►
C
Posted
a
link
to
the
agenda
in
the
chat
make
sure
you
mark
your
attendance
on
the
23rd
entry.
Please,
since
we're
co-locating
notes,
it'll
get
a
little
interesting.
A
C
Give
me
a
minute:
I
had
a
note
from
Noam.
So
just
give
me
a
few
here.
D
I
think
we
have
two
things
that
we
can
take
a
look
at
here.
One
of
them
was
the
document
that
I
shared,
which
is
like
a
encrypt
encrypt
pad
the
other
one
is
the
document
that
no
didn't
know
I'm
sure
it
yeah.
A
D
D
Oh,
my
God,
which
is
a
seven
zillion
tabs
that
I
want
to
share
here
here.
We
go
all
right
right:
okay,
okay,
so
this
is
the
thing
that
I
started
to
put
together.
D
Just
to
note,
you
know
taking
a
look
at
the
the
current
kind
of
structure
of
the
document
that
was
very
much
oriented
around.
You
know:
GitHub,
big
bunch
of
stuff
and
then
gitlab,
big
bunch
of
stuff
right
and
the
and
the
and
there's
so
I
started
to
take
a
look
at
what
each
one
of
these
was
and
where
it
might
fit
in
and
and
then
I
took
a
stab
at
putting
together
a
kind
of
a
set
of
high-level.
D
D
Secure
user
authentication,
maybe
then
organizational
management,
repository
configuration
and
other
hygiene
factors
right,
and
that's
not
that
then
I
started
to
kind
of
like
sort.
These.
C
D
And
obviously
that
hasn't
been
done.
All
you
know,
I
haven't
I
kind
of
this
is
just
kind
of
to
demonstrate
the
idea
more
than
anything
else
and
then
I
think
stop
sharing
that
and
then
I'll
start
sharing
this
other
thing,
which
is
the
document
gnome
shared.
D
Like
that,
that's
not
telling
us
map
again
numbs
picking
each
one
of
the
items
and
putting
them
into
a
kind
of
category,
and
you
know
so.
It's
interesting
I
think
we
came
up
with
some
of
the
same
ideas
in
terms
of
organization,
repository
members
and
then
miscellaneous,
which
could
map
onto
like
my
hygiene
factors,
thing
yeah,
so
I
think
basically
we're
converging
on
on
something
that
yeah
that
we
could
start
to.
We
could
take
gnomes
categories.
D
I
could
take
nums
categories
map
them
onto
the
markdown
structure,
that
I
put
in
to
the
markdown
document
and
then
sort
the
items
in
the
markdown
according
to
the
to
that
structure,
and
then
that
could
give
us
a
good
start
and
that's
kind
of
my
my
kind
of
statement
of
where,
where
we're
at
currently
with
this.
D
Absolutely
it's
just
sitting
I
I
posted
already
above,
but
I
will
post
it
again.
It's
a
and
the
only
reason
I'm
using
critpad
is
because
I
find
it
convenient
a
convenient
editor
for
markdown,
because
it
displays
the
markdown
over
on
one
side
and
then
the
the
kind
of
rendered
markdown
over
on
the
over
on
the
right,
and
we
happen
to
have
a
self-hosted
crypt
that
we
use
for
tag
minutes.
We
use.
We
use
this
for
taking
our
minutes
all
the
time.
D
And
most
of
what's
in
the
pad
is
the
existing
document.
I,
actually
I
wrote
a
little
boilerplate
intro
more
just
so
that
we
could
get
some
idea
of
to
give
an
idea
of
kind
of
where
I
see
the
document
going
more
than
it's
not
don't
read
it
for
the
text,
but
it's
just
like
it
feels
to
me
like.
If,
like
we
need
a
general
intro
and
then
each
section,
we
need
like
a
little
bit
of
intro
text
talking
about
why
this
is
important
or
what
we're,
what
the,
what
the
section
is
going
to
talk
about.
D
I'm,
not
talking
about
you
know,
we
don't
need
to
write
reams
of
text
here,
keep
it
simple,
but
intro
the
topic,
and
then
in
each
one
each
one
of
these
things
we
can
then
Sub
sub
categorize
it.
As
you
know,
in
GitHub.
Do
this
and
get
and
gitlab
do
this?
Basically
right.
B
A
Yeah
I
like
that
I
like
the
idea,
a
lot
too
yeah,
because
it's
it's
similar
to
what
I
had
was
like
organization
repositories.
The
only
thing
that
was
maybe
slightly
different
is
sometimes
it's
like
the
concept
of
members
and
an
organization,
but
there's
also
the
concept
of
so-called
collaborators
or
folks
who
belong
to
repositories
so
sometimes
I
kind
of
like
merged
them
or
talked
about
them
inside
of
organization
or
inside
of
Repository,
but
it
kind
of
overlaps.
So
it
was
a
mix
of
both.
A
Yeah,
let
me
expand
on
that
a
little
bit
so
when
it
comes
to
like
there
was
just
at
least
for
our
cases
that
we
wanted
to
have
in
repositories
people
to
be
organized
around
teams.
A
So
because
of
that,
we
actually
had
to
do
some
things
in
the
organization
settings
and
then
come
down
to
the
repo
and
and
do
a
little
things
differently,
and
we
actually
have
all
these
policies
around.
Who
can
be
a
member
of
the
organization,
and
how
do
we
add
people
in
repositories?
So
it's
just
like
a
the
member
part
of
it
or
the
membership
part
of
it.
It
just
kind
of
got
a
little.
A
collaborate
has
got
a
little
bit
like
bled
into
both
of
the
places
so.
D
A
F
Yeah
that
that
sounds
like
the
right
plan
anyway,
because
although
we're
talking
GitHub
get
lab,
there's
a
number
of
other
systems
and-
and
you
know
things
can
change
even
within
GitHub
I
can
imagine
them
changing.
Particularly
you
know:
hey.
How
do
you
get
access
control?
So
you
know
higher
level
concept,
drill
down,
drilled,
okay,
here's
how
you
do
it
here,
but.
D
My
my
thought
was
that
if
we
do
this
right,
then
we
could
easily
layer
on
the
third.
Fourth,
you
know
platform
on
top
of
the
existing
structure
right.
So
if
we
shouldn't
be
authoring
it
for
two
things,
we
should
be
authoring
it
for
and
things.
A
Yeah
yeah,
it
may
be
my
help
if
I
just
quickly
share
my
screen
and
I'm
just
gonna
shed.
This
is
just
going
to
be
an
organization,
and
this
leads
into
some
of
the
discussion
I
had,
and
so
this
is
similar
to
the
document
that
I
was
thinking
of
sharing
after
I
clean
it
up.
But
what
I
want
to
kind
of
catch
your
attention?
A
This
is
the
table
of
contents,
and
so
where
I
talk
about
organizations
and
then
under
that
managing
roles
and
access
and
then
I
talk
about
organizing
repositories,
just
because
this
is
like
a
topic-
that's
probably
not
really.
This
is
probably
specific
to
each
company,
so
they
probably
won't
need
to
go
into
a
particular
overall
document.
But
if
you
look
under
repositories
under
there,
I
also
have
managing
roles
and
access
and
then
under
project
setup
and
support.
A
This
was
more
around
like
the
security
and
all
and
then
I
have
different,
so
so
that's
kind
of
like
how
I
would
organize
it
and
somewhere
down
at
the
bottom.
We
also
talk
about
how
do
you
configure
GitHub,
and
this
is
where
I
go
deep
into
what
you
need
to
do
for
each
settings
and
then
I
split
it
into
required
and
recommended
again
required
I,
just
like
obvious
things
like
two-factor
authentication,
but
there's
some
things
where
there's
like.
A
Arguably
whether
or
not
you
want
to
turn
on
some
aspects
just
depends
on
what
the
style
of
what
you
work,
how
you
work,
but
that's
kind
of
like
overall
calling
your
attention
to
organizational
repositories
and
have
the
roles
and
the
accesses
split
up
into
each
of
them.
So
I
didn't
really
have
a
separate
on
for
membership,
but
it
could
have
happened.
C
And
we
may,
since
the
guide
is
for
people
that
aren't
our
employees,
so
it'll
be
hard
for
us
to
say
things
are
required,
but
maybe
we
flip
the
your
required
suggestions
to
make
them
the
best
practice
recommendation
and
then,
if
there's
anything
else
under
recommended,
we
may
want
to
potentially
bump
up
or
say
other
things
to
consider
or
optional
yeah.
A
Yeah,
what
I
was
going
to
do
is
take
that
document
that
you
had
we're,
also
internally
reviewing
it
and
then
once
I
got
that
I
could
just
like
take
all
of
the
bits
that
are
specific
to
F5
and
make
it
more
generic,
because
we
put
in
the
things
like
how
we
handle
some
of
our
different
GitHub
orgs,
so
that
wouldn't
be
relevant.
D
F
C
B
B
The
scorecard
Point
came
up
in
previous
session,
and
actually
we
we
were
talking
about
the
fact
that
it's
the
the
repository
best
practices
is
aligned
quite
well
with
the
with
the
scorecard.
But
there
are
also
the
other
types
asset
types
which
aren't
so
like
the
organization,
best
practices
and
server
best
practices.
F
Here's
what
I'm
thinking
I
mean
as
much
as
possible.
We
want
to
automate
these
things,
so
if
something
is
automatically
detected
by
a
scorecards
in
particular,
if
it's
completely
covered
I,
guess
that's
really
the
point
where,
as
I
think
about
think
this
through
what's
the
use
case,
if
something's
completely
covered,
then
I'm
going
to
know
oh
great
I
want,
if
I'm
using
scorecards
that'll
all
be
recovered
or
maybe,
if
I'm
doing
best
practices
badge.
That's
already
done
right.
Oh,
what's
missing
I'm
going
to
especially
look
for
the
ones
that
aren't
covered
elsewhere.
C
Yeah
and
potentially
there
are
things
that
scorecards
is
missing
and
we
can
file
right
PR's
to
help
improve
that
mm-hmm.
A
That's
true
because
I,
because
because
because
legitimes
using
legitify
and
at
least
in
my
example-
and
you
have
the
option
to
run
scorecards
so
sometimes
I
was
running
scorecards
and
some
of
the
repos
now
sometimes
I
was
running
scorecards
by
itself.
So
I
was
like
cross
checking
and
cross-referencing
what
scorecards
has
so.
That
was
also
very
useful
in
putting
together
the
document
that
I
had
yeah.
F
And
indeed,
we're
doing,
we've
got
a
list
of
things
that
we
want
to
work
on
on
scorecards,
including
implementing
against
get
lab
and
adding
a
lot
more,
a
lot
of
improvements.
So,
for
example,
there's
a
vast
number
of
tools
that
doesn't
detect
it
doesn't
detect
most
CI
systems,
and
so
the
scorecard
value
is
actually
going
to
be
lower
than
the
system
really
is
in
many
cases.
So
we
want
to
we,
you
know,
there's
nothing
problem
with
the
concept.
It's
you
know.
We
want
to
do
better
on
execution.
D
Parenthetically
I'm
trying
to
mobilize
some
sneak
people
to
help
with
scorecard
development.
Awesome.
B
Yeah
I
think
there
were
a
few
GitHub
actions
related
policies
that
no
I'm
also
pushed
to
the
scorecard
project
a
while
ago.
So.
A
A
Is
there
anything
relate
I,
don't
know
if
this
is
something
we
want
to
get
into,
but
at
least
for
us,
because
we
care
about
like
the
project,
helped
our
status
in
some
session
in
some
sense.
Is
that
something
with
thinking
about
for
the
sem
project?
Some
way
to
signal
that
this
project
is
actively
maintained
or
that's
something
else
entirely
and
not
related
to
what
we
care
about.
A
For
example,
you
could
add
badges
on
your
projects
to
state
that
the
project
is
active
and
there's
like
so-called
repostatus.org
was
brought
to
my
attention.
So
someone
that
you
can
have
these
Badges
and
if
you
could
have
a
bag
that
says
it's
active
and
active,
unsupported
Etc
is
this
something
that
might
be
useful.
It
might
probably
only
make
sense
for
GitHub,
so
maybe
not.
F
I
mean
the
general
concept
applies
elsewhere,
I,
don't
know.
If
you
know,
and
again
this
comes
back
to
that
split
between
you
know
the
high
level
you
know
make
it
clear.
Well,
I
would
say
the
high
levels
make
it
very
clear
if
it's
active
or
whatever,
and
then
here's
how
you
do
it
on
get
lab.
Here's
how
you
can
do
it
on.
F
Right
right,
in
fact,
there's
a
number
of
cases
where
research
projects
I've
actually
I
years
back
I
was
pushing
this
very
hard
with
you
know,
partial,
maybe
success.
There's
a
lot
of
research
work
where
you
know
code
is
produced
in
order
to
demonstrate
a
point.
The
code
is,
there's
no
expectation.
The
code's
going
to
be
maintained,
but
showing
your
work
is
really
important.
To
being
able
to
determine
you
know
is
this,
you
know
is
the
result.
Are
the
results
valid?
D
I
think
that's
important.
You
know
that's
really
interesting.
I
hadn't
heard
about
repostatus.org,
that's
something
that
I
want
to
take
a
look
at
for
our
my
for
for
my
own
organization,
because
we're
going
through
a
kind
of
audit
process
where
we're
looking
at
the
hundreds
of
of
Open
Source
repos
that
we've
stuck
on
various
GitHub
various
GitHub,
whatever
organizations
and
some
of
them
are
quite
active.
Some
of
them
are
like
haven't
been
touched
in
three
years,
and
you
know
some
of
them
there's
just
a
wide,
really
wide
variety.
D
I'm
sure
most
for
many
organizations
have
the
same
problem,
especially
ones
that
have
been
going
through
like
growth
over
the
past
few
years
and
Acquisitions
and
stuff
like
that.
So
anyway,
just
parenthetically,
that's
an
interest.
I
do
think
this
is
a
that's
a
very
interesting
topic
and
it's
something
that
we
should
be
putting
in
here
in
terms
of
the
transparency
Factor
yeah.
That's
that's
great
to
to
raise
that
Christine.
Okay,.
A
F
F
F
F
D
Okay,
so
actions
that
we
want
to
take
based
on
this
discussion.
A
Oh
one
other
thing
you
may
have
done
it
in
your
topics
this.
The
thing
that
I
was
thinking
we
may
come
across
later
is
related
to
just
because
I
had
to
do
something
around
operations
like
and
I.
Think
I
mentioned
it
last
time,
almost
like
there's
a
there's,
some
things
that
you
do
the
first
time
and
there's
some
kind
of
like
ongoing
maintenance.
A
And
I
don't
know
if
that
becomes
a
topic.
It's
not
really
related
to
yeah
I,
just
kind
of
like
where,
where
does
that
fit
in
into
like
a
theme
or
a
topic,
because
things
like
where?
How
do
you
look
into
the
security
scans
or
what
do
you
do
with
audit
logs
and
all
those
different
things?
Is
that
a
thing
that
we
should
be
thinking
about
operations.
D
I
definitely
think
that
the
the
topic
of
maintenance
and
operations
ongoing
operations
is
important.
D
F
Can
I
push
back
a
little
on
that
because
for
a
lot
of
of
Open
Source
software,
it's
specific
libraries
and
a
lot
of
Open
Source
projects
only
release
source
code?
There
is
no
operation.
Well,
the
operations
is
the
ability
to
acquire
the
software,
that's
their
version
of
operations.
They
aren't
responsible
for,
or
typically
even
know
about.
F
D
F
A
No,
no.
This
is
more
like
in,
like
in
my
document
as
I
said,
because
the
people
who
may
be
using
this
or
I
had
like
different
Persona
than
one
could
be
like
the
person
who
has
to
set
up
your
GitHub
organization
set
up
a
new
GitHub
repository
got.
A
B
So
there
are
a
few
like
processes
related
policies
in
in
the
asset
that
no
one
created
their
stuff
around
like
GitHub
Advanced
security
like
dependency
review,
should
be
enabled
and
secret
scanning,
and
this
type
of
security
scans.
So
as
long
as
it's
a
part
of
the
something
that
the
the
SCM
is
supporting,
then
I
think
it's
definitely
in
scope.
A
Know
because
they're
coming
out
of
this
one
of
the
would
be
like
the
person
who
is
managing
a
whole,
obviously
a
person,
who's
managing
a
whole
bunch
of
GitHub
organizations
or
somebody
who's,
managing
who's,
just
a
project
maintainer
and
that
and
those
and
then
the
person
who's
running
the
operation,
who's
tasked
with
actually
turning
these
things
on
and
off,
or
responding
to
requests
that
come
in
where
I
want
to
be
added
as
a
member
to
the
organization.
D
You
know
who
is
kind
of
like
using
the.
D
E
Yeah
so
that
I'm
working
on
a
taxonomy
proposal
to
do
a
to
do
like
a
taxonomy
that
spans
across
the
entirety
of
all
the
working
groups.
Now
all
the
initiatives
and
projects
everybody's
working
on
to
bring
taxonomy
personas
and
everything
under
one
umbrella
to
be
worked
on
and
then
could
be
spread
out
across
the
entirety
of
the
openness
and
stuff,
so
we're
all
on
one
sheet
of
music.
E
That's
that's!
That's
something
I'm
currently
trying
to
write
once
I
get
a
draft
done.
I
will
circulate
it
so
that
everybody
can
put
the
two
cents
in,
but
that's
something
I'm
currently
working
on
now.
E
The
working
group
I
mean
working
on
that
that
you
have
that
one
terms
and
definitions
that
doesn't
mean
that
glossary
that's
being
worked
on,
so
I
want
to
pull
that
I'm
pulling
from
one
of
the
Papers
written
by
one
of
the
PhD
students
that
are
that
attend
some
of
these.
Some
of
these
meetings
and
pulling
from
that
you
know
we
have
a
lot
of
stuff
going
on
across
every
single
working
group.
E
Everybody
seems
to
have
their
own
their
own
ideas,
their
own
thoughts
about
this
one
thing
I
want
to
pull
from
everyone,
bring
everyone
into
that
one
sick,
so
that
sit
around
the
table,
the
virtual
table
so
to
speak
and
decide
once
and
for
all.
E
What
do
we
agree
on
or
disagree
on,
at
least
for
the
openness
of
stuff
aspirationally
I
want
to
take
all
you
know
a
few
more
of
the
the
communities
under
the
LF
and
then
maybe
produce
an
LF
taxonomy
so
that
all
the
other
communities
are
all
under
the
same
sheet
of
music.
That's
aspirational,
but
at
least
for
the
purposes
of
the
openness
itself.
Foundationally
I
want
to
get
one
sheet
of
music
down
so
because
Dan
and
Christy
we
attend
all
of
the
David.
E
E
I'm
gonna,
I'm
gonna,
write
I
want
all
the
help
in
the
world
on
it,
because
it
requires
that
so
once
I
once
I
once
I
put
something
down
on
paper,
I'm
going
to
circulate
it
and
it's
gonna
might
take
a
while,
but
we'll
get
there
and
get
a
one
sheet
of
music
situation
for
these
taxonomy
personas
terms
of
definitions
and
everything
else.
D
Yeah
I
just
think
that
I
think
that
the
personas
that
we're
talking
about
here
we
may
not
have
dealt
with
before
in
other
organ
in
other
working
groups,
because
we
are
talking
about
things
that
are
very
specific
to
repo
configuration
and
kind
of
the
operations,
people
and
stuff
like
that,
although
we
may
have
we
may
have,
we
may
already
be
thinking
about
it.
So
yeah
I.
E
E
They
could
very
well
use
a
lot
of
the
stuff
that's
being
talked
about
here
in
those
meetings,
because
those
personas
are
relevant
in
those
working
groups
as
well,
so
to
get
them
into
that
into
that
that
that
that
guide,
that
we
want
to
work
on
this
thing
is
extremely
important
too
right
I
mean
that's
that
just
works
across
the
entirety.
So
if
we
can
get
those
people
in
the
room,
even
and
and
have
their
input,
that'll
be
solid
as
well.
C
F
Build
there
is
a
challenge
in
order
to
come
to
consensus,
they've
decided
to
do
things
in
stages,
so
they've
decided
to
focus
on
build
and
then
go
backwards
and
and
start
doing
stuff
about
source
again,
probably
a
useful
cross-check.
A
F
Yeah
I
I
I
had
earlier
what
it's
actually
on
my
do
list
to
kind
of
walk
through
the
GitHub.
It's.
F
It
is
indeed
I
think
I
have
managed
to
successfully
dump
the
problem
on
someone
else,
because
my
schedule
looks
insane.
Delegate
and
and
delegation
is
good.
It
may
bounce
back
to
me
eventually,
but
but
ideally
yeah,
but
I
I
completely
agree
with
you.
It
is
the
the
best
way
to
know
if
something
works
is
to
try
it
yeah.
D
No
I
bet
just
again
parenthetically
I
mentioned
we've
been
doing
an
audit
of
all
of
our
public
repos
and
sneak,
and
one
of
the
one
of
the
things
that
we've
collected
is
scorecard
data
for
every
single
one
of
those
and
it's
all
sitting
in
a
spreadsheet
right
now
and
I.
Won't
I
won't
comment
on
the
quality
of
the
I'm,
not
sure
that
we're
that
we're
living
up
to
the
seven
Magic.
D
B
By
the
way
we
can
actually
use
the
GT5
any
of
you
is
an
owner
of
the
open,
the
ossf
or
organization
on
GitHub.
Then
you
can
just
run
legitify
and
get
in
the
results
straight
and
see.
What's
good
and
what's
not.
D
I
was
just
gonna,
try
and
draw
out
some
actions,
so
who's
got
so
Christine
you're
gonna
work
on
getting
us
your
organization.
B
D
The
things
I
can
start
taking
a
look
at
the
document
that
gnome
circulated
and
merging
that
organization
of
topics
into
the
markdown
version
that
I
created
and
trying
trying
to
move
things
around
and
come
up
with
another
kind
of
straw,
man
that
I
can
share
with
the
group,
and
somebody
want
to
take
a
crack
at
the
personas.
A
C
D
A
D
D
D
D
F
D
That
folks
gave
a
good
talk
at
Boston
by
the
way
it's
it's
in.
It
was
in
the
security
track.
It
wasn't.
It
was
interesting,
interesting
stuff,
so
yeah
we
can
just
keep
working
on
this
and
then
Circle
back
in
two
weeks
time
and
take
a
look,
and
hopefully
we
have
a
better
drop
by
then
sounds
good.
E
And
I
sent
the
thought
out
to
you
and
you
picked
it
up,
and
here
we
are
I
was
good.
I
had
every
intention
on
messaging,
you
right
after
I
got
out
of
here
to
say:
hey
do
you
have
a
couple
of
minutes
just
to
go
over
a
list
of
things
that
we
should
be
looking
at
for
the
proposal,
so
that
was
every
bit
of
my
what
I
had
on
my
agenda
to
do
today?
So
yes,
so.
E
For
4
P.M
Eastern,
it
is
let
me
let
me
let
me
take
a
look
at
the
the
calendar
here,
just
to
make
sure
yes,
4
P.M
Eastern
I
am
I'm
absolutely
for
horizontal.
Let
me
not
speak
too
soon.
Let
me
take
a
look
at
this
one.
C
E
I'm,
free
I'm,
free,
that's
right
after
the
that's
right
after
the
diagram
of
society
meeting
well.
F
F
Is
that
crypto
pad
thing
visible
to
others,
or
is
that
really
invisible
to
you
Dan?
It's.
D
Visible
the
way
that
it
works
is
you
can
you
can
share
a
URL
and
you
can
either
share
a
view
only
URL
or
an
edit
URL
and
the
credentials
are
all
in
the
URL.
So
so,
if
you
want
to
share
it
a
view
only
version,
you
can
share
the
view
URL.
So
the
URL
that
I
have
sent
to
the
slack
is
the
edit
URL.
So
anybody
who
has
that
URL
can
edit
the
document
anonymously.
You
don't
have
to
be
logged
in
so.
F
C
Yeah
yeah,
perfect,
perfect
all
right
and
thanks
again
to
everybody,
I'm
very
excited
to
see
this
and
our
C
guides
moving
forward.
You
know
great
energy
appreciate
everybody's
help.