►
From YouTube: Scorecards Biweekly Sync (June 30, 2022)
A
A
D
A
A
A
A
A
F
A
A
F
Yeah,
I
know
we
usually
start
at
the
at
the
turn
at
I'm,
indeed
like
at
the
203
okay.
So
we
wait
for
three
minutes.
That's
been
the
usual,
carry
forth
again,
welcoming
everyone.
So
if
you're,
please,
if
you
know,
go
ahead
and
sign
up,
there's
a
google
doc,
that's
been
posted.
We
would
like
would
like
to
so
that
we
know
who
we
are
talking
to
would
be
easier,
so
that'll
be
good
and
we
have
shared
that
in
the
in
the
zoom
chat.
F
F
E
B
Welcome:
hey
everyone.
This
is
aiden.
Actually,
I've
already
attended
this
meeting
like
for
two
two
times.
This
is
my
third
time,
I'm
also
an
intern
at
google.
Laura
laurent
is
my
manager,
I'm
working
at
the
school
card
project
yeah.
I
have
an
agenda
today,
like
the
dependency
data,
visualization
reaction,
I'm
gonna
try
to
introduce
this
one
later.
Yeah
perfect,
welcome.
F
D
F
Welcome,
I
think
we
pretty
much
covered
most
of
them,
and
this-
and
I
see
the
next
action
item
obviously
is-
I
think,
lauren
added
this
so
for
people,
I
think
for
people
wouldn't
know
we
presented
scorecard
and
all-star
in
the
oasis
of
it
last
week
I
think
last
week
right,
yeah
lauren
and
I
as
well
as
jeff
jeff,
I
think,
is
on
vacation
this
week.
All
three
of
us
presented
about
all
star
and
scorecard,
and
the
next
action
item
I
see
is
the
different
dependency
depth.
Visualization
aiden.
F
B
B
I
F
F
It
gives
you
a
list
of
dependencies
that
have
removed
or
added
for
people
to
give
some
context
to
that,
and
this
is
essentially
plugging
into
that,
so
that
we
can,
we
can
figure
out
what
are
the
dependencies
that
have
changed
and
if
they're
new
things
that
have
come
so
then
we
can
go
to
the
bigquery
to
go
fetch
that
data
from
scorecard
to
give
some
information
for
anybody
who
wants
to
merge
anything
into
the
pull
request
by
including
a
new
dependency.
What
is
the
one
of
the
risk
in
including
that?
F
A
F
B
F
J
J
A
J
Yeah,
it's
it's
trying
to
raise.
Awareness
of
you
know
you
import
dependencies
like
what
are
the
status
of
those
dependencies.
I
think
navin
at
the
open
source
summit
had
like
some
great.
You
know
demo
about
how
you
can
do
it
by
implementing
you
know
using
bigquery
data
and
all
that,
but
it's
not
automated,
so
we'd
like
to
make
it
easier
for
users
who
use
the
github
action.
The
scorecard
action
to
you
know
to
learn
a
little
bit
more
about
their
their
dependencies.
B
F
B
B
It
will
execute
my
action
and
analyze
the
dependency
changes
like
in
the
current
current
branch,
the
min
branch
and
the
like
the
head
commit.
So
let's
modify
some
dependencies
in
this
file.
So
this
is
the
current
like
the
the
manifest
file
for
go
in
my
membranes,
and
let
me
replace
these
packages
to
like
to
do
another
version,
and
I
submitted
a
pull
request
for
this.
Like
patent
patch
six.
B
Yeah
and
then
the
like,
the
pull
request
would
trigger
the
workflow
here
yeah,
so
this
could
like
run
for
like
like
30
seconds
or
so.
Actually
I
got
a
previous
result
here
should
be,
should
be
this
one,
so
it
will
like
analyze
the
dependency
changes
in
the
like
between
this,
this
one
and
the
membrane
and
visualize.
B
B
Since
you
know,
this
is
just
for
a
demo,
so
I'm
basically
giving
every
dependency
a
vulnerable
vulnerable
attack,
we're
still
like
figuring
out
like
which
url
this
vulnerable
attack
should
lead
to,
or
currently
is
the
like,
those
source
code
ripple
of
the
package,
or
it
could
be
like
the
like.
The
package
version
page
from
the
dabs.dev.
F
G
F
So
so,
thanks
for
the
doc
and
and
the
picture
it
helped
out,
it
helped
understanding.
So
I
see
in
your
picture
specifically
it's
using
the
the
rest.
It's
going
to
obviously
provide
a
russian
point
so
that
you
can
go.
It
can
go
grey
that
right
now
you
is
your
gold
query,
the
scorecard
crown
or
the
or
the
open
source
insights
or
it's
combination
of
both.
B
F
F
Unless,
if
you
provide
the
score
and
then
they
can
click
on
a
link
and
expand
about
that
score,
yes,
because
because
yeah
and
does
it-
and
I
because
I'm
working
this
project
a
little
while
there's
a
discrepancy
between
the
real
scorecard
score
and
devshot
dev
dev
set
up,
does
not
update
what
gets
updated
and
in
scorecard
bigquery
table.
Then
there's
going
to
be
a
disconnect
the
when
I,
when
I
see
the
score,
let's
say
suppose
because
scorecard
does
not
have
the
the
back
end
does
not
have
a
ui
for
you
to
go.
F
Look
at
all
of
that,
there's
no
ui
for
the
bigquery
right
now.
So
that's
one
concern
that
I
have.
The
second
second
concern
is:
how
are
we
planning
to
version
these
apis?
Because
if
we
don't,
if
you
aren't
because
scorecard
as
we
add
more
information,
yeah
people
are
going
to
build
on
top
of
this,
it's
going
to
become
a
nightmare
when
we
have
when
we
break
things.
F
B
F
D
B
J
J
B
B
I
D
F
F
In
my
opinion,
the
one
on
the
right
is
the
real
thing
that
everybody's
looking
for
I
understand,
adding
vulnerable
information
is
great,
but
should
that
be
part
of
scorecards
actions
to
just
to
get
vulnerability
from
the
dependency
review,
api
and
dump
the
information?
Should
that
be
part
of
scorecard
action?
Is
that
scorecard's
responsibility.
J
J
J
So
this
would
be
just
like
a
summary
and
then
we
provide
a
link
and
I
think
that's
what
the
future
should
be
like
the
first
iteration,
no
vulnerabilities,
perfect
and
then
once
we
have,
we
have
a
better
way
to
visualize.
We
can
update
in
the
next
iteration
like,
hopefully,
devs.there
will
have
better
visualization
and
we
can
still
use
them,
but
if
not,
maybe
we
have
the
scorecards
of
their
website
and
willing
willing
them
to
there.
F
Yeah,
I
am
I'm
sorry,
I'm
I'm
100
for
this,
I'm
just
making
sure
I'm
just
making
sure
that
we
don't
disappoint
our
customers
with
in
incorrect
incorrect
information,
especially
if
steps
are
device
out
of
sync
from
our
back
big
query.
We
don't
want
that
and
believe
me,
people
are
going
to
dd
ask
this
api
people
are
going
to
deed
out
this
api.
F
A
Ahead,
oh
okay.
As
I
said
I,
I
totally
understand
the
data
out
of
sync
problem.
Perhaps
one
solution,
and
I
certainly
agree
that
it
would
be
very,
very
good
as
soon
as
possible
to
be
able
to
drill
down
that
next
level,
because
that
mean
not
just
knowing
a
score.
You
want
to
know
why,
but
I
think
at
the
very
least,
it
would
be
good
to
have
a
date.
You
know
date,
the
date
time
of
when
that
score
was
created.
A
F
Also
on
that
note,
I
do
know
depths.
Are
there,
I
don't
remember
their
big
query
structure.
At
least
I
played
with
that.
I
don't
know
if
they
have
the
scorecard
data
if
they
have
the
scorecard
data
can
be
pulled
from
that,
so
that
we
can
show
a
ui
and
still
show
a
score.
The
score
might
be
a
couple
of
weeks
old,
but
it's
okay,
but
it
gives
us
a
ui
when
it
scorecard
team
does
not
build
a
ui
for
all
of
this
fancy
stuff
that
we
already
have
in
depth..
J
A
J
F
A
J
F
My
thing
is:
if
you
do,
if
you
build
the
right
side,
then
getting
the
left
side
is
super
easy,
because
then
everybody
what
you
when
we
build
the
right
side.
Sorry,
I
meant
the
right
side
for
people
who
don't
who
aren't
as
purely
on
the
on
the
resting
point.
If
we
build
a
resting
point,
the
the
dependency
and
everything
that
then
we
can,
we
expose
bigquery,
which
is
great.
J
M
F
I
guess
okay,
so
so
again
again,
my
ignorance
of
I
don't
know
what
is
happening
on
depths.
Are
there
so
do
do?
We
have
to
rely
only
on
rely
on
depths?
Are
there
for
scorecards
everything?
Probably
that
makes
sense,
but
but
do
we
have
some
kind
of
an
timeline
as
to
when
they
are
likely
to
come
out,
say
probably,
if
summer
fall.
J
J
F
For
v0,
basically
also
stepping
back
with
the
other
thing
that
we're
doing
in
the
action
wherein
with
the
badgers
work.
All
of
this
is
going
to
come
to
the
big
query.
I,
unless
depth
of
dev
queries
from
scorecards
bigquery
table,
then
we
are
fine,
but
if
they're
going
to
maintain
a
different
data
set,
then
that
becomes
a
problem.
J
So
maybe
to
also
make
it
simpler
for
like
when
I
say
v0,
I
don't
mean
that
this
is
going
to
be
what
we
released.
Maybe
we
released
v1,
but
maybe
for
v0.
Is
we
don't
update
the
score
on
every
pull
request,
because
we
can
check
whether
we
already
check
the
results
or
maybe
we
yeah.
So
maybe
that
would
be
a
compromise
that
we
could.
A
Yeah,
just
because
yeah
do
be
clear,
I
don't
have
any
problem
with
the
v0
having
partial
sum
functionality.
I
mean
that's
kind
of
what
a
early
release
is,
but
I
I
just
we
just
have
to
be
careful
not
to
get
that
used
widely
or
you're
going
to
peg.
All
sorts
of
things
yep
so
but
the
destination
is,
is
loading
in
from
place?
Is
awesome?
F
So
again,
I'm
just
asking
questions.
What
is
that
that
is
stopping
from
you
building
the
right
side?
I
already
spoke
about
this
to
the
other
brian
who
works
in
google
for
the
product
team.
I
suppose
I
was
speaking
to
him
about
there's
a
very
specific
thing
that
we
don't
is
that
a
blocker
for
moving
towards
the
right,
endpoint
right
side,
building
the
resting
point.
J
F
For
aidan's
project
as
to
something
he
can
wrap
it
up
and
if
I'm
not
trying
to
understand
okay,
yes,
yeah,
but
but
somebody
else
can
also
keep
progressing
on
this
as
a
feature
right,
just
making
sure
yes,
yeah
yeah,
definitely
yeah.
I
think
I
think
if
we
can
build
v0
on
that
mode,
to
v1
to
be
perfect,
yep.
F
B
F
J
F
J
Let's
say
you
have
a
pull
request,
we
run
scorecard.
The
results
are
shown
as
comments
like
aiden
and
and
then
in
the
next
commit
to
your
pull
request.
We
don't
run
it
again
and
we
wait
for
maybe
24
hours
before
we
run
it
again,
so
that
we
don't
run
it
all
the
time.
If,
if
that
is
a
bottleneck,
I
think
that's
a
concern
that
david
had
we're
going
to
be
running
and
running
and
maybe
hitting
rightly
meeting
on
some
other
systems.
B
Yeah,
sorry,
I
I
I
have
a
quick
question
on
this,
so
I
think
it's
quite
similar
to
the
what
the
code
curve
is
doing.
So,
basically,
when
I
like
submit
my
commit
to
a
pull
request
like
every
time,
the
like
the
code
curve
will
just
run
again
and
gives
me
and
give
me
like
yeah.
It
just
gives
me
a
new
result
of
the
code
coverage.
J
F
Because
we
use
the
github
api,
that's
the
biggest
problem
between
media
people.
Like
an
example,
my
concern
is
like
like
what
david
had,
if
I,
if
I,
if
I
go,
bring
up
a
new
library
and
that
library
has
400
dependencies
translated
into
g's
now
you're
going
to
run
the
400
and
half
partially
it's
going
to
fail
we're
going
to
update
the
comments
saying
hey
these
things
have
failed.
Where
did
we
update
the
comment
to
the
pull
request?
The
photo
quest
could
have
been
closed.
F
B
F
A
A
You
know
what
I
and
I
think
in
the
broad
scheme
of
whatever
makes
you
know,
whatever
is
easiest
for
everybody,
but
I
think
there
is
a
value
in
making
a
different
repo.
If
you
might
have
different
groups
or
even
more,
it
might
have
a
life
of
its
own.
You
know
my
experience
is
once
you
start
serving
information
to
something
else
that
might
be
more
general,
often
better.
You
know
it's
running
in
a
separate
environment.
It's
you
providing
data
that
might
be
useful
to
other
folks
starts
to
make
sense
as
its
own
thing.
B
A
A
Yeah
I
mean
you,
you
can
get
started,
is
you
know,
use
apache,
200
or
mit
licenses,
but
yeah?
But
you
know
I
don't,
there's
no
reason
to
stop
forward
progress,
but
if
we're
gonna
make
different
repos,
I
think
sooner
rather
than
later,
it'd
be
better
to
bring
it
into
under
openness.
You
know,
talk
to
the
working
group
make
sure
they're.
Okay,
I
presume
they're
okay,
bring
it
in
to
open
ssf.
Then
it's
all
part
of
it
and
nobody
has
any
weird
questions.
B
I
F
They
are
working,
I'm
sure,
you're,
seeing
this
okay
for
people
who
don't
know
I'm
sending
the
context
right.
There's
a
get
up
recently
put
in
another
another
action
where
they
are
able
to
use
the
runtime
to
figure
out
the
dependencies
using
the
belt
information.
So
essentially,
it
looks
at
your
bell.
It's
almost
watches
the
apple
figures
out.
What
are
the
real
dependencies
and
figures
out?
What
are
the
real
dependencies
and
sends
that
information
to
the
server
so
that
github
can
identify?
F
What
are
the
real
dependencies
and
make
someone
can
do
depend
upon
updates
to
all
of
that.
So
it's
still
not
in
my
opinion,
and
still
not
it's
still
not
very
stable
depending
on
that,
because
they
have
it
as
paid
out
they
don't
oh
or
probably
they
have
it
as
they
have
it
as
v1,
but
they're
still
working
on
those
things.
B
Yeah,
I
think
I
think
his
current
support
for
the
like
the
manifest
file
is
fine,
like
the
the
issue
is
like
we
know
for
like
for
different
ecosystems,
like,
for
example,
in
the
gold
mod
like
we
have
both
like
direct
dependencies
and
indirect
dependencies
in
a
gold
mod
file
yeah.
But
for
you
know,
ecosystem
like
the
pythons,
the
pypi,
so
it
doesn't
have
the
indirect
dependencies
in
the
manifest
file.
I
mean
it.
Has
the
you
know
the
indirect
dependencies
in
the
log
file,
but
not
in
the
manifest
file.
B
So
if
I
use
this
dependency
review
api
from
github,
you
know
as
the
data
source
for
the
version
zero
it
could
be.
It
could
give
me
like
different
results
for
different
ecosystems.
Like
for
for
a
goal
ripple,
I
could
have
all
of
the
information
about
the
both
the
direct
direct
dependencies
and
the
interactive
dependencies,
but
for
a
python
ripple.
I
only
have
the
you
know
the
info
information
for
direct
dependencies,
because
there
are
no
indirect
dependencies
in
the
python's
manifest
file.
F
J
F
F
L
J
J
B
B
Okay,
so
okay,
so
repository
yeah,
this
is
a
web
app
so
like
we
can,
just
you
know,
put
this
to
local
and
get
it
get
it
run,
and
there
is
a
interface
in
this
web
app
where
we
can
use.
You
know
the
dependency
name
and
version
to
query
all
of
these
indirect
dependencies,
but
yeah
still,
this
is
like
the
maybe
the
version,
one
or
version
two
thing:
it's
not
version
zero,
real
thing
right.
F
Even
my
concern
is
even
if
we
use
depth
of
depth
for
transfer
dependencies
and
the
the
github
api
for
the
definiti
differences
between
versions,
I
could
be
adding
a
dependency
could
be
bringing
in
14
of
the
transfer
dependencies,
which
steps
is
not
going
to
be
aware.
We're
going
to
be
giving
partial
information.
F
J
F
B
I
J
F
F
F
F
H
Great
thanks,
yeah
sure
thanks
naveen
yeah,
sorry,
so
I've
just
thrown
in
a
ton
of
notes
here
but
yeah.
So
I
was
noticing
that
there
are
some
on
the
topic
of
all-star.
There
are
some
more
recent
issues
on
the
all-star
repo
about
mainly
some
people.
Who've
been
who've
had
repos
that
are
subject
to
all-stars
policies,
have
some
concerns
about
specific
ones,
so
the
first
one
that
I
pointed
out
here
in
this
list
was
all-star
spamming.
My
repo,
the
spamming
part,
is
not
the
most
important
part.
H
I
don't
think,
but
what
is
kind
of
interesting
is
that
it
is
pointed
out
here
that
some
binary
files
or
some,
I
think,
that's
in
this
issue-
yeah
exactly
some
binary
files
that
are
in
this
repo
can't
really
be
left
out
just
because
they're
provided
by
microsoft.
It
seems
like
so
these
are
like
closed
source
pre-compiled
binaries.
That
supposedly
just
can't
be
left
out.
H
I
think
that
in
some
cases
it
would
make
sense
to
create
exceptions
to
the
binary
artifacts
rule
in
order
to
allow
specific,
binary
artifacts
to
be
left
over.
What
I
was
wondering
was
for
one
question
in
this
area.
Was
I
don't
know,
are
there
any
good
ways
to
go
about
checking
the
integrity
of
binary
files
without
necessarily
or
yeah,
just
in
limited
circumstances
where
they
do
need
to
exist?
Is
there
like
a
good
way
to
go
about
that?
H
H
A
H
Of
course
yeah
thank
you
for
the
question
yeah,
so
this
is
kind
of
just
something
I've
been
thinking
about
lately.
I
think
that
it
might
be
a
good
idea
to
add
some
features
to
all-star.
That
would
make
it
just
easier
for
people
to
deal
with
and
adopt,
because
I
think
that
if
we
provide
like
more
opportunity
for
reasonable
exemptions,
then
people
are
going
to
be
generally
happier
with
it
and
more
likely
to
not
broadly
opt
out
of
policies.
H
Rather,
I'm
sure
people
would
be
more
willing
to
work
with
it
if
we
allow
them
to
carve
out
very
small
exemptions
to
the
policies,
so
one
pr
I
made
recently
on
all-star
was
one
that
allows
outside
cl
outside
collaborators
exemptions.
I
didn't
link
to
this,
but
here
I'll
add
it
to
the
thing
actually
or
it's
this
document.
H
Right
here
so
yeah,
basically
at
the
org
level,
outside
collaborators
could
be
approved
so
like
if,
if
someone
under
a
company's
organization
on
github
wanted
to
invite
someone
else
to
be,
have
push
or
admin
access
on
the
repo,
then
that
could
be
approved
by
someone
managing
the
all-star
repo
for
that
organization
yeah.
So
that
was
one
feature
on
that
topic,
but
yeah
someone
else
proposed.
There
was
another
issue
about
it.
H
H
F
If
we
go
again
my
two
cents
on
this,
if
we
can
replicate
what
the
dependent
part
has
all
these
configurations
so
because
beyond
the
github
ecosystem,
if
we
and
if
you're,
going
with
the
same
ammo,
if
we
go
with
go
with
the
same
templating
it'd
be
great
because
then
people
are
like
I
can
copy
paste
from
here
to
here.
I
can
have
the
same
thing:
people
love
it.
I
love
it.
So
that's.
D
F
H
Tradition,
in
my
opinion,
that's
that
sounds
great
okay,
yeah
I'll.
Keep
that
in
mind
yeah.
This
is
just
like
something
I
spewed
out
really
quick,
so
yeah.
That
sounds.
That
sounds
good
thanks
for
the
suggestion
and
yeah.
Those
are
the
main
things
I
wanted
to
cover
yeah
just
about
increasing
all-star
adoption.
F
J
D
H
Mm-Hmm
yeah
exactly
I
mean,
of
course
one
alternative
would
be
doing
it
on
the
repo
level,
but
then
I
don't
know
the
the
question
is:
would
this
stuff
all
get
overlooked
like
or
would
the
hashes
really
get
checked
at
the
repo
level?
So
I
think
the
url
idea
is
kind
of
interesting,
because
that
would
make
it
really
easy
to
configure
and
as
long
as
we're
I
mean,
of
course,
we're
we're
running
all
star
on
a
trusted
server
with
a
trusted
network
connection.
H
So
hopefully,
if
we're
requesting
it
from
microsoft,
we're
like
it
should
be
fine.
Maybe
we
can
require
that
be
an
https
url.
If
we're
doing
that,
verification
from
our
server
could
be
reasonable,
but
also
one
other
idea
was
like
we
could
do
like
code
signing.
We
could
just
check
to
make
sure
that
the
executable
is
signed
by
microsoft.
Maybe
add
like
a
signature
option
or
some
kind
of
like
option
related
to
that
in
the
configuration
for
binary,
artifacts
exemptions,
but
yeah
the
url
idea
seems
really
nice.
J
A
F
People
can
stick
in
a
malware
url
and
all
of
a
sudden
all-star
is
going
to
download
a
malware
url.
So
so,
as
long
as
as
long
as
you
take
caution
saying
in
this
hey,
please
we
are
like.
I
know
you're
going
to
put
run
this
in
a
sandbox,
but
I'm
just
trying
to
say
that's
one
thing
that
I
can
think
of
people
trying
to
do
that.
That
are
people
like
if
I
have
to
play
the
bad
guy.
If
I
have
to
play
the
bad
guy,
absolutely
I
will.
F
I
will
do
that
if
I
don't
like,
I
know
all
stars
running
within
google.
This
thing:
oh
yeah,
I'm
gonna
be
like
okay.
How
can
I?
How
can
I
run
this
so
that
I
can
run?
I
can
do
a
zero
day.
Try
to
do
something
over
there
run
my
cryptocurrency
mining,
I'm
gonna,
I'm
gonna.
Look
at
every
way
to
do
this,
so
so
as
long
as
just
ensure.
H
Oh
okay,
I'm
just
gonna,
say
it's
we'll,
probably
not
be
parsing
the
file
and
anyway,
we'll
just
be
hashing.
It
like
it
should
be
pretty
straightforward
to
just
download
it
from
the
url
we'll
set
a
timeout,
we'll,
never
write
it
to
disk
at
all,
actually,
probably
just
while
calculating
the
hash.
So
I
don't
think
there's
much
room
for
any
kind
of
exploits
based
on
that,
of
course,
they'd
have
our
ip
of
the
server.
So
I
don't.
H
A
Yeah,
I
guess
the
real
issue
is:
what's
the
threat
model
of
things
like
scorecard,
I've
been
mainly
pitching
scorecard,
as
you
know,
trying
to
help
you
with
unintentional
vulnerabilities.
You
know
and
that
sort
of
thing
within
the
packages.
If
reviewing
this
as
a
way
to
counter
malicious
code,
I
mean
yes,
that's
a
totally
valid
thing
to
be
worried
about.
I
don't
know
how
far
I
mean
scorecard's
gonna
get
there
I
mean
most
of
the
other
ones
are
not
going
to
counter
that.
So
I
guess
maybe
we
should
be
explicit
one
way
or
the
other.
A
J
M
H
H
F
H
Fair
enough
yeah.
Definitely
I
think
so
that
the
hash
method
would
work
for
like
files
that
don't
change
a
lot
or
don't
get
updated.
I
guess
allowing
maybe
exemptions
on
a
per
file
basis.
Would
I
think
we
already
do
that,
though
we
do
do
exemptions
on
a
per
file
basis.
So
that's
so
it's
kind
of
perfect.
H
For
sure
all
right,
well,
that's
mainly
what
I
want
to
cover,
I'm
not
sure
exactly
what
this
last
issue
I
listed
is
but
oh
ping
duration
should
be
configurable.
Okay,
well,
yeah
there
you
go,
could
be
nice,
it
kind
of
pairs
with
the
weekend
thing.
So,
although
that
doesn't
that's
not
exactly
straightforward
to
do,
but
it
might
be
do
well.
H
Actually
I
don't
know,
I
guess
we
just
run
the
all-star
checks
like
on
a
somewhat
frequent
basis,
so
actually
it
could
be
partly
configurable,
probably
because
I
think
it's
got
like
a
default
amount
of
time.
It
waits
between
replying
to
issues
that
it
creates.
So
that
would
work
anyway.
Yeah.
That's
that's
pretty
much.
What
I
want
to
cover
about
all
star.
F
F
F
F
J
F
A
A
I
honestly
don't
know
how
long
it
takes
and
then
and
to
be
fair.
It
may
be
a
little
delayed
because
we
had
the
open
source
summit
with
just,
I
think
it's
the
same.
People
suddenly
got
dumped
a
week's
worth
of
videos,
so
it
may
be
a
little
backlog,
but
but
the
the
intent
is
for
it
to
be
up
and
if
it
isn't
in
in
like
two
weeks
you
know
well,
let
me
know
I
I
don't
actually
know
who
does
that,
but
I
guess
I
can
find
it.