►
A
For
folks,
just
joining
I'm
going
to
post
the
link
to
the
notes
again,
if
you
can
pop
your
name
in
there,
that'll
be
great.
A
A
All
right,
I
guess
we
can
get
started,
I'm
joking,
I'm
your
host
for
today,
as
dustin,
is
unable
to
make
it
this
time.
The
first
thing
we'd
like
to
do
in
this
call
is
to
welcome
any
new
faces.
Anybody
who
feels
like
they
would
like
to
introduce
themselves
so
now's
two
chance,
try
to
use
the
hand
up
gesture
in
the
reactions
and
then
that
way
we
get
an
ordered
list
of
people.
B
Hi,
I
am
catherine
druckmann
I
work
for
intel.
I
am
an
open
source
evangelist.
B
I
am
let's
say:
I've
been
interested
in
security
for
a
long
time
from
a
sort
of
I
used
to
be
a
software
engineer,
and
so
obviously
I
should
be
interested
in
it
from
that
perspective,
but
I
was
also
before
that.
I
worked
for
lynx
journal
for
a
long
time,
so
I
was
you
know
we
covered
open
source
security,
but
this
is
the
first
time
I've
ever
attempted
to
get
involved
in
anything
and
now
that
I'm
in
intel
it
makes
more
sense.
A
You'll
definitely
learn
from
everyone
else.
Anyone
else
like
feel
like
popping
their
hand
in
the
air
and
introducing
themselves.
C
B
D
Hello,
I
I'm
a
maintainer
for
the
oci
standards
as
well
as
container
d.
I
work
in
signo
around
google.
It
do
you
know
a
lot
of
work
in
this
area.
I
did
the
oci
implementation
and
you
know,
distribution
distribution
in
the
registries
so
been
around
them
been
around,
and
I
heard
I
need
to
come
here
so
here
I
am.
A
This
is
where
the
cool
kids
are
hanging
out.
It's
true
speaking
of
cool
kids.
Anyone
else
would
like
to
introduce
themselves.
A
There'd,
be
no
people
rushing
to
the
front
I'll
move
on
to
the
next
agenda
item,
which
is
for
those
of
you
who
haven't
heard
our
friends
in
pipe.
I
have
had
a
bad
day.
There
is
currently
a
phishing
attack
being
made
on
pipeli.
Where
folks
are
being
told,
you
know
the
standard.
Your
account
is
in
trouble.
We
need
you
to
log
in
give
us
your
details
and,
as
we
all
know,
this
is
much
harder
to
do
with
at
least
hardware
token
based
mfa
at
this
time.
A
I
believe
it's
unclear
whether
they're
also
harvesting
totp
codes,
but
something
to
bear
in
mind.
It
could
be
anybody's
turn
next,
unfortunately,
so
I
wanted
to
bring
that
to
people's
attention
if
they
haven't
seen
it
already.
Next
on
the
agenda,
brandon
wants
to
talk
to
us
about
the
package
manager
survey
brandon.
E
Awesome
take
check,
so
this
is
kind
of
works
out
quite
a
while
back.
I
think
we've
been
iterating
on
this.
Initially
we
started.
I,
the
whole
point
of
this
was
to
kind
of
like
pull
different
package
managers,
see
what
are
the
different
features
that
people
are
implementing
and
kind
of
get
an
idea
in
like
what
are
areas
that
people
are
focusing
on
from
the
package
manager
ecosystem.
E
So
initially
we
had
the
doc
out
that
we
got
a
lot
of
feedback
about
about
adding
additional
questions
and
and
all
the
stuff,
and
so
we've
put
all
the
good
feedback
into
a
google
docs
survey,
and
so
this
this
questionnaire
will
contain
a
lot
of
the
new
information.
We've
also
added
collecting
information
about
intent
of
the
package
ecosystems
to
to
say
like
to
certain
areas
whether
this
is
currently
planned.
This
is
currently
implemented.
It's
a
roadmap
or
you
know
that
it's
kind
of
like
considered
out
of
scope.
So
we
are.
E
We
are
collecting
additional
information
on
top
of
what
we've
asked
about
before
and
this
will
I've
checked.
I've
talked
to
dustin
about
this.
We've
been
working
on
this
together
and
the
plan
is
to
get
the
survey
results
and
do
a
little
bit
run-through
kind
of
analytics
on
it
and
publish
a
blog
post
on
the
openness
blog
to
say,
like
you
know,
this
is
what
we
found
out
here
like
focus
areas
that
we
can
work
on
from
the
secure
and
repositories
working
perspective.
E
So
I
guess
call
to
action
here
would
be
if
you'd
be
so
kind
to
fill
up
the
survey
from
each
of
the
ecosystems.
That
will
be
super
helpful.
A
C
I'd
be
interested
to
know
the
different
well,
the
last
question:
you
have:
what
is
your
role
for
this
package
manager
and
are
you
expecting
to
have
package
manage
package
manager,
specific
terminology
there.
E
I
think
that
really
we,
what
we
are
one
of
that
question
is
like,
oh,
you
know,
are
you
kind
of
a
someone
that
that
is
in
the
know
of
you
know,
what's
happening
with
the
ecosystem
with
the
road
map?
Are
you
just
like
coming?
Is
this
from
outside
observer
to
saying
that
this
is
what
I'm
observing
from
the
ecosystem?
I
think
that's
kind
of
the
the
mean
what
we
want
to
get
out
of
the
question.
C
C
F
Great
so
I
floated
a
document
a
while
ago
that
is
now
out
of
date.
You're
welcome
to
look
at
it,
but
it's
gonna
undergo,
hopefully
some
pretty
heavy
revisions
in
the
next
couple
weeks,
basically
proposing
the
open
ssf
as
a
natural
home
to
data
that
could
help
researchers
who
are
trying
to
study
supply
chain
attacks,
especially
in
the
context
of
software
repositories.
F
This
was
very
selfishly
motivated,
marina
and
I
had
a
had
a
project
that
we
were
working
on.
That
data
would
have
been
very
helpful
for,
but
wasn't
available
all
in
one
place
and
so
maureen
and
I
had
just
been
thinking
hey,
you
know,
like
the
open
ssf
seems
like
maybe
maybe
a
good
place
to
collect
this
to
store
this
to.
F
If
we
decide
to
that
certain
things
are
sensitive
and
need
access
to
be
gated
to
do
that,
gating
and
so
on
and
recently
we've
had
a
couple
of
a
very
concrete
use.
Cases
come
up
that
I
think,
would
be
useful.
I
spoke
with
some
folks
who
do
work
on
typo
squatting
and
they
said
it's
a
big
pain
to
sort
of
even
get
packaged
metadata.
F
If
you're
trying
to
do
any
kind
of
cross
ecosystem
study,
because
you
have
to
write
your
scraper
for
you-
know,
repository
a
and
repository
b
and
maybe
a
repository
c-
has
an
api,
but
it
doesn't
look
anything
like
repository
deeds,
and
so
I
think
package
metadata
that
that
would
help
with
with
typo
squatting
and
that's
just
the
metadata
alone
would
be
quite
useful.
F
Relatedly
in
the
context
of
you
know,
malware
of
a
a
perpetual
struggle
of
people
trying
to
study
malware
in
the
wild
is
that
when
people
find
it,
they
kill
it,
which
is
good
right
like
we
don't
want.
You
know,
users
downloading
it,
but
it's
it's
bad
for
trying
to
characterize
and
understand,
malware
and
so
forth
in
other
potential
use
cases
to
sort
of
have
the
linux
foundation.
When
you
know
a
repository
responds
to
a
you
know,
report
of
malicious
software
and
takes
down
a
package.
F
It
would
be
great
if,
in
addition
to
taking
it,
you
know
delisting
it
from
your
repository.
It
also
gets
fired
off
over
into
some
some
silo
that
the
the
open
ssf
operates
and
and
gets
sucked
up
there,
and
we
can
grant
access
to
researchers
as
well.
So
at
this
point
I
I
guess
my
primary
question
is-
is
the
and
I
I
I
want
to
be
really
really
conscious
of.
I
know
most
of
the
maintainers
here
have
more
than
enough
on
their
plates
already,
but
in
in
broad
strokes
terms.
F
Is
this
something
that
folks
are
would
be
willing
to?
F
Let's
like
work
with
us
on,
and
I
I
don't
want
to
say
you
know
you
have
to
go
and
implement
some
brand
new
api
with
some
new
standard
that
I
designed
and
so
much
so
much
as
would
you
be
amenable
to
like
pull
requests
that
that
sort
of
implement
some
some,
you
know
sending
off
of
data
to
the
to
the
open
ssf
and
that
I
don't
need
verbal
answers
necessarily,
but
if
you
want
to
indicate
in
the
node
stock
or
in
chat
or
in
slack,
I
would
I
would
love
to
hear
and
if
so,
if
that's
the
case
that
that
some
folks
are
willing
to
cooperate
and
it
doesn't
need
to
be
everyone.
F
I
think
it
would
be
really
valuable
to
even
have
this
for
a
few
operator.
Sorry
for
a
few
repository
ecosystems,
then
I
think
marina
and
I
are
going
to
go
ahead
and
try
to
come
up
with
a
plan
for
actually
storing
some
of
the
stuff
and
we'll
circle
back
anything
marina.
You
want
to
add.
B
I
don't
think
so.
I
think
you
basically
covered
it.
I
think
that
in
the
future
we
could
expand
this
kind
of
data
outside
of
the
two
specific
categories
here,
but
I
think
they're
a
great
place
to
start
with
the
types
of
data
that
be
especially
useful
for
researchers
and
especially
hard
to
find,
because,
obviously
you
don't
want
to
keep
malware
on
the
public
repositories.
D
Yeah,
so
is
the
intent
to
make
this
available
only
to
researchers,
or
would
it
be
available
to
other
repositories
so
for
context?
I
work
with
the
conduct
community,
I'm
here
representing
the
conda
community
and
because
we
we
aren't
necessarily
sort
of
the
repository
of
record,
but
we
would
definitely
be
very
interested
in.
For
example,
if
there
were
type
of
squatting
in
pi
pi,
we
want
to
make
sure
those
don't
get
carried
over
into
the
conda
ecosystem.
F
Yeah,
that's
a
that's
a
great
question
and
I'm
going
to
make
a
note
to
myself
to
try
to
address
that
in
any
proposal
we
come
up
with
again
I
mean
the
short
answer.
Is
we
want
anyone
supplying
data
to
be
comfortable
with
who's?
Gonna
see
it,
and
so
the
important
thing
is
to
make
it
clear
to
people
who
are
shipping
their
data
up.
What
what
the
bounds
are?
F
I'm
of
the
opinion
that
broadly
the
more
things
that
can
be
made
public
the
better
and
we
want
to
you-
know,
sort
of
limit
what
we
gain
access
to,
for
instance,
a
really
popular
thing
that
people
don't
even
in
open
science
communities
publish,
is
samples
of
malware
because
the
theory
goes,
you
know.
Oh,
you
know,
script
kitties
can
just
download
it
and
spray
and
pray
across
the
internet,
and
that's
that's
something
we
want
to
avoid.
F
So
the
short
answer
is,
I
don't
know,
that'll
get
fleshed
out
as
as
the
details
come
together,
but
my
inclination
is
to
try
to
push
for
access
being
as
as
broad
as
possible,
and
I
think
you
know
we
have
three
scopes.
There's
totally
public,
there's
sort
of
you
know
gated
behind
some
assurance
that
you're
not
a
script
kitty
and
then
there's
actually
sensitive
stuff.
So
anything
that
involves
you
know,
user
data
or
or
even
you
know,
anonymized
user
data
might
might
fall
into
that
bucket.
A
Yes,
I
was,
I
was
going
to
speak
in
support
of
the
idea
generally
about
scopes.
I
think
it's
possible
to
sort
of
like
give
different
scopes
for
different
subsets
of
the
data
or
different.
You
know,
tables
so
to
speak
would
be
fine.
A
The
main
thing
I
would
say
in
support
is
that
the
studies
I've
seen
in
the
past
of
various
ecosystems
when
there's
a
comparative
study
findings
from
one
ecosystem
do
not
always
generalize
to
a
different
one
and
that's
why
it's
so
important
to
have
multiple
ecosystems
represented,
because
you
know
a
finding
that
applies
to
npm
might
not
apply
to
ruby
gems
and
vice
versa,
and
obviously
my
my
day
job
is
worrying
about
ruby
gems.
So
I'm
interested
in
that
problem,
and
I
want
it
to
go
away
as
much
as
possible.
C
Thank
you.
I
also
wanted
to
speak
in
support
of
this,
and
I
I
would
really
like
it
if
this
data
was
public,
but
for
the
data
which
you
can
make
public.
I
think
it's
really
important
that
standard
software
well
standard
data
licenses
are
used
as
well
as
standard
formats
for
the
data.
It's
often
the
biggest
inhibiting
factor
for
data
sharing
is
those
those
things
which
should
be
insignificant
that
take
up
a
disproportionate
amount
of
time.
F
Yeah,
I
think
thanks
for
that
sebastian.
I
agree
with
with
all
of
that,
and
I
think
that's
one
of
the
things
we're
trying
to
accomplish
here
is
to
make
it
so
that
one
person
one
time
has
to
do
the
work
of
figuring
out
what
license
we
can
share
this
data
under
and
converting
from
one
format
into
a
slightly
different
format
and
and
making
things
all
uniform
and
then
thereafter
that
doesn't
have
to
get
done
forever
by
every
researcher
on
every
study
so
yeah.
C
Well,
I
was
just
quickly
offering
my
assistance
with
spdx
if
you
would
like
to
use
that
format
to
describe
the
software
packages
with.
F
Great
yeah,
and
we
will
we
will
certainly
before
we
make
moves
towards
actually
collecting
any
of
this.
This
group
will
see
a
proposal
that
will
include
things
like
proposed
formats,
so
I
appreciate
that
offer
and
I
will
I
will
keep
it
in
mind,
but
if
you
note
a
place
where
a
format
like
that
is
more
appropriate
than
what
we're
proposing
you'll
have
an
opportunity
to
suggest
it.
A
One
quick
note
about
data
license
the
standard,
one
that
the
open,
ssf
picks,
is
the
community
community
data
license
agreements,
cdla
dot,
io
I'll,
just
copy
the
link
across
here
we
have
standard
licenses
also
for
documentation,
specifications
and
source
codes,
so
assuming
that
nobody
is
violently
objecting
to
any
of
those,
I
think
that's
where
we
we'd
wind
up.
A
Okay,
so
oh
next
is
me.
So
next
is
me
and
what
I'd
like
to
say
is
money
is
good
and
it's
even
better
when
you
spend
it
on
things
that
solve
security
problems
or
make
life
better
for
all
of
us.
I
looked
at
the
mobilization
plan.
Some
of
you
might
not
be
familiar
with
the
mobilization
plan.
A
It
was
a
plane
that
was
published
by
the
open
ssf
a
couple
of
months
ago
in
concert
with
the
second
white
house
conference
of
like
leaders
from
industry
and
government
and
and
open
source,
and
it
proposed
ten
different
streams
of
work
and
that
these
would
cost
a
hell
of
a
lot
of
money
and
a
fraction
like
a
substantial
percentage
of
the
hell
of
a
lot
of
money,
has
been
raised
or
has
been
what's
the
word.
I'm
saying
promised
I
guess
pledged.
Thank
you.
That's
exactly
the
word.
A
I
was
struggling
to
find
pledged
by
a
number
of
a
number
of
companies.
Two
streams
jumped
out
at
me,
one
of
which
was
stream
10,
enhanced
the
10,
most
critical
oss,
build
systems,
package,
managers
and
distribution
systems
with
better
supply
chain,
security
tools
and
practices,
and
the
other
one
is
stream,
a
coordinate
industry
where
data
sharing
to
improve
the
research
that
helps
determine
the
most
critical
oss
components.
So
I
was
thinking
I
would
like
to.
I
would
like
for
us
to
go
to
the
governing
board
and
propose
two
spending
items.
A
A
A
lot
of
like
the
ingestion
stuff
in
particular
can
probably
be
turned
into
contract
work
if,
if
it's
too
much
to
take
on
for
zack
and
marina,
but
the
one
I'm
particularly
interested
in,
is
the
concept
of
a
shared
help
desk,
which
we've
talked
about
in
the
past
and
which
I
think
has
come
back
because,
as
we
all
start
to
introduce
mfa,
we're
all
grappling
with
the
same
problem,
which
is
people
lose
their
phones
and
then
they're
very
upset
that
they
can't
do
the
things
at
the
moment.
A
Ruby
gems
is
like
many
repos,
a
volunteer
organization.
You
know
it
takes
time.
People
have
to
wait
till
they
get
home
or
the
weekend,
and
it
would
be
nice
to
have
a
shared
help
desk.
If
possible.
I
was
wondering
if
there
were
any
sort
of
like
things
that
you
felt.
I
should
consider
or
objections
to
the
idea
of
me
sort
of
trying
to
put
a
draft
together
for
the
governing
board
for
funding.
A
F
F
Yes,
it
is,
it
is
okay.
What
what
did
you
have
in
mind
for
a
timeline.
A
I
don't
have
one
in
mind,
so
one
of
the
one
of
the
reasons
I'm
doing
this
is
because
so
far
as
I
know,
nobody
has
actually
done
this
yet,
like
these
streams
are
out
there
and
there's
money
pledged,
but
nobody's
actually
showed
up
and
said
what
they
want
to
spend
it
on.
So
I
don't
have
a
particular
timeline,
but
I
am
cognizant
of
the
fact
that
it
will
be
an
unknown
timeline
because
we're
we're
blazing
the
path
which
everyone
comes
in
first.
A
The
other
thing
to
bear
in
mind
is
that,
with
data
we
can
more
or
less
do
it
right
away
like
it's.
It's
closer
to
shovel,
ready
with
shared
help
desk.
We'll
have
to
talk
about
the
mechanics
of
like
how
do
we
hire
this
person?
What
should
we
pay
them?
Because
I
assume
it
would
be
one
person
to
start
and
also
each
ecosystem
then
has
to
come
up
with
tooling
to
enable
them
to
you
know,
perform
basic
actions
without
having
to
have
production
access.
A
F
I
have
a
question
related
to
what
you
just
described.
Do
you
think
that
one
possible
use
of
of
these
resources
could
be
getting
for
each
ecosystem?
Something
implemented,
and
this
is
this-
is
addresses
both
your.
What
your
point
and
the
data
collection
as
well,
you
know,
would
it
be
possible
to
have
a
contractor,
for
you
know,
go.
F
Of
the
repositories
and
integrate-
and
if
so,
is
that
easier
to
delegate
to
the
repositories
themselves
or
is
it
it?
You
know
it
feels
a
little
tough,
because
one
person
isn't
going
to
have
expertise
in
every
ecosystem,
but
at
the
same
time
you
know
the
coordination
of
asking
every
ecosystem
to
do.
A
moderate
amount
of
work
feels
awesome.
A
Yeah
yeah,
that's
the
tricky
part
right,
like
everybody,
writes
their
system
in
their
own
language
with
with
their
own
libraries.
So
it's
difficult
to
find
somebody
who
speaks
fluently,
rust
python,
java,
ruby,
no
javascript.
A
D
C
Thank
you,
it
strikes
me
is
it,
but
one
of
the
key
skills
that
someone
in
that
role
would
need
to
be
able
to
do
is
to
investigate
the
context
of
a
package
to
find
whether
the
person
who
is
making
that
appeal
is
actually
the
same
person.
Who
is
the
maintainer
of
the
package,
and
that
might
be
an
understanding
of
how
ssh
keys
and
gpg
keys
work
and
looking
through
email,
logs
or
github
signed
commits.
C
A
C
Isn't
it
for
people
to
ask
how
they
can
get
their
account
reactivated
in
case
of
losing
a
multi-factor
authentication
token,
and
I
think
one
of
the
skills
that
would
be
valuable
for
the
the
help
desk
officers
is
a
awareness
of
the
context
around
gpg,
keys
and
ssh
keys
and
things
so
that
when
they
receive
one
of
these
appeals,
they
can
look
into
the
context
of
the
person's
history
and
association
to
make
sure
that
they
are
really
communicating
with
who
they
think
they
are.
A
Yes,
I
agree
strongly.
Social
engineering
is
the
major
threat
to
all
of
us
at
the
moment
and
there's
there's
a
lot
to
be
said
for
having
a
professional
who
can
take
that
very
thorough
validation
approach.
So
yes,
I
agree.
A
G
Hey
everybody.
Can
you
hear
me
great
yeah?
I
just
want
to
give
you
an
update,
because
we
had
been
talking
in
previous
meetings
about
this
effort
to
produce
a
single
artifact
for
us
blob
signing
from
cosign
and
from
the
various
clients,
since
relative
that's
very
relevant
to
the
package
managers
and
just
wanted
to
let
you
know
where
that
is.
G
You
know
we
have
broad
agreement
on
that
plan
and
I'm
working
with
frederick
from
github
to
specify
what
that
file
is
going
to
be
in
a
proto
and
we're
going
to
be
iterating
on
that
in
the
cosine
cli.
G
So
you
know
if,
if
all
goes
to
plan
within
a
few
months,
we'll
have
a
single
like
dot
six
store
artifact
that
you
can
store
along
your
packages
in
your
repos.
A
So
would
this
be
like
I'm
sorry
for
jumping
ahead
of
anyone?
Would
this
be
like
a
like
an
extract
from
the
log
or
what
would
the
contents
be.
G
Everything
that
we
need
to
support
all
the
sort
of
use,
verification
use
cases
and
including
offline
verification,
so
yeah,
it
would
include,
like
the
require
recall,
entry
information
like
the
log
id
et
cetera,
as
well
as
a
certificate.
It's
also
going
to
the
plan
is
to
support
out
of
stations
as
well.
A
That's
really
cool
that
saves
us
a
lot
of
hassle,
although
we
do
have
to
deal
with
protocol
buffers
which
in
some
languages
can
be
more
fun
than
other
languages.
A
Let's
not
go
into
that
too
much.
Are
there
any
questions
for
patreon.
G
D
Yeah,
just
a
quick
question
for
patrick
I'm
working
on
the
like
c
store,
js
stuff,
so
definitely
interested
in
the
bundle
format,
and
I
work
alongside
frederick.
So
I
could
ask
him
this,
but
does
the
like
the
current
thinking
around
like
the
format
in
the
fields?
Is
that
reflected
in
the
google
doc?
That's
linked
in
that
issue,
or
is
that
work
happening
somewhere
else
right
now?
It's.
G
It's
it
is
reflected
at
sort
of
in
terms
of
the
data
that
we
want
to
include,
but
it's
it's
a
little
sort
of
it's
not
very
specific.
In
terms
of
you
know,
it's
not
using
it's
just
a
table
with
like
the
kind
of
data
we
want,
so
we're
now
putting
together
a
proto
that
we
want
to
be
as
like
the
basis
for
the
definition,
and
I
think
that'll
be
a
much
more
like
concrete
and
useful
specification.
A
Okay,
I'm
going
to
sneak
in
one
last
item
on
the
agenda,
which
I
forgot
to
mention
earlier.
Another
piece
of
news,
since
our
last
call,
our
friends
from
npm
have
released
their
rfc
talking
about
how
they'd
like
to
integrate
sigstor
into
their
overall
mechanism.
It's
good
reading.
A
There
is
a
lively
discussion
which
I
invite
people
to
read
with
some
differences
of
opinion
about
the
details,
but
I
think
most
of
the
feedback
was
positive
and
certainly
I'm
really
excited
by
it.
You
know
npm
is
such
a
high
leverage,
part
of
the
ecosystem
of
ecosystems,
so
it's
really
exciting
to
see
that
six
door
work
coming
forward
and
I'm
looking
forward
to
seeing
it
roll
out
quite
a
lot.
So
bravo
npm
folks.
A
C
Just
a
quick
question
then,
on
the
sig
store
front,
is
there?
Are
there
calls
for
recore
the
at
estate?
The
you
know
the
the
place
where
six
store
stores
its
attestations.
C
Maybe
the
internet
connection
problems
my
end.
Are
there
calls
for
record.
A
G
Yeah,
I
don't
know
that
there's
a
recourse
specific
meeting
I
do
know
there's
a
recourse,
specific
slack
channel.
If
you
have
questions
there
and
yeah
the
recoil
maintainers,
I'm
not
actually
sure
who
they
are,
I
think
it
might
be
like
and
dan.
A
And
one
thing
if
you
want
to
wear
sebastian
is
that
sigstor
was
up
and
active
before
it
joined
the
open
ssf.
So
it
still
has
a
separate
slack
instance.
So,
let's
be
the
place
to
look
into.
C
A
A
No,
that
sounds
pretty
good.
Well,
this
has
been
a
great
meeting.
It's
been
great,
seeing
everybody
and
talking
through
these
issues,
I'm
looking
forward
to
the
next
one,
of
course,
the
next
meeting.
As
you
know,
we
alternate
between
emir
friendly
times
and
apac
friendly
time.
So
the
next
meeting
is
apac
friendly,
which
means
it's
going
to
be
five
hours
later
or
six
hours,
I'm
I'm
not
sure
off
the
top
of
my
head,
but
make
sure
to
check
your
calendars
and
make
your
plans
around
that.