►
Description
Meeting notes: https://docs.google.com/document/d/1ttqkcYPmYZyqvtkaHs92bx2UeVUiXDhuzP-0WbP11Fw/edit#heading=h.7o2ubzl5z39r
A
B
B
A
A
Everybody,
let's
get
started,
welcome
to
the
October
25th
edition
of
the
best
working
group.
Do
we
have
anyone
that
is
interested
in
helping
us
take
notes
today.
A
A
If
I
could
draw
your
attention
to
issue
97,
we
had
talked
about
creating
some
type
of
document,
around
compiler
flags
for
C
and
C,
plus
plus
We've
poked
at
it
a
couple
times-
and
this
is
a
possible
effort
that
all
or
some
of
us
could
contribute
to
and
I
was
hoping
David
had
shown
up,
because
there
were
some
discussions
on
slacker.
A
The
mailing
list
about
it,
but
barring
that
I
wanted
to
give
an
update
that
I
have
been
come
connected
to
the
open
source
education,
people
within
my
organization,
and
they
actually
have
training
and
documentation
on
not
only
C
and
C,
plus
and
C
sharp
best
practices,
but
also
compiler
options.
So
I
am
going.
They
were
very,
we
had
a
very
exciting
meeting
and
they
are
very
interested
to
potentially
either
donate
or
show
that
content
to
the
group.
A
A
A
D
A
A
All
right
we
had
talked
in
the
past
about
integrating
code,
ql
and
SKF
and
I
want
to
know.
Is
this
something
that
we
are
actively
taking
steps
towards?
Do
we
need
assistance
on
this?
Do
we
want
to
provide
periodic
updates
back
to
the
group
I
see
that
Daniel
had
flagged
it
for
our
next
meeting,
so
I
just
want
to
know.
Do
we
want
to
talk
about
any
progress
around
code,
ql
and
SKF
today.
E
Yeah
I
think
actually
my
brother
Ricardo
was
actually
in
contact
with
Xavier
about
it
on
the
GitHub,
so
there
were
some
discussions
going
on.
Let
me
see
if
I
can
find
the.
F
Yeah
I
can
I
can
talk
about
it.
In
fact,
in
fact,
we
we
had
on
made
any
progress
since
since
two
weeks
ago,
in
fact,
Glenn
was
supposed
to
to
refresh
the
the
issue
to
make
it
more
clear
about
what
we
want
to
do
now,
because
the
what
we
want
to
do
is
a
bit
different
than
what
we
we
we
wanted
to
do
in
the
past.
F
What
we
want
to
do
is
just
you
know,
provide
a
a
a
box
where
the
learner
can
do
an
exercise
like,
for
example,
hey
identified.
Please
identify
all
your
dangerous
things
in
this
application
or
wait.
Please
identify
all
the
all
the
interested
sources
of
this
application.
Things
like
that
we've
got
qn,
but
yeah
so
status.
Is
that
no
progress
so
far
on
that
we
didn't?
We
didn't
stop.
F
I
think
update
through
the
issue
would
be.
It
would
be
good
and
then
just
report
when
this
is
actually
done
right,
I
think
yeah.
E
We
have
a
small
MVP
where
we
actually
do
I
run
it,
then
we
will
definitely
do
a
short
demo
here.
I've
also
checked
with
Ricardo.
Actually
what
the
status
is,
because
I
was
aware
that
I
was
part
of
the
impediment
actually
but
yeah.
Let
me
let
me
check
also
with
him
and
then
get
this
thing
moving
as
well.
A
Awesome,
thank
you.
Mr
Wheeler.
If
you
have
a
few
minutes
after
the
end
of
this
call,
I
have
an
update.
I'd
like
to
talk
to
you
with
I
would
be
honored
awesome
moving
along.
Do
we
have
any
updates
to
issue
nine,
the
memory
safety
languages
issue,
anything
more.
We
want
to
discuss
here.
G
I
I
wasn't
entirely
sure
what
the
what
what
the
request
is
I
mean.
If,
if
it's
the
hey,
we
should
encourage
the
use
of
memory
safe
languages
within,
say
some
of
our
courses.
I,
don't
know
about
SKF,
but
the
open,
ssf
fundamentals
course
always
already.
You
know
suggests
this
with
caveats,
because
you
know
rewriting
multi-million
dollar
programs
is
often
not
on
anybody's
radar,
but
you
know
we
already
encourage
it.
So
so
what
else
are
we
and
there's
a
proposal
to
add
it
to
the
concise
guide
that
was
merged?
A
A
A
D
All
right,
so
as
a
quick
context
from
the
last
meeting,
there
was
a
discussion
around
creating
like
specific
or
specialized
content
from
the
web
developer,
and
then
I
brought
up
just
kind
of
like
a
discussion
item
like
what
about
other
types
of
developers
until
the
action
item
on
my
end
was
to
just
go
off
and
just
start
a
list
and
potentially
see
where,
from
this
list,
we
could
have
collaboration
opportunities
of
anyone
within
our
group
that
had
expertise
that
we
could
go
off
and
then
create
specialized
content
for
other
types.
D
So
what
I
did
in
the
document
that
I
shared
it
I
just
created
a
starter
list
of
other
types
of
developers
just
to
see
the
discussion
to
see.
Okay
is
this
the
direction
we
want
to
go
to
and
very
quickly
start,
maybe
whittling
down
to
which
ones
do
we
either
have
expertise,
or
even
just
people
kind
of
chime
in
and
see
what
could
be
other
places?
D
We
could
collaborate
because
I
think
with
the
web
developer
we're
thinking
w3c,
but
for
these
other
types
that
people
have
expertise
or
opinions
and
like
who
could
we
potentially
reach
out
and
collaborating?
So
that's
what
this
this
discussion
should
start
I
wanted
to
kind
of
go
ahead
and
read
that.
A
D
A
Perhaps
we
make
we
write
this
up
as
an
issue
for
everybody
in
our
git
lab
and
link
to
it.
There.
A
A
And
just
kind
of
talk
about
what
our,
what
we're?
Looking
for
just
we're.
Looking
for
feedback
on
the
categories
and
you
know,
does
anybody
have,
for
example,
expertise
with
mobile
development
that
they
were
interested
in
collaborating
with
us.
D
A
And
I'll
note,
while
everybody
is
gazing
upon
the
list
and
preparing
their
feedback,
I've
been
working
with
Daniel
Torgo
and
we
will
the
open
ssf
and
the
w3c
are
probably
going
to
collaborate
on
some
type
of
conference
or
Workshop
in
early
2023
focused
on
web
developers
and
security.
A
H
Yes
hi,
this
is
Rob.
This
is
all
no
sorry.
I
have
connection
problem,
so
I
hope
you
guys
can
hear
me
well.
I
H
The
I
was
surprised
by
the
software
development
engineering
tests.
I
mean
the
fact
that
I
this
the
engineer
part
actually.
That
surprises
me,
because
there
are
Engineers
or
not
in
every
category
and
so
I'm,
not
sure
why
you
have
engineer
there,
but
I
mean
just
so
that
don't
sound
too
negative
I
think
this
is
an
amazing
list.
You
you
got
already
so
good
job
on
that.
D
Yeah
I
took
the
thanks
for
the
feedback.
I
took
a
list
from
some
of
the
sources
and
that's
kind
of
how
they
named
it
and
other
places.
They
might
call
it
like
QA,
developer
or
QA
engineer,
I
guess
it's
depends
on
who
thinks
about
it.
So
yeah
we
could
always
change
the
name
or
whatever
these
people
understand
it
to
be.
I
I
D
Okay
should
I
make
it
like
right
access
to
anyone
and
started.
Is
that
not
normal.
A
G
Yeah
I'm
trying
to
figure
out
about
back
end,
but
it's
obviously
a
term.
That's
in
use,
there's
a
there's,
a
complication
of,
and
they
really
only
mean
software
systems,
and
maybe
I
should
just
emphasize
that
there.
H
This
is,
there
are
people,
that's
all
they
do
pretty
much
right
internalization.
They
make
sure
that
your
your
program
can
be.
You
know
they
can
support
multiple
languages
and
writing
and
all
the
directions
and
all
that
stuff
I
know
people
I
have
friends
who
work
in
that
space.
That's
all
they've
done
all
their
career.
F
Yeah
I
just
want
to
clarify
the
the
goal
right.
The
goal
is
to
identify
all
these
different
types
to
then
decide
if,
if
each
of
these,
each
of
these
types
need
a
specific
well
did
specific
best
practices
document
need
specific
training,
Etc
for
security
right.
F
Okay,
so
I
guess:
when
we
have
this
list,
then
we
for
each
of
these
we
identify
if
they
need
something
specific
or
not
right,
and
then
we
will
I
guess
prioritize,
which
ones
are
the
most
important
to
begin
with,
and
then
we
will
create
this
content
right.
D
A
And
thank
you
Christine
excellent
job.
I'm
very
excited
about
this.
This
will
be
I,
think
very
useful
for
us
going
forward
and
as
once,
it's
opened
up,
please
provide
additional
feedback,
and
especially
if
you
are,
you
can
contribute
to
that
area
or
you
know
of
a
person
entity
or
group
that
can
you
might
want
to
work
with
on
that
that'd
be
great.
G
I
mean
if
you're
a
full
stack
developer
you
if
you're
you,
you
can't
be
a
game.
Developer
I
mean
that
doesn't
seem
right.
G
Right
that
that's
what
it
looks
like
is
that
you
you
it's
like
you
pick
a
class
in
a
in
a
role-playing
game
and
you
can't
switch.
G
A
G
I
agree
with
that:
it's
it's
the
terminology
here,
the
it's
the
implied
exclusivity
of,
if
you're
this
type
you're,
not
that
type.
A
And
potentially
we
could
add
some
Exposition
underneath
the
title
before
the
table
to
kind
of
explain,
Our
intention
that
might
be
yeah
yeah,
okay,.
D
A
D
H
G
Might
you
know
what
or
just
even
just
mentioning
in
the
text,
let's
start
with
that,
and
we
can
always
try
to
figure
out
name
games
later.
But
if
we
can
say
something
in
the
text
right
below
it,
I
think
that'll
at
least
address
the
concern.
A
E
I
was
just
wondering
we
still
have
this
getting
a
ancient
artifact
that
we
created
in
the
past.
There
was
this
devops
loop
thing
or
a
one,
pager
page.
Is
it
still
something
we
want
to
yeah.
A
A
G
Right
yep,
before
we
exit
I,
don't
know
if
you
went
through
the
various
projects
updates.
G
Okay,
so
the
fundamental
scores
we
did
have
the
AIML
and
but
I
am
having
some
annoying
problems,
getting
marked
on
lint,
actually
working
as
a
GitHub
action.
It
should
be
a
click
and
go
and
I
had
multiple
problems
like
oh
come
on.
It
can't
be
that
hard,
so
somebody's
already
done
that
in
and
can
give
me
the
quick
key
afterwards.
That
would
be
awesome,
Okay.
So.
K
Yeah,
yes,
I
can
help
you
with
that
David
that.
G
Would
be
awesome,
it's
just
I'm
sure
I
could
eventually
figure
it
out,
but
it
was
the.
It
was.
The
30-second
task
that
grew
to
multiples
and
I
said:
oh,
come
on
yeah,
so.
K
G
Thank
you.
It's
okay,
I
think
I've
got
your
email
or
yeah.
A
All
right,
well
I,
want
to
thank
everybody
for
your
time
and
attention
and
your
contributions.
Thank
you
to
Christine
for
that
awesome
list.
It's
going
to
get
us
rolling.
Everyone
is
free
to
drop
I'm
going
to
talk
with
David
briefly
about
compiler
options.
If
anyone's
curious
about
that,
you
could
hang
on.
But
thank
you
all
we'll
see
you
in
a
few
weeks.
B
G
Oh
man,
you
know
I
I
I,
it's
not
true,
but
thank
you.
A
So
you
remember
our
little
project
around
the
compiler
options
for
C
and
C
plus
plus.
Yes,.
G
A
So
we
were
asked:
I
saw
that
Torgo
had
flagged
that
as
an
update
for
this
call,
I
have
an
update
for
you.
Oh
excellent
I
met
with
some
of
the
folks
within
Intel.
A
Specifically,
we
have
a
whole
Center
of
Excellence
that
does
secure
open
source
training,
a
whole
group
of
people
that
do
that
I
didn't
even
know
it
existed
and
they
found
me-
and
they
were
super
excited
about
this
group
and
okay,
just
kind
of
explaining,
like
hey
we've,
made
content,
or
we
have
people
working
on
content
like
all
this
stuff
and
I
noticed
right
off
the
bat
that
first
off
they
are
either
have
or
are
writing
best
practices
for
C,
C,
plus
plus
C
sharp
development,
okay,
so
I
thought.
Oh,
that's
interesting.
Yeah.
C
A
I
saw
they
also
had
a
compiler
options.
Little
working
group
working
on
documenting
compiler
options
like.
G
A
Was
a
very
excited
that
we
exist
and
wanted
to
know?
How
can
those
experts
within
Intel
get
engaged,
okay,
potentially
donate
content,
and
then
the
reverse?
How
can
they
learn
from
us
and
kind
of
intake,
good
practices
in
turn
inside
of
Intel,
but
I
was
more
excited
about
the
first
performer
right.
They
might
be
able
to
donate
a
compiler
flag
things
for
us
and
potentially
good
practices
around
a
bunch
of
they
have.
A
very
similar
Intel
has
a
lot
of
very
similar
language
languages
that
we
use
by
default.
A
So
they
have
a
lot
of
documentation
around
C
and
Java
and
JavaScript
and
all
this
stuff.
So
we
might
be
able
to
potentially
get
that
content
directly
donated
or
shown
to
us
that
we
can
make
our.
G
A
Know
don't
know
yet,
let's
order
that
a
call
yesterday
and
I'm
gonna
meet
with
them
next
week
when
I'm
back
I'm
going
to
a
conference
today,
okay,
but
I'm
gonna
meet
with
them
and
kind
of
talk
and
kind
of
see
where
this
stat
but
they've
been
meeting
for
a
couple
of
years
now
and.
H
A
G
Yeah,
okay,
that
would
be
awesome.
I
had
a
brief
by
the
way.
For
some
reason,
my
camera
has
decided
that
today
is
not
a
good
day,
so
it
goes
on
and
it
blinks
right
off
so
that'd
be
awesome.
Yeah.
We
would
love
to
see
it,
especially
if
it's,
if
it's
more
than
I
mean
even
if
it's
just
the
Intel
compilers
that
would
be
of
interest.
But
if
they've
looked
more
broadly
and
I
mean
they
certainly
could
that'd
be
helpful.
G
I
got
some
interesting
Nibbles
from
Red
Hat
a
while
back
on
compiler
Flags.
G
I
we
I
referenced
it
but
of
course
they've
got
some
other
folks.
You
know
some
of
these
other
things,
so
you
know
I,
think
and
and
there,
and
there
are
of
course,
some
other
docs
that
the
current
draft
does
cite
there's
one
in
particular,
a
group
who
actually
didn't
do
a
bad
job
of
at
least
starting
down
this
path.
G
I
suspect-
and
this
is
this-
is
David
Thinking
Out
Loud
here,
but
in
the
end
we
probably
need
more
than
just
a
doc,
because
you
know,
as
you
look
through
it
says.
Oh
my
gosh
there's
a
gazillion
of
these.
Just
let
me
copy
and
paste
the
list.
You
know
so,
basically
something
where
you,
you
know
insert
this
line
somewhere
and
it
does
the
things
and
a
little
guidance
on
how
to
do
that.
G
A
So
yeah
thinking
about
the
other
projects
we
have
going
on,
you
know.
Maybe
this
is
something
that
we
have
a
module
or
something
in
the
future
classes.
We're
making
definitely
something
we
probably
could
do
like
a
podcast
or
a
webinar
on
yeah
I.
Think
people
would
be
interested.
I
think
it'd
be
useful
to
kind
of
share
what
we've
learned.
G
A
G
Just
I
didn't
I,
don't
remember
offhand,
they
may
very
well,
but
of
course
it's
the
kind
of
thing
where
everybody
kind
of
you
know.
You
look
over
your
shoulder,
but
it
I
think
people
basically
do
it
and
then
they
go
off
and
do
other
things
and
occasionally
come
back
to
it
and
of
course
the
compilers
keep
adding
new
stuff.
G
A
Man,
maybe
that's
even
something
that
we
do
a
couple
podcasts
and
invite
some
of
the
maintainers
of
the
the
big
ones
in
just
to
kind
of
talk
about
things
in
general.
I
think
that
would
be
just
I.
Think
interesting.
Not
everybody
gets
into
this,
but
and.
G
This
may
become
maybe
something
where
we
want
to
make
a
short-term
Sig
to
at
least
make
a
okay
we're
gonna
we're
gonna
grab
the
people
together,
make
this
thing
and
then
update
as
you
go
along,
but
and
but
if
it's
reasonable
to
start
with,
then
people
are
more
likely
to
maintain
it,
because
it's
an
all
in
one
place,
yeah
so
yeah.
G
So
anyway,
I
and
I
think
this,
the
CNC
plus
plus
one
is
more
because
it's
good
for
all,
but
for
memory
unsafe
languages,
it's
especially
important
to
turn
on
as
many
flags
as
you
possibly
can
get
away
with.
So
right,
yeah.
A
G
A
I'm
talking
to
DHS,
there's
an
industry
thing
where
I'm
I'm
presenting
on
how
to
do
how
the
government
can
develop
and
use
open
source
software
more
effectively.
Oh.
A
The
office
of
the
CIO
I
think:
okay,
there's
a
whole
list
of
the
whole
litany:
the
opio
ciso
there's
a
whole
bunch
of
folks.
A
G
Dhs
is
quite
an
amalgamation
in
different
groups,
so
yeah.
G
Yeah
yeah
they
do
but
I
mean
they
they
own
a
whole
bunch
of
different
orgs,
which
historically
were
completely
un
unrelated,
independent,
so
and
I,
don't
think
they've
fully
ingested,
even
though
it's
been
you
know
about
two
decades
so
well,.