►
C
A
D
A
D
D
D
Just
to
note,
you
know
taking
a
look
at
the
the
current
kind
of
structure
of
the
document
that
was
very
much
oriented
around.
You
know:
GitHub,
big
bunch
of
stuff
and
then
gitlab,
big
bunch
of
stuff
right
and
the
and
the
and
there's
so
I
started
to
take
a
look
at
what
each
one
of
these
was
and
where
it
might
fit
in
and
and
then
I
took
a
stab
at
putting
together
a
kind
of
a
set
of
high-level.
D
C
D
D
Like
that,
that's
not
telling
us
map
again
numbs
picking
each
one
of
the
items
and
putting
them
into
a
kind
of
category,
and
you
know
so.
It's
interesting
I
think
we
came
up
with
some
of
the
same
ideas
in
terms
of
organization,
repository
members
and
then
miscellaneous,
which
could
map
onto
like
my
hygiene
factors,
thing
yeah,
so
I
think
basically
we're
converging
on
on
something
that
yeah
that
we
could
start
to.
We
could
take
gnomes
categories.
D
Absolutely
it's
just
sitting
I
I
posted
already
above,
but
I
will
post
it
again.
It's
a
and
the
only
reason
I'm
using
critpad
is
because
I
find
it
convenient
a
convenient
editor
for
markdown,
because
it
displays
the
markdown
over
on
one
side
and
then
the
the
kind
of
rendered
markdown
over
on
the
over
on
the
right,
and
we
happen
to
have
a
self-hosted
crypt
that
we
use
for
tag
minutes.
We
use.
We
use
this
for
taking
our
minutes
all
the
time.
D
And
most
of
what's
in
the
pad
is
the
existing
document.
I,
actually
I
wrote
a
little
boilerplate
intro
more
just
so
that
we
could
get
some
idea
of
to
give
an
idea
of
kind
of
where
I
see
the
document
going
more
than
it's
not
don't
read
it
for
the
text,
but
it's
just
like
it
feels
to
me
like.
If,
like
we
need
a
general
intro
and
then
each
section,
we
need
like
a
little
bit
of
intro
text
talking
about
why
this
is
important
or
what
we're,
what
the,
what
the
section
is
going
to
talk
about.
D
B
A
Yeah
I
like
that
I
like
the
idea,
a
lot
too
yeah,
because
it's
it's
similar
to
what
I
had
was
like
organization
repositories.
The
only
thing
that
was
maybe
slightly
different
is
sometimes
it's
like
the
concept
of
members
and
an
organization,
but
there's
also
the
concept
of
so-called
collaborators
or
folks
who
belong
to
repositories
so
sometimes
I
kind
of
like
merged
them
or
talked
about
them
inside
of
organization
or
inside
of
Repository,
but
it
kind
of
overlaps.
So
it
was
a
mix
of
both.
A
So
because
of
that,
we
actually
had
to
do
some
things
in
the
organization
settings
and
then
come
down
to
the
repo
and
and
do
a
little
things
differently,
and
we
actually
have
all
these
policies
around.
Who
can
be
a
member
of
the
organization,
and
how
do
we
add
people
in
repositories?
So
it's
just
like
a
the
member
part
of
it
or
the
membership
part
of
it.
It
just
kind
of
got
a
little.
A
collaborate
has
got
a
little
bit
like
bled
into
both
of
the
places
so.
D
A
F
Yeah
that
that
sounds
like
the
right
plan
anyway,
because
although
we're
talking
GitHub
get
lab,
there's
a
number
of
other
systems
and-
and
you
know
things
can
change
even
within
GitHub
I
can
imagine
them
changing.
Particularly
you
know:
hey.
How
do
you
get
access
control?
So
you
know
higher
level
concept,
drill
down,
drilled,
okay,
here's
how
you
do
it
here,
but.
D
A
Yeah
yeah,
it
may
be
my
help
if
I
just
quickly
share
my
screen
and
I'm
just
gonna
shed.
This
is
just
going
to
be
an
organization,
and
this
leads
into
some
of
the
discussion
I
had,
and
so
this
is
similar
to
the
document
that
I
was
thinking
of
sharing
after
I
clean
it
up.
But
what
I
want
to
kind
of
catch
your
attention?
A
This
is
the
table
of
contents,
and
so
where
I
talk
about
organizations
and
then
under
that
managing
roles
and
access
and
then
I
talk
about
organizing
repositories,
just
because
this
is
like
a
topic-
that's
probably
not
really.
This
is
probably
specific
to
each
company,
so
they
probably
won't
need
to
go
into
a
particular
overall
document.
But
if
you
look
under
repositories
under
there,
I
also
have
managing
roles
and
access
and
then
under
project
setup
and
support.
A
This
was
more
around
like
the
security
and
all
and
then
I
have
different,
so
so
that's
kind
of
like
how
I
would
organize
it
and
somewhere
down
at
the
bottom.
We
also
talk
about
how
do
you
configure
GitHub,
and
this
is
where
I
go
deep
into
what
you
need
to
do
for
each
settings
and
then
I
split
it
into
required
and
recommended
again
required
I,
just
like
obvious
things
like
two-factor
authentication,
but
there's
some
things
where
there's
like.
A
Arguably
whether
or
not
you
want
to
turn
on
some
aspects
just
depends
on
what
the
style
of
what
you
work,
how
you
work,
but
that's
kind
of
like
overall
calling
your
attention
to
organizational
repositories
and
have
the
roles
and
the
accesses
split
up
into
each
of
them.
So
I
didn't
really
have
a
separate
on
for
membership,
but
it
could
have
happened.
D
F
C
B
B
The
scorecard
Point
came
up
in
previous
session,
and
actually
we
we
were
talking
about
the
fact
that
it's
the
the
repository
best
practices
is
aligned
quite
well
with
the
with
the
scorecard.
But
there
are
also
the
other
types
asset
types
which
aren't
so
like
the
organization,
best
practices
and
server
best
practices.
F
Here's
what
I'm
thinking
I
mean
as
much
as
possible.
We
want
to
automate
these
things,
so
if
something
is
automatically
detected
by
a
scorecards
in
particular,
if
it's
completely
covered
I,
guess
that's
really
the
point
where,
as
I
think
about
think
this
through
what's
the
use
case,
if
something's
completely
covered,
then
I'm
going
to
know
oh
great
I
want,
if
I'm
using
scorecards
that'll
all
be
recovered
or
maybe,
if
I'm
doing
best
practices
badge.
That's
already
done
right.
Oh,
what's
missing
I'm
going
to
especially
look
for
the
ones
that
aren't
covered
elsewhere.
A
That's
true
because
I,
because
because
because
legitimes
using
legitify
and
at
least
in
my
example-
and
you
have
the
option
to
run
scorecards
so
sometimes
I
was
running
scorecards
and
some
of
the
repos
now
sometimes
I
was
running
scorecards
by
itself.
So
I
was
like
cross
checking
and
cross-referencing
what
scorecards
has
so.
That
was
also
very
useful
in
putting
together
the
document
that
I
had
yeah.
F
And
indeed,
we're
doing,
we've
got
a
list
of
things
that
we
want
to
work
on
on
scorecards,
including
implementing
against
get
lab
and
adding
a
lot
more,
a
lot
of
improvements.
So,
for
example,
there's
a
vast
number
of
tools
that
doesn't
detect
it
doesn't
detect
most
CI
systems,
and
so
the
scorecard
value
is
actually
going
to
be
lower
than
the
system
really
is
in
many
cases.
So
we
want
to
we,
you
know,
there's
nothing
problem
with
the
concept.
It's
you
know.
We
want
to
do
better
on
execution.
D
B
A
A
Is
there
anything
relate
I,
don't
know
if
this
is
something
we
want
to
get
into,
but
at
least
for
us,
because
we
care
about
like
the
project,
helped
our
status
in
some
session
in
some
sense.
Is
that
something
with
thinking
about
for
the
sem
project?
Some
way
to
signal
that
this
project
is
actively
maintained
or
that's
something
else
entirely
and
not
related
to
what
we
care
about.
A
For
example,
you
could
add
badges
on
your
projects
to
state
that
the
project
is
active
and
there's
like
so-called
repostatus.org
was
brought
to
my
attention.
So
someone
that
you
can
have
these
Badges
and
if
you
could
have
a
bag
that
says
it's
active
and
active,
unsupported
Etc
is
this
something
that
might
be
useful.
It
might
probably
only
make
sense
for
GitHub,
so
maybe
not.
F
I
mean
the
general
concept
applies
elsewhere,
I,
don't
know.
If
you
know,
and
again
this
comes
back
to
that
split
between
you
know
the
high
level
you
know
make
it
clear.
Well,
I
would
say
the
high
levels
make
it
very
clear
if
it's
active
or
whatever,
and
then
here's
how
you
do
it
on
get
lab.
Here's
how
you
can
do
it
on.
F
Right
right,
in
fact,
there's
a
number
of
cases
where
research
projects
I've
actually
I
years
back
I
was
pushing
this
very
hard
with
you
know,
partial,
maybe
success.
There's
a
lot
of
research
work
where
you
know
code
is
produced
in
order
to
demonstrate
a
point.
The
code
is,
there's
no
expectation.
The
code's
going
to
be
maintained,
but
showing
your
work
is
really
important.
To
being
able
to
determine
you
know
is
this,
you
know
is
the
result.
Are
the
results
valid?
F
D
I
think
that's
important.
You
know
that's
really
interesting.
I
hadn't
heard
about
repostatus.org,
that's
something
that
I
want
to
take
a
look
at
for
our
my
for
for
my
own
organization,
because
we're
going
through
a
kind
of
audit
process
where
we're
looking
at
the
hundreds
of
of
Open
Source
repos
that
we've
stuck
on
various
GitHub
various
GitHub,
whatever
organizations
and
some
of
them
are
quite
active.
Some
of
them
are
like
haven't
been
touched
in
three
years,
and
you
know
some
of
them
there's
just
a
wide,
really
wide
variety.
D
I'm
sure
most
for
many
organizations
have
the
same
problem,
especially
ones
that
have
been
going
through
like
growth
over
the
past
few
years
and
Acquisitions
and
stuff
like
that.
So
anyway,
just
parenthetically,
that's
an
interest.
I
do
think
this
is
a
that's
a
very
interesting
topic
and
it's
something
that
we
should
be
putting
in
here
in
terms
of
the
transparency
Factor
yeah.
That's
that's
great
to
to
raise
that
Christine.
Okay,.
A
F
F
F
A
Oh
one
other
thing
you
may
have
done
it
in
your
topics
this.
The
thing
that
I
was
thinking
we
may
come
across
later
is
related
to
just
because
I
had
to
do
something
around
operations
like
and
I.
Think
I
mentioned
it
last
time,
almost
like
there's
a
there's,
some
things
that
you
do
the
first
time
and
there's
some
kind
of
like
ongoing
maintenance.
A
And
I
don't
know
if
that
becomes
a
topic.
It's
not
really
related
to
yeah
I,
just
kind
of
like
where,
where
does
that
fit
in
into
like
a
theme
or
a
topic,
because
things
like
where?
How
do
you
look
into
the
security
scans
or
what
do
you
do
with
audit
logs
and
all
those
different
things?
Is
that
a
thing
that
we
should
be
thinking
about
operations.
D
D
F
Can
I
push
back
a
little
on
that
because
for
a
lot
of
of
Open
Source
software,
it's
specific
libraries
and
a
lot
of
Open
Source
projects
only
release
source
code?
There
is
no
operation.
Well,
the
operations
is
the
ability
to
acquire
the
software,
that's
their
version
of
operations.
They
aren't
responsible
for,
or
typically
even
know
about.
F
D
F
A
A
B
So
there
are
a
few
like
processes
related
policies
in
in
the
asset
that
no
one
created
their
stuff
around
like
GitHub
Advanced
security
like
dependency
review,
should
be
enabled
and
secret
scanning,
and
this
type
of
security
scans.
So
as
long
as
it's
a
part
of
the
something
that
the
the
SCM
is
supporting,
then
I
think
it's
definitely
in
scope.
D
E
Yeah
so
that
I'm
working
on
a
taxonomy
proposal
to
do
a
to
do
like
a
taxonomy
that
spans
across
the
entirety
of
all
the
working
groups.
Now
all
the
initiatives
and
projects
everybody's
working
on
to
bring
taxonomy
personas
and
everything
under
one
umbrella
to
be
worked
on
and
then
could
be
spread
out
across
the
entirety
of
the
openness
and
stuff,
so
we're
all
on
one
sheet
of
music.
E
E
The
working
group
I
mean
working
on
that
that
you
have
that
one
terms
and
definitions
that
doesn't
mean
that
glossary
that's
being
worked
on,
so
I
want
to
pull
that
I'm
pulling
from
one
of
the
Papers
written
by
one
of
the
PhD
students
that
are
that
attend
some
of
these.
Some
of
these
meetings
and
pulling
from
that
you
know
we
have
a
lot
of
stuff
going
on
across
every
single
working
group.
E
What
do
we
agree
on
or
disagree
on,
at
least
for
the
openness
of
stuff
aspirationally
I
want
to
take
all
you
know
a
few
more
of
the
the
communities
under
the
LF
and
then
maybe
produce
an
LF
taxonomy
so
that
all
the
other
communities
are
all
under
the
same
sheet
of
music.
That's
aspirational,
but
at
least
for
the
purposes
of
the
openness
itself.
Foundationally
I
want
to
get
one
sheet
of
music
down
so
because
Dan
and
Christy
we
attend
all
of
the
David.
E
D
Yeah
I
just
think
that
I
think
that
the
personas
that
we're
talking
about
here
we
may
not
have
dealt
with
before
in
other
organ
in
other
working
groups,
because
we
are
talking
about
things
that
are
very
specific
to
repo
configuration
and
kind
of
the
operations,
people
and
stuff
like
that,
although
we
may
have
we
may
have,
we
may
already
be
thinking
about
it.
So
yeah
I.
E
E
They
could
very
well
use
a
lot
of
the
stuff
that's
being
talked
about
here
in
those
meetings,
because
those
personas
are
relevant
in
those
working
groups
as
well,
so
to
get
them
into
that
into
that
that
that
that
guide,
that
we
want
to
work
on
this
thing
is
extremely
important
too
right
I
mean
that's
that
just
works
across
the
entirety.
So
if
we
can
get
those
people
in
the
room,
even
and
and
have
their
input,
that'll
be
solid
as
well.
C
A
F
It
is
indeed
I
think
I
have
managed
to
successfully
dump
the
problem
on
someone
else,
because
my
schedule
looks
insane.
Delegate
and
and
delegation
is
good.
It
may
bounce
back
to
me
eventually,
but
but
ideally
yeah,
but
I
I
completely
agree
with
you.
It
is
the
the
best
way
to
know
if
something
works
is
to
try
it
yeah.
D
No
I
bet
just
again
parenthetically
I
mentioned
we've
been
doing
an
audit
of
all
of
our
public
repos
and
sneak,
and
one
of
the
one
of
the
things
that
we've
collected
is
scorecard
data
for
every
single
one
of
those
and
it's
all
sitting
in
a
spreadsheet
right
now
and
I.
Won't
I
won't
comment
on
the
quality
of
the
I'm,
not
sure
that
we're
that
we're
living
up
to
the
seven
Magic.
D
B
B
A
C
A
D
D
D
D
F
D
E
And
I
sent
the
thought
out
to
you
and
you
picked
it
up,
and
here
we
are
I
was
good.
I
had
every
intention
on
messaging,
you
right
after
I
got
out
of
here
to
say:
hey
do
you
have
a
couple
of
minutes
just
to
go
over
a
list
of
things
that
we
should
be
looking
at
for
the
proposal,
so
that
was
every
bit
of
my
what
I
had
on
my
agenda
to
do
today?
So
yes,
so.
E
C
E
F
D
Visible
the
way
that
it
works
is
you
can
you
can
share
a
URL
and
you
can
either
share
a
view
only
URL
or
an
edit
URL
and
the
credentials
are
all
in
the
URL.
So
so,
if
you
want
to
share
it
a
view
only
version,
you
can
share
the
view
URL.
So
the
URL
that
I
have
sent
to
the
slack
is
the
edit
URL.
So
anybody
who
has
that
URL
can
edit
the
document
anonymously.
You
don't
have
to
be
logged
in
so.