a
markdown
file
and
I
guess
like
ascii,
doc
and
pandock,
and
all
these
things
are
like
it
can
be,
definitely
be
done,
but
that's
a
rabbit
hole
but
that's
another
rabbit
hole
but
either
way
yeah.
B
I
think
this
would
be
be
super
to
integrate
okay,
cool
cool,
yeah
and
then
final
topic,
the
security
reviews,
so
I
merged
a
bunch
of
updates,
so
I'd
say
just
kind
of
keep
them
coming
having.
B
A
G
I
I
I
fixed
I
kind
of
fixed
that
it
was
like
it
was
there's
a
few
bugs
and
it
was
I
mean
it
looked
like
it
worked
great
at
one
point,
but
it
was
like
pulling
from
the
old
repo
like
wg,
and
there
was
a
handful
of
other
things,
but
I
I
patched
it
up
and
I
think
I've
submitted
a
pr
that
it's
like.
I
could
send
you
a
picture
of
my
screen
or
something
right
now.
I
have
the
reviews.
B
I
Name
is
I'm
dylan
yeah?
I
don't
know
if
we
yeah
met
like
a
couple
times
virtually,
but
here
let
me
let
me
take
a
screenshot
of
like
here
I'll
pull
up.
What
like
left
pad
works
looks
like
I
didn't
in
terms
of
like
the
metadata
I
didn't
put.
I
I
I
feel
like
I've,
sorry
someone
to
tell
me
how
to
add
a
picture
like
it's
like
a
dumb
question
but
like
in
the
chat,
I
don't
even
see
it.
You.
I
I
A
I
B
A
I'm
going
to
warn
dan
you
volunteered
earlier
to
will
help
document
how
to
install
the
document
how
to
install
the
dashboard.
A
Our
document
slash
automate
dashboard.
B
Be
easier
so,
since
I'm
going
to
have
the
the
hood
up
on
it,
it
might
make
me
make
more
sense
for
me
just
to
package
the
whole
thing
as
one
container
that's
like
ready
to
go
rather
than
the
the
recipe
to
build
it
from
scratch.
C
A
C
B
Probably
the
way
to
do
it,
remembering
correctly,
is
you
do
the
docker
image
but
the
source,
the
source
code,
that
it
runs
as
part
of
its
thing
is
a
mounted.
It
can
be
a
mounted
directory,
so
you
clone
the
repo.
You
build
the
image,
you
run
the
image,
and
then
you
change
the
thing
on
your
file
system
and
the
image
references
that
so
you.
So
that's
like
the
way
to
do
dev
without
because
you
really
don't
need
to
run
postgres
like
locally
locally
to
run
image
and
connect
to
just
the
same.
B
B
B
Cool
all
right
is
there
anything.
I
Getting
the,
I
think,
I
I
think
my
I
think
you've
figured
it
out
like,
I
would
have
seen
it
and
then
I
looked
it
up
and
I
think
my
app
is
just
like
I
like
not
updated
or
something
like
I
or
not,
with
the
I
need
to
like
quit
and
reinstall
it
because
it
just
does
not
it's
like
what
just
does
not
have
like
the
buttons
that
it
says
it
shows.
A
I
don't
know
what
what
all
the
details
are,
but
I
know
that
the
lf,
at
least
for
well
at
least
for
the
ci
best
practices
branch
we've
been
using
fastly
as
our
cdn
and
obviously
there's
also
cloudflare
for
certain
things,
and
those
can
definitely
make
little
sites
scale
pretty
well
without
a
lot
of
resources.
B
Yeah,
I
don't
know
how
cash
friendly
grafana
is,
I
mean,
obviously,
all
the
static
stuff
can
be
cached
and
that
that's
great,
but
if
it,
if
it's
all
ajaxi
where
it
wants
to
do
its
thing
and
not
have
those
results,
be
cached,
I
could
look.
You
know
we'll
try.
A
It
and
we'll
see
yeah,
I
just
I
I
think
just
it's
I'm.
I
totally
get
that
you
can't
catch
everything
that
that
doesn't
work
so
well,
but
what
you
can
try
to
do
is
think
through.
What's
the
thing,
that's
especially
in
demand,
yeah
and
find
ways
to
cash
that
you
know
images
and
things
that
stay
for
a
while.
A
You
know,
certainly
the
badging
app
doesn't
cache
everything.
Nor
would
that
really
make
sense.
D
B
Yeah
yeah,
so
so
the
yeah-
and
I
think,
like
the
main
part
of
it,
is
the
is
the
connect,
the
connector
parser
uploader
thing.
Oh
I
I
forgot
there's
actually
there's
already
an
api
yeah
yeah.
So
sorry,
you
said
the
connector.
D
B
No,
so
right:
okay,
sorry,
the
the
architecture
right
now
is
you
know
the
shell
scripts
and
whatever
to
like
parse
and
separate
out
like
the
scorecard
json
file
into
like
the
individual
metrics
it
it
posts
that
to
and
to
arrest
well
just
to
an
api
endpoint
that
api
endpoint
is
the
only
thing
that
talks
to
or
the
only
thing
that
writes
to
the
database
and
then
because
I
didn't
want
to
have
individual
clients
be
able
to
talk
to
the
database
directly.
B
So
so
it
does
it
through
the
api,
we're
all
good
there
and
then
grafana
reads
from
the
database
directly,
because
that
that
it
needs
to
so
having
new
new
metrics
or
new
scripts
or
new.
Whatever
is
should
be
relatively
easy
because
all
you
have
to
do
is
is
post
to
the
endpoint
in
a
you
know,
reasonable
format.
B
Yeah,
basically,
you
say
you
basically
say
like
add
metadata
package.
Url
equals
x,
the
type
the
the
key
name
of
the
metadata
and
the
value,
and
then
I
think
this
you
can
put
some
like
it's
like
a
property
bag
after
that,
so.
D
B
You
know
what
I
mean:
I'm
trying.
Yes,
the
there
is
an
api
key
that
you
need
to
know
in
order
to
make
any
any
post
to
that.
No.
F
Don't
you
yeah,
I
mean.
B
B
Yeah
we
I
mean
it
would
be
nice
to
be
able
to
like
have
a
playground
to
experiment
on
where
I
mean
obviously,
we'll
have
like
a
dev
instance
of
this,
where
people
that
are
doing
dev
can
like
do
a
kind
of
end
to
end
the
api
thing.
Actually,
I
don't
love,
because
it's
the
one
part
that
I
can't
really
com
like
you
can't
run
it
com
yeah.
I
never
know.
B
Now
so
no
yeah,
you
can
run
it
locally.
It
should
work.
B
B
Oh
no,
no,
it's
more
that
that
I
need
to
be
able
to.
I
need
to
trust
you
and
give
you
the
environment
key,
but
I
may
not
trust
you
know
bob,
and
you
know
how
do
I
now
someone
is
like
the
gatekeeper
of
the
keys.
D
B
D
Right
and
then
those
grant
the
the
hookups
those
sql
queries.
So
my
understanding
is
right.
Now
it
sounds
like
okay,
so
there's
some
information
you
post
to
an
import.
You
so
say
you
come
up
with
some
new
metrics
about
about
something
right.
You
post
to
the
endpoint
with
the
api
key
and
now
we
need
to
do
some
wiring,
which
my
guess
is,
is
a
pull
request
to
that
repo,
where
the
the
dashboard
sql
code
is
hosted
exactly.
B
No,
no
so
so
so
grifana
is,
like
I
mean
technically,
there
is
a
json
description
of
it.
So
if
we
were
super
advanced
we
could
we
might
be
able
to
manage
it
through
that
and
pull
requests.
Okay,
but
the
default
way
that
I've
used
grafana
is
you
know
you
have
an
account
you
log
into
grafana
and
now
you're
you're
an
admin
on
it.
B
D
D
Okay,
so
I
guess
well
so
then
I
guess
because
I
think
I
had
mentioned
this,
but
I
had
a
student
who
was
interested
in
in
helping
contribute
to
this,
and
so
we
have
some.
You
know
metric
gathering
stuff
that
we've
already
developed,
and
you
know
the
idea
would
be
basically
can.
Can
we
help
start
throwing
stuff
in
here
right
and-
and
you
know
that
I
guess
that's.
What
I'm
getting
at
is,
is
what
what
all
do.
I
need
to
do
to
to
guide
him
to
get.
B
F
B
I
I
don't
know,
like
I'm
happy
to
like
work
on
like
either
making
the
readme
a
lot
more
like
a
more
straightforward
or
maybe
including
some
kind
of
build
script.
I
don't
know
how
confident
I
feel
about
the
latter
ryan.
It
sounds
like
you
have
a
little
extra,
I'm
happy
to
help
you
with
that.
If
that's
something
that
yeah
I.
C
H
Real
quick
mike,
I
was
going
to
bring
up
the
the
blog
post,
where
we
still
oh
yeah,.
B
B
I
don't
know
how
everybody
feels
like
do
you
think
we're
ready
to
to
do
that?
Should
we
wait
till
we
have
more
more
reviews,
then
I
was
feeling
really
gung-ho
about
pushing
it
earlier,
but
I
don't
know
I
don't
know.
I
don't
have
strong
feelings
on
whether
it
should
be
kind
of
I
mean.
I
think
I
think
we
should
do
it
within
next
month.
B
I'm
just
not
sure
if,
like
next
week
or
like
four
weeks
from
now,
is
the
better
one.
If
people
have
have
opinions.
H
For
me
personally,
there's
one
tiny
thing
that
I'd
like
to
do,
and
it's
really
more
of
a
visual
thing
of
putting
all
the
reviews
that
I
uploaded
through
ostip
like
in
their
own
folder.
I
know
that's
kind
of
a
really
minor
thing,
but
I
think
once
we
kind
of
do
all
those
minor
tweaks
and
feel
really
good
about
it.
Yes,
we
absolutely
should
announce
it,
and
I
really
like
kind
of
the
call
to
action
of
you
know
getting
more
people
to
to
get
involved
and
post
things
on
there.
So.
G
B
I
think
we
could
do
that.
Do
you
think
that
we
need
a?
I
know
this
came
up
once
before,
but
like
do
we
need
like
a
more
user-friendly
ui
into
the
repo
kind
of
like
a
build
job
that
would
go
through
all
the
scripts
and
emit,
let's
say
more
html
friendly,
like
a
big
table
with,
like
all
the
reviews
and
links
to
the
content.
B
Do
you
think
that's
necessary,
otherwise
we're
just
showing
people
a
repo.
I
think
the
repo
is
the
right
way
to
manage
it.
I'm
just
not
sure
it's
the
right
right
way
to
communicate
them
to,
because
the
other
problem
is
with
the
repo.
B
You
need
the
only
way
to
really
find
a
component,
especially
because
a
review
could
cover
multiple
components
and
then,
which
folder
do
you
put
it
in
the
only
way
to
really
find
it
is
to
search
and
that's
not
terrible,
but.
A
I
I
don't
think
you
can
avoid
that
problem
security
reviews,
no
matter
what
you
do,
there's
going
to
be
a
number
of
security
reviews,
the
map
between
the
components
and
the
security
of
your
views
is
not
going
to
be
one-to-one
right.
A
J
C
B
A
Yeah
and
and
and
in
the
longer
term
the
challenge
will
be
okay.
It's
a
review.
I
found
something
it
may
or
may
not
be
exactly
a
match,
and
so
in
the
long
term
I
can
imagine
some
sort
of
you
know
a
confidence
value,
but
I
think
in
the
short
term,
it's
the
you
know.
We
found
these
reviews
that
seem
to
be
the
most
relevant
ones
and
then
you
have
to
decide
if
you
actually
believe
the
match,
but
but
I
don't
see
how
else
to
do
it?
B
Cool
awesome,
so,
let's,
let's
have
that
topic,
be
the
first
one
that
we
talk
about
next
time,
because
that'll
be
around
the
right
time
to
push
that
forward.
Okay,
perfect
awesome!
Unless
there's
anything
else,
thank
you,
everyone
for
pretending
and
you
guys
have
the
great
rest
of
your
early
spring.