►
From YouTube: Memory Safety Sig (June 22, 2023)
A
A
B
A
A
A
A
A
All
righty:
well,
let's
go
ahead
and
get
started,
so
you
have
a
standing
agenda
item
to
welcome
new
friends,
though
I
think
everyone
in
the
meeting
currently
is
a
is
a
a
long
time.
Openssf
memory,
safety,
Sig
person,
so
welcome
back
everybody,
I
I
would
like
some
help.
If
someone
might
be
willing
to
take
notes
because
I
have
found,
it
is
impossible
for
me
to
take
notes
and
talk.
At
the
same
time,.
A
A
C
A
A
All
right-
and
we
are
starting
out
by
reviewing
crobe's
pull
requests
around
education,
and
we
have
one
outstanding
comment
which
is
standardizing
another
memory,
space,
safe
or
memory
hyphen,
safe
and
I.
Think
that
is
a
good
matter
for
discussion.
I
more
regularly
see
memory,
space,
safe,
I
believe
but
I'm
wondering
what
other
people's
experience
might
be.
B
B
A
C
A
B
A
A
A
A
A
Chrome
I'm
not
going
to
ask
you
to
do
that
for
the
entire
or
to
let's
do
the
subs
in
for
the
entire
doc
I'm
happy
to
do
that.
But
if
you
could
standardize
in
within
your
change,
that
would
be
fantastic
and
I'll.
Take
an
action
item
to
standardize
the
language
in
the
larger
dock
and
probably
move
or
copy
this
into
the
readme
for
future
reference.
D
Thanks
so
I
have
a
general
question
about
the
crops
PR
since
the
The
Proposal
was
to
propose
to
create
referenced
library
in
the
education
material
on
Etc.
My
question
is:
do
we
only
propose
to
create
such
material
or
do
we
also
want
to
maybe
reach
out
to
universities,
colleges,
education
or
organizations
to
favor
memory,
safety
over
memory,
unsafe
or
sorry
so
to
favor
memory,
safe
languages
right
in
their
existing
materials
and
courses?.
F
I
think
that's
a
good
addition.
I
will
say
trying
to
influence.
Collegiate
curriculum
is
challenging,
but
that
doesn't
mean
because
it's
hard,
we
shouldn't
try
doing
it.
I
think
that's
a
good
yeah
and
maybe
through
some
of
our
other
work
like
through
the
evangelism
of
going
out
and
doing
conference
presentations
or
having
blogs
and
webinars.
We
can
help
try
to
influence
the
larger
conversation,
but
also
approach
Academia
to
see
if
we
can
get
them
to.
You
know
value
these
types
of
training
over
over,
not
memory
safe
languages.
A
An
ally
we
might
have
there
there's
a
professor
at
Portland,
State
University,
who
has
has
a
curriculum
on
Rust,
which
I
believe
covers
memory
safety
in
it.
It
could
be
a
good
Ally
to
team
up
with
or
use
some
of
his
work,
with
his
permission
of
course,
or
give
feedback
on
it,
that
that
would
be
a
good
opportunity.
I
think
thanks.
A
And
then
for
invest
in
tools,
specifications
which
Gabby
said
he
will
contribute
to
it.
Gabby
sent
me
regrets
before
this.
Just
he's
not.
He
had
a
conflict
today
with
a
I
think
a
c
plus
specification
meeting
so
I
I
know
his
area
of
expertise
is
C
plus
plus.
Are
there
any
others
that
I
I,
you
know
Josh
I
could
see.
Adding
in
some
of
your
work
into
here
might
be
might
be
good.
A
D
A
C
E
C
E
They
don't
have
nice
dependency
management,
so
adding
dependencies
of
the
pain.
So
you
get
short
chains,
but
you
pay
a
bunch
of
other
prices
for
that.
So
one
of
the
things
we're
running
into
is
that
these
operating
systems
are
kind
of
holding
up
and
surprise
at
the
new
dependency
situations.
Well,
you
know
the
C
version
of
this
program
has
like
six
dependencies
and
the
rust
version
has
you
know
50.,
maybe
more
than
that.
C
G
E
How
do
we
know
you
know?
Do
we
have
to
take
responsibility
for
all
50
dependencies
and
back
Port
all
fixes
for
the
next
10
years?
And
is
this
reasonable,
like
I,
think
the
next
big
thing
we're
going
to
run
into?
Is
this
kind
of
stuff
from
operating
systems
where
there
are
kind
of
there
are
a
few
different
possible
solutions,
one
of
them
being
like
rethinking
how
operated
systems
think
about
dependencies?
F
I,
don't
know
if
the
group
wants
to
adopt
that
as
part
of
our
mandate,
but
I
think
we
definitely
need
to
document
that
as
a
risk
to
long-term
adoption,
and
maybe
we
agree.
We
think
we
want
to
try
to
help
influence
the
distros,
but
we
definitely
should
document
that
as
a
risk
to
consumers
having
access
to
memory
safe
software.
B
A
A
A
A
All
right
so
I
have
a
maybe
a
you
know,
kind
of
bigger
question,
bigger
picture
question
for
krobe,
but
you
know
assuming
we
get
in
the
missing
examples,
assuming
we
add
in
the
education
section
and
a
few
others.
What
else
is
needed
from
us
for
this
to
be
considered
the
revised
language
in
the
plan
for
us
to
ship
it
whatever?
That
means.
F
What
so
the
mobilization
plan
is
a
currently
interesting
in
an
interesting
state,
but
for
this
group's
efforts
we
would
want
to
make
sure
that
everybody
is
participating,
has
reviewed
the
totality
of
the
plan
and
endorses
it
may
make
sure
we
get
any
final
changes.
I
would
then
share
it
with
the
best
working
group.
You
know
for
their
art
to
an
RFC
there,
and
then
we
can
present
it
to
the
TAC
saying
this
group
has
gone
through
this
exercise.
F
We've
done
these
revisions
and
here's
our
proposal
for
the
next,
the
future
next
draft
of
the
mobilization
plan,
and
that
way
when
that
effort
picks
up
later
this
year,
they
can
just
wholesale
grab
this
kind
of
plug
it
in
and
incorporate
it
into
the
rest
of
the
work.
Now,
if
we
were
looking
for
specific,
like
funding
like
if
we
thought,
if
we
had
50
bucks
in
a
Starbucks
gift
card,
we
could
make
a
change.
F
That's
a
slightly
different
process
and
I
I
don't
have
a
high
degree
of
confidence.
We
can
get
funding
right
now,
but
omkar.
The
new
executive
director
is
working
on
planning
his
2024
budget
proposal.
So
if
we
did
have
something
we
felt
very
strongly
about
that
could
have
a
large
impact.
We
would
want
to
start
to
think
about
in
our
plan
and
document
what
we
think
costs
or
resource
needs
would
be,
and
that
way,
when
we
start
the
budget
talks,
we
would
be
prepared
and
just
ready
to.
E
F
Hey,
you
know,
we've
got
an
idea
that
needs
funding,
but
we
consider
this,
but
the
the
mobilization
plan
itself
will
be
they'll
start.
We
will
start
rewriting
it
towards
the
end
of
the
year
and
you
know
ideally
we'll
be
done
with
our
collaboration
and
we'll
be
happy
with
it,
and
we
can
still
do
if
we
want
to
continue
to
work
on
things
that
have
no
cost
great.
We
can
continue
to
do
that,
but
we'll
have
that
the
wording
ready
that
they
can
just
kind
of
pick
up
and
drop
in.
A
Got
it
I
think
it
would
be
good
to
you
know
for
next
meeting?
Maybe
not
the
final
final
review,
but
you
know
plan
on
reviewing
the
language
as
a
whole,
see
if
there's
any
more
changes,
we
want
to
make
make
those
changes
and
then
I
could
add
those
in
a
pull
request
and
then
we
could
asynchronize
I
could
put
check
boxes
with
people's
names.
We
could
asynchronously
ask
people
to
sign
off
on
it
by
clicking
their
check
box.
A
E
E
E
Most
of
them
have
sort
of
started
with
the
basics
and
talked
about
some
other
relatively
basic
material.
The
goal
here
is
to
not
recover
that
ground,
but
to
assume
that
everybody
coming
is
familiar
with
the
basics
and
the
Dynamics
like
we
don't
need
to
talk
about
how
70
of
vulnerabilities
are
memory
States
or
whatever
we're
going
to
skip
past
that
stuff
and
spend
the
day
focusing
on
some
of
the
really
hairy
questions
that
we
need
to
answer,
and
so
it'll
be
very
focused
discussion.
E
G
E
E
F
Yeah
I
think
we
maybe
we
make
it
an
action
item
for
ourselves
that
Emilio
once
the
plan
is
done,
we
maybe
go
approach
the
distros
and
say
you
know
this
is
a
problem.
We're
see
we're
trying
to
help
solve
you
know
what
do
we
think?
How
can
we
get
this
integrated
into
product
roadmaps?
And
you
know,
there's
you
know
things
like
plumbers
or
Dev,
comp,
there's
a
lot
of
conferences
where
we
may
want
to
potentially
submit
an
abstract
or
a
panel
to
start
to
encourage
more
Community
participation
in
this
as
well.
E
Yep
we've
started
talking
with
some
of
the
distros
in
general.
I
got
the
impression
that
individual
Engineers
within
the
projects
have
quite
wildly
varying
perspectives
on
how
this
should
happen
and
there's
no
General
policy
and,
in
the
end,
it's
hard
to
get
anything
through
I'm
I'm,
working
on
a
blog
post
that
lays
out
in
more
detail
what
exactly
the
issues
are
here
and
what
the
potential
Solutions
are
so
hopefully
I'll
have
that
out
and
then,
by
the
time,
the
time
November
rolls
around
will
be
closer
to
being
able
to.
You
know,
identify
specific
Solutions.
B
E
B
D
D
E
We
are
very
interested
in
having
Microsoft
people
there.
We
have
been
talking
a
lot
with
Rec
Center,
Rich's
team
and
also
the
people
who
do
like
TLS
and
cryptography
and
stuff
like
that
at
Microsoft.
So
we've
got
good
partition.
Participation
from
Microsoft
already
but
happy
to
have
more
obviously
figuring
this
out
for
Windows
would
be
a
big
deal.
C
F
Another
idea
we
can
do
leveraging
the
foundation.
We
could
potentially
create
some
type
of
virtual
Workshop.
We
did
a
maintainer
summit
where
we
were
talking
to
Upstream
maintainers
about
security
before
the
end
of
last
year.
So
maybe
we
organize
something
similar
where
maybe
this
group
would
come
in
and
help
facilitate
the
conversation
and
you
know
directly
reach
out
to
maintainers,
and
you
know
distro
representatives
and
try
to
have
the
conversation
you
know.
In
addition
to
you,
know
the
conference
and
any
other
conferences
we
want
to
do
that's
another
idea.
E
A
B
A
I
will
give
you
the
I
I,
can
there's
a
foundation
board
member
there's
information
on
privacy
that
I
obviously
can't
share,
but
so
with
the
way
I
summarize,
it
is
Russ's
rapid
adoption
and
growth
over
the
past
couple
years,
outgrew
its
previous
governance
policy,
our
previous
governance
structure.
That
structure
was
stressed
to
breaking
a
couple
of
years
ago
and
a
or
about
a
year
and
a
half
ago,
and
so
a
group
of
people,
various
team
leads
from
around
the
rust
project,
got
together
to
put
together
a
new
governance
system.
A
That
system
is
now
in
place.
There's
a
new
Leadership
Council
in
place.
It
just
was
put
in
place
like
a
couple
weeks
ago
at
most
became
official.
So
the
new
government
mince
process,
which
is
you
know,
know
designed
by
very
very
dedicated
community
members
to
be
able
to
operate
at
the
scale
that
rust
is
used
and
developed
on
at
this
time.
A
So
like
any
major
open
source
project
when
it
reaches
a
certain
threshold
of
adoption,
The
Growing
Pains
get
very,
very
painful,
and
yes,
things
broke
about
a
year
and
a
half
ago
or
so
pretty
badly.
But
now
it
is.
There's
a
new
structure
in
place
and
I'm
highly
confident.
It's
going
to
be
much
better
going
forward.
B
A
D
I
wonder
what
what's
next
right
for
this
thing
after
we
do
the
revised
checks
right,
so
in
other
six,
we
started
breaking
that
up
into
a
more
concise
plan
right,
so
we
took
each
one
of
the
sections
we
even
broke
out
into
substicks.
If
you
want
to
really
chew
on
that
and
bring
a
real
plan
for
each
one
of
those
sections
that
what
we
think
would
come
next
and
how
does
that
relate
to
what
formal
thing
before
about
the
funding
or
not,
funding.
A
I
think
the
next
step
will
be
that
researching
and
recommending
initiatives
for
funding
by
the
open
ssf
and
then,
following
on
from
that
I'm,
it's
very
open.
We
can
discuss
tooling
whether
we
want
to
invest
developer
effort.
We
have
several
developers
on
this
call
in
that
tooling
evangelizing
and
you're,
creating
education,
materials
or
consolidating
existing
educational
materials
and
linking
to
them
with
full
credit.
Of
course,
I
think
it's
it's
quite
open
what
we
can
do
next.
F
We
can
take
this,
however
far
you
want,
if
you
just
want
to
do
the
simple
rewrite.
That'll
be
very
much
appreciated
because
again,
we've
learned
stuff
over
the
last
year
and
a
half
that's
excellent
feedback,
but
if
we
wanted
to
make
a
prescriptive
plan
or
if
we
wanted
to
figure
out
tools
or
investment
opportunities,
I
think
that's
also
a
thing
for
us:
I
love
the
idea
of
evangelism
and
getting
the
word
out.
Maybe
we
do
a
set
of
office
hours
kind
of
memory,
safety.
F
We're
very
soon
going
to
have
a
devrel
community
focused
on
the
developer
experience
and
how
to
get
folks
access
to
the
tooling
and
process
and
learnings.
So
that's
another
Avenue
for
us
that
potentially
once
that
gets
spun
up,
maybe
we
try
to
get
an
invite
there
to
see
the
table
to
kind
of
put
this
in
as
an
agenda
item
it's
that
group
talking
about
and
how
to
get
raise
that
developer
awareness
more
directly.
A
All
right
well,
thank
you
so
much
for
joining
us.
Those
of
you
watching
on
YouTube,
because
I
know
people
do
thank
you
for
watching
this
and
I
hope
you're
able
to
come
to
a
meeting
whenever
you
can
or
join
us
in
the
streamo4
memory
safety,
slack
Channel
within
the
openss
slack
or
open
ssf,
goodness,
gracious
Slack
all
right!
Thank
you!
So
much
everyone
have
a
wonderful
rest
of
your
day.