►
A
A
A
B
C
Yeah
yeah:
this
is
how
Emily
Bob
stand
up.
Munawa,
please
and
also
Excel
I,
don't
know
if
she
can
make
it
today,
but
we
were
working
on
preparing
virtual
submit
event
and
one
of
those
task
team
has,
you
know,
prepared
some
of
the
detailed
documentation.
Also
you
know
presentation
to
to
get
to
Media,
Tech
or
other.
You
know
working
groups
to
get
consensus.
Then
we
reached
out
to
a
little
Foundation
event.
C
Team
and
also
Brian,
thanks
for
joining
here
mentioned
that
there
are
certain
other
events
that
maybe
we
can
do
you
know
planning
or
you
know,
collaborate
together.
So
before
we
get
into
more
details,
I,
don't
know
anything
that
you
want
to
talk
about.
One
aspect
that
we
can
see
from
working
with
the
bigger
open,
SSS
group.
C
D
So
we
have
been
meeting
for
the
past
hi.
This
is
one
hour,
so
we
have
been
meeting
for
the
past
four
weeks,
four
or
five
weeks
regarding
to
to
iron
out
different
aspects
of
it
right
now.
The
idea
would
be
to
have
and
have
a
POC
kind
of
in-person,
a
virtual
event
in
mid
January,
with
a
small
group
of
participants,
a
small
group,
by
that
we
mean
about
10,
to
15
important,
open
source
projects
about
30
to
40
maintainers
of
those
projects.
D
This
would
be
an
invitation
only
event
about
for
three
to
five
hours
of
commitment
for
one
day,
and
it
will
be
done
in
a
workshop
format,
as
in
there
will
be
an
opening
remarks.
There
may
be
a
like
an
initial
presentation,
then
there'll
be
separate.
Working
groups
there'll
be
like
working
with
the
like
so
splitting
this
up
into
maybe
three
or
four
small
groups
where
we'll
be
talking
about
their
specific
pain
points,
their
stories
of
how
they
deal
with
security
issues,
incidents,
responses,
how
people
can
help
and
so
on.
D
So
those
are
those
would
be
the
the
the
goals
of
the
of
the
specific
working
groups.
Then
we
come
back
together,
we'll
have
a
panel
and
we
try
to
create
some
understanding
common
understanding
from
all
of
that
that
we
then
later
want
to
present
as
a
Blog,
some
sort
of
other
notes,
and
then
we
may
be
able
to
also
present
this
to
the
other
open
ssf
organizations
for
them
to
consume
this
information.
D
So
that's
kind
of
so
this
is
going
to
be
a
POC
I
I'm
using
the
time
POC
here,
because
this
is
we'll
just
try
this
out
in
a
small
scale,
with
the
help
of
Linux
Foundation
they're
like
event
stuff,
with
their
help,
will
create
a
like
virtual
Meetup
space,
where
we're
gonna
be
able
to
do
that.
We're
still,
we
still
haven't
had
the
meeting
with
the
Linux
foundation.
Events
folks.
D
Yet
so
that's
why
the
details
are
are
TBD
at
this
point,
but
once
we
have
these,
the
the
future
plan
would
be
to
perhaps
like
next
year
when
the
open,
ssf
event,
the
summit
actually
happens.
Then
we
can
also
have
a
try
this
out
as
an
in-person
event
down
the
line,
so
that's
kind
of
and
as
far
as
the
10
to
15
projects
that
we
want
to
be
participating
there.
D
We
also
want
to
include
the
RAS
Foundation
people,
maybe
have
those
people,
because
there's
already
a
link
with
that
I'm
working
with
Amir
to
like
basically
get
some
of
the
important
security
repositories
that
they
have
identified
like
Caleb
and
the
others
have
been
preparing
a
list
and
Amir
is
also
like.
The
Austin
is
also
doing
this
kind
of
reviews
for
the
past
year
or
so
so
he
has
already
gotten
interaction
and
personal
relationship,
perhaps
with
some
of
these
projects,
so
getting
some
of
those.
D
D
So
we
expect
to
get
a
list
completed
by
in
in
a
couple
of
weeks
and
I've
already
started
an
Excel
sheet
where
we
are
keeping
track
of
or
just
putting
ideas
at
this
point
like
okay
and
10
to
15
project
is
not
a
well,
it's
not
difficult,
but
still
like.
We
need
to
finalize
that
and,
most
importantly,
the
biggest
goal
up
front
right
now
is
to
have
that
meeting
with
the
Linux
Foundation
events.
Folks,
and
once
we
do
that
we
can
actually
finalize
the
date
and
then
start
circulating
people.
D
There's
also
other
aspect
of
we
want
to
invite
some
panelists,
so
we
are
figuring
out
like
Alex
and
ishel
and
and
Emily
has
been
figuring
out,
which
are
the
people
who
would
be
invited
in
the
panels.
Who
would
be
the
moderators
of
the
event?
We
would
also
have
to
figure
out
the
questions
Etc
beforehand
and
so
on.
So
there's
a
lot
of
tasks
that
are
also
going
on
preparing,
but
the
biggest
task
up
front
is
to
have
that
meeting
with
the
Linux
Foundation.
Then
we
have
an
actual
date
that
we
can
start
circulating
around.
E
Okay,
so
if
I,
if
I
understand
this
correctly,
it's
to
try
to
have
essentially
a
workshop,
that
is
fairly
on
the
small
side
right,
you
know
it's
15
projects
about
40
people,
it's
to
really
just
have
a
kind
of
a
listening
session
on
their
pain
points
on
I
mean
deciding
who
to
invite
with
what
those
15
projects
are.
You
can't
cast
The
Net
too
wide,
because
then
everyone
will
want
to
go.
E
You
don't
want
to
make
it
too
narrow,
because
then
there's
some
biases
I
mean
how
what's
the
process
that
you're
using
to
decide
who
the
right
set
of
15
are
and
and
frankly,
what
are
the?
What
are
the
goals
for
the
meeting?
I
mean
I
I,
see
it
in
the
presentation,
but
you
know
hearing
I
mean
there's
this.
This
is
saying
like
every
every
open
source
project
that
is
a
little
bit
broken
in
a
different
way,
very
much
like
tolstoy's
families
and
More
in
peace,
they're,
they're,
I
I.
E
You
know
each
of
them
broken
in
a
slightly
different
way.
So
I
you
know,
are
we
trying
to
learn?
What
are
we
trying
trying
to
learn
by
having
this
event?
I
guess
maybe
that's
explicit
in
the
deck
but
yeah
I
see
on
page
seven
in
the
deck
event
survey.
Maybe
this
is
a
good
way
to
try
to
say
what
what
you're
hoping
to
get
out
of
the
event
so.
F
This
is
intent
in
the
intent
of
the
pre-event
survey
is
to
kind
of
gather
information
from
maintainers
or
members
of
the
various
foundations
organizations
and
projects
to
understand
that
initial
set
of
concerns
care
abouts
areas
where
they
need
assistance.
The
structure
of
that
pre-event
survey
is
still
trying
to
be
determined.
It
might
be
beneficial
to
focus
on
the
alignment
structure
that
the
openssf
has
and
group
questions
in
those
similar
constructs.
F
To
really
understand
the
nuanced
pain
points
associated
with
each
of
those
core
areas
of
work
that
the
foundation
is
already
pursuing
to
ensure
both
that
maintain
feel
comfortable
with
the
members
and
leaders
of
the
foundation
that
are
driving
those
efforts
and
they
know
who
to
go
and
ask
questions
of,
but
also
do
it
to
kind
of
give
them
a
voice
to
any
potential
concerns
or
challenges
or
adoption
issues
that
they're
experiencing
and
taking
advantage
of
the
work.
That's
already
coming
down
out
of
the
foundation.
F
So,
basically,
ultimately
opening
up
the
lines
of
communication,
letting
them
know
where
the
correct
people
are
and
locations
and
the
work
that's
going
on
in
progress
and
ensuring
that
the
work
that's
being
done
within
the
foundation.
The
group
those
activities
are
well
received
or
positioned
to
be
better
received
by
those
maintainers
in
a
way,
that's
less
friction
for
them
to
adopt
right.
C
They
can
anything
when
I
understood
in
the
beginning.
If
we
have,
we
have
this
office
hours
that
taking
input
from
the
users
and
answer
questions
by
the
SMS.
This
could
be
a
like
a
Open
Mic
session
from
foundations
or
maintainers.
The
key
maintain
open
source
project
to
charity,
opinions
right
and
the
broadcast,
maybe
or
or
getter
inputs
from
you
know
the
communities.
C
A
E
E
They've
I
think
they
issued
an
interim
kind
of
report
on
the
first
kind
of
waves
of
that,
but
there's
more
to
digest
and
Stephen
Hendricks
on
the
research
team
has
been
kind
of
owning
this,
so
I
I
mean
I.
I
could
be
somebody
I
think
we
should
bring
in
and
just
so,
we
can
use
some
of
the
prior
research
and
some
of
the
prior
information
that's
been
gathered.
I
do
want
to
just
emphasize.
You
know
the
the
answers
you
get
from
this
work
will
vary
tremendously
based
on
the
people.
E
You
invite
and
thinking
carefully
about
I
mean
even
even
the
the
prioritization
that
decision
making
you
make
about
who
to
ask
will
weigh
heavily
on
the
outcome
and
so
I
think
it's
important
not
to
characterize
the
results
of
of
this
process
as
reflecting
either.
You
know
a
consensus
view
of
the
entirety
of
the
open
source,
Community
or
or
speaking
for
all
maintainers.
It's
really
just
here's
the
subs
of
the
folks.
We
happen
to
talk
to
you
know
and
who
self-select
it
really
to
participate
in
this
right.
E
You
know
some
sort
of
regular
process
for
kind
of
a
broad
fan
out
of
polling
of
maintainers
across
across
a
larger
group
in
some
ways,
so
just
kind
of
free
thinking
here
and
so
in
terms
of
like
burden
on
the
organization
to
support
or
what's
needed.
Let
me
put
it
that
way
to
for
us,
as
the
Linux
Foundation
or
as
open
ssf
staff
to
support
this.
It
doesn't
sound
like
it's
much
more
than
a
zoom
call.
E
It
sounds
like
you
all
would
probably
staff
this
in
terms
of
conducting
the
event
having
moderators
to
lead
breakouts
I,
you
probably
also
I'm,
assuming
digest
the
information.
That's
shared,
take
notes.
I
I,
have
you
know
some
sort
of
outcome
from
that
meeting
that
that
you
know
as
a
result,
if,
if
all
you're
asking
from
us
is
the
ability
to
host
this
on
Zoom,
you
know
and
and
and
maybe
a
little
bit
of
kind
of
production,
this
doesn't
sound
like
a
big
lift
at
all.
E
That'd
be
great
I
think
we
have
to
be
careful
about.
This
is
a
private
meeting,
so
we
have
to
have
the
any
trust
stuff
kind
of
pop
up
and-
and
you
know
have
one
of
us
on
staff
kind
of
attending
the
meeting
to
make
sure
things
don't
steer
in
the
wrong
way
just
to
keep
us
all
above
board,
but
other
than
that.
This
is
not
a
not
a
a
hard
thing.
We
don't
have
to
involve
I
believe
the
events
team
in
this
kind
of
thing,
which
would
incur
a
bunch
of
costs.
E
This
is
the
Linux
foundation.
Events
team
I'm
talking
about
the
ones
who
do
the
the
kubecon
events
and
OSS
events
and
the
like.
They
do
virtual
events
for
sure,
but
that's
more
in
the
vein
of
like
webinars
and
larger
group
things,
so
this
I
think
is
really
just
a
larger
version
of
this
kind
of
meeting
we're
on
right
now,
if
I,
if
I
understand
correctly,
unless
unless
I
misunderstand
anything.
E
For
survey
coordination,
so
there's
the
Linux
Foundation
to
research
team
headed
by
Hillary
Carter,
who
I
think
you
might
have
met
Stephen
Hendricks
works
for
her
as
well
and
they've
done
a
couple
of
these
kind
of
surveys.
They
were
the
ones
as
well
who
coordinated,
I,
I,
believe
coordinated
with
the
Harvard
Business
School
and
the
open
source
census
work.
E
Not
everything
has
to
go
through
them
or
anything
like
that.
I
don't
intend
to
I,
don't
mean
to
say
that
they're
a
gateway
to
anything
this
kind
of
thing,
but
what
I
would
like
to
do
is
take
this
to
Stephen
Hendrix
and
connect
this
to
some
prior
survey.
Work
that
had
been
done
and
I
think
he'd
find
this
really
fascinating
and
useful
and
I
hope
would
be
a
a
net
major
contributor
to
this
effort.
E
Okay,
no
I
first
found
out
about
this
from
some
research,
some
Outreach
that
have
been
done
to
Angela
Brown,
who
runs
events
at
the
LF,
and
then
she
turned
to
me
and
went:
have
you
heard
of
this
and
I
hadn't?
So
can
I
be
aware
of
this
now
and
I
think
we
can
support
you
directly
on
this,
rather
than
needing
to
involve
the
LF
events.
Team.
C
Sure
sure
yeah
we
we
actually
discussed
internally.
You
know
it
could
be
a
sufficient
way
to
zoom
too,
that
we
were
not
just
sure
how
many
audience
or
how
many
people
will
be
joining
so
just
trying
to
get
some
of
those
impotent
advices,
and
you
know
you're
going
to
want.
You
know
before
we
walk
we're
gonna
crawl,
so
sure
we'll
see
yep
yep.
E
In
in
Hillary
or
Stephen
might
actually
be
helpful
as
well
to
think
about
some
of
the
framing
and
how
to
ask
the
right
kinds
of
questions.
It's
actually
I
find
it
very
hard
not
to
ask
leading
questions
when
I
know
when
I
have
in
my
head
what
the
right
kind
of
answers
might
be
so
so
really
asking
questions
the
right
way
and
I
and
I
really
like
zoom's
support
now
for
breakouts
as
well,
that
that
seems
to
have
worked
pretty
well
in
a
couple
meetings.
C
E
Yeah
well,
I
think
what
I
would
do
is
ask
you
know
one
of
us
on
staff
to
be
to
be
the
host
for
this
meeting
and
the
host.
We
could
probably
share
a
co-host
with
a
couple
people
as
well,
and
that's
how
you'd
kind
of
manage
the
fan
out
the
different
breakout
rooms
and
when
to
bring
people
back
and
yeah
the
only
other
thing.
Oh.
E
C
E
Yeah,
it's
it's
to
the
point
where
we've
canceled
panels,
when
a
late
breaking
change,
we
could
not
guarantee
that
so
yeah,
okay,
good,
yep,
great
and
and
I
see
it
in
terms
of
panelists.
You
might
want
either
other
ossf
leadership
to
pretend
participate.
Maybe
somebody
from
the
governing
board
as
well.
E
For
a
small
Workshop
like
this,
just
looking
at
the
very
end,
finding
a
a
rock
star
I
mean.
Are
you
certain
you
need
somebody
who
I
mean
if
this?
If
the
focus
point
of
the
this,
this
three
and
a
half
four
hours
is
to
listen
to
the
maintainers,
do
you
feel
like
you
need
something
like
this
to
attract
the
right
level
of
maintainer
to
to
the
to
to
spend
a
half
day
with
us.
F
So
the
that
open
source
Rockstar
comments
within
the
slide
deck
was
more
along
the
lines
when
this
was
originally
scoped
to
be
significantly
larger.
Instead
of
the
smaller
event,
we
haven't
actually
rediscussed
whether
or
not
that
role
was
still
warranted,
given
the
higher
priority
focus
on
the
workshop
itself
and
on
the
panel
and
soliciting
that
comment
back.
E
That's
where
just
two
things
I'd
ask
one
is
that's
probably
where
we'd
start
to
involve
the
Linux
foundation,
events
team-
and
that
means
thinking
about
a
budget
assigned
to
this
and
and
needing
to
reconcile
that
with
with
other
things
and
second,
it's
thinking
about
this
event
in
the
context
of
other
open,
ssf
events
through
the
course
of
the
year,
you
know
we
we,
like
we
like
doing
events
we
like
pulling
people
together,
I
think
it's
important.
We
also
don't
want
to
burn
people
out.
E
We
know
travel
budgets
well,
this
is
virtual,
so
it
doesn't
quite
fall
into
that.
But
you
know
we.
If
we
say
this
is
the
one
event
for
maintainers
to
attend
in
the
year.
We
want
that's,
you
know
we
want
to
make
sure
that
that
really
is
the
one
event
we
want
to
pull
people
to
right,
and
so
we
have
to
think
about
this
in
context
with
open
ssf
days
and
other
things
if
it
were
to
be
more
of
a
bigger
public
event.
But
we.
F
B
C
D
Sorry,
switching
topics
so
just
to
keep
everybody
on
the
same
page
as
as
we
are
because
there
will
be
a
lot
of
these
decisions
that
we
are
taking.
Do
you
suggest
that
we
create
like
a
mailing
list
of
people
and
then
like
use
that
to
circulate
the
like,
for
example,
the
date
or
other
information
around,
or
how
do
we
keep
everybody
informed.
E
Well,
so
there
should
be
a
a
a
place
for
the
planners
to
discuss
this
I
do
see
the
the
slack
channel
here.
The
ritual
Summit
maintainers
are
critical,
open
source
projects.
You
may
want
to
use
that
and
then
there
might
be
a
second,
either
Channel
or
or
other
facility.
You
provide
to
communicate
with
the
40
maintainers,
who,
presumably
you
want
to
confirm
in
some
way
register
in
some
way
and
yeah
we
can
get
that
set
up
for
you.
E
D
We
are
but
I
I
was
more
thinking
like
how
do
I
Michael
is
probably
in
that.
So
sure,
maybe
we
include
you
in
that
channel.
So
how
do
we
get
like
more
people,
for
example
like
for
you
to
be
informed
about
stuff
or
people
like
Stephen,
Hendricks
or
Hillary
Carter?
That
you
mentioned
him
also
involved
like?
Is
that
just
invite
them
to
the
channel.
E
First
off,
let
me
talk
to
them.
Explain
the
context
for
this
I
figure
out
how
they
want
to
divide
this,
probably
just
one
or
the
other
of
them,
you
know
would
be
involved
and
and
I
think
they'd
be
in
a
supportive
role
rather
than
a
coordinating
role
and
then
there'd
be
somebody
else
for
my
team,
probably
kahil,
but
let
me
figure
out
who
who
I
would
assign,
as
the
kind
of
person
responsible
from
the
open
ssf
staff
for
making
sure
this
event
happens
and
then
and
then
facilitating
the
event
directly.
C
B
C
E
I
push
back
on
that
just
a
bit,
I
mean
it
sounded
like
at
least
from
the
deck
that
I
saw
the
design.
The
idea
was
that
it
was
a
40-ish
maintainers
from
1500
projects
and
it'll
be
a
small
Workshop
kind
of
setting.
So
I
presume
you
wouldn't
want
publicity
for
this
or
an
open.
You
know
invite
we'd,
probably.
F
E
A
H
Yeah,
hey
hello,
everyone,
so
we
we
don't
have.
We
have
not
made
so
much
progress
on
this
one,
we're
still
working
on
the
MVP.
How,
then
we
will
look
like
I
know:
we've
been
working
on
that
Google
doc,
but
yeah.
So
that's
one
portion
of
it
and
the
second
thing
that
I
need
is
regarding
that
Sig.
So
what
we
want
to
do
it
is.
H
We
want
to
set
up
a
mailing
list,
but
we
just
don't
know
and
again
sorry
I'm
I'm,
not
familiarized,
with
the
processes
like
who
are
the
people
part
of
it
and
whom
to
keep
in
the
loop
and
where
to
seek
out,
for
you
know
like
help
in
terms
of
the
feedback
and
all
that,
so
that
is
still
in
flux.
So
those
are
the
some
of
the
topic
I
had
okay,
so
so.
A
A
E
A
A
E
They
just
want
to
be
informed
about
it
and
and
what
we're
doing
is
bringing
this
to
them
for
for
to
invite
them
to
be
involved
in
the
process.
I'm.
Just
aware
a
little
bit
of
the
sensitivity,
this
you
know,
neurops
the
Linux
Foundation
employee
and
one
of
the
things
we're
really
trying
to
do
is
make
sure
that
this
comes.
H
Yeah,
like
a
main
help,
I
needed
is
like
I,
have
a
vision.
The
way
we
had
it
from
the
stream
to
perspective,
but
like
the
vision,
is
slightly
getting
changed
right
because
it's
more
around
community
and
all
that
so
so
the
main
thing
I
need
help
from
product
perspective.
In
defining
this
MVP
and
I
know
azim
and
his
team
is
helping
me
on
this
one,
but
in
addition
to
azim
right,
like
I,
would
like
to
get
more
feedback
and
I
know.
H
H
A
H
Is
that
yeah?
So
let
me
share
my
screen
so
that
way,
so
what
I'm
proposing
is
so
this
is
something
like
a
like
a
high
level
plan
that
we
had
it
right
and
then
azim
and
Brian
has
provided
feedback
on
strategy
missing
and
vision.
That's
all
great!
So
now
we
are
at
the
stage
like
for
next
three
months
right
like
what
should
we
focusing
on
the
action
item
that
we
had?
It
is
let's
make
sure
that
we
Define
our
MVP.
H
What
exactly
we
are
trying
to
build
right
and
make
sure
everyone
is
online.
So
we
just
need
a
feedback
around
that
like
around
these
some
of
these
points,
because
I
don't
want
like
I
Define,
something
and
then
become
a
part
of
it
right
like
so,
I
want
more
feedback
around
it
so
that
we
can
clearly
Define
the
vision
for
the
product.
A
H
H
A
H
H
I
Yeah
I
can
give
like
a
very
brief
context
here.
Right
so
I
mean
I
like
this
is
my
wording
so
feel
free
to
words,
method
or
like
change
it
completely,
but
I
I
feel
like
we
are
building
this
solution
more
for
the
open
source
consumers,
rather
than
maintainers
right,
like
I'm,
assuming
the
solution
that
we're
building
is
for
anyone
planning
to
consume
open
source.
I
How
often
contributors
are
making
contributions
and
all
of
these
things
right
so
I
feel
this
is
more
targeted
toward
consumers
and
the
answers
they
want
to
know
about
like
how
does
the
overall
health
of
this
community
look
like
what
kind
of
practices
are
they
following
and
stuff
like
that,
so
yeah
just
wanted
to
get
an
understanding
of
like?
Does
that
fit?
Well,
with
what
folks
are
thinking
about
the
dashboard
here
or
like
you
know,
maybe
we
are
completely
off
or
other
personas
that
we
are
missing.
B
Yeah
yeah.
Sorry
thanks
so
yeah
I
assume
when
we
started
this
initiative
right
like
we
were
looking
for
the
replacement
for
metrics
and
at
the
mattress
of
millions
of
components
like
why
we
are
restricting
the
10
000
critical
component
repositories.
I
mean
it's
just
about
repository,
so
it's
a
package
or
components
like.
H
I
A
H
C
B
H
Yeah,
so
we
have
not
defined
there
like
the
from
the
implementation
perspective
right
now.
So
what
we
thought
is:
okay,
let's,
let's
figure
out
first,
what
we're
trying
to
build,
what
we're
trying
to
solve
and
then
from
there
we'll
we'll
discuss
more
from
the
implementation
perspective,
so
that
is
where
I
have
defined
it,
like
the
part
of
it.
Yeah.
B
I
was
going
to
ask
too
for
the
level
of
detail
where
we
start
thinking
about.
You
know
what
is
that
that
kind
of
user
journey
and
I
know
there's
a
couple
of
personas
described,
but
if
we
we
flesh
that
out
further
like
thinking
about
how
people
even
discover
this
dashboard,
how
they're
going
to
to
return
to
it
and
use
it
on
a
regular
basis?
Is
that
something
you
know
that
would
be
under
say
stage
three
or
would
you
think
that
that
should
be
included
a
little
bit
earlier?.
H
Yeah
like
like,
so
there
is
no
like
guarantee
in
the
order
Brian
like,
but
yeah
I
definitely
would
be
included
part
of
stage
three,
but
we
can
kind
of
change
the
order
right.
We
can
start
that
first,
but
yeah
like
the
idea
here
is
that
as
a
user
right
like
what's,
the
user
Journey
looks
like
and
what
are
the
things
that
user
is
trying
to
solve
right.
So
those
are
the
things
that
we
want
to
focus
yeah,
but
the
order
is
not
guaranteed.
We
can
change
it.
A
So
something
that
we
talked
about
in
the
past
and
and
I
think
there
were
strong
opinions
on
both
sides
of
this.
But
is
this
a
just
the
facts
dashboard
or
are
we
willing
to
give
it
a
score?
Give
it
a
grade,
A,
B,
C,
D
and
and
I
think.
The
reason
that's
important
is
what
what
I've
seen
in
I
mean
a
lot
of
dashboards.
You
know
you
you
you
you've
had
three
commits
in
the
past
12
months.
Is
that
good?
A
A
A
E
How
much
churn
has
there
been
since
then?
What
was
the
result
of
that
third
party
audit,
like?
Let
me
see
the
report
and
understand
that
lead
to
cves
or
or
bugs
being
closed.
You
know
think
about
other
sources
of
objective
data
right.
The
the
chaos
metrics,
for
example,
other
things,
in
fact
having
a
rich
law
library
of
things
that
feed
into
this
data
set
is
something
that
open
source
would
be
great
at
helping
us
build
having
us
common
data.
E
You
know
off
a
copy
of
the
data
set
or
otherwise
you
know
it's
the
best
way
to
Fan
this
out
and
I
think
allow
for,
for
you
know
some
of
that
to
those
questions
answer
themselves.
I
would
shy
away
from
just
from
a
as
a
as
a
diplomat
shy
away
from
having
a
the
MVP
focus
on
saying
here
is
your
credit
score.
You
know,
you
know
this
project
scores
700.
You
know
this.
One
scores
435.
E
I,
think
showing
here
is
a
picture
of
the
different
objective
data
and
the
numbers
and
and
what
you
know
what
what
how
that
relates
to
other
projects
is
very
useful,
but
I
think
knowing
what
are
the
specific
weights
to
lead
to
an
overall
score
is
a
very
charged
conversation
you
might
want
to
just
defer
for
now
and
I.
Don't
know
that
it's
necessary
to
demonstrate
the
impact
of
this.
I
Yeah
I
I
think
I
was
about
to
make
the
exact
same
point
that
you
mentioned,
like
purely
strategically
speaking,
I
I
think
it's
it's
a
hard
problem
to
start
with,
to
say,
let's
have
a
cumulative
score,
especially
given
that
not
all
the
sources
are
guaranteed
to
be
there
for
every
single
project.
So
purely
from
a
strategy
point
of
view,
it
seems
like
might
be
worth
punting
on
that
problem.
A
F
Is
often
a
conversation
that
I've
had
with
other
individuals
out
in
Industry
about
what
is
the
security
health
of
a
project
and
a
lot
of
folks
go
back
to
how
active
it
is,
and
it's
entirely
project
dependent
and
it's
based
off
of
that
maintainer.
So
I
fully
expect
that
whatever
comes
out
of
this,
there
will
be
various
government
agencies
or
regulatory
bodies.
Looking
at
this
to
establish
security,
health
indicators
for
their
own
requirements
and
Frameworks.
So
whatever
we
do,
we
need
to
be
very
cautious
and
provide
due
diligence
and
the
justification
for
applying
it.
A
E
A
Oh,
are
you
gonna
be
transparent
about
what
led
to
it?
No,
no
sorry,
yeah
I
I
meant
even
at
the
at
the.
What
what
does
if
I
say
that
the
log4j
has
had
active
contributions
in
the
past
three
months?
Well,
what's
the
contribution
is
that
a
code
commit
is
it
emerge?
Is
it
a
issue?
Is
it
a
smiley
face
on
an
issue
and
having
that
be
so
even
at
the
at
the
objective
level,
yeah
being
transparent
and
what
what
what
things
mean?
It's.
E
Both
in
spirit
of
this
project
and
I
think
important
to
deflect
criticism
that
every
time
you
show
a
bit
of
data
somebody's
able
to
drill
down
and
understand
where
that
data
came
from
yeah.
What's
the
algorithm
that
led
to
you
know
this
score,
you
know
and
the
scorecards
conversations
about
what
do
those
numbers
mean
and
what's
the
weighting
of
all
the
different
things
you
look
at
that's
going
to
get
the
more
that
scorecards
gets
used
out
there
in
meaningful
ways,
the
more
charged
those
conversations
are
going
to
become.
E
About
this
project,
every
time
I
talk
about
the
metrics,
dashboard
work
and
the
scorecards
work
with
people
lights
go
off
in
ways,
you
wouldn't
believe
even
people
who
aren't
programmers,
people
who
think
about
you
know
once
they
realize
not.
You
know
open
source
software
is
pretty
secure
by
and
large,
but
there's
a
wide
variance
in
some
of
the
objective.
You
know
realities
on
the
ground
of
between
different
projects.
They
go
well.
How
do
I
learn
more
and
I?
You
know
how
do
we
learn
more
about
about
that?
Is
it's
just.
E
G
So
even
though
that
it's
actionable
will
be
will
be
good
as
well,
and
the
second
point
I
wanted
to
make
is
that
there
are
there's
a
different
working
group
called
like
the
in
within
the
open
ssf
called
the
best
practices
working
group
that
put
together
like
a
concise
guide
for
evaluating
open
source
software.
Perhaps
some
of
this
work
here
can
then
be
like
channeled
back
into
either
updating
that
data
actually
giving
guidance
to
how
this
dashboard
could
work
together
with
that
to
make
more
informed
decisions.
A
H
No
I
think
no,
we
don't
need,
but
other
than
that
I
think.
The
main
thing
we
need
is
just
helping
defining
this
MVP
I'm
gonna
sync
up
with
couple
of
folks
offline
but
yeah
continue
to
add
your
comments
on
this
Doc
and
then
wolf
for
the
brainstorm
on
it
looks
like
we
know,
there's
something
to
share.
G
H
Yeah
yeah,
so
yeah
I
have
not
said
it
about
anything.
So
Brian
is
going
to
help
me
instead
of
the
mailing
list
and
zoom,
and
then
I
need
to
work
on
the
timing
with
everyone
like
what
time
would
work
for
everyone,
and
then
I
was
hoping
that
during
that
call
we'll
continue
to
work
on
defining
this
MVP
further.
I
A
Like,
oh
so
so
so
the
the
Sig
I
is
a
and
someone
who
knows
better
than
I
correct
me
if
I'm
wrong
here.
This
thing
is
a
very
Loosely
defined
thing
still,
so
this
the
the
Sig
exists
have
meetings
whenever
you
want,
preferably
on
the
community
calendar,
so
other
folks
can
join.
You
do
not
need
permission.
I
H
B
J
Yeah
so
I'm,
just
just
thinking
about
the
the
order
of
the
next
steps
right,
I
I,
don't
believe
we
we
I
think
both
of
these
things
can
happen
simultaneously.
The
the
what
we
need
to
do
with
attack,
but
then
also
I,
think
we
can
go
to
either
jury
or
Khalil
to
actually
get
a
meeting
set
up
on
the
calendar.
A
A
B
A
If
you
have
not
volunteered
or
if
you,
if
you
don't
know
that
you
volunteered
ping
Marta
in
slacker
or
whatever
to
volunteer,
please
please
show
up
I'm
I'm,
hoping
that
you
know
this
is
a
very
first
pilot,
so
we'll
see,
but
no
I
think
this.
This
would
be
good,
and
the
purpose
of
this
is
that
one-on-one
connection
with
open
source
maintainers
that
need
help
in
anything
related
to
security,
so,
like
like
true
officer,
is
just
kind
of
stop
by
and
chat
so.