►
A
A
B
A
Morning,
good
afternoon,
everybody
sorry
to
keep
you
all
waiting.
I
was
just
finishing
up.
Another
call
how's
everybody
doing
see
some
thumbs
up.
That's
good!
That's
good,
wonderful!
A
Typically,
as
I'm
gonna
fire
up
the
get
the
notes
up
going
shortly
here,
while
I
do
that
we'd
love
to
hear
from
anyone.
If
it's
your
first
time
or
if
it's
your
first
one
of
your
first
meetings,
we'd
love
to
hear
from
you
introduce
yourself
or
anything
you'd
like
to
tell
the
group,
so
I'll
open
up
the
floor
for
a
couple
minutes.
B
A
Awesome
great
to
see
you
again
Jonathan
do
we
have
anyone
else
who
would
like
to
introduce
themselves
today.
C
A
So
looks
like
we've
got
that
and
for
the
time
being,
we
don't
have
anything
specific
on
the
agenda.
I
would
definitely
like
to
continue
the
the
conversation
about
the
identifying
critical
projects
and
the
ingestion
form
and
all
that,
but
but
before
we
dive
into
that
is,
are
there
any
agenda
items
or
things
that
anyone
would
like
to
talk
about.
A
A
Okay,
well,
I
guess.
One
thing
we
should
also
I.
Think
it's
important
for
us
to
finalize
soon
is
the
is
that
pull
request
regarding
the
charter,
so
did
folks
have
a
chance
to
review
that
or
do
we
have
any
objections
or
any
feedback
on
the
Charter
before
we
formally
adopt
it?.
A
Okay,
don't
all
jump
at
once,
I
know
right,
that's
the
week
of
a
week
of
a
holiday
totally
understandable,
but
yeah,
obviously,
just
to
reiterate,
we
very
much
appreciate
and
welcome
feedback
thoughts
discussions.
So
please
feel
free
to
speak
up.
We're
all
friends
here
so.
B
A
Okay,
okay!
Well
then,
what
we'll
do
then,
is
we'll
set
for
the
for
our
next
agenda
meeting.
A
A
And
I'm
curious
I,
wonder
if,
if,
if
folks,
maybe
Jay
have
experience
with
other
work
groups,
did
they
just
do
kind
of
like
a
voting
on
GitHub,
which
I
think
I've
seen
for
other
open,
ssf
things
where
they
just
call
a
vote
or
Jacques?
Did
you
see
anything
like
that
and
the
other
work
groups
yeah.
D
We
we
did
a
for
securing
software
repos,
we
did
a
Voice
vote
and
then
we
followed
up
with
approvals
on
GitHub,
okay
yeah,
so
that
that
was
a
written
record.
Okay,.
A
A
Any
discussions
needed
which
that'll
be
recorded
for
for
reference,
and
then
we
could
do
approvals
are
voting
on
the
pr
for,
like
a
paper,
trail
great
great,
so
that
that
is
that
and
I'm
going
back
to
my
original
question
before
we
kind
of
dive
into
some
of
the
stuff
we've
been
working
on
recently,
if
there's
any
agenda
items
or
topics
that
anyone
participating
today
would
like
to
bring
up
or
talk
about,
I
think
that
would
be
a
good
time
for
it.
C
So
let
me
take
the
opportunity
yeah.
So
three
of
us
myself,
there's
Alex
Kim
from
IBM
and
ishel
from
jfrog.
We
have
volunteered
to
organize
a
virtual
Workshop.
It's
it's
called
a
conference,
but
I
think
it's
more
like
a
workshop
of
Open
Source
maintainers
and
to
hear
about
their
problems,
their
pain
points
and
hopefully
build
some
understanding.
So
it's
it's
a
dialogue
to
and
and
get
the
open
source
maintainers
of
the
top
critical
projects
at
the
at
one
place
and
hear
about
the
clean
points.
C
Get
some
understanding
then
probably
coordinate
with
the
other
working
groups
and
then
get
that
idea
disseminated
and
so
on.
So
that's
kind
of
the
main
main
plan.
Michael's
coveta
was
the
original
guy.
Who
was
the
like,
whose
brain
spawned
this
thing,
and
we
are
just
the
executor
at
this
particular
Point.
C
C
Maybe
20
projects
that
are
ranked
as
the
highest
in
in
all
of
those
is
that
the
way
do
we
need
representation
across
the
board
as
in
do
we
need
something
that's
actually
behind
like
not
necessarily
in
the
top
20,
but
because
they
have
different
pain
points,
something
that
are
in
the
Middle
Ground
somebody
who
is
in
the
other
side
of
the
of
the
long
tail
that
that's
they
they
will
have
different
papers.
C
There
could
also
be
the
different
domains
like
the
fintech
industry
may
have
different
pain
points
than
the
then,
the
let's
say
the
healthcare
industry
and
so
on.
So
we
cannot
be
able
to
address
all
of
those
Concepts,
obviously
in
one
meeting.
So
if,
if
the
event
become
successful,
if
you
can
figure
out
a
format
and
so
on,
the
plan
is
to
make
it
repeatable,
let's
say
every
six
months,
every
three
months,
however,
whatever
is
the
is
the
timeline
that
we
can
agree
or
or
can
arrange
or
organize.
C
But
right
now
we
are
still
figuring
out
about
how
to
identify
the
the
scope.
So
I
would
appreciate,
maybe
like
open
this
up
and
get
feedback
from
other
people,
so
that
I
can
bring
it
to
our
small
group
of
discussion
and
and
finalize
on
that,
so
any
thoughts
on
like
whom
should
we
bring
in
or
how
should
we
determine
them
to
bring
in
and
so
on.
B
Is
this
the
is
this
the
S
like
office
hours
for
open
source
idea,
or
is
this
different
from
the
office
hours.
C
It's
a
different
one:
it's
it's
basically
an
actual
Workshop
where
we're
going
to
invite
people
right
now.
The
plan
is
to
make
it
virtual,
but
maybe
on
the
second
round
or
something
we
can
actually
even
have
an
in-person
event.
So
we
don't
want.
We
want
it
to
be
ex.
Like
a
small
group,
we
can't
have
like
500
people
showing
up
it
doesn't
make
sense
or
it
will
not
be
able
to.
You
know
it's
it's
unmanageable
at
that
point,
but
so
for
that
small
group,
very
selective
one.
How
do
we
select
yeah?
D
Yeah,
my
main
question
is:
how
big
do
you
see
it
being
like
what
what
is
the
cutoff,
because
that.
C
Zoom
we
were
thinking
of,
let's
say:
if
we
partitioned
in
Subway.
Let's
say
we
talk
about
Java,
C,
plus
plus
python,
JavaScript
developers
or
maintainers.
We
can
have
split
groups
that
are
running
in
parallel,
then
have
something
in
the
afternoon
where
we
can
like
together,
so
we'll
have
small
group
sessions.
Then
some
large
group
sessions,
maybe
one
at
the
at
up
front
and
one
at
the
end.
So
for
the
small
groups-
I,
don't
know
whatever
Zoom
allows
you
I
mean
allows
you
in
a
way
like
Zoom
would
allow
you
to
do
anything.
C
I
mean
if
we
have
a
hundred
people
in
each
group
in
Zoom,
I
think
80
people
will
be
non-participating
and
nothing
is
going
to
happen,
but
maybe
20
is
too
low,
so
I
don't
know
I
mean
we
are
open
to
ideas,
but
we
were
thinking
that
for
the
small
groups,
maybe
between
20
to
30
is
kind
of
the
Max,
and
if
we
have
like
four
parallel
sessions
like
that,
that
brings
us
to
about
100
people,
it'll
be
a
zoo
at
the
front
where
we
have
like
a
General
Session
and
at
the
end,
when
we
have
like
a
conclusion,
but
I
mean
we'll
try
to
see
what
what
former
everything
is
up
in
there.
C
I
mean
we
don't
recently
have
to
do
it
in
real
time,
but
I
can
actually
drop.
My
email
address
I
would
appreciate
thoughts
on
on
this
and
thoughts
on
on
how
to
select
projects
also
thoughts
on
the
format.
What
what
can
be
an
effective
format?
I
mean
the
ideal
session
would
have
been
in
person,
but
I,
don't
know
whether
we
have
the
I
mean
it's
gonna,
be
judicious
to
to
do
that
at
least
for
probably
not
for
the
first
time.
C
So
what
can
be
a
format
that
we
can
work
on
in
a
virtual
setup
that
that's
the
that's,
also
very
critical.
A
So
some
initial
thoughts
are
what
I
would
say
is
especially
if,
if
this
is
something
that's
kind
of
NASA
and
you're,
just
kind
of
experimenting,
I
would
say
just
get
whoever
you
can.
A
You
know
invite
I
like
the
idea,
I
would
say:
yeah,
probably
no
more
than
30
in
an
individual
Zoom
session,
because
you're
right
there
is
probably
going
to
be
over
half,
maybe
even
more,
especially
if
it's
the
first
time
you
know,
maybe
a
participation
will
be
a
little
more
difficult
but
yeah
I'd,
say
I'd,
say
20
to
30
sounds
perfect
for
for
a
for
like
a
break-off
session,
and
it
could
be
relatively
informal.
A
You
know
four
questions,
you
know
what
are
your
biggest
pain
points
or
what
would
you
like
to
see
or
how
would
you
like
to
improve,
or
how
can
we
help?
How
can
you
know
kind
of
coordinated
efforts
like
openssf
and
different
other
efforts
out
there
like?
A
How
can
they
help
you
better
because,
like
just
for
example,
today
I
happen
to
see
a
tweet
on
where
maintainers
were
essentially
complaining
about
getting
a
lot
of
automated
pull
requests
and
automated
notifications,
saying
like
I,
don't
I
mean
you
know
like
people
need
that
Personal,
Touch
and
I?
Think
that's
also
why,
with
our
security
audits,
we've
been
more
successful
is
because
we
do
build
that
relationship
with
the
project,
so
definitely
I
think
the
personal
touch
you
know
we'll
just
reach
out
to.
A
However
many
people
I
mean
we'd,
be
I'm
happy
to
help
out
with
with
Outreach,
and
you
know
we
could
always
divide
in
divide
and
conquer
with
the
with
the
with
the
work
groups
and
what
have
you
in
terms
of
reach
outs
but
and
then,
in
terms
of
like
what
is
critical,
I
mean
this
question
comes
up
time
and
time
again
and
sometimes
I
think
that
most
of
the
stuff
that
we're
looking
at
is,
for
all
intents
and
purposes,
a
critical
project,
we're
just
kind
of
splitting
hairs
as
to
well
how
critical
or
what
have
you
so
I
mean
the
criticality
score
comes
to
mind.
A
You
know
that's
broken
up
by
language
and
ecosystem,
but
yeah
I
would
just
say
start
with
something
you
know
get
start
with.
Even
if
it's
10
maintainers,
you
know
getting
them
in
in
a
room
to
talk
and
to
to
iterate
on
I
think
would
be
a
huge
huge
Victory
I
mean
just
engaging
with
these
open
source.
A
Maintainers
or
contributors
is
going
to
be
a
victory
in
its
own,
because
I
I
at
the
end
of
the
day,
you
know
open
source
is
run
by
people
right
and
developed
by
people,
and
we
need
to
have
that
kind
of
personal
touch
and
personal
aspect
with
what
we
do
and
I
think.
This
is
a
good
effort
for
that
and
again,
you
know
be
happy
to
help
with
Outreach
and
but
yeah.
A
It's
it's
definitely
but
and
I
like
the
idea
of
keeping
it
slightly
probably
I
mean
obviously
having
maybe
like
an
agenda
or
something
but
keeping
it
more
informal.
You
know,
and-
and
actually
I
was
just
talking
about
this
in
my
last
meeting-
about
like
incentives
and
whatnot.
So
even
if,
like
I,
don't
know,
you
can
give
them
a
25,
iTunes
gift
card.
I.
Think
open
ssf
could
could
probably
swing
something
like
that,
but
just
like
a
very
you
know,
a
very
small
thank
you.
A
Adjuster
I
do
think
will
go
a
long
way
in
terms
of
incentivizing
or
you
know
just
showing
thanks
for
their
time
and
what
have
you
so
I
kind
of
rambled
a
lot
sorry
about
that.
If
anyone
has
any
thoughts
or
feedback
on
on
what
I
just
said
or
or
or
or
to
minara's
question,
please,
let's
we'd
love
to
hear
it.
A
And
hen
brought
up
a
good
point
too.
Some
of
the
probably
the
bigger
projects
are
likely
going
to
be
probably
a
security
team
of
some
kind
rather
than
like
a
individual
or
group
maintainer,
but
this
I
think
would
be
a
good
way
also
to
to
almost
categorize
projects.
So
you
know
is:
is
Project
X
run
by
you,
know
volunteer-led
by
less
than
10
people,
or
is
it
led
by
you
know
a
corporate
backing
with
a
team?
A
E
Hi
there
guys
I
was
just
wondering
is
like
just
from
what
you
were
just
saying.
I'm
here,
right,
I
was
just
basically
wondering
it
sounds
very
arbitrary.
It's
like
there
is
no
real
defeat.
I
mean
it's
like
from
a
security
perspective.
You
know
it's
like
when
people
talk
to
security
to
open
source,
you
know
single
devs
who
are
just
making
projects.
You
know
as
more.
E
Let's
get
this
knowledge
to
them
to
make
it
benefit
for
them,
so
every
project
they're
after
becomes
secure
and
whereas,
if
we
just
go
start
targeting
projects,
Left
Right
Center
through
the
ecosystem,
it
basically
shows
that
you
know
there
is
a
form
of
favoritism.
What's
the
criteria,
what's
the
selection
process,
etc,
etc,
etc,
whereas
when
it
comes
to,
like
you
know
the
criticality
school
reports,
let's
not
keep
them
so
defined,
and
let's
keep
on
so
to
a
point
that
people
understand.
E
You
know
like
this
project
might
be
at
risk
to
my
project
in
these
certain
ways
and
here's
the
solutions
to
address
it.
That
is
all
my
concern
is
that
it
feels
a
very
loose
when
it
comes
to
a
football
machine
when
I
create
a
calculator
score
report
right,
but
yeah,
here's
a
school
report
good.
What
does
that
mean
is
like
I
did
a
bad
job
in
developing
my
code,
you
know
I
was
like
from
it
from
a
developer's
point
of
view.
It
is
like
it's
just
a
test
result.
E
A
Thank
you
Peter,
yes,
and
and
again
any
any
feedback.
I
did
when
are
if
it's,
okay
with
you,
I
included
your
email
in
the
notes
and
just
with
the
okay,
great
yeah,
of
course.
A
Okay,
so
if
there
are
no
other
agenda
items,
we
can
continue
the
discussion
of
how
we're
going
to
set
up
kind
of
some
very
basic
infrastructure
and
processes,
for
you
know
coming
up
with
a
set
of
critical
projects,
essentially
providing
that
that
that
bit
of
analysis
but
I
I
think
the
best
way
to
put
it
is
probably
just
like
some
some
further
guidance.
You
know
these
are
things
that
we
have
identified.
A
A
So
I
know
Randall
was
working
on
that
and
what
we
had
talked
about.
Peter
is
too
oh,
that's
right.
Peter
is
too
yes,
so
yeah
we'd
love
to
hear
from
you
too.
If
you
have
any
updates
on
that
on
the
what
we're
calling
the
ingestion
engine.
B
A
B
B
So,
okay,
because
there's
there's
a
lot
of
things
that
align
with
what
we're
trying
to
do
and
what
they're
trying
to
do,
but
their
tool
right
now
is
kind
of
based
more
around,
like
they're
they're,
focusing
Less
on
running
criticality
score
like
one
at
a
time,
they're
focused
more
on
like
getting
like
a
package
or
a
set
of
packages
to
continuously
run
criticalities
for
on.
B
So
it's
kind
of
interesting
because
in
a
way
that's
kind
of
what
we're
doing
so,
but
that's
kind
of
where
we're
talking
and
we're
kind
of
trying
to
figure
out
different
ways
that
we
could
put
a
proven
concept
together
right
now,
we're
exclusively
using
npm,
but
that's
just
because
of
ease
of
use
and
it's
easy
to
mess
around
in
JavaScript
but
yeah,
but
eventually
that
should
be
kind
of
universal.
So
right
now
we're
kind
of
in
that
phase
of
everything.
B
B
I
want
to
do
things,
but
yeah
I
think
that
there
might
have
to
be
a
meeting
where
we
have
the
criticality
support
team
and
us
trying
to
figure
out.
Where
are
we
align
and
what
we
don't
align,
because
I
think
they
do
want
to
make
it
work
for
us.
But
it
just
depends
on
kind
of
It
kind
of
seems
like
we're
operating
as
two
different
groups.
Even
though
we're
not
really
supposed
to
be.
D
Okay,
sorry
didn't
want
to
put
you
on
the
spot.
Yeah
I
was
just
wondering
if
there
was
like
another
working
group
that
was
involved
no.
B
No,
that's
basically
me
and
on
slack
just
kind
of
getting
my
questions
answered
and
on
GitHub,
also
kind
of
when
I
realized
that
I
actually
had
containerized
the
original
criticality
score
and
then
in
like
a
week
ago.
Actually,
when
I
was
doing
the
demo,
it
magically
stopped
working
and
that's
because
the
python
version
got
deprecated.
So
then
I
realized
that
I
had
to
talk
to
them.
Whatever.
A
Okay,
Jonathan,
you
have
your
hand
up.
F
Yeah,
so
thanks
and
thanks
for
that
update
Randall,
you
said
if
I
heard
correctly,
that
they're
selecting
a
set
of
projects
for
continuous
updates
and
I
was
just
wondering
what
the
expected
update
Cadence
on
what
projects
were
critical
is
continuous,
seemed
more
frequent
than
I
was
expecting
I.
B
Don't
know
how
they're
running
the
tool
I
don't
know
all
those
details,
but
I
know
that
the
tool
essentially
now
would
be
something
along
the
lines
that
we
would
have
a
set
of
packages
that
would
be
we'd,
be
tracking
criticality
support
for
and
the
tool
would
run
like
on
that
set
of
packages
now
like
in
the
future.
Could
it
could
it
like
run
back
to
where
the
way
it
was
originally
running,
with
just
a
CLI
tool?
D
I
just
wanted
to
mention
I'm,
not
sure
whether
you
made
the
last
call.
It
was
at
a
different
time.
D
Caleb
was
able
to
join
he's
based
in
Sydney,
so
it
was
a
time
that
he
could
join
and
did
a
presentation
on
the
work
he's
done
and
a
big
part
of
it
is
something
I've
run
into
which
is
GitHub
API
limits,
yeah
yeah,
but
I
think
that
presentation
is
worth
watching
to
get
get
context
on.
What's
been
done
and
I
think
the
biggest
limitation
right
now
in
terms
of
like
continuous
scanning
is
literally
that
you
know
you
get
a
tiny
dribble
of
5000
API
requests
per
hour.
F
Okay,
so
how
right
that
is
important
for
the
operationalization
thing,
but
I
guess
maybe
separate
from
the
policy
choice
of
how
often
do
we
expect
this
score
or
ranking
for
some
project
to
change.
F
Okay
from
for
the
purposes
of
securing
the
projects,
how
Nimble
are
we
in
moving
resources
around
such
that
we
could
make
use
of
weekly
changes,
not.
D
B
B
A
A
You
know
if
a
project,
let's
say,
becomes
deprecated
or
is
no
longer
being
supported
or
an
emerging
project
kind
of
becomes
the
new
standard
I'd
like
us
to
have
a
process
and
I'd
like
our
process
to
be
nimble
enough
and
I'd
like
the
set
list
to
be
curated
enough,
where
it
would
reflect
kind
of
those
changes
over
time
so
I.
That's
definitely
something
I
think
we
would
need
to
think
about
in
terms
of
you
know
how
it
would
be.
How
can
we
make
it
as
close
to
a
living
kind
of
curated
thing?
That's
possible.
D
D
Good
all
right
and
one
of
the
things
was
the
scheduling
problem
right
like
in
what
order?
Should
the
experts
be
asked
to
examine
things
and
some
of
the
sort
of
heuristics
I
looked
at
one
is
to
more
frequently
examine
things
that
are
close
to
a
cutoff
threshold.
So
if
Alpha
Omega,
for
example,
is
typing
the
top
200,
then
anything
that's
sort
of
like
in
the
190
to
210
range
should
be
checked
more
frequently,
because
it's
got
more,
it
has
a
high
probability
of
dropping
dropping
out
of
the
list
or
joining
the
list.
D
The
other
one
is
when
you
have
input
metrics
that
you
know
turn
out
to
be
influential
over
time.
Chris.
Your
microphone
is
on
by
the
way.
Sorry
yep
no
worries.
If
you
have
metrics
that
turn
out
to
be
influential
Based
on
data
that's
collected,
then,
for
example,
you
might
prioritize
for
scheduling
those
things
that
have
big
shifts
in
those
metrics
to
be
re-examined
and
that
sort
of
thing
it
is
a.
D
F
D
F
Makes
sense,
I
was
I,
suppose
asking
a
question
to
see
if
we
could
short-circuit
that
a
little
bit
by
understanding
what
the
outputs
of
the
ranking
can
be
used
for
and
how
Nimble
that
process
is
I
understand
that
we'd,
of
course,
want
to
know
as
soon
as
possible
if
a
new
project
has
become
a
de
facto
standard
that
needs
attention,
but
that's
different
from
how
quickly
you
know
if
something
does
drop
to
201,
how
quickly
can
resources
be
reallocated
to
the
thing
that's
now
200.
F
G
A
G
A
a
project
that
sort
of
grows
in
stature
to
the
point
where
it
becomes.
You
know
like
a
my
sequel,
but
that's
in
the
context
of
a
SQL
database,
all
right.
So
it
would
seem
to
me
that
what
we're
really
looking
at
is
somebody
would
be
looking
around.
I
need
a
single
database
which
one
should
I
choose
and
then
I
want
to
evaluate
in
the
set
of
SQL
databases.
What
does
that?
Look
like
all,
right
or
and
and
I've
I've
mentioned
this
before
I
think
you
know
the
use
case.
G
That
I
would
think
that
certainly
I
would
have
would
be
I
have
a
set
of
things
that
I
use,
which
ones
are.
Those
do
I
need
to
worry
about
this
week
right,
because
all
of
a
sudden
they've
got
a
vulnerability
and
there's
nobody
around
to
fix
it
kind
of
a
thing,
and
so
I
think
we
want
to
do
a
little
bit
of
analysis
on
just
how
we
think
this
is
going
to
be
used
and
then
design
it
such
that
you
know
that
usage
model
fits
neatly
into
what
we're
trying
to
achieve.
Now.
G
You
know
talking
about
whether
or
not
we
need
something
with
a
weekly
degree
of
of
Precision
I
think
is
probably
not
the
case.
I
mean
possibly,
but
I
I
would
think
not.
I
would
think
that
most
of
these
things
most
of
these
attributes
that
we're
looking
at
are
things
that
change
very
slowly
over
time.
G
B
I
may
I
I'm
part
of
a
lot
of
different,
open,
ssf
things
and
I
kind
of
do
a
lot
of
things.
So
there
definitely
is
a
need
for
the
list.
Okay
and
I
think
that
across
open
ssf,
there's,
there's
varying
needs
of
what
type
of
list
is
needed,
but
as
far
as
lists
of
critical
infrastructure
projects,
I
do
think
that
there
is
a
need.
B
I
think
that
it
would
maybe
part
of
what
we
need
to
do
is
figure
out
how
we
can
align,
because
even
with
the
criticality
score,
they
also
have
been
talking
about
maintaining
a
set
of
packages
right
now,
if
I'm
not
mistaken,
it's
more
of
like
a
test
set
of
packages,
but
at
some
point
I
think.
The
intention
is
that
they
would
actually
have
a
set
of
packages
to
put
in
there.
B
Now,
from
my
understanding
in
my
conversations
with
Naveed
I
think
they
said
his
name
right
and
Kayla
they
they
do
want
to
make
criticalities
for
work
for
us,
but
I
think
that
if
we're
going
to
make
a
list,
I
think
to
kind
of
answer,
your
question
I
think
we
should
make
it
focused
on
what
the
needs
of
open,
ssfr
and
then
align
ourselves
with
that.
So
therefore,
there's
not
a
whole
lot
of
duplicate
work
going
on
in
open
SSL.
D
So
I
guess
I
have
two
replies
and
I'll
try
not
to
run
the
conversation
too
much
in
terms
of
what
the
list
would
be
used
for.
For
me.
I've
always
had
in
mind
that
the
primary
consumer
is
going
to
be
out
for
Omega
for
any
list
that
this
group
develops
and
that
secondary
consumers
will
be
so
to
speak.
D
You
know
end
users,
so
companies,
governments,
academic
institutions
and
so
on
in
terms
of
cadence,
I
I
think
it
makes
sense
for
automated
scores
to
be
run
more
frequently
because
at
a
very
large
scale,
the
odds
that
something
shifts
dramatically
go
up
just
because
there's
so
many
things
being
sampled.
So
it's
useful
to
have
that
intelligence
quickly.
D
But
when
I
developed
CEO
I
had
in
mind
the
idea
that
it
would
probably
be
periodic
additions
right
like
once
every
quarter
or
you
know,
maybe
by
yearly
we
would
take
a
cut
of
the
list
and
publish
it
and
say
this
is
the
the
spring
2023
edition
of
the
list
and
possibly
even
just
publishing
the
top
200..
D
You
know,
on
the
top
end,
the
reason
being
that
for
those
secondary
consumers,
that
would
be
more
digestible
and
a
Cadence
that
very
large
organizations
can
possibly
keep
up
with
large
Enterprises,
as
we
all
know,
struggle
to
think
in
terms
of
reacting
things
within
a
week
just
giving
the
scale
and
the
number
of
people
involved
and
governments
likewise
so
I
think,
like
a
quarterly
Cadence
would
probably
be
feasible
for
large
organizations
to
to
latch
onto
and
to
work
with.
D
Again.
The
thing
to
bear
in
mind
is
that,
most
of
the
time
it
should
be
stable
around
the
top
things
might
move
up
and
down.
But
if
you're
taking
a
cutoff
of
n00,
then
most
of
the
interesting
thing
is
what
happens
around
that
cutoff
I'm,
not
sure.
If
that
did
that
answer
your
question.
Johnny.
F
Yeah
I
think
it
does,
because
and
then
what
I
would
hear
reading
me
back
a
little
bit
is
that
I
would
trust
you
to
be
doing
clever
things
around
rolling
up
the
weekly
thing
into
the
quarterly
or
every
six
months
whatever,
but
that
it's
not
churn.
There
wouldn't
become
confusing
for
end
users
because
they
wouldn't
see
it,
which
I
think
would
be
a
concern.
But
that
seems
well
handled
by
the
the
Cadence
that
you
propose.
It's.
B
Like
it's
like
the
tail
coyote
index
for
programming
languages
of
the
world
right,
it's
like
you,
know
the
the
languages
go
up
and
down
and
they
may
change
positions
amongst
each
other,
and
that
may
be
interesting
to
like
make
inferences
about,
but
fundamentally
like
the
the
top
lit
on
the
list
is
mostly
going
to
stay.
The.
A
B
A
Folks,
with
their
hands
up,
do
you
have
anything
to
to
contribute
jono
yeah,
so
I
did
have
a
new.
F
Okay,
so
hearing
nothing
I'll,
so
minor
question
but
Jacques.
You
know
I
I've
thought
a
lot
about
sort
of
public
consumption
of
these
sorts
of
information
sources
and
I'm
wondering
whether
because
I
haven't
Faithfully
read
all
of
the
notes
but
I,
don't
I
wonder
whether
this
has
been
discussed,
whether
when
the
list
is
published
did
not
actually
published
as
an
ordered
list,
or
at
least
maybe
not
for
the
whatever
top
100
that
are
safely
on
the
list,
so
that
people
don't
sort
of
obsess
about
like
oh
well.
F
A
Yes,
you
bring
up
a
great
point
and
we
did
and
that
actually
ties
into
Chris's
Point
as
well,
where
we
did
spend
some
time.
Thinking
about
you
know
what
is
what
is
the
reasoning
for
this
or
you
know
why
you
know
who
is
supposed
to
to
digest
this,
and
what
is
the
reasoning
for
this
set
I
do
think
we
came
to
a
pretty
good
conclusion
as
to
what
that
is,
but
I
think
the
more
that
we
talk
about
it.
A
I
do
think
it
makes
a
lot
of
sense
to
really
just
have
if
we
can
focused
sessions
really
dedicated
to
this,
because
I,
because
I
do
think
it's
it's
something
that
is
going
to
require
a
good
amount
of
discussion
and
we
are
going
to
need
to
start
getting
some
something.
You
know
that
we
could
show
or
that
we
could
show
that
the
results
of
our
work
for
so
I'd
like
to
I
know
the
next
I
know.
A
September
is
going
going
to
be
a
little
bit
tough
because
of
conferences
and
travel
folks,
traveling
and
whatnot,
but
I'd
like
to
propose.
Maybe
we
do
one
of
our
next
working
group
sessions,
if
not
the
next
one
in
the
very
near
future,
where
we
can
really
just
solely
try
and
focus
on
this
kind
of
some
of
the
meta
information
of
you
know.
What
is
why
are
we
doing
this?
A
What
is
the
reasoning
for
this
and
then
really
start
to
get
some
things
down
that
we
could,
you
know
again
demonstrate
or
even
put
into
action
and
start
using,
because
because
I,
because
again,
I
I
totally
agree
with
you
jono
that
a
lot
of
times
you
know
people
get
lost
in
the
details
or
and
and
and
that's
okay,
but
I
it's
just.
We
can
do
the
best
we
can
in
terms
of
saying
you
know.
This
is
why
we
did
this.
This
is
what
we
think
you
know.
A
The
use
case
for
this
is
this
is
our
reasoning.
These
are
our
methods,
I.
Think,
if
we're
pretty
clear
about
that,
then
it'll
reduce
the
likelihood
of
you
know
of
folks
kind
of
getting
really
lost
in
in
some
of
the
details,
and
and
questioning
that,
because
we'll
be
able
to
to
Really
demonstrate
everything
we've
been
talking
about.
Basically,
you
know
why:
what
is
our
mission?
What
are
we
trying
to
accomplish?
What
is
the
reasoning
for
this?
A
So
if,
if
y'all
are
okay
with
that,
I
think
maybe
we'll
do
if
not
the
next
working
group
session,
one
of
the
next
working
group
sessions
solely
focused
on
on
basically
this
on
identifying
critical
projects
and
our
the
method
for
it,
because
I
think
we
did
a
pretty
good
job
when
we
started.
A
You
know
kind
of
writing
some
of
this
down
and
getting
some
of
it
down
on
paper
and
and
talking
about
it
there
and
I
think
the
more
we
do
that
the
more
we'll
be
able
to
stay
on
track,
because
it
is
a
very
daunting
thing
to
do
and
I
think
I
I.
Don't
want
perfect
to
be
the
enemy
of
good
here,
where
I'd
like
to
get
something
that
we
can
at
least
iterate
on
out
sooner
rather
than
later
so
is.
A
Is
the
group
okay,
with
kind
of
a
more
focused
intensive
session
on
this
kind
of
phase
one
one
and
the
process
for
identifying
critical
projects?
Okay,
awesome!
So
I
did
ramble
a
lot
there
again.
I'm
sorry.
Do
we
have
any
other
thoughts
or
discussions
either
around
this
or
the
ingestion
form
that
Google
form
or
really
anything
else
related
to
this
specific
topic
that
we
could
drive
home
over
the
next
10
minutes
or
so.
A
That's
a
good
point
yeah.
Well,
maybe
then
what
we'll
do
is
we'll
be
sure
to
do
it,
maybe
during
one
of
our
APAC
friendly
meetings,
and
that
way
we
can
get
Caleb
involved
too
great
point.
I'll
write
that
down.
A
Okay,
wonderful:
we've
got
about
12
more
minutes.
Okay,
Peter
is
jumping
off.
Thank
you.
Peter
appreciate
the
the
contributions
today
and
I'll
pick
up
the
conversation
next
time.
A
If
there
are
no
other
agenda
items,
we
could
always
conclude
a
little
bit
early
today.
That's
okay,
I
understand,
there's
conferences
next
week,
so
OSS
Summit
in
Dublin
I
believe
a
lot
of
folks
will
be
there.
It's
also
going
to
be
virtual,
so
feel
free
to
participate,
even
if
you
can't
make
it
to
Dublin
and
yeah.
A
Looking
forward
to
that,
looking
forward
to
seeing
a
lot
of
you
there,
I
will
be
there
as
well,
so
feel
free
to
find
me
and
I'd
love
to
see
y'all
in
person
and
then
yeah
I,
like
the
idea
of
like
a
more
intensive
session
on
on
this
ingestion
engine
and
kind
of
this
phase.
One
so
we'll
be
sure
to
do
that
real
soon
and.