OpenSSF SLSA Biweekly, 24 Jan 2023

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: SLSA Positioning Meeting (January 24, 2023)

Description

Meeting notes: https://docs.google.com/document/d/1tpPOXVzNSwtpWA7cXhTPLAO6HIP50obUvoP85XqgVHM/edit#heading=h.yfiy9b23vayj
SLSA repo: https://github.com/slsa-framework/slsa

A

Hey jumpsy, can you hear me.

A

Oh, you don't have microphone yet.

B

Hi good morning, Elba can.

A

You hear me hey, yes, I can hear you now how.

B

Are you I'm good, I'm good, give me a minute.

A

I'm sorry say it again:.

A

Can you repeat, jumpsuit I didn't quite catch that last sentence.

A

B

A

Okay, oh you said, give me a minute: I was trying to figure out what you said uh and I was asking. I was like what did you say? I didn't hear you, um okay, uh all right now, Bruno's not gonna, be with us. Today um he is traveling.

B

A

C

A

Yeah, quick I'm trying to copy and paste some.

C

A

Stuff from last week over to the agenda for today,.

A

Okay, so that's.

B

I have something: okay,.

A

Okay, uh it's too past I'm sure we'll have people trickling in.

C

A

But we we can go ahead and get started. um So let me share share.

A

Okay, you can see the positioning meeting notes right, yeah, yeah.

B

uh Let me also open the document: it's not opening. Okay,.

C

C

A

A

um While you're opening up that document, did you all see the salsa in Toto uh blog.

B

Oh no I had to see that no no I didn't read that.

A

So there's this blog um and I'll put it here. I forgot to mention it last week and so I put at the end of the notes um that they're trying to release this blog on salsa and in Toto and what it means Etc. So if, if folks are able to um no in a review uh that that would be great to get a different set of eyes, because the majority of the folks that have reviewed I believe are from the in Toto community. Okay, uh I, don't recall, yeah.

D

A

Know Marcella does salsa too um that's pretty much it so I want some more salsa eyes on this.

A

um If, if possible, um I think it's a a great blog I think the only big concern I had was around uh the predicates under development uh section, because this blog read as though they are trying to advocate for software supply chain attribute integrity um versus it just being a just a bullet item. um So it's it seemed more like salsa and software supply chain attribute Integrity, um not in Toto and salsa. So that was my my biggest feedback for them.

A

Is this feels like it it's forced in here, um so any any other eyes on. This would be great just to make sure that I didn't miss something um because again, there's not a lot of salsa eyes on this right now.

A

Thank You Leon for for joining and I'm gonna put the notes here so books can sign in so please please, please sign in um Okay, so what we should do today, I'm looking at the Timeline first draft 124., okay,.

B

A

Right so we need to finish the um the abstracts today. That was our our goal. So let me put this here right final review by 131.. So if we can kind of succinctly say you know, this is the abstract, for this particular talk or um uh you know, lab or whatnot, then uh we can start communicating that to the old, so the other salsa leads um to see what they think. Now. One thing I don't have on here, because I had assumed um that market and and Joshua were working on.

A

This is the also 1.0 update right. We don't have a title for that, um so I'm gonna ask Josh and Mark if they are already working.

A

Ask so that's one action item that I've been meaning to to document and if I don't write it down, I I forget um um okay, so we're good with the titles.

A

um We just need to focus on the the abstracts.

A

So I'm just and feel free to to type in here again, it's not a one.

C

Person it needs.

A

D

A

The person coming up with the abstracts or title um but I'm thinking like come and join the salsa is it called? It's also work group, no.

C

A

Is it called um uh because the supply chain Integrity working group, so what is salsa considered.

A

um In the subgroup.

B

C

It can because a.

B

Subgroup looks like yeah.

A

A

A

I'm not trying to recreate the wheel or anything like that. um This is this fashion, is.

A

A

Not um benefits.

A

A

C

A

What's the word that collaborate- that's not the word I'm thinking of um how to participate or how to join the community.

A

Benefits um foreign I feel like there's something else here that we need like another.

A

See if I can highlight that so.

C

A

A

A

I've been at this latest window specification.

A

C

A

On on this abstract, I know, there's there's somebody else in here and thank you um again feel free to word Smith it if you need to.

C

C

A

Thoughts on the any additional thoughts, Jay or hey, um and if I'm mispronouncing, your name Leon.

C

A

Leon Leon or Leon.

B

So here by it's a re-acconded or it can be attended with such as.

A

B

A

Family arrest with.

B

Salsas find out.

A

Well so acquainted as more of like they, they know what salsa is is kept uh up to date with salsa. So that's what I was trying to convey there is. You know.

B

A

Could be for beginners or people that they know about it, but they just need to kind of pick it up a notch and get reintroduced to it kind of thing: okay,.

B

Makes sense, yeah, yeah.

A

A

Any other thoughts on on this app on this abstract. Obviously we're gonna get feedback from the rest of the community, but not sure if we can spice.

D

A

The abstract in any way, shape or form.

B

I think yeah good yeah. It looks good.

A

A

Jay Leon, that's.

A

On this abstract, you can you can give it an emoji if you want. Oh.

A

This is good. ah No, we don't want to do that. No I'm, sorry I was trying to um end Australian.

A

C

A

Okay, a good bad and ugly.

A

I know we have some discussions about this.

A

um I think I, don't remember, but I believe somebody uh said that maybe the planning of the transition from version dot one to 1.0 would not be a good question.

A

um So I don't I, don't remember the context of that of the. Why? But obviously we would discuss.

D

C

Know how organizations.

A

Got started their biggest challenge to adoption um and you know, was.

C

A

The journey worth it.

B

A

Yeah I I would really like to ask this question to the people that are adopting it right, because it it could mean that they have to significantly change things.

A

A

As you will see, I'm just gonna do come and learn and learn. Yeah.

D

That last one, uh the planning and transition from B1 to 1.0 I think uh that went to the uh provide more that that one that one could uh present more questions and answers man, because because I mean the the routes taken um open as it is close the conversation that might be happening, that we don't get the chance to hear um right along with all the stuff, that's happening in the open and the only reason why I say that is because I mean you have. You went from just the build Source without a provenance.

D

You know, I mean there's always like so many breakouts, so many transitions, so much ebb and flow that have a panel up there discussing it.

D

Just have to have like everyone who pay the lean one way or the other questions. Why did you do that? And what does that make? And what that that's, a I think you could I think planning from transitions from I. Think that could be a discussion all by itself.

A

um Maybe maybe that's a a sub topic for the salsa update yeah.

A

ah What do they do? Okay, okay, yeah, so good point um introduce a cannibals but I think it's an important topic right to touch at least one time in in one of these talks right, because people are going to want to know like okay should I start with version dot, one and then transition to one or, if I'm, already on version, one or I think I'm on version.1 right.

A

How easy might it be to to transition I feel like that could be a subtopic um for this also 1.0 update I think it's it's definitely relevant for that one. Thank you for that feedback Jay.

A

B

uh One input would like to add is, like you know, um maybe we need to also mention where the salsa.

B

So we do have application security framework software supply chain cyber security framework. Others, like you, know some complaints, um so many things are there, so salsa is also there so, where text exactly fitted.

B

um So how do we frame my not sure but just wanted to give a Clarity where the software I mean salsa, Google, search or whatever, and this ssdf will really positioned.

B

A

Would that be up here.

B

B

A

Yeah, but there's more than just ssdf for the nest standards um there's also cyber s CRM.

A

So that's why I wanna uh keep it at a higher level of which standards we'll talk about, um but this is what you're referring to it's. This talk, not the it's also 1o update down here right.

B

Yeah, uh and also we I think we have already uh mentioned somewhere like salsa- is not an application security framework. It is actually a software supply chain. Cyber security framework.

C

D

You say yes, let's say a software supply chain, cyber security framework.

A

D

A

D

Jump jumpsuit yeah.

B

I understand salsa is a software supply chain. Cyber security framework.

D

D

um That's a lot.

B

It's definitely it's not uh like it's not and related with, or uh it may be similar too, but it's the nest. Ssd framework is completely different, uh but both are ssdf framework and then salsa. Both are uh software supply chain. Cyber security framework.

D

I, so I don't know that our class is also as a security framework.

D

A

C

I would say security framework.

A

Oh um yeah salsa is defined as.

D

I think I think it's a I think it's a framework for helping to secure the software supply chain, but I don't know that I would call a security framework over a compliance framework.

B

A

B

Makes sense yeah not that level.

A

D

Would agree, I do consider and I'm I'm one of those purists that say, there's a big difference between security and compliance.

A

D

A

Is there is very much a big difference? Well here it says it's a security framework.

D

um I I I I read that and I'll and I'll say it again. I am not that we're not there yeah yeah.

A

We're we're a uh a.

D

A

Framework for securing artifacts, that's about it or producing artifacts in a consistent manner. That's not hampered.

B

With already a standard then so we cannot mention as a kind of framework. Then we have to mention as like a standard and salsa standard.

D

Well, I think that I think that in itself, that's not for us to do and, of course, if you go up to the higher um supply chain, Integrity working group we're talking about maybe emerging emerging positioning efforts all besides the point. um Identity is a big key here.

D

um The spec itself I think scope wise that that's a that's a lot. That's a lot of scope, keep going on there! It's not a security framework. The compliance framework.

C

I'm going to.

D

There's there's a there's: nothing in there.

D

B

C

Have maturity levels.

D

Right so so then, so there are levels that you have to meet right: they're maturity levels, whether you're a level one, two, three or four, even in meeting maturity levels. The idea that there are maturity, levels, negatives in a security framework.

B

So, okay, uh this agreement, Julia played for any applications or building applications only related to that right or any other things like um uh building an infra code and.

A

If it can be used for like building infrastructure as code, is that what you.

B

So is there any standards or any other Frameworks or will.

C

B

It for the development of the ifp or something or it can be reapplied on the uh like building an application and uh standards for an application standard or.

C

A

In my point of view, it's to build any sort of code right, regardless of what that code is right, it could be a script, it could be an application. It could be. The infrastructure is code um that that's my perspective, um Jay John C. Do you wanna uh chime in.

B

On that yeah plus one for that yeah.

D

The original intent.

D

Was for it to be um a set of requirements that had to be met in order to ensure that your supply chain was compliant enough to safely build or a safely code, or have safely or have safe cold practices?

D

A

Was yeah so yes, I! Think that's that that then, uh if I understand that correctly from you Jay from Leon's question is um that it is meant for anything code related that you are building regardless of what you are building right.

A

I think that, right because.

C

You can right.

A

Because you can build a bunch of scripts together right um to go through the CI CD pipeline, make sure it does all the scanning make sure it does all the signing gets deployed in some sort of container image right or it can be an application. A web application.

A

um It can, you know, go through this uh CI pipeline to you know, do scanning, for example, infrastructure code, so anything code related that goes through that CI CD. Yes,.

D

B

D

I can agree with that, but I would I wouldn't know if I would, if I would settle on certain line of being a security framework. I don't know that was.

A

Something: oh! No! No! No! No! No! No! No! No, that it was a different question: um yeah! Okay, um so we do have a Blog about the trifecta I'm, trying to salsa log trifecta.

A

um Ssds trying to find it um well that didn't help um open SSS.

A

Salsa.Dev blog.

A

uh This one all about the Baseline um it talks about uh several of uh you know, missed Frameworks right, um that's also kind of helps, Maps, too, and and and how the different levels are supposed to map to those different um uh framework. So yeah the new Cybertron was out so we could use some of this. It probably needs some updating, but we could use this blog as a an example. We also have- or is it um there's a spreadsheet in here.

A

Where'd it go there, it is uh it's a public, Google doc where we've tried to do that, exercise um and mapping the different controls.

A

But since the controls are changing number one, um it doesn't make sense to do it right now uh and two we were trying to figure out a way of and I'm, not going to say the word J we're trying to figure out a way of automating this mapping for us instead of us manually, typing the stuff in because that's what we were doing um so we were at the very least able to do salsa version 0.1 to ssdf version 1.1 and some of the other things that we had plans, um but given that the requirements for salsa are changing, we're gonna have to revisit this, because this is this is old right.

A

um uh So let me put that in here, no I keep losing my place. Okay, reply: okay, back to abstracts.

D

Yeah I think I think that's something that we really do need to iron out I I, because of because when we do these talks and and and all that kind of stuff like that, we get up there. Talking about the secure I have I have issue with a mature new model of any sort calling itself a security framework.

C

D

Because when you have level one right, if you, if you say we're salsa level, one okay, well what so so in the maturity model, you have a defined I'm, just taking I'm just going by the the capability maturity model right where you you have one through five, and you know your three is a defined and- and you you know, four is managed. Five optimal right does because you're. So if you are defined in most organizations, you met the standard right to have a defined anything.

D

You met the standard right so now, if you're managed a little bit better and if you're optimal. This is like wishful thinking, but if you're optimal, you're really good right, none.

C

D

That means to cure yeah right. That just means you've met criteria, paperwork, people, process and procedure. You met the criteria for that level, which is what we're saying with salsa. You can meet level one two and three level. Four is still right: they move level four up to table hell, move level, four off the table, busted out these these other instances, but there's still a maturity model element tool which I still think is great I. Think a compliance requirement, I think a maturity month.

D

I think that's excellent because it allows it to be Universal across all of these other security Frameworks. You could take these other security. Frameworks apply the controls there in and applying those controls will help you meet respective salsa levels, agree yeah, but to say that salsa is a security framework.

D

I think um I think diminishes.

D

I think diminishes what what the the viability of salsa you you're, bringing it down to something where, if you're, if you're saying raise up, you want to meet these levels well, then you need to find out how the mapping of these security Frameworks how to control these security Frameworks map to meeting the levels in salsa.

D

How do they map to that compliance requirement? Because we all know that compliance just says you have a tire on the back of your car? Doesn't doesn't matter what size the tire is. You know what I mean I'm talking about it's funny as hell doesn't matter what.

B

D

Put the tire on the back of the car means you're completely.

A

Yeah yeah yep yep, so.

D

It's a security controls map to these levels. That's a different story right, that's a better story to tell, but if you say this is a security framework, well, then, why would you need the other security Frameworks to map to.

A

So is the recommendation to call it a compliance framework.

D

The complaint from a compliance framework or maturity model, I I, will call it what it is. It's a maturity model.

B

Yeah I I also think like maturity model is the right term, then, because we also Define different levels there. uh So in that case, maturity model will be a app named for that.

D

I'm, even okay with that and I mean I I I, but I I'm they I'm gonna, get I'm gonna get pushed back on that by the way. Somebody's gonna argue that with me, I love it already. But then this is good but, like I said, I'd have a big I, take issue with calling it a security framework because it's yeah.

A

Okay, so I'm gonna put that in here, so I don't forget, um so we can certainly bring it up um and make sure we hash it out before the conference. Should any of these topics get accepted, accepted right. um That would be fantastic, uh so but I I'm we'll see um Okay so abstract.

D

Also also, we have up there mapping to nist standards. Oh um that conference is in.

A

um Right, it is Vancouver yeah.

D

What the, what do they kill? So if it's in Vancouver and let's say we're talking to people in Canada, what do they care about? It's mapping the standards.

A

Nothing to isil, maybe security, Frameworks.

D

Not the security framework or mapping to ISO right something International based.

A

Okay uh is ISO, considered a framework.

A

D

Talking about um secure supply chain, I'm, not I, can't remember, which number that is hold on a second.

D

My uh my my monitor is flickering on and off too so. If you can't hear me for whatever reason uh you.

C

A

um I wonder if it's this but I'm wondering if this is uh traditional supply chain.

D

It's looking at 2800 right.

A

D

2804 I think it might be.

C

A

D

But you see it says with ISO anything is possible, it could be so it could be.

A

D

This is like, like mechanical and stuff too correct.

A

Yeah I know this is all see it says: weather related terrorists. um This is not the right one um and that's why I was like well. Maybe it's not.

C

Let's see software.

D

I think uh 27 036 has there's a part in there about uh supplier relationships, 27036.

A

A

Oh types of I see it so if we.

A

It won't let me zoom in for some reason.

A

C

C

C

A

Then yeah I'm wondering if this is not. This is still yeah. It's not going to. Let me click on it. I have a feeling that this is still traditional supply chain. Oh yeah, no, no I'm.

D

Pretty I'm pretty sure that that this is that that this deals with um uh supply chain um software supply chain uh types of them, I'm, actually pretty sure about that uh in terms of what exactly is covered in it, I mean what look what you mean help we think about open source right. uh 800-161 has literally like two controls about open source.

D

Everything else is is about supply chain, but there's literally like two controls about open sourcing right, so so in terms of what's covered in it, I I'm not I'm, not terribly sure, but I do know. It deals with a with um software supply chain.

C

D

Yeah I mean specifically hell uh Dash three specifically deals with guidelines for Hardware software and uh Services uh supply chain security.

C

D

27036-3 deals with.

A

That 20, oh 26003-33036,.

D

A

C

A

A

D

Yeah generally,.

A

Put ISO because I'm gonna forget what that means. I think I, don't do that. um Okay, um so I think this is a good high level. You know what what's also is: what's not the benefits right um mapping to we'll have to do some research for the actual presentation on which security Frameworks are relevant for this audience.

A

Thank you. Leanne.

B

I'm not exactly sure like I'm, sorry, yeah I'm, not sure exactly but lit, make the requirements, but we can just have a reference on that so yeah, thank you. I believe so relating to underdevelopment shows actually so.

A

Okay, um something yeah the latest one.o specification and how to I want to say, join the community, I want to say like participate in the community or you know, help collaborate whatever um I still think. This is a good start uh for panel discussion.

C

C

A

Trying to think of a good intro for this I'm, not a Wordsmith.

C

um Experiences.

A

This is not proper English.

C

A

Biggest challenges, foreign.

A

Was worth it, um that's a question that you can ask live but I don't know that I want to put that in uh abstract, um so I feel like there has to be a better way um if the.

C

Journey was.

A

Worth it I, don't quite like that part, but I feel like that kind of gets to the Crux of it.

A

That's questions.

A

Okay, um what about the hands on lab, slash demo.

A

A

Join us for a five and on demonstration.

A

See it's also build levels.

C

A

A

Feel it's also.

A

B

uh Sample report sample pipeline will be better.

A

B

um Or sample supply chain ocean sample.

A

um Because the idea is is that um we would help walk them through.

A

Hey we're going to take this code from this repo sample and take maybe if it's GitHub action, something simple right that we have access to um and take it through that Journey right, but everybody can actually do it on their own. That's my vision! Yeah I! Don't want to I, don't want to say that, um but that's that was our intent when.

D

B

Thought about this is.

A

That everybody can bring their laptop if they wanted to, um but if they don't have a laptop, that's fine, it would still be demonstrated on the screen. Yeah.

B

A

We did want people to actually bring their laptops and get kind of acquainted with how this could work. If it's GitHub actions, fine, um if it's something else, fine um I, don't think we've figured out the details yet right. We still have to figure out how to do that, but I think it would be a a good way of getting people seeing how salsa could work.

A

With a sample repo or something yeah,.

A

A

Questions thoughts on this one.

A

Okay, so there's ketchup, mustard and relish. Oh man, um I love. This title I feel like this is going to get picked just because of the title.

A

A

The supply the.

A

Open SSS apply chain. Integrity should I also put open F, because not everything is openss at this conference right.

D

Well, no I mean so open. This is up is open the sub day, but the rest of it's just the open source conference I mean. But if this is being presented during the open Summit, then you know you can you can say open ssf, because that's where we're working on all this stuff in right, so it would, it would be uh if it's during the open Summit, it would be good for us to say open SSL with everything that we're doing, because that's what we're working on this stuff now.

A

A

I'll say group.

A

A

Yeah and I don't quite know how to write this right, I'm guessing this is how we would write it, but um supply chain, Integra, integrity,.

A

A

A

Is this normally a abbreviated.

A

This supply chain, Integrity I, don't think I've ever seen it abbreviated anywhere.

D

um Supply chain, Integrity working group I, don't think so. Yeah.

A

And it just might be me internally right because that's a mouthful to say so.

A

um What else goes on hot dogs are that people put on hot dogs go.

D

Crow d: I don't put sauerkraut on a damn hot dog, but that's what usually go chilly.

A

I, don't know how to spell that my.

C

A

D

C

A

A

Yeah, oh that reminds me um I need to put this uh the videos for this also specification group are not being posted. The last recording was from November, oh sauerkraut,.

A

Sour Crow, okay I spelled it right, skip this sauerkraut.

A

Or working group um see, this is what I mean like we need to have like catchy, abstracts I'm, not good at this. This is everywhere. I wish Michelle was on. This call. Michelle was really good at the titles um enjoying that.

A

Discuss how, as to c2f, salsa and ah Oscar, can help you improve your software supply chain.

B

Security or Integrity or something is required or can.

A

B

uh Like uh do we need to add a software supply chain, Integrity or anything required. No right account.

A

uh No I think I think this is true.

B

Last last to the last.

A

If you improve your software supply chain, oh uh security.

B

Yeah security or Integrity or.

A

Improve your okay got. It.

C

A

Let me go to the mission page hold on I. Had it open just a second ago.

C

A

Jay is this okay, I, don't know if it is or not.

D

I'm, keep coming in and out in and out in and out.

A

D

If you guys can hear me, uh okay, where were we at.

C

D

Was gonna go look up in and out here.

A

um You're fine I was gonna, go look up the mission for Sci, oh yeah, it is, it is, uh and then I just saw this a pragmatic supply chain security framework. So I wasn't sure if, if that also needs to get addressed um in the mission for supply chain, Integrity.

D

Oh no I mean no. That this is this is the working group's uh vision is to have a pragmatic supply chain security framework. Okay, the framework can include uh maturity, model yep right, so you have um s2c2f. You have Fresca, which provides tooling to um tooling for artifacts. uh Was it for artifact storage?

D

I got a camera with the camera with Fresco does exactly I knew I knew it I knew last week, camera now compliance um the compliant meeting, the compliance requirements of or the maturity levels of salsa utilizing I mean you have all of those I mean that's how they all work together right um and then you have consumption days and then and of course, from a producer standpoint, so meeting the maturity levels from a producer standpoint and then of course, meeting uh uh meeting, because s2c2f is also a maturity, also as a maturity.

D

Model A maturity framework right just happens to have security controls as well, but it's also maturity based levels. One two three and four.

A

This is an: is it really a security framework, then.

D

Right like like I, I, I, I, say again it's if we put if we take uh security, uh the supply chain, Integrity working group, to create a security framework, you can create a security framework that encompasses the.

A

Different levels underneath.

D

Right that encompasses these maturity models, but it's it would be a security framework that does it. These are maturity models that provide a way to see where your at um implementing the controls from security, Frameworks.

C

D

It makes sense Jesus.

A

Christ I I think it does and in my mind, I have a picture of like a document and then within that document, having like little or a box and within that box, having uh other little boxes and that's how I'm envisioning it right um so I I think it's making sense in my head: um I I'm a visual person right, so it it makes sense, I think so.

A

um I, don't I, don't think I have issues in what you are saying and how you are saying it so I think it makes sense um so John C and it doesn't make sense to you what Jay is saying.

B

Yeah, it makes no sense.

A

In case um uh how to improve your.

A

Trying to award that thing go.

A

A

Supply chain security.

A

um Maybe had a standardize, your practices and.

B

A

B

Blue and standardized I already have to.

A

Oh sorry, okay, thank you and standardized.

A

Software supply chain, with s2c2 apps outside.

A

And then, obviously, the the sub bullets.

A

uh Aren't lost down here on what we wanted to cover, so these are clear, abstract.

C

A

Okay, I like this beginning, I, don't know why but I do.

A

Obviously, I I hate that stuff I hate it I hate it I hate it um I think it's just because um I didn't grow up with that kind of palette. My palette is more of a Caribbean palette, it's very it's either a little spicy or you know Bland, um and so that is a very Wasabi tasting like it's a like I, don't know, I can't quite explain it's not Wasabi, but they like radish and cabbage, and it's just not my my cup of tea.

A

It's just um so yeah I I I do not like sauerkraut at all, um okay I'm trying to think we have five minutes left I think we did pretty good.

C

A

Think ah can somebody think of something else other than if the journey was worth it.

A

Or this abstract.

A

Okay um and then the update I mean I'll, have to ask to see if they're they're doing something, but I mean this could be very simple. You know come and learn about blah blah blah I think we're we're pretty good here.

A

Anything outside of the security framework discussion um is there another thing that we might want to bring up um framework labeling in salsa.dev.

A

We visited I'll highlight this so that I remember anything else.

A

C

A

Okay, so I am I'm. Also going to put this I did cover it at the beginning. Please please, please try to provide comments for that blog um I need more.

C

A

Salsa eyes on it: um okay! Well, if there's nothing else, um I will send this out probably tonight um for people to chime in from the rest of the salsa group and I. Think we've pretty.

D

A

Our Target, which is great first.

D

A

124., um so we'll we'll see how how it goes. Okay, thanks folks,.

B

Thank you talk.

A

To you soon, bye.

B

Bye-Bye bye.