►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
C
A
Yeah,
looking
forward
to
looking
forward
to
some
good
things
this
year,
we've
been
doing
a
lot
of
crosstalk
within
the
other
working
groups
and
other
sigs,
especially
with
you
know,
s2c2f,
Salsa,
Fresca
and
I.
Think
we
had
some
some
talk
or
some
chatter
about
guac
in
there
too
and
I
know,
kasari
does
both
Fresca
and
guac.
So
there's
a
lot
of
chatter,
going
on
with
that
as
well.
Man,
I
mean
we've
been
we've
been
we've
been
doing
a
lot
of
the
cross.
A
A
lot
of
cross
talk
a
monthly,
so
I'm,
so
I'm
very
I'm,
very
interested
in
what
we
can.
What
we
can
come
up
with
come
up
with
this
year.
B
A
Yeah
and
I'm
sorry
for
me,
I'm
in
the
gym
right
now.
This
is
anytime
before
9
A.M
you'll,
probably
find
me
find
me
in
the
in
the
gym,
especially
early
hours.
These
calls
are
early,
so
I
got
to
put
the
headphones
on
and
do
these
calls
while
I'm,
while
I'm
doing
my
workout
yeah
yeah.
C
All
right
looks
like
folks
are
and
none-
and
let
me
see
here
with
the
the
Fresca
meeting
notes,
let
me
bring
these
up
yeah.
Why
is
this.
C
C
I
mean
actually
double
check
here:
Source,
okay,
so
yeah
I
already
spoke
about
the
open
source
Summit
here.
B
Cool,
so
one
of
the
things
I
wanted
to
talk
about
was
the
pipeline
framework
document,
which
I
know
I
showed
off
a
little
bit
last
time,
and
that
document
is
over
here.
C
Going
to
be
a
little
quiet
for
today,
just
because
a
few
other
folks
have
a
conflict,
but.
B
So
some
folks
might
have
already
seen
this,
but
one
of
the
things
that
we've
been
you
know-
or
at
least
I've,
been
looking
at
and
was
one
of
the
things
that
we
wanted
to
kind
of
push
forward.
A
lot
more
with
in
this
year
is
the
Fresca
pipeline
framework
and
the
one
of
the
things
that
we
wanted
to
do
was
we
wanted
to
kind
of
make
the
use
of
Fresca
as
easy
as
possible.
B
So
the
idea
here
is,
you
know,
because
Fresca
uses
stuff
like
tecton
and
tecton
chains
and
spiffy,
spire
and
all
sorts
of
other
stuff
behind
the
scenes.
We
don't
want
this
to
be
just
a
customizable.
You
know
you
could
just
use
it.
However,
you
want.
We
wanted
this
to
just
essentially
be
an
example
of
you
know
a
way
that
you
could
run
stuff
securely.
It's
not
intended
to
be
the
only
way.
B
It's
just
intended
to
be
a
way
to
run
this
stuff
securely,
and
you
know
the
idea
here
being
that
you
know
we
can
provide
some
flexibility,
but
the
bigger
thing
here
is:
we
want
to
just
sort
of
show
how
easy
it
can
be.
If
you
follow,
let's
say
these
rules
or
whatever
and
how
you
can.
Let's
say
you
know,
generate
salsa
ingest,
S2,
c2f
Etc.
So
one
of
the
things
here
oops
is.
B
Is
if
I
kind
of
go
through
a
little
bit
of
what
kind
of
the
the
end
goal
here
for
for
some
of
the
stuff
we're
looking
at
for
Fresca
right
is.
B
C
C
B
C
B
This
config
here
generates
all
of
this
actual
configuration,
which
is
how
Fresca
is
orchestrated,
and
so
you
can
see
here
it
generates.
You
know
a
pipeline
account
cluster
role,
bindings
yayada,
but
the
idea
here
right
is,
is
you
know
it's
pulling
data
from
here,
putting
it
all
in
yeah
yeah
now,
like?
Obviously,
this
sort
of
thing
can
be
done
with
you
know
python
or
go
or
really.
You
know
various
templating
libraries,
but
what's
nice
here,
is
by
doing
it
in
queue.
B
We
get
it's
like
a
very,
mostly
straightforward
language,
which
allows
us
to
do
stuff
like
this
right,
where
this
is
the
project,
but
the
project
is
constrained
by
what
the
team
allows.
So
the
team
allows
you
know
the
go
and
build
packs
Pipelines.
B
So
if
I
were
to
put
in
something
like
a
python
Pipeline
and
run
run
this
well,
it
doesn't
match
the
constraints
anymore.
Sorry,
this
is
not
a
pipeline,
that's
allowed
by
our
you
know
by
your
your
team
and
the
same
thing
goes
with
you
know.
If
the
team
adds
in
or
removes
things
in
here,
it
would
automatically
Cascade
down
to
all
the
things
that
you
know
fall
under
that
team,
and
so
let
me
put
this
back.
E
B
And
so
these
constraints
right
there's
lots
of
different
things
here,
right
the
constraints
can
say:
hey,
you
know,
the
name
of
the
team
is
team
Z.
So
if
I
go
up
here-
and
you
can
see
here
that,
like
the
naming
scheme
for
the
images-
include
this
sort
of
thing-
you
know
the
build
types
can
be
constrained
by.
Let's
say
the
individual
team.
Additional
policies
can
be
implemented
by
you
know
the
team
here
right
where
you
know
they
they
want
to
have.
B
They
want
to
make
sure
that
all
you
know
images
with
the
prefix
baz
or
whatever
use
the
my
three
key
or
what
my
key
three
right
stuff
like
that,
and
then
you
know
an
individual
Department
can
further
kind
of
constrain
stuff
where
stuff
that's
in
the
department
can
further
constrain
what
is
happening
even
in
a
team.
So
if
I
were
to
go
and
take
this
build
type,
for
example
and
say
actually
only
go
is
allowed,
even
though
the
team
says
hey
I,
allow
build
packs.
B
And
so
that's
kind
of
you
know
and
as
you
can
sort
of
start
to
see
here
right
is
these
sorts
of
constraints,
make
it
very
easy
for
us
to
implement
rules
that
are
hitting
all
the
salsa
requirements,
all
various
nist
requirements,
s2c2f
all
of
those
things
all
of
that
can
be
sort
of
encoded
in
stuff,
like
the
queue
so
that
you
can
kind
of,
say
great
I
I
get
to
go
and
let's
say,
build
my
pipeline,
but
I
still
need
to
follow
all
the
right
rules
and
the
rules
can
be
encoded
as
sort
of
constraints
here
and
then
in
org
right.
B
An
org
might
have
some
additional
information,
so
an
orc
says
like
hey.
The
image
that
you
generate
should
have
a
naming
scheme
that
looks
like
and
I
know.
This
is
some
of
this
is
just
syntax,
but
basically
this
is
saying
it
should
be.
The
org
Dash
Department
Dash
team,
Dash
project
name
right,
and
so
as
long
as
you
define
all
that
you
get
you
get
that
sort
of
thing
there,
and
then
here
we
have
a
set
of
allowed,
builds
right,
and
so,
if
somebody
were
to,
let's
say
remove
one
of
these
builds
completely.
B
This
would
also
you
know
further
constrain.
What
happens
over
down
here
and
what's
kind
of
cool
here
is
that
an
individual
org
can
kind
of
come
in
with
their
own
pipelines
and
and
and
what
have
you
and
then
you
know
an
ore
can
come
in
with
their
own
policies
and
so
there's
flexibility
in
the
configuration.
But
the
idea
should
be
for
folks
who
are
just
like
hey
I,
just
have
a
build
packs
thing,
and
this
is
just
a
standard.
B
A
Yeah
I
got
a
question
that
naming
convention
part
and
I
as
I
mean
I
won't
call
this
month.
That's
extremely
important
right
and
one
of
the
things
you
find
in
a
lot
of
organizations,
especially
with
referencing,
how
they
bring
in
open
source
components
right,
whether
it
be
through
spread,
whether
it
be
through
the
through
proper
policies
and
procedural
channels
or
whether
they
bring
them
in
you
know
outside
out
of
band
right,
they'll
bring
them
in
and
then
the
naming
conventions
right.
A
B
B
Sorry
I
should
say
converted
into
Fresca,
but,
like
you
know
through
something
like
you
there's
some
stuff
there,
the
thing
that's
actually
kind
of
nice
and
once
again,
I'm
not
an
expert
in
queue.
So
it's
probably
worthwhile
maybe
having
somebody
from
the
Q
Community
to
come
in
and
give
a
little
bit
of
a
demo
on
some
of
this.
But
one
of
the
cool
things
you
can
do
with
Q
is
like
if
I
just
have.
C
Do
I
have
it
somewhere
in
here
it
might
be
under
old
yeah.
Let's
see.
B
C
Is
it
was
it
again
yeah,
it's
gonna,
be
all
right.
B
And
this
will
automatically
generate
Q
out
of
it.
It
can
take
yaml
and
just
automatically
generate
that,
and
so,
if
there
are
things
that
are
let's
say,
written
in
something
like
a
yaml
or
Json
Q
can
automatically
ingest
it
and
there's
a
bunch
of
stuff
that
you
can
do,
which
I'm
not
going
to
show
off
here
right
now.
But
what
you
can
do
is
you
can?
Actually,
if
you
have
let's
say,
a
hundred
files
that
look
like
this,
you
can
actually
have
in
fact.
Actually
let
me
just
to
do
this.
B
To
get
to
get
it
to
actually
interpret
like
what
types
you're
using
and
stuff
like
that,
which
then
allows
you,
if
I
think
it's
called
Q
trim.
C
C
Sorry,
it
might
something
just
happened
here
with
my
there.
We
go
so
if
I
do
Q
trim.
B
Like
there's,
nothing
really
changed
here,
but
you
can
actually
have
it
look
at
a
bunch
of
different.
Let
me.
B
B
Make
sure
yeah,
so
you
could
have
this
and
I
don't
have
it
set
up
right
now
to
do
this,
but
you
could
actually
have
it
come
in,
look
at,
let's
say
100
or
150.
You
know
different
yaml
files
and
have
it
automatically
pull
out
like
schemas
on
it.
B
Nice,
nice
yeah,
but
but
the
idea
here
is
to
sort
of
you
know,
try
and
make
it
simple
and
one
of
the
other
things
that
we're
looking
to
do
with
Fresca
is.
We
are
looking
to
become
a
salsa
Rebuilder,
so
salsa
has
that
sort
of
concept
of
hey
when
you
it
generates.
B
If
enough
information
is
generated
in
a
salsa
build
provenance,
you
should
be
able
to
go
into
that
provenance,
pull
out
all
the
actual
steps
and
then
be
able
to
rerun
them
somewhere
else,
and
one
of
the
things
that
we're
looking
to
do
is
actually
take
all
that
convert.
It
then
back
into
something
like
a
Fresca
pipeline.
A
Absolutely
I
mean
so
stuff
like
that.
It'll
take
some
time
of
me.
If
you
can
start
the
hammering
away,
you
know
little
by
little
I
mean
you're
not
going
to
get
it
perfect
in
the
beginning,
but
over
time
you
can
get
it
where
Minor
Adjustments
can
be
made
and
then,
of
course,
as
you
begin
to
put
every
as
things
begin
to
get
a
little
bit
more
similar
in
terms
of
nomenclature,
then
you
can.
Then
things
will
be
able.
B
Yeah
that
that's
yeah,
that's
definitely
something
we
want
to
kind
of
get
involved
in,
and
so
then
yeah
there's
a
couple
other
things
here,
just
to
kind
of
show
you
some
of
the
stuff
we're
trying
to
do
so
that
build
tax
thing
right.
We
have
a
build
packs.
Sort
of
you
know
you
can
imagine.
This
is
the
catalog
and
a
lot
of
this
sort
of
stuff
is
we're
copying.
B
You
know
some
Like
We
Can
Vendor
certain
things
directly
from
tecton,
but
we
can
also
sort
of
generate
our
own
sort
of
tasks
in
here,
and
actually
this
is
not
a
great
example.
Let
me
go
to
the
go
one
I
believe,
which
is
a
bit
of
a
better
yeah.
Here
we
go
this
one's
a
bit
of
a
better
example
here,
but
here's
let's
say
a
go
Pipeline
and
you
have
all
the
stuff
here,
but
you
can
still
sort
of
all
of
this
sort
of
stuff
gets.
B
You
know
the
inputs
to
that
build,
or
those
builds
happen
here
right
and
it
lets
it
like.
It
makes
it
very
easy
for
us,
as
the
the
folks
in
Fresca
to
say,
Hey,
look
we're
not
just
purely
tecton
we're
not
just
purely
tecton
chains
and
all
these
other
things
where,
where
constraints
on
top
of
it
and
we're
trying
to
be
an
opinionated
set
of
constraints,
to
provide
an
example
of
hey.
This
is
how
you
could
do
this
securely.
B
It's
not
the
only
way,
but
it
is
a
way
and
that
helps
with
two
things.
One
is
we
hope
to
provide
to
be
an
example
that
people
can
then
follow
and
say:
oh
great,
we
should
do
something
similar
for
what
we're
trying
to
do
and
then
also
for
folks
who
maybe
are
just
like
yeah
I,
just
need
something
that
just
sort
of
works-
I
don't
have.
B
You
know,
as
as,
as
somebody
who's
been
on
that
side
of
like
naming
schemes,
and
it's
been
on
the
side
of
like
a
lot
of
times,
naming
schemes
are
determined
by
some
massive
Excel
spreadsheet.
You
know
hey.
This
is
a
sort
of
thing
that
just
just
helps
you
kind
of
get
what
you
need
and
encode
those
constraints
as
code,
as
opposed
to
needing
to
kind
of
say.
Well,
we
manually
check
that
everybody
is.
It
has
the
right
naming
scheme
or
we
manually
check
that
everybody
has
the
right
policy.
B
The
thing
that's
really
nice
about
this
is
that
you
can
Define
in
policy
at
the
org
level
and
at
the
project
level
it's
enforced
on
it
right,
it's
not
like
and
on
the
department
it's
enforced
on
it
and
the
team
it's
enforced
on
it.
So,
like
different
teams
can
say,
like
hey,
I'm,
a
go,
only
team
and
then
a
different
team
can
say:
hey
I'm,
a
build
packs
only
team
and
be
able
to
still
do
that.
As
long
as
your
you
know,
department
or
your
org
sort
of
encodes,
that
those
constraints
for
you
right.
A
Right
and
that
that's
extremely
important
at
the
org
level
is
extremely
important,
because
you
do
not
see
that
today
across
across
the
board
everybody's
doing
it
manually
and
things
are
falling
short.
So
that's
extremely
important.
B
So
we
have
you,
know
these
these
tasks
and
once
again,
these
tasks
are
like
this
task.
Here
is
essentially
something
that
was
just
taken
from
the
Fresca.
B
Yeah
so
like,
for
example,
one
of
the
things
we
can
do
is
we
can
start
to
Define
tasks,
which
you
know
in
tecton
are
just
some
yaml.
We
can
actually
say
hey
here
is
what
we're
calling
a
Fresca
task
and
a
Fresca
task
has
these
constraints
on
them
and
right
now
we
don't
really
have
any
constraints
yet,
but
these
are
things
that
we
can
start
to
do
where
we
can
say
hey.
A
Fresca
task
must
have.
B
For
example,
all
images
referred
to
in
the
Fresca
task
must
be
pinned
by
Digest,
like
we
don't
allow
non-pinning
by
digest
like,
even
though
other
you
know,
tecton
itself
and
and
other
CI
tools
are
going
to
allow
those
sort
of
things,
we're
going
to
say
no
Fresca,
because
we're
saying
it's
only
secure
and
we
want
to
make
sure
that
it
could
be
the
secure
example.
It's
only
that
for
so.
This
is
also
one
of
the
things
that
we
can
do
here.
B
Is
we
there's
a
thing
in
queue
called
like
functional,
like
it's
almost
like
a
functional
pattern?
B
It's
so
Q
doesn't
exactly
have
functions
in
it,
because
it's
just
a
it's
a
non-turing
complete
language,
but
what
you
can
do
is
you
can
sort
of
do
stuff
like
this,
where
you
can
say:
hey
I
have
some
inputs,
and
then
this
is
the
output
and
so
I
can
put
in
like
if
I
want
to
have
a
policy
that
takes
in
a
name
of
the
policy
an
image
glob
like
you
know
something
that
I
want
to
enforce
on
that
policy
and
a
key
that
I
want
to
enforce
on
that
policy.
B
So
this
case,
hey
I,
expect
you
know,
I
want
to
check
in
Fresca
that
anything
that
matches
this
image
is
signed
by
this
key
great
here
is
just
a
generator
for
that,
and
so
I
can
use
it
as
many
times
as
I
want.
Different
teams
can
use
it.
However,
they
want,
and
and
so
on.
B
So
there's
a
lot
of
stuff
here
as
well
that
we're
planning
to
build
which
can
help
us
generate
stuff
like
tecton
tasks,
key
Verno
policies,
various
cluster
policies
and
and
so
on,
cool
and
then
one
of
the
things
we
can
you
know
do
here
is
we
can
encode
also
the
pipelines
themselves
as
consisting
of
certain
defaults
right.
B
So
in
this
case
you
know,
this
sort
of
thing
is
saying
before
you
run,
the
build
Fresca
consists
of
the
Fresca
clone
task,
followed
by
any
other
task,
right
cool
and
then
the
build
task
consists
of
some
number
of
build
tasks,
and
once
again
this
is
very
very
early
on.
We
can
constrain
it
in
various
different
ways
and
then
in
post,
build
tasks.
There's
some
level
of
post
build
tasks,
but
you
can
imagine
there
might
be
something
like
a
you
know,
a
Fresca
task.
B
Sorry,
you
could
have
something
like
a
Fresca.
You
know
published
task
or
whatever,
and
that's
something
that
you
know.
Your
last
task
must
be
a
published
task,
and
so
this
sort
of
helps
us
say
that
no,
no,
you
don't
just
get
to
like
say
what
happens
when
we
help
determine
that,
and
you
know
the
other
thing
that's
nice
about
this
as
well,
is
that
these
constraints
can
also
be
can
also
come
into
the
org.
So
an
individual
org
can
further
constrain
those
things
to
say,
hey
we.
B
We
want
to
replace
this
task
with
that
task
and
so
on,
and
we
can
do
stuff
like
once
again
various
inputs,
and
so
you
know
once
again,
these
inputs
are
pretty
much
saying:
I
require
a
pipeline
name,
it's
a
string.
B
I
require
pre-build
tasks,
which
is
of
this
type,
the
Baseline
pre-build
tests,
and
so
what
this
is
just
saying
is
a
pre-built
task
is:
must
start
with
the
Fresca
clone
task
and
any
other
tasks
after
it.
So,
even
if
somebody
were
to
come
in
with
a
pipeline
and
try
and
override
this
and
say
actually,
I
don't
want
to
use
a
clone
task.
I
want
to
use
something
else.
The
pipeline
is
no
longer
a
valid
pipeline,
it
wouldn't
run,
and
so
these
sorts
of
things
like,
even
though
you
know
it
sounds
complicated
right
now.
B
It's
mostly
complicated
for
the
maintainers
of
Fresca
for
for
most
end
users,
it's
going
to
be
very
simple
for
folks
to
say
great
I
just
have
a
very
simple
pipeline.
Great
you
just
get
to
just
Define
it
like
this.
You
have
something
a
little
bit
more
complicated
great.
You
get
to
start
to
do
stuff,
that's
more
akin
to
this,
where
you
have
a
few
lines
of
Q
or
whatever,
but
all
of
that
sort
of
stuff
allows
you
to
kind
of.
B
You
know,
come
in
and
do
that
sort
of
stuff
and
then
there's
a
couple
of
things
here
right,
so
you
know
we
would
allow
people
to
generate
their
own
custom
tasks,
but
once
again
those
custom
tasks
can
be
defined
in
various
different
ways
like
so,
for
example.
Here
this
pulls
all
the
defaults
from
the
Fresca
tasks.
Oh
sorry,
not
that
one.
The.
A
C
The
Fresca,
what
did
I
just
hold
on
a
second
here.
B
Oh
there
we
go
sorry,
so
it
pulls
in
the
defaults
from
here
and
just
modifies
a
couple
of
things
right
in
this
case,
pretty
much
I'm,
just
saying:
hey
for
the
Fresca
build
task,
I'm
replacing
the
default,
build
task
with
the
build
packs
task
and
I'm,
also
adding
in
an
additional
yeah
and
that
yeah,
that's
that's
that's
pretty
much
it,
and
so
anyway,
that
that's
kind
of
where
I'm
at
now
still
looking
for
feedback
on
the
the
design
document.
B
This
code
right
now,
it's
because
it's
it's
just
some
POC
code.
It's
under
my.
B
It's
just
under
whoops.
That's.
B
There
we
go
it's.
This
is
it's
under
my
my
personal
thing
here.
If
folks,
wanna
I'll,
add
this
to
the
the.
C
B
And
so
feel,
free
to
take
a
look
in
there.
I
noticed
a
few
folks.
A
few
of
the
other
maintainers
joined
a
bit
late.
I
guess
their
their
meeting
ended.
I'm
curious
did
folks
for
Remy
and
Brendan.
Did
you
get
to
see
this
much
at
all,
or
did
you
just
join.
E
Jumped
in
about
five
ten
minutes
ago,.
D
B
Okay,
I'll
briefly
go
over
it
again,
unless
other
folks
have
other
agenda
items.
B
But
pretty
much,
you
know
the
idea.
The
end
goal
here
for
for
most
folks,
for
something
that
we're
trying
to
do
right
with
Fresca
is
do
something
like
this,
where
this
very
simple
yaml
can
become
all
of
the
actual
kubernetes
config
that's
required
to
actually
operate
Fresca,
and
you
know
you
could
see
here
actually
I
typed
this
into
less.
B
And
so
one
of
the
things,
and
then
this
sort
of
automatically
generates
the
queue
for
that.
But
the
idea
here
is
that
this
Project's
configuration
is
constrained
by
A
team's
configuration.
So
if
I
were
to
very
quickly
just
sort
of
say,
build
packs
is
not
allowed
whoops.
B
This
would
no
longer
work
because
hold
on
you're
telling
me
you're
using
build
packs,
but
that's
not
a
valid
build
type
there,
and
then
you
know
a
team
here
can
also
Define
their
own
policies.
They
can
Define
anything
that
doesn't
that
doesn't
break
any
constraints
from
the
layer
above
and
so
in.
The
layer
above
a
department
can
Define
certain
things
in
this
case.
We're
also
defining
throughout
here
just
different
pieces
of
the
naming
scheme.
B
B
You
can
see
here
that
naming
scheme
is
then
automatically
used
by
the
different
stuff
and
because
you
know
all
of
this
stuff
is
pushed
in
to
is
it's
pushed
into
the
the
actual
pipelines
themselves
and
the
pipeline
definitions
that
we
have
inside
of
like
this.
Once
again,
it's
not
a
full-fledged
catalog
yet,
but
you
know
the
stuff:
that's
in
this
catalog,
hey
it
automatically.
B
You
know
passes
in
all
of
that
information,
and-
and
so
the
idea
here
is,
your
configuration
should
be
more
or
less
just
like
the
runtime
configuration
if
folks
are
familiar
with
Terra,
grunt
or
terospace,
or
some
of
those
things
like
they
have.
This
idea
of
you
know
you
have
your
terraform
modules
and
those
live
in
a
set
of
folders,
but
then
you
have
your
live
configuration
which
then
calls
that
stuff,
and
so
the
idea
here
is,
we
would
have
a
catalog
as
well
as
a
library
of
helpers
that
could
help
you
generate
pipelines.
B
Help
you
generate
tasks,
have
a
catalog
of
existing
tasks
and
Pipelines,
but
then
the
idea
is
there
would
be
a
bunch
of
like
things
in
here
that
would
help
Define
constraints
at
the
sort
of
Baseline
level.
Saying
like
hey,
a
Fresca
task
must
look
like
this
a
Fresca.
Sorry,
a
Fresca
pipeline
must
look
like
this,
and
so,
in
this
case
like
once
again,
this
is
just
purely
for
like
the
POC,
but
a
Fresca
pipeline
must
start
with
the
official
Fresco
clone
task
and
some
number
of
other
tasks.
B
That
has
to
be
done
here,
but
that's
kind
of
the
the
the
idea,
and
then
all
of
this
can
then
get
loaded
in
the
other
thing,
that's
kind
of
nice
about
this
is
we
also
get
the
ability
to
sort
of
test
it
all
out
via
you
know
here
where,
if
I'm
not
going
to
go
into
it
right
now,
but
if
the
test
didn't
pass,
you
know
this
would
error
out.
If
any
of
these
things
didn't
generate
a
valid,
a
valid
cue
and
stuff
like
that
or
not.
D
Yes,
I
I
mean
thanks
for
doing
this.
I
mean
this
is
great.
The
I
had
a
question
about
the
organization,
Department
team
kind
of
organization.
This
hierarchy
is
that
fixed
into
the
framework?
D
B
Yep,
it
can
be
any
way
folks
want
like
we
would
probably
ourselves
provide.
Maybe
a
couple
of
examples
like
a
simple
example
of
a
hierarchy
and
another
example
of
a
hierarchy
and
that
kind
of
leads
into
you
know
one
of
the
things
that
we
would
like
to
do
once
this
gets
a
little
bit
more
well-baked
is
probably
creating
something
like
a
Fresca
CLI
tool
that
would
help
you
generate
that
hierarchy,
depending
on
how
you
would
how
you
want
to
have
it
set
up,
but
yeah
like
the
way
that
Q
works
is
pretty
much.
B
B
You
know
directory
is
just
something
that
is
a
further
constrained
thing,
so
you
could
just
have
like,
for
example,
you
could
just
have
an
org
and
a
project
level,
and
that's
it.
You
could
have
org
Department
sub
Department
sub,
sub-department
team,
you
know,
and
you
could
you
could
do
it
any
way
way
you
want
there.
C
C
D
E
D
Mean
I
have
no
knowledge
of
Q,
so
I
show
my
ignorance
here.
Sorry
yeah
no
problem.
Otherwise,
I
wanted
to
just
react
to
one
since
I
have
the
microphone
I'll
abuse
it
a
little
bit
more
I
wanted
to
react
to
what
you
said
earlier
about
the
rebuild
aspect.
You
know,
I
I
find
this
very
interesting
to
try
to
set
up
the
framework
so
that
you
could
use
it
to
rebuild
something
and
basically
verify
that
you
know
what
is
claimed
is
actually
correct.
D
I
think
you
know
overall,
for
obvious
reason
we're
just
we
have
to
start
somewhere.
So
we
are
mostly
been
focusing
on
producing
things
you
know
provenance
and
so
on,
but
at
some
point
we've
got
to
worry
about.
Okay,
how
do
I
actually
verify
all
this
stuff
because
we
can
produce
all
the
attestations
in
the
world
and
whatnot?
You
know
there's
no
way
to
verify.
Well,
it
doesn't
have
much
value
on
this
you're
willing
to
blindly
trust.
D
E
So
I
got
two
thoughts.
I'm
thinking
of
one
is
thinking
of
it
from
a
penetration
tester
standpoint,
which
is
what's
stopping
a
user
from
defying
their
own
task,
run
running
their
own
tasks.
In
addition
to
everything
else,
because
Q
itself
is
going
to
say,
hey
make
sure
the
whole
Fresco
structure
is
right,
but
then
you've
also
got
the
same
Primitives
there
to
find
anything
else.
B
So
on
that
front,
I
believe
the
idea
would
probably
be
two
things.
One
is
this
doesn't
stop.
B
This
doesn't
like
you
still
should
do
something
like
using
flux
or
Argo
or
whatever,
as
as
a
way
of
like
deploying
new
builds
right,
because
because
at
the
end
of
the
day,
if,
if
you're,
giving
folks
access
to
the
kubernetes
cluster
to
change
this
thing,
they're
going
to
be
able
to
do
it
either
way,
and
that
includes
like,
even
if
we
were
to
do
something
I
think
like
create
you
know
a
set
of
controllers
or
operators
or
whatever
to
let's
say
manage
this.
B
We'd
still
have
the
same
sorta
problem
because
you're,
like
whoever
you're
giving
admin
access,
is
going
to
be
able
to
start
poking
around
and
changing
things.
So
the
idea
here
would
be
using
something
like
a
CLI
tool,
so
you
don't
shoot
yourself
in
the
foot
when,
like
it'll
help
you
kind
of
structure,
stuff
and
say
hey,
this
probably
will
or
won't
work
when
you're
about
to
actually
deploy
it,
and
then
obviously
we
probably
want
to
do
something
like
where
we
can.
B
You
know,
try
and
make
it
as
simple
as
possible
for
folks
to
say
yeah.
This
is
this.
Is
this
will
be
a
valid
pipeline
that
should
run
when
I
try
to
push
it
but
yeah?
The
idea
here
is:
is
this
should
not
be
seen
as
the
security
thing
it's
more
from
the
perspective
of
it
helps
you
kind
of
lay
out
the
policy
and
yeah
yada,
but
you'd
still
want
to
have
some
set
of
checks
at
another
level,
and
then
the
other
thing
that
we
are
we're
looking
at
here
is
is
with
something
like.
B
Let's
say,
the
the
CLI
tool
I
can
imagine
like
there
are
certain
things
here
of
you
know.
Maybe
the
org
level
constraints
are
a
library
that
gets
imported
in
at
some
way
right,
there's
some
way
to
sort
of
Pull
It
in,
as
so
that
the
the
end
user
doesn't
need
to,
like
the
end
user,
doesn't
even
get
access
to
change
that
code
stuff,
like
code
owners
and
yayada,
would
also
help
out
here,
but
that's
one
of
the
things
that
I
think
yeah
like
when
we
get
to
that
point.
B
I
think
we're
gonna,
try
and
figure
out
how
how
to
do
that
sort
of
thing.
But
yeah
to
your
point,
there's
a
lot
here
that
would
not
prevent
somebody
who
had
access
from
just
deploying
just
a
random
techton
task
or
changing
the
queue
to
you
know
hey.
If
I'm
you
know,
I'm,
not
a
you
know.
If
I'm
just
an
engineer,
I
can
just
go
in
and
say
you
know,
I'm
going
to
create
the
you
know,
malicious,
build
build
and
then
just
do
whatever
I
want.
B
Yes
or
the
idea
would
be
that,
like
you,
can
change
like
you,
you
as
the
end
user,
would
be
able
to
change
this
sort
of
stuff,
but
this
sort
of
stuff,
maybe
has
a
code
owners
owned
by
your
team
and,
like
a
team
lead,
the
department
is
owned
by
a
department
lead,
the
org
is
owned
by
you
know
and
so
on,
and
so,
even
if
you
do
try
to
come
in
and
modify
like
the
org
it'll
just
show
up
as
a
PR
and
somebody
at
that
level
will
have
to
approve
it.
B
Obviously
that
comes
with
its
own,
you
know
set
of
constraints
as
well,
but
the
other
thing
too
I
think
is,
is
if
we
do
have
something
like
a
Fresca
CLI.
At
some
point,
we
could
encode
a
lot
of
best
practices
right
there
in
the
code
and
we
can
provide
Like
linting
rules
and
yeah
yeah
to
say
hey.
It
looks
like
you
deleted,
all
the
you
know,
all
the
normal
constraints.
This
is
now
going
to
be
undefined
Behavior
or
something
like
that.
B
So,
yes,
that's
something
I
know,
we've
discussed
and
I
think
one
of
the
big
questions
is
always
like
who's
gonna,
maintain
that
that
piece
of
it
but
yeah
I
think
there's
nothing
here
to
prevent
folks
from
doing
that.
In
fact,
I
know
one
of
the
things
we
had
when
we
were
early
earlier
on
when
we
were
looking
at
stuff
like
the
kiverno
piece
right
is,
we
could
have
a
oh.
B
The
but
for
the
key
Virgo
piece,
where's
I,
putting
this
like
something
like
this.
B
B
Certain
things
are
going
to
be
a
little
bit
more
or
less
difficult,
just
based
on
like
each
individual
CI
tool
is
kind
of
doing
their
own
thing
right,
so
certain
CI
tools
are
going
to
call
that,
like
they,
their
delineation,
between
different
things
and
and
so
there's
something
here,
I
think
that's
worthwhile
for
us
to
think
through,
which
is
just
I.
B
I,
don't
want
to
get
unless
we
want
to
and
I'm
willing
to
do
it.
It's
just
I,
don't
know
if
we
want
to
get
into
our
own
sort
of
here
is
a
Fresca
definition
of
what
a
pipeline
is,
and
we
encode
all
that,
and
then
you
could
have
the
mappings
back
into
tecton
into
who
knows.
Whatever
else
you
know
other
CL,
you
know
other
CI
tools,
even
something
like
GitHub
actions
could
be.
You
know
something
we
could
do.
There
are
certain
things
that
I
think
you
know.
B
There's
a
few
things
here
right
where
we
have
I
wasn't
going
to
say,
there's
a
few
things
here
where
we
have
the
ability
to
constrain
certain
things,
because
you
know,
as
you
know,
Brandon
like
we
have
Vault,
we
have
Spire.
We
have
all
those
things
where
certain
other
other
CI
tools
that
maybe
are
being
used
as
a
back
end.
B
Don't
have
those
things
but
with
that
said,
I
think
just
separately
from
Fresca
I
think
Q
other
than
some
of
its
quirks
and
the
fact
that
it's
not
the
easiest
thing
to
learn
beyond
that
I
think
it's
like
an
absolutely
fantastic.
B
Like
technology
agnostic,
you
know
configuration
language
because
it
it
doesn't
have
all
the
same
issues
that
something
like
templating
has
right.
Where
you
know
in
in,
if
I
were
to
use,
helm
and
once
again,
I
know,
Helm
is
more
of
just
running
a
service.
It's
not
really
for
operating
the
service
mostly,
but
you
know
if
I
was
using
Helm
a
lot
of
these
things
would
be,
you
know,
templated
variables
and
you
would
have
a
templated
for
Loop
and
it
becomes
this
kind
of
big
mess,
whereas
in
something
like
Q
it
becomes
like.
B
It
is
pretty
easy
here
where,
in
the
verify
images
like
this,
just
sort
of
means,
I
can
have
one
or
more
of
these
things
you
know,
I
can
Define
these
things
similar
to
it
looks
very
similar
to
Json
with
just
some
sugar.
You
know
syntactic
sugar
around
it,
but
it
I
I
do
think
that
this
sort
of
thing,
I,
I,
hope
more
folks
just
begin
to
use
it.
B
Cool
any
other
questions.
B
There's
no
other
questions.
I.
Think
there's
like
two
things
wanted
to
ask
the
community
what
one
was
hey
it
seems
like
folks,
are,
are
liking.
This
sort
of
General
flow
probably
makes
sense
to
to
push
forward
with
you
know,
designing
out
a
v.
0.1
of
of
this
flow
I'd
be
interested
to
know.
B
If
there's,
if
there's
anybody
who
wants
to
kind
of
who
has
the
time
who
wants
to
sort
of
sit
down
and
and
help
out,
I
I
know
that
one
of
the
things
we're
trying
to
also
do
in
the
new
year
is
there's.
Two
things
we
want
to
do
is
one
is
we
want
to
get
more
maintainers?
One
of
the
things
I
think
we're
looking
to
do
as
part
of
that
maintainership
is
move
the
main
Fresca
repo
into
the
actual,
build
Tech,
sorry
from
build
secorg
into
the
ssf
open,
ssf
org.
B
You
know
things,
but
there's
a
few
things
there
and
the
other
thing
we're
looking
to
kind
of
try
and
do
in
the
new
year
is
try
and
attract
more
folks
to
the
community
meeting,
because
I
know
a
few
people
had
a
few
folks
have
reached
out
to
me
saying:
oh
I
didn't
realize
there
was
a
community
meeting
for
Fresca
and
you
know
I
read
about
it,
but
that's
about
it
and
so
I'm
going
to
be
trying
to
work
with
the
open
ssf
on.
B
Maybe
you
know
what
we
can
do
to
sort
of
help
drive
a
little
bit
more
Community
engagement
and
then
the
last
thing
is
more
of
maybe
for
next
time
going
through
like
a
road
map
for
2023
or
for
the
next
six
months,
or
something
like
that
for
things.
We
want
to
kind
of
get
done
with
Fresca.
B
I
know
that
the
the
governing
board
of
the
open
ssf
has
recently
voted
on
I
think
a
new
direction
for
2023
and
one
of
the
pieces
of
the
new
direction
is
they
do
want
to
have
a
few
more
demonstrative
examples
of
things
not
just
purely
you
know,
for
example,
there's
S2
C2
F,
there's
salsa,
there's
a
bunch
of
these
other
Open
ssf
Standards
like
scorecards
and
yayada,
but
I
think
they're
also
looking
to
try
and
do
more
things
like
hey
are
there?
B
Is
there
like
a
good
security,
open
source
security
scanning
tool
that
we
can?
You
know,
show
hey
here's
an
example
of
how
to
use
it
and
and
push
that
out,
but
anyway,
I
think
we're
trying
to
also
get
in
line
with
the
supply
chain,
Integrity
working
group
and
some
of
the
other
things
that
are
kind
of
happening
there.
So
anyway,
I
spoke
a
lot
interested
to
hear
folks.
Thoughts
on
you
know
that
on
potential
roadmap
items
are
folks.
Does
that
seem
reasonable
to
people?
A
Yeah,
absolutely,
and
as
a
matter
of
fact,
I
have
I'm,
not
sure
if
you
guys
can
hear
me,
I
have
an
ongoing
a
conversation
on
how
and
I've
been
doing
this
across
several
working
groups
getting
more
folks
inside
of
these
Community
meetings
and
six,
especially
on
the
on
the
technical
end,
start
putting
pen
to
paper
I
I'm,
not
in
highly
I'm,
not
highly
technical
person,
I'm,
not
a
keyboard
person.
A
So,
while
I
do
a
lot
of
my
best
thinking
and
I
understand
the
technology
in
front
of
me
putting
pen
to
paper,
that's
not
where
I'm
at
now
so
I'm,
actually
working
on
trying
to
get
more
individuals
who
are
those
Brilliant
Minds
with
those
fast
fingers
to
come
aboard
and
start
actually
putting
putting
pen
to
paper
on
helping
us
build
a
lot
of
these
outstanding
things
we're
doing
across
the
openness
and
stuff.
So
this
resonates
with
me.
A
If
you
wouldn't
mind,
please,
if
you
can
send
me
an
email
with
the
exact
need
and
I'll
be
happy
to
see
if
I
can't
reach
out
and
try
to
pull
folks
in
saying
this
is
what
we
need.
Can
you
do
pull
them
in?
You
know
I
mean
I
I'm
working
on
stuff
like
that
right
now,
so
anything
you
could
give
me
that
I
can
take
back
and
pull
folks
in
I'd,
be
that
would
be
a
big
help
to
me.
B
Sure
yeah
I'll,
definitely
you
know
shoot
you
an
email
and.
A
B
Yeah
definitely
the
more
the
merrier
we'd
love
to
to
have
more
more
input
and
feedback.
I
know
some
things
are
gonna
be
figured
out
in
the
coming
weeks.
I
know
I've
been
I've,
been
talking
to
a
few
of
the
folks
in
the
governing
board,
and
the
TAC
and
I
know
there's
still
sort
of
finalizing
some
details
on
a
few
different
items.
B
I
know,
there's
been
a
term
like
Sterling
tool
chain
being
thrown
around
I,
don't
know
how
how
real
or
not
real
that
is,
but
but
I
know
at
least
the
idea
there
is
is
sounds
pretty
interesting
in
the
least
but
yeah
cool,
any
other
thoughts,
otherwise
I
think
for
next
week
or
not
next
week,
but
the
next
time.
B
So
in
two
weeks,
probably
wanna
kind
of
have
a
little
bit
of
a
chat
over
like
some
roadmap
items
like
things
that
you
want
to
push
out
for
this
year,
one
of
the
things
being
this
pipeline
framework,
another
thing,
probably
being
the
CLI
another
thing,
probably
being
a
way
to
package
up
Fresca
internally
at
at
the
startup
that
we've
been
sort
of
playing
around
with
a
few
things,
we
do
plan
to
eventually
open
source.
B
It
we're
just
kind
of
playing
around
with
a
few
ideas
on
on
packaging
there,
but
yeah
does
that
sound
good
to
everybody?.
A
B
Any
other
questions
thoughts,
anything
else.
Anybody
want
to
bring
up.
Otherwise
we
can
end
like
nine
minutes
early.
B
Well,
I'll
see
everybody
in
two
weeks.