►
From YouTube: OSS-SIRT - 3 Execution (November 4, 2022)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
B
A
Well,
unfortunately,
browsers
are
not
efficient
at
using
and
releasing
memory.
A
Project
called
the
great
suspender
that
will
suspend
your
tabs
for
you,
while
you're
not
using
them.
Just
for
the
record.
Well,
I
I
found
like
for
Chrome
I
was
using
something
I
can't
remember
what
the
tool
was,
but
I
had
the
ability
to
like
save
all
my
tabs
as
like
one
bookmark
and
then
I
could
click
that,
and
it
would
explode
it
out
whenever
I
needed
a
tab
session
manager.
Something
like
that.
It.
B
A
B
B
A
A
B
So
it
looks
like
it's
just
S3
today:
I
don't
have
much
on
the
agenda
for
today,
except
maybe
like
a
probe
is
already
aware,
but
Randall
just
like
to
be
explicit
about
it.
I'm
gonna
be
slowly
ramping
down
my
my
commitment
to
open
ssf.
B
Yeah
essentially,
like
other
priorities,
are
taking
over
for
my
work,
as
well
as
like
other
situations.
So,
oh
fair,
oh
yeah,.
B
It's
not
a
huge
huge
situation
like
a
time
commitment,
but
it's
big
enough
to
like
drain
a
little
bit
and
like
the
end
of
year,
is
coming
up
and
well
I,
don't
know
what
23
is
going
to
look
like
at
this
point,
so
I'm
just
like
airing
on
the
on
the
safe
side.
Well,.
A
B
A
B
A
B
Guess
I
do
have
one
request
Randall
like
and
for
you
and
krobe
essentially
like
if,
if
you
can
own
the
section
three
until
someone
else
steps
up
like
there
are
a
few
good
candidates,
I'm
sure
you're.
Aware
of
that,
like
might
be
a
good
thing
like
good
folks
to
ask.
So
let
me
know
if
you
would
like
my
assistance
with
that.
Otherwise
I
trust
your
judgment
on
that.
But
essentially
that
would
be
the
big
thing
for.
A
The
pcert
plan
we're
close
to
winding
down
and
actually
presenting
so
the
actual
section
three
will
kind
of
disappear.
A
little
bit.
Yeah
it'll
get
woven
into
a
plan
so
yeah
between
Randall
myself,
I'll
Shepherd
and
we'll
find
or
find
somebody
if
we
get
a
volunteer
to
kind
of
finish
up.
The
like
estimates
on
costs,
but
I
think
that's
really
the
only
thing
that's
kind
of
missing
here
we
got
to
fill
it
flush
out
some
recruitment
tasks
but
I.
A
You
know,
I
took
your
model
and
that's
the
model
I'm
using
for
t-shirt
Sig
and
the
education
Sig
perfect.
So
that's
I
I
like
it
and
then
you
know
once
we
get
into
the
project
actual
execution,
we'll
Leverage
The,
GitHub
project
kanban
board
to
kind
of
track
tasks,
we're
gonna
for
every
Milestone.
There's
going
to
be
an
issue
filed
that
we
can
kind
of
tie
everything
together,
so
it
it'll.
You
know,
you've
helped
lay
a
very
good
foundation
down
for
us.
B
It's
good.
Thank
you.
Well
yeah,
my
one
warning
with
GitHub
projects
is
it's
a
flat
space,
be
aware
of
that
whenever
you
want
to
try
to
use
it
for
multiple
projects,
it
may
get
hairy
well,.
A
And
yeah
education
Sig
is
going
to
have
their
own
and
it's
the
kanban
is
good
enough
for
now.
You
know
when
we
get
when
we
hire
the
program
manager,
yeah
that'll,
be
their
problem
to
figure
out
and
how
they
want
to
do.
Project
tracking
and
Reporting
I'll.
B
B
Cool
but
yeah,
that
would
be
my
one
thing
to
mention
and
yeah
Randall
thanks
again
for.
A
Eventually,
what
you
know
as
this
starts
to
ramp
up,
you
know
when
we
start
to
get
volunteers.
Well,
I'll
ping,
you
again
to
see
if
we
can
get
some
Google
participants,
you
know
I
know
we
wanted
to
talk
to.
Is
it
the
ghost
team
within
Google
the
actual
d-30
type
people
just
to
kind
of
get
their
perspective
on
open
source
just.
B
To
be
yeah
yeah
and
like
not
to
correct
you,
but
ghost
is
really
about
like
developing
tools
to
raise
the
ecosystem
like
to
raise
the
security
of
the
ecosystem
they're,
not
necessarily
a
PCR
team.
So.
A
We
would
like
to
talk,
find
people
in
the
piece
or
that
you
know
not
like
Matt
Linton
who's
a
you
know,
an
IR
p.m,
but
actual
like
piece
of
people
that
have
helped
kind
of
establish
the
team
and
kind
of
their
learnings,
for
you
know
how
what
they
liked.
What
they
don't
like
about
work
interact
with
the
ecosystem
will
be
helpful.
A
B
Hey,
oh
yeah,
don't
worry
about
it.
I
get
to
interact
with
him
more
than
a
more
than
needed,
but
in
the
good
one,
so
yeah
for
the
record,
but
yeah
Matt's
own,
like
Matt's,
also
a
good
person,
but
like
just
ping
me
whenever
things
ramp
up
again,
like
I
I
will
definitely
like
fan
out
these
requests
and
recruit
folks
internally.
If
maybe
it
shouldn't
be
a
problem.
I
think
we
have
a
lot
of
awkwardly
passionate
people
go
to
it.
Cool
cool.
A
B
I
think
that
the
estimates
is
probably
in
the
next
thing,
like
I,
see
three
upcoming
tasks
for
the
section
three
before,
like
really
pausing
it
almost
first
one
would
be
to
look
into
like
the
the
request
for
headcount
for
hiring
for
that
TPM
that
you
said
section
three
should
look
into
that's,
probably
the
highest
priority,
essentially
just
drafting
a
bucket.
We
need
a
TPM.
We
need
a
program
manager
for
this.
B
Second,
one
is
definitely
doing
like
the
reviewing
the
discussion
that
we've
had
with
the
tool
suggestions
and
you
select
one
or
two-
maybe
three
but
I
would
suggest
we
just
pick
one
and
explore
it
as
deeper,
deeper
and
actually
like.
We
can
then
generate
more
expectations
and,
like
estimates
on
the
involvement,
that's
really
the
three
things
I
see
and.
A
I
think,
while
we're
waiting
for
like
the
process
to
be
documented-
and
you
know
that
type
of
stuff
I
think
we
probably
if
we
can
get
some
good
volunteers,
do
some
Show
and
Tell
like
Randall
suggested,
should
I
set
one
of
these
tools
up
in
a
container
just
to
kind
of
poke
at
it
to
see.
I
already
did
nice
yeah,
but
then
maybe
we
do
some
show
and
tells
with
a
larger
group,
saying
hey
here's
some
options.
A
B
A
Yeah,
because
we'll
need
to
ultimately,
if
you
know
we'll,
probably
run
this
in
the
cloud,
so
we'll
need
to
give
somebody
a
bill
to
pay.
You
know
that
we
need
this
speed.
You
know
kind
of
sized
it
to
be
about
this
size
amount
of
resources.
B
But
since
since
there
are
there's
about
10
tools
suggested
in
there
like,
if
you
want
I,
would
suggest
probably
like
sending
that
list
to
the
slack
Channel
and
be
like
hey,
which
top
three
would
you
like
us
to
really
investigate,
and
then
we
will
actually
do
a
show
and
tell
on
only
the
top
three,
because
10
is
too
much
it's
too
unwieldy.
There'll
be
a
lot
of
time
wasted
on
this.
If
you
only
select
three
I
think
it's
a
good
start.
Yeah.
A
I
think
it's
a
good
start.
I
agree,
I,
think
it's
also
important,
maybe
to
finalize
what
our
scope
is
going
to
be
because
we
have
like
bugs
pools,
and
we
have
like
forensic
toolkits
listed
so
I
think
that
once
we
have
like
the
scope,
it
might
be
easier
to
choose
because
even
like
the
hive
is
great
for
some
stuff,
but
not
really.
It's
not
really
like
our
of
our
goal
is
going
to
be
to
assist
like
getting
like
people
together
and
whatnot.
It's
it's.
It
doesn't
really
do
that
if
that
makes
sense.
A
Our
next
section
two
call
next
week,
yeah
it's.
We
had
them
this
week,
so
it
would
be
not
next
week
but
the
following
week:
okay,
but
we'll
need
to.
Maybe
we
need
to
schedule
a
very
special
time
with
ARP
and
we
need
to
hammer
out
what
scope
we
want
to
commit
to
I.
Think
like
intake
and
triage
is
probably
something
we
will
do
just
so.
A
B
A
That
with
the
education
Sig
at
the
same
time,
because
Glenn
pinned
the
other
one
on
me
too,
so
it's
useful
and
again
when
we
get
to
execution
each
Milestone,
we
can
make
an
issue,
and
that
way
we
can
kind
of
you
know,
fan
that
out,
saying:
hey
Randall.
Will
you
take
issue
five
and
I'll?
Take
issue?
20
and
Francis
will
take
issue
37.
and
we
can
track
progress
that
way
and
kind
of
hopefully
work
more
in
parallel,
I.
B
A
Francis
did,
is
you
put
in
some
dependent
some
actual
dependencies,
which
is
useful
for
planning
and.
B
B
What's
what's
great,
so
I
can
see
it,
yeah
I
did
not
put
a
license
on
it,
but
go
ahead
and
put
one
yeah.
I
was
going
to
suggest
like
for
section
two
for
art.
If
he's
struggling
to
scope,
this
like
to
scope
the
work
and
the
Sig
itself
like
it
might
actually
be
interesting
to
talk
to
Alpha
Omega
because
they
have
direct
connections
with
top
and
bottom
of
the
like
of
the
stack
and
they
may
have
like
really
good.
Like
I
know,
Randall.
B
A
Yeah
yeah
so
but
yeah,
but
yeah
and
I
know
like
the
kernel
project.
Has
their
thing
and
you
know
Red
Hat
has
their
thing,
and
you
know
I
know
that,
like
we
all
kind
of
communicate,
but
I
think
that
it
would
be
great
because
I
like,
for
example,
there
are
groups
like
Homebrew
that
don't
have
their
own
thing.
A
Their
thing
is
like
a
slack
channel
on
The
Homebrew
slack,
you
know,
and
it's
kind
of
like
yeah,
so
I
just
I
think
that
it's
a
good
opportunity
to
bridge
that
Gap
with
a
lot
of
these
communities.
Oh
and
you
know-
we've
talked
about
the
solar
designer
lists.
There
is
a
very
mature,
well-established
email
based
system
for
how
the
distros
talk.
Well.
Maybe
this
is
an
opportunity
for
us
to
become
a
more
real-time
facilitator
around
some
of
that.
A
It's
kind
of
augment
the
list
by
the
way
I
I
got
it
in
one
of
these
talks
that
I
was
having,
because
we
have
a
new
like
security,
nerd
and
Homebrew
that's
very
involved.
A
Apparently,
one
of
the
problems
is
that
people
are
scared
of
us
like
when
I
say
us,
I
mean
like
Colonel
project
Gen
2
because
of
the.
A
A
A
A
B
A
Unfortunately,
the
I
agree
beard
yes,
yeah
I'm,
starting
to
get
gray
hairs.
I'm
only
32
and
I
already
have
gray
hairs,
but
yeah
it's
from
being
in
the
kernel
project
yeah,
but
yeah
I
think
I.
Think
if
we
could
facilitate
that
because
I
I
have
actually
it's
not
it's
I've
gotten
a
few
things
like
that
that
we
found
problems.
But
do
you
really
want
to
try
emailing
line
itself
say
something
nasty
to
you
in
return?
Like
you,
don't
know
your
stuff
and
yeah
stuff.
A
B
A
B
A
B
Imagine
only
be
an
interesting
talk
if
you
folks
want
to
propose
that
for
like
one
of
the
future
conferences
where,
like
you
know
as
an
open
source
fan,
how
do
I
report
patches
to
the
main,
like
the
Big
Ten,
whatever
you
know,
because,
like
a
lot
of
these,
if
not
all
of
them,
actually
have
policies
and
have
documented
processes
around
how
to
report.
It's
just
that
people
that
don't
actually
go
the
extra
mile
to
find
that
document
like
ahead
of
time,
for
example,
you
were
talking
about
the
Kernel
Security
folks.
B
They
have
a
very,
very
well
documented
process
on
how
to
report,
and
they
also
detail
how
they
will
actually
use
the
information
and
how,
with
they
will
work
with
you
and
so
on,
and
so
forth.
It's
really
really
nice.
Actually
it's
one
of
the
like
well
written
ones,
I
found
on
the
web,
but
again
people
don't
read
that
stuff
ahead,
like
they
just
assume
quite
a
bit.
Sadly,
that's.
A
Open
source
it
would
you
like
to
co-present
when
is
it
it'll
be
in
the
spring?
We
I've
done
it
virtually
every
year.
B
Okay,
I
can
help
right.
I
can
help
write
it
just
like
throw
me
under
the
bus.
If
you
feel
like
you
need
a
co-author,
all
right.
A
B
B
A
Why
isn't
our
C
plus
plus
guide
me
further
Randall?
That's
because
well,
I
have
to
sit
down
and
do
it.
But
yes,.
A
To
to
go
through
it
yeah,
but
that's
an
open,
so
we're
working
on
a
compiler
guide
and
we're
starting
with
C
and
C,
plus
plus
it's
been
like
a
stub
for
a
year
and.
B
B
B
A
B
Just
have
a
look,
there's
a
threat
on
OSF
security,
about
like
hey
what
would
have
happened
if
this
was
written
in
Rust
and
it's
actually
a
genuinely
constructive
conversation
that.
A
Is
like
Mark
Cox
and
the
open
SSL
folks,
oh
they're,
on
that
list,
so
yeah!
Hopefully
they
see
it
and
take
that
under
advisement.
A
B
Again,
your
offer
is
indeed
something
probe.
Will
Leverage.
A
B
Yeah,
in
that
case,
I'm.
A
B
Absolutely
and
do
have
fun
I,
don't
think
I
own
any
of
the
documents
that
are
being
used
like
the
meeting
notes
and
stuff
like
that,
let
me
know
if
you
do
bump
into
that
I
think
I've
assigned
most
of
them
to
my
personal
account
anyway,
so
it
should
be
free
and
open.
Okay,
cool
cool,
but
otherwise.