►
From YouTube: Memory Safety Sig (June 22, 2023)
A
Yeah
but
yeah
the
surgery
I
had
addressed
some
chronic
pain
and
the
pain
is
almost
if
not
completely
gone,
so
it
was
100
worth
it.
So
I'm
feeling
really
really
good.
I
forgot
what
life
was
like
without
that?
Yes,.
D
He
got
me
for
30
minutes
today.
I
got
a.
A
I'm
just
moments
to
join
and
putting
together
a
tiny
bit
of
an
agenda.
A
B
A
E
I,
don't
need
to
do
it
immediately
or
at
all
if
we
don't
have
time
it's
up
to
you.
A
Yeah
I
just
put
a
link
to
the
notes
and
agenda.
If
you
want
to
add
that
under
the
agenda
for
today,
which
is
the
22nd,
please
feel
free.
A
And
if
people
want
to
mark
their
attendance,
please
feel
free
to
do
that
as
well.
A
A
A
All
righty:
well,
let's
go
ahead
and
get
started,
so
you
have
a
standing
agenda
item
to
welcome
new
friends,
though
I
think
everyone
in
the
meeting
currently
is
a
is
a
a
long
time.
Openssf
memory,
safety,
Sig
person,
so
welcome
back
everybody,
I
I
would
like
some
help.
If
someone
might
be
willing
to
take
notes
because
I
have
found,
it
is
impossible
for
me
to
take
notes
and
talk.
At
the
same
time,.
A
All
right-
and
let's
talk
a
little
bit
about
some
in
progress
work
in
particular
croes
pull
request
to
the
memory
safety,
repo
and
I
will
go
ahead
and
share.
My
screen
on
this
I
can
remember
where
the.
A
C
A
Is
all
right
and
let's
not
that
screen?
Let's
share
this
all
right,
oh
hi,
abhishay
and
I
do
want
to
do
a
quick
call
out
and
thank
you
to
avishay
for
running
the
meetings.
In
my
absence.
A
All
right-
and
we
are
starting
out
by
reviewing
crobe's
pull
requests
around
education,
and
we
have
one
outstanding
comment
which
is
standardizing
another
memory,
space,
safe
or
memory
hyphen,
safe
and
I.
Think
that
is
a
good
matter
for
discussion.
I
more
regularly
see
memory,
space,
safe,
I
believe
but
I'm
wondering
what
other
people's
experience
might
be.
B
B
It
also
makes
it
makes
documents
easier
because
embedded
spaces
perfectly
normal
in
a
real
system,
not
so
good
on
giving
them.
For
example,
FairPoint.
A
Thank
you,
yeah
I
do
think
it.
You
know
it
might
it's
more
grammatically,
correct
I.
Do
also
think
you
know
being
consistent
with
what
is
more
commonly
used
is
good
as
well,
but
I
am
very
open
to
either
possibility.
C
A
Oh
I
forgot
I
can't
see
that
when
I'm
sure
machine.
A
B
A
A
Okay,
I'll
just
add
that,
does
anyone
have
any
objections
to
that?
I
should
say.
A
All
right
well,
I'm
gonna
is
the
word
unsafe.
Okay,
gotcha.
A
Developing
memory
safely
reads
a
little
odd
to
me.
Yeah
I
I
can
definitely
see
that
okay,
so
not
Memories
safely.
A
A
Any
other
thoughts
on
this
or
does
anyone
have
objections
to
standardizing
on
these
four
principles.
A
Chrome
I'm
not
going
to
ask
you
to
do
that
for
the
entire
or
to
let's
do
the
subs
in
for
the
entire
doc
I'm
happy
to
do
that.
But
if
you
could
standardize
in
within
your
change,
that
would
be
fantastic
and
I'll.
Take
an
action
item
to
standardize
the
language
in
the
larger
dock
and
probably
move
or
copy
this
into
the
readme
for
future
reference.
A
D
Thanks
so
I
have
a
general
question
about
the
crops
PR
since
the
The
Proposal
was
to
propose
to
create
referenced
library
in
the
education
material
on
Etc.
My
question
is:
do
we
only
propose
to
create
such
material
or
do
we
also
want
to
maybe
reach
out
to
universities,
colleges,
education
or
organizations
to
favor
memory,
safety
over
memory,
unsafe
or
sorry
so
to
favor
memory,
safe
languages
right
in
their
existing
materials
and
courses?.
F
I
think
that's
a
good
addition.
I
will
say
trying
to
influence.
Collegiate
curriculum
is
challenging,
but
that
doesn't
mean
because
it's
hard,
we
shouldn't
try
doing
it.
I
think
that's
a
good
yeah
and
maybe
through
some
of
our
other
work
like
through
the
evangelism
of
going
out
and
doing
conference
presentations
or
having
blogs
and
webinars.
We
can
help
try
to
influence
the
larger
conversation,
but
also
approach
Academia
to
see
if
we
can
get
them
to.
You
know
value
these
types
of
training
over
over,
not
memory
safe
languages.
A
An
ally
we
might
have
there
there's
a
professor
at
Portland,
State
University,
who
has
has
a
curriculum
on
Rust,
which
I
believe
covers
memory
safety
in
it.
It
could
be
a
good
Ally
to
team
up
with
or
use
some
of
his
work,
with
his
permission
of
course,
or
give
feedback
on
it,
that
that
would
be
a
good
opportunity.
I
think
thanks.
A
And
then
for
invest
in
tools,
specifications
which
Gabby
said
he
will
contribute
to
it.
Gabby
sent
me
regrets
before
this.
Just
he's
not.
He
had
a
conflict
today
with
a
I
think
a
c
plus
specification
meeting
so
I
I
know
his
area
of
expertise
is
C
plus
plus.
Are
there
any
others
that
I
I,
you
know
Josh
I
could
see.
Adding
in
some
of
your
work
into
here
might
be
might
be
good.
A
A
D
A
Would
be
awesome,
yeah
Michael
is
a
Microsoft
employee,
who's
working
on
an
open
source
tool
called
binskim
for
skimming
binaries
I.
Don't
quite
remember
how
the
name
correlates,
but
for
yeah,
looking
at
binaries
for
memory
evaluating
them
from
memory
safety,
Josh
go
ahead.
E
I
want
to
raise
a
point
I'm
a
little
worried
that
maybe
you've
already
talked
about
and
I
missed,
but
I
want
to
make
sure
that
it's
out
there
in
case
it's
useful
to
you,
we've
done
a
lot
of
work
to
rewrite
a
bunch
of
tools
in
Rust,
and
the
problem
coming
at
us
right
now
has
mostly
to
do
with
trying
to
get
operating
systems
to
ship
things
that
are
in
a
different
language
and.
C
E
C
E
They
don't
have
nice
dependency
management,
so
adding
dependencies
of
the
pain.
So
you
get
short
chains,
but
you
pay
a
bunch
of
other
prices
for
that.
So
one
of
the
things
we're
running
into
is
that
these
operating
systems
are
kind
of
holding
up
and
surprise
at
the
new
dependency
situations.
Well,
you
know
the
C
version
of
this
program
has
like
six
dependencies
and
the
rust
version
has
you
know
50.,
maybe
more
than
that.
C
G
E
How
do
we
know
you
know?
Do
we
have
to
take
responsibility
for
all
50
dependencies
and
back
Port
all
fixes
for
the
next
10
years?
And
is
this
reasonable,
like
I,
think
the
next
big
thing
we're
going
to
run
into?
Is
this
kind
of
stuff
from
operating
systems
where
there
are
kind
of
there
are
a
few
different
possible
solutions,
one
of
them
being
like
rethinking
how
operated
systems
think
about
dependencies?
E
I,
don't
know
if
if
thinking
about
that
kind
of
problem
is
in
scope
for
this
or
not,
but
I
think
it's
worth
considering
whether
it
isn't
scope,
because
if
we
don't
solve
this
problem,
rewriting
software
is
is
not
going
to
get
distributed
as
widely
as
we
would
hope-
and
you
know,
roughly
speaking,
the
two
like
basic
problems
are
is
like
change,
how
you
think
about
it
and
ship
it
anyway
or
two
introduce
systems
that
reduce
the
number
of
dependencies
and
that
basically
comes
down
to
larger
standard
libraries.
A
It's
a
good
thing
to
bring
up
Crow
go
ahead.
F
I,
don't
know
if
the
group
wants
to
adopt
that
as
part
of
our
mandate,
but
I
think
we
definitely
need
to
document
that
as
a
risk
to
long-term
adoption,
and
maybe
we
agree.
We
think
we
want
to
try
to
help
influence
the
distros,
but
we
definitely
should
document
that
as
a
risk
to
consumers
having
access
to
memory
safe
software.
A
Would
we
want
to
document
that
in
the
plan
document
or
I.
B
A
That
makes
sense
Josh.
Are
you
able
to
contribute?
You
know
just
a
brief
risk
section
and
add
that
statement
to
the
repo.
A
A
And
if
yeah,
if
any
questions
come
up,
I
know
you
know
how
to
do
pull
requests.
But
if
any
questions
about
how
the
repo
setup
or
such
come
up
feel
free
to
ping,
me
I'd
be
happy
to
help.
A
All
right
so
I
have
a
maybe
a
you
know,
kind
of
bigger
question,
bigger
picture
question
for
krobe,
but
you
know
assuming
we
get
in
the
missing
examples,
assuming
we
add
in
the
education
section
and
a
few
others.
What
else
is
needed
from
us
for
this
to
be
considered
the
revised
language
in
the
plan
for
us
to
ship
it
whatever?
That
means.
F
What
so
the
mobilization
plan
is
a
currently
interesting
in
an
interesting
state,
but
for
this
group's
efforts
we
would
want
to
make
sure
that
everybody
is
participating,
has
reviewed
the
totality
of
the
plan
and
endorses
it
may
make
sure
we
get
any
final
changes.
I
would
then
share
it
with
the
best
working
group.
You
know
for
their
art
to
an
RFC
there,
and
then
we
can
present
it
to
the
TAC
saying
this
group
has
gone
through
this
exercise.
F
We've
done
these
revisions
and
here's
our
proposal
for
the
next,
the
future
next
draft
of
the
mobilization
plan,
and
that
way
when
that
effort
picks
up
later
this
year,
they
can
just
wholesale
grab
this
kind
of
plug
it
in
and
incorporate
it
into
the
rest
of
the
work.
Now,
if
we
were
looking
for
specific,
like
funding
like
if
we
thought,
if
we
had
50
bucks
in
a
Starbucks
gift
card,
we
could
make
a
change.
F
That's
a
slightly
different
process
and
I
I
don't
have
a
high
degree
of
confidence.
We
can
get
funding
right
now,
but
omkar.
The
new
executive
director
is
working
on
planning
his
2024
budget
proposal.
So
if
we
did
have
something
we
felt
very
strongly
about
that
could
have
a
large
impact.
We
would
want
to
start
to
think
about
in
our
plan
and
document
what
we
think
costs
or
resource
needs
would
be,
and
that
way,
when
we
start
the
budget
talks,
we
would
be
prepared
and
just
ready
to.
E
F
Hey,
you
know,
we've
got
an
idea
that
needs
funding,
but
we
consider
this,
but
the
the
mobilization
plan
itself
will
be
they'll
start.
We
will
start
rewriting
it
towards
the
end
of
the
year
and
you
know
ideally
we'll
be
done
with
our
collaboration
and
we'll
be
happy
with
it,
and
we
can
still
do
if
we
want
to
continue
to
work
on
things
that
have
no
cost
great.
We
can
continue
to
do
that,
but
we'll
have
that
the
wording
ready
that
they
can
just
kind
of
pick
up
and
drop
in.
A
Got
it
I
think
it
would
be
good
to
you
know
for
next
meeting?
Maybe
not
the
final
final
review,
but
you
know
plan
on
reviewing
the
language
as
a
whole,
see
if
there's
any
more
changes,
we
want
to
make
make
those
changes
and
then
I
could
add
those
in
a
pull
request
and
then
we
could
asynchronize
I
could
put
check
boxes
with
people's
names.
We
could
asynchronously
ask
people
to
sign
off
on
it
by
clicking
their
check
box.
A
I
think
that's
a
that's
a
good
goal
for
our
next
meeting,
all
right,
cool
and
Josh.
Do
you
want
to
introduce
your
event.
E
E
Just
letting
people
know
that
I
sort
of
used
planning
a
memory
safety
event
for
November,
2nd
in
San
Francisco
might
be
of
some
appeal
to
people
in
this
group.
The
plan
is,
you
know
there
have
been
a
number
of
memory
safety
events
over
the
past
couple
of
years.
E
Most
of
them
have
sort
of
started
with
the
basics
and
talked
about
some
other
relatively
basic
material.
The
goal
here
is
to
not
recover
that
ground,
but
to
assume
that
everybody
coming
is
familiar
with
the
basics
and
the
Dynamics
like
we
don't
need
to
talk
about
how
70
of
vulnerabilities
are
memory
States
or
whatever
we're
going
to
skip
past
that
stuff
and
spend
the
day
focusing
on
some
of
the
really
hairy
questions
that
we
need
to
answer,
and
so
it'll
be
very
focused
discussion.
E
G
E
A
I
am
definitely
interested
on
that,
both
from
Microsoft
perspective,
as
well
as
rust,
Foundation
perspective,
so
I'll
reach
out
to
you
via
email.
E
Yeah
we
we
haven't,
announced
it
publicly
yet
at
some
point
we
will
just
giving
people
here
a
heads
up
in
case.
You
want
to
Mark
something
on
your
calendar.
F
Yeah
I
think
we
maybe
we
make
it
an
action
item
for
ourselves
that
Emilio
once
the
plan
is
done,
we
maybe
go
approach
the
distros
and
say
you
know
this
is
a
problem.
We're
see
we're
trying
to
help
solve
you
know
what
do
we
think?
How
can
we
get
this
integrated
into
product
roadmaps?
And
you
know,
there's
you
know
things
like
plumbers
or
Dev,
comp,
there's
a
lot
of
conferences
where
we
may
want
to
potentially
submit
an
abstract
or
a
panel
to
start
to
encourage
more
Community
participation
in
this
as
well.
E
Yep
we've
started
talking
with
some
of
the
distros
in
general.
I
got
the
impression
that
individual
Engineers
within
the
projects
have
quite
wildly
varying
perspectives
on
how
this
should
happen
and
there's
no
General
policy
and,
in
the
end,
it's
hard
to
get
anything
through
I'm
I'm,
working
on
a
blog
post
that
lays
out
in
more
detail
what
exactly
the
issues
are
here
and
what
the
potential
Solutions
are
so
hopefully
I'll
have
that
out
and
then,
by
the
time,
the
time
November
rolls
around
will
be
closer
to
being
able
to.
You
know,
identify
specific
Solutions.
B
A
All
right
that.
D
Is
a
specific
issue,
or
is
that
also
something
that
you
attribute
to
Windows
as
well?
Is.
E
B
D
So
I
wonder
if
it
may
be
somebody,
maybe
if
we
can
also
get
somebody
internal
from
our
side
to
participate
in
that.
A
We
participate
in
the
November,
2nd
event
or
participating
in
general.
Obviously,.
D
D
From
from
the
windows
side,
I
know
they're
they're
we're
also
working
on
a
integrating
more
rust
into
the
kernel.
So
yes,.
E
We
are
very
interested
in
having
Microsoft
people
there.
We
have
been
talking
a
lot
with
Rec
Center,
Rich's
team
and
also
the
people
who
do
like
TLS
and
cryptography
and
stuff
like
that
at
Microsoft.
So
we've
got
good
partition.
Participation
from
Microsoft
already
but
happy
to
have
more
obviously
figuring
this
out
for
Windows
would
be
a
big
deal.
C
F
Another
idea
we
can
do
leveraging
the
foundation.
We
could
potentially
create
some
type
of
virtual
Workshop.
We
did
a
maintainer
summit
where
we
were
talking
to
Upstream
maintainers
about
security
before
the
end
of
last
year.
So
maybe
we
organize
something
similar
where
maybe
this
group
would
come
in
and
help
facilitate
the
conversation
and
you
know
directly
reach
out
to
maintainers,
and
you
know
distro
representatives
and
try
to
have
the
conversation
you
know.
In
addition
to
you,
know
the
conference
and
any
other
conferences
we
want
to
do
that's
another
idea.
E
A
So
that
brings
us
to
the
end
of
the
agenda.
David
Edelson,
hello,
have
you
been
here
before.
G
Hello,
that's
when
they've
been
on
this,
but
a
little
bit
of
a
timing,
conflict
everybody
wants
to
have
meetings
at
this
time,
yeah.
A
G
Charles
is
doing
a
great
job,
it
is
the
direct
contact
from
I
mean
hi
Charles.
A
Awesome
cool
any
other
items
we
would
to
cover
today.
B
A
I
will
give
you
the
I
I,
can
there's
a
foundation
board
member
there's
information
on
privacy
that
I
obviously
can't
share,
but
so
with
the
way
I
summarize,
it
is
Russ's
rapid
adoption
and
growth
over
the
past
couple
years,
outgrew
its
previous
governance
policy,
our
previous
governance
structure.
That
structure
was
stressed
to
breaking
a
couple
of
years
ago
and
a
or
about
a
year
and
a
half
ago,
and
so
a
group
of
people,
various
team
leads
from
around
the
rust
project,
got
together
to
put
together
a
new
governance
system.
A
That
system
is
now
in
place.
There's
a
new
Leadership
Council
in
place.
It
just
was
put
in
place
like
a
couple
weeks
ago
at
most
became
official.
So
the
new
government
mince
process,
which
is
you
know,
know
designed
by
very
very
dedicated
community
members
to
be
able
to
operate
at
the
scale
that
rust
is
used
and
developed
on
at
this
time.
A
So
like
any
major
open
source
project
when
it
reaches
a
certain
threshold
of
adoption,
The
Growing
Pains
get
very,
very
painful,
and
yes,
things
broke
about
a
year
and
a
half
ago
or
so
pretty
badly.
But
now
it
is.
There's
a
new
structure
in
place
and
I'm
highly
confident.
It's
going
to
be
much
better
going
forward.
B
Okay,
thank
you.
I
I
assumed
it
was
growing
pains
but
couldn't
find
any
definitive
background.
Thank
you.
You're.
A
D
I
wonder
what
what's
next
right
for
this
thing
after
we
do
the
revised
checks
right,
so
in
other
six,
we
started
breaking
that
up
into
a
more
concise
plan
right,
so
we
took
each
one
of
the
sections
we
even
broke
out
into
substicks.
If
you
want
to
really
chew
on
that
and
bring
a
real
plan
for
each
one
of
those
sections
that
what
we
think
would
come
next
and
how
does
that
relate
to
what
formal
thing
before
about
the
funding
or
not,
funding.
A
I
think
the
next
step
will
be
that
researching
and
recommending
initiatives
for
funding
by
the
open
ssf
and
then,
following
on
from
that
I'm,
it's
very
open.
We
can
discuss
tooling
whether
we
want
to
invest
developer
effort.
We
have
several
developers
on
this
call
in
that
tooling
evangelizing
and
you're,
creating
education,
materials
or
consolidating
existing
educational
materials
and
linking
to
them
with
full
credit.
Of
course,
I
think
it's
it's
quite
open
what
we
can
do
next.
F
Yeah
I
think
the
sky's
the
limit
it's
limited
by
our
volunteer
time
and
our
imaginations.
F
We
can
take
this,
however
far
you
want,
if
you
just
want
to
do
the
simple
rewrite.
That'll
be
very
much
appreciated
because
again,
we've
learned
stuff
over
the
last
year
and
a
half
that's
excellent
feedback,
but
if
we
wanted
to
make
a
prescriptive
plan
or
if
we
wanted
to
figure
out
tools
or
investment
opportunities,
I
think
that's
also
a
thing
for
us:
I
love
the
idea
of
evangelism
and
getting
the
word
out.
Maybe
we
do
a
set
of
office
hours
kind
of
memory,
safety.
F
Ask
us
anything
kind
of
things:
have
the
experts
here
to
talk
through
to
projects
and
maintainers
on
how
they
can
Implement
some
of
these
things.
F
We're
very
soon
going
to
have
a
devrel
community
focused
on
the
developer
experience
and
how
to
get
folks
access
to
the
tooling
and
process
and
learnings.
So
that's
another
Avenue
for
us
that
potentially
once
that
gets
spun
up,
maybe
we
try
to
get
an
invite
there
to
see
the
table
to
kind
of
put
this
in
as
an
agenda
item
it's
that
group
talking
about
and
how
to
get
raise
that
developer
awareness
more
directly.
A
All
right
anything
else,
anyone
would
like
to
discuss
before
we
adjourn
until
two
weeks
from
now.
A
All
right
well,
thank
you
so
much
for
joining
us.
Those
of
you
watching
on
YouTube,
because
I
know
people
do
thank
you
for
watching
this
and
I
hope
you're
able
to
come
to
a
meeting
whenever
you
can
or
join
us
in
the
streamo4
memory
safety,
slack
Channel
within
the
openss
slack
or
open
ssf,
goodness,
gracious
Slack
all
right!
Thank
you!
So
much
everyone
have
a
wonderful
rest
of
your
day.