►
From YouTube: SLSA Positioning Meeting (February 14, 2023)
Description
Meeting notes: https://docs.google.com/document/d/1tpPOXVzNSwtpWA7cXhTPLAO6HIP50obUvoP85XqgVHM/edit#heading=h.yfiy9b23vayj
SLSA repo: https://github.com/slsa-framework/slsa
A
I
am
okay,
just
tired:
it
didn't
get
a
lot
of
sleep
last
night,
so
I
am
running
on
lots
of
caffeine
right
now
crashing.
B
In
the
document
now,
okay,
now
let
me
see
if
I
can
share
it
back
out
to
you
or
something
I.
A
A
Yeah,
it's
just
a
suggestion
for
you
yeah
yeah,
so
somebody
messed
with
the
position,
the
permissions
of
the
document,
and
now
we
only
have
a
suggestion:
ability,
abilities,
wow,
I'm,
really
tired.
My
tongue
is
getting
all
sorts
of
types.
A
C
Yeah,
the
same
thing
happened
to
the
the
tooling
group,
like
around
the
start
of
the
New
Year.
All
of
a
sudden.
Our
first
meeting
either
was
like
end
of
December
early
January
that
we
couldn't
edit.
The
document
and
yeah
I
I
had
issues
trying
to
get
the
LF
on
it.
Just
because
I
was
super
busy,
so
I
just
ended
up
creating
a
new
document
and
saying
hey,
start
editing
this
one
I
just
copy
pasted,
but
yeah.
B
A
A
C
I
I
also
didn't
follow
up
outside
of
just
like
the
general
question
of
like
hey
is
something
going
on
with
the
stock.
You
know
I'm
sure
if
I
I
followed
up
but
they'd
probably
take
a
take.
Another
look
got.
A
It
okay,
so
I'm
gonna
do
a
lot
of
cat
hurting
then
in
the
next
week
to
try
to
figure
out
what's
going
on,
because
this
is
going
to
get
annoying
real
quick.
A
If
it's
all
just
a
bunch
of
suggestions
right,
this
is
going
to
get
very,
very
messy.
So,
okay,
well,
let's
get
started.
Let's
sign
in
I
did
put
the
the
meeting
notes.
Again.
Apologies
did
not
get
a
lot
of
sleep
last
night,
so
I
am
running
on
caffeine
right
now.
A
I
am
going
to
share
the
slack
right
now.
This
was
the
results
of
the
survey
on
changing
the
times
for
this
meeting.
So
there's
not
a
real
there's,
not
a
winner
right
in
in
this
survey.
A
So
I
want
to
be
able
to
allow
folks
like,
for
example,
Joshua,
Law,
Firm
VMware,
or
anybody
that's
in
the
UK
to
be
able
to
attend
these
meetings
because
I
know
it's
late
for
them
and
at
the
time
it
was
what
worked
best
for
me
and
Bruno
and
I
think
somebody
wanted
to
include
Brandon
Lum,
but
he's
not
attended
for
some
time.
A
So,
given
that
the
participants
have
changed
just
trying
to
figure
out
if
there's
a
way
that
maybe
we
could
do
it
earlier
and
if
if
we
would
have
a
good
representation
again,
this
is
just
a
high
level
of
what
the
results
were,
but
it
almost
looks
like
either
you
can't
do.
You
could
do
Monday,
but
it's
right
before
the
specification
call
I'm,
not
sure
people
would
like
that
very
much.
A
That's
a
lot
of
meetings
in
one
day
so
potentially
spacing
it
out.
If
we
think
about
Tuesday
Tuesday,
it
looks
like
not
really
a
whole
lot
of
people
would
be
around
n
or
11.
It's
really
more
of
noon
to
one,
let's
see
and
then
Wednesday.
The
problem
was
Wednesday
and
Thursday,
so
that
there's
a
a
monthly
meeting
on
Wednesday
and
Thursday
for
supply
chain
integrity
and
for
salsa
at
noon
to
one
Eastern.
A
B
Well,
please
switch
to
I
mean
it
could
work
if
we
made
it
every
other
weekend.
So
if
we
did
it
like,
for
instance,
that
this
Integrity
meetings
only
once
a
month
I
believe
right.
Yes,
so
if
we
made
it
I
mean
I
mean
help
we
did
every
other
week.
We
still
might
run
up
against
that
one,
maybe
two
or
three
times
a
year.
Man
yeah,
maybe
a
few
more
times,
maybe
maybe
a
little
bit
more
than
that.
We're
up
against
that
one
yeah!
C
Yeah,
it's
it's
hard,
there's
just
so
many
Community
meetings,
yeah
I,
don't
have
a
a
great
answer.
I
know
for
myself.
Actually
some
stuff
should
switch
around
on
my
end,
where
10
to
11
on
Tuesdays
are
now
open
for
me,
but
now
11
to
noon
on,
Tuesdays
and
and
also
Brendan
Lum
will
also
have
that
same
conflict
11
to
noon
on.
Tuesdays
is.
C
That
works
yeah
that
works
at
least
for
me
on
Tuesdays
I,
know
Wednesdays.
We
sometimes
run
into
the
some
of
the
other
monthly
meetings
yeah.
It
works
on
Thursdays
and
I.
Think
it
works
on
Fridays.
For
me
at
least.
C
Yeah
new
around
noon
is
usually
pretty
empty,
except
on
Mondays
and
Wednesdays.
B
Yeah
noon
on
Fridays
is
always
it's
always
open
for
me.
D
C
C
D
A
A
B
Tuesday
Tuesday
Newton
Easter
can
work.
There
are
some
Tuesdays
where
I,
where
I,
where
I
got
I,
have
a
conflict,
but
that's.
D
B
Once
a
month
other
than
that
I
can
do
Tuesday
morning,
Eastern.
A
Okay,
it
looks
like
right
now,
at
least
between
the
few
of
us,
on
the
call
that
seems
to
work
so
I'll
ask
a
couple
of
other
folks
that
typically
attend
a
meeting.
If,
if
Tuesday
noon
seems
like
it
would
work
for
the
majority.
If,
yes,
then
I'll
start
to
reschedule
it
for
a
little
bit
earlier
and
see
how
that
works
see
what
kind
of
attendance
we
get
okay.
So
let
me
stop
sharing
that,
then.
A
Let
me
share
the
meeting
notes.
Okay,
I
did
speak
with
Michelle.
Yesterday
she
submitted
the
beginners
talk
to
Global
appsec
DC.
So
basically
it
was
the
same.
This
I
believe
it
was
the
same
title
and
Abstract
I,
provided
that
to
her
so
that
she
could
represent
the
social
community
in
DC,
so
that
happened.
I
think
yesterday
was
the
deadline
and
then
I
wanted
to
review
the
ossf
landing
page
with
folks,
but
before
I
do
that?
Are
there
other
topics
that
people
wanted
to
cover.
A
You
know
just
a
track
published
using
I
need
to
open
this
up
to
people.
I
guess
I,
didn't
I
didn't
do
that
right
tracks
also
landing
page.
C
C
If
there's
anything,
we
could
do
to
sort
of
push
contributors
in
the
community
to
sort
of
like
swarm
on
some
of
these
final
ticket
items
like
you
know
whether
it's
like
a
daily
slack
call
to
action
like
just
a
reminder
here
are
some
of
the
the
big
you
know
here
are
some
of
the
things
I
think
that
that
might
be
useful,
because
I
already
reached
out
to
Mark
about
hey.
If
there's
anything
I
need
to.
C
C
C
A
where'd.
It
go.
A
D
Just
recently.
A
Include
some
tasks:
okay,
yeah,
so
this
is
definitely
it.
So
we
could
do
that.
A
A
Got
it
You.
D
A
Yeah,
okay,
so
let
me
put
here,
it
goes
okay,
folks,
to
review.
Let's
say
by
end
of
day
no
I
I
today.
B
A
Now
you
don't
want
necessarily
the
folks
that
haven't
been
contributing
to
salsa
right
now,
that's
more
once
it's
once
the
blockers
are
done,
then
our
refresh
sorry
request
for
comment.
That's
when
we
would
broaden
it
right.
Yes,.
C
B
D
A
So
we
haven't
begun
work
on
on
this.
We
do
have
work
on
one,
which
is
the
the
developer
blog,
it's
kind
of
where
it
was
late
last
year.
So.
D
A
To
revisit
it,
I
think
Our
concern
has
been
things
have
shifted
so
much
while
we
were
writing
just
that,
one
that
we're
worried
that
if
we
start
the
other
ones,
it's
going
to
shift
even
more,
especially
during
the
request
for
Content
comment.
So
we
don't
necessarily
want
to
start
too
early
in
case
something
fundamental
does
change
because
it
did
happen
with
the
provenance
part
right
Jay,
where.
A
It
out,
while
we
were
creating
that
blog
and
we
were
like
oh
good.
B
But
yeah
right
right
now,
things
are
still
way
too
way
too
many
changes
happening
just
to
get
to
1.0,
no.
D
B
B
I
do
I,
do
have
a
suggestion,
though,
as
far
as
as
far
as
the
landing
page
goes,
I
mean
I,
I,
I
and
I.
Think
the
landing
page
should
probably
be
something
that's
that
gets
brought
up
to
the
to
the
broader
working
group.
B
We
have
salsa
s2c2f
and
Fresca
that
are
currently
being
worked
on
and
I.
Think.
B
If
we
do
it
open,
ssf
landing
page,
it
should
be
a
working
group,
landing
page
that
convinced
that
can
then
be
be
tabbed
out
or
or
you
can
have
different
pages
off
of
there
of
the
different
initiatives
that
we're
working
on,
because
I
think
if
we
do
that,
that'll
open
up
the
ability
to
have
the
the
larger
framework
that
that
we're
supposed
to
be
developing
within
the
working
group
that
larger
framework
that
encompasses
all
those
things
that
it'll
provide
less
work
for
us
to
do
later
on
working
group
wise
to
make
that
make
sense
right.
A
Yeah,
no
I
completely
agree
and
I
actually
brought
that
up
to
Tracy
I
said
hey
instead
of
just
also,
why
not
do
the
supply
chain,
Integrity,
working,
group
and
I?
Think
if
I
remember
correctly
in
a
nutshell,
it
was
because
people
are
more
focus
on
the
actual
Community
versus
the
working
group,
something
along
those
lines
where
it's
it's
all
about.
The
actual
you
know
project,
not
the
working
group.
So
that
was
the
explanation
given
to
me,
but
I
did
advocate,
for
that
we
can
always
go
back
to
say
no.
A
We
really
do
want
supply
chain
Integrity
working
group
on
here,
but
there
was
some
pushback
on
that
when
I,
when
I
asked
about
it.
A
A
So
Tracy
Miranda
reached
out
to
say:
hey,
we
created
a
six-store
landing
page
on
the
openssf
website
and
we
would
like
to
create
one
for
salsa
and
so
I
met.
A
Yeah
so
I
to
figure
out
you
know
what
do
we
need
to
do,
and
so
she
gave
me
the
template
and
when
I
was
meeting
with
her
I
asked
well,
why
just
salsa
right
what?
Why
not
do
because
I
see
you
know,
there's
Sig
store,
cosine,
recore
right,
it's
still
under
six
store,
but
you
know
there's
a
bunch
of
different
projects.
So
I
was
thinking
well
supply
chain
Integrity.
A
Let's
do
Salsa
Fresca,
you
know
S2
c2f,
but
she
said
that
it's
not
about
the
working
group,
it's
about
the
actual
project
and
she
actually
pointed
to
oh.
What
was
it
hold
on?
Give
you
one
second
I'll
show
you.
D
But
that's
it:
if
you
go
to
the
community
value,
you
see
the
different
entries
there.
A
C
A
D
B
Yeah,
that's
a
I
mean
I,
don't
want
to
say,
that's
a
bit
short-sighted
I
like
even
let
me
put
like
this.
Even
if
you,
even
if
you
did
a
supply
chain,
it
doesn't
have
to
be
supply
chain
Integrity.
If
you
just
did
a
supply
chain
site
right,
because
I
mean
that's.
That's
what
that
that's!
What
the
the
culmination
of
this
is
is
secure
supply
chain.
B
You
just
did
a
site
like
that,
and
then
you
did
one
for
salsa
only
right
now
right,
but
you
had
the
other
ones
and
then
they
said
and
then,
if
you
clicked
on
them,
it
says
you
know.
No,
you
know
how
you
know
how
old
school
websites
used
to
say,
work
in
progress
or
curly.
You
know
what
I'm
talking
about
right.
You
could
easily
do
that
and
and
then
now
you're
you
have
a
template
for
what
will
end
up
becoming
something
that
you
know.
If
we
do
it
correctly.
D
Well,
by
the
way
you
know
in
all
fairness,
I
think
there
are
different
ways
to
look
at
it.
That
they're,
not
necessarily
you
know
exclusive
and-
and
you
know,
if
you
think
in
terms
of
community
You,
could
argue.
Okay,
you
know,
salsa
is
one
point
of
view.
That
address
is
specific
audience
and
the
s2c2f
is
a
different
community
and
if
they
want
to,
you
know
make
that
the
axis
for,
like
you
know
how
you
organize
things.
B
Let
me
let
me
let
me
put,
let
me
put
you
like
this
right,
so
so
blue
hat,
who
had
just
happened,
that's
the
that's
a
conference
that's
held
by
held
here
by
Microsoft
in
Seattle
blue
hat
conference,
and
they
came
to
me
and
asked
me
about
slides
and
they
were
getting
ready
to
talk
about
the
openness
itself
when
they
were
talking
about.
You
know
producer,
focused
threats
and
vulnerable,
no
threats
and
then
consumer-focused
threats
and
they
had
a
whole
bunch
of
slides.
I
said
well,
those
slides
look
great.
B
But
if
you're
talking
about
the
openness
itself,
you
ought
to
put
in
what
has
to
do
with
producer,
Focus
consumer
focus
and,
if
you're
thinking
about
supply
chain.
These
are
the
things
that
we're
working
on
so
I
had
them
produce
a
slide.
That
literally
said
salsa,
s2c2f
and
Fresca
right
on
it.
That
was
the
slide.
The
whole
slide.
Okay,
I
mean
I
like
it
like
it,
I
I,
don't
I,
don't
know
that
that
dare
I
say
we
need
to
stop
talking
about
these
things
as
if
they
don't
feed
off
of
each
other
anymore.
B
B
Build
you
put
the
encryption
to
lower
it.
That's
just
secure
Bill
pipeline,
you
think
about
it.
That
way,
but
we're
all
working
on
these
things
and
look
who's
in
this
meeting.
Mike
is
in
this
meeting
you're
in
this
meeting
I'm
in
this
meeting
and
we're
scattered
across
all
three
of
these
things
there's
a
case
that
could
be
made
for
us
to
anyway
I'm.
So
boxing
again
sorry.
D
I,
just
you
know,
I'm
not
against
what
you're
saying
I
think
you
know
there's
some
sense
to
what
you're
saying
too,
that
I'm
just
trying
to
be
conciliant
and
say:
okay,
maybe
they.
D
A
That's
really
all
that
I
see
on
the
website,
I'm,
not
saying
that
there
isn't
something
somewhere
else,
but
that's
what
I've
been
able
to
see-
and
you
see
this
part
where
it
says-
improved
software
Supply
chains.
We
should
be
able
to
click
on
this
and
have
that
supply
chain
website
that
you're
referring
to
with
the
working
groups
or
the
you
know,
communities
that
are
underneath
it
to
say
this
is
what
we're
doing
right,
but
right
now
it
doesn't
there's
no
linkage
in
here.
Maybe
in
the
plan
it
shows
it.
A
I
know:
Brian
bellendorf
presented
it
at
open
source,
Summit,
North
America
last
year
and
I
remember
taking
a
picture
of
it,
but
I've
not
seen
that
slide,
since
that
it
showed
what
all
the
groups
were
and
what
what
the
supply
chain
was,
that
they
were
focusing
on.
Go
ahead.
Yeah.
C
No
so
he's
been,
he
started
off
at
Cloud
native
security
con
as
well,
so.
C
Which
I
need
to
make
sure
that
they
keep
forgetting
to
leave
on
Fresca?
They
have
S2
c2f
and
they
have
salsa,
but
they
keep
forgetting
Fresco
I'll
I'll
ping
them
on
that
one.
That's
annoying.
A
A
It
just
so
happens
that
we're
under
the
supply
chain
Integrity
working
group,
but
even
if
it
doesn't
fall
under
there,
we
could
reference
other
things.
I,
don't
think
spdx
isn't
under
open
ssf
right.
That's
only
under
Linux
Foundation.
C
A
A
A
A
This
one
right,
because
this
is
everywhere
and
even
for
the
six
door-
one
I
mentioned
to
her
I'm
like
hey.
This-
would
have
been
really
good
to
put
at
the
top
of
this
page
right
like
it's.
This
thing
is
taking
up
so
much
space
up
here
and
you
don't
even
see
it.
A
If
you
don't
have
your
window
open
all
the
way
right,
even
if
I,
like
minimize
it
and
I
minimize
the
the
font
it
you
have
to
scroll
at
in
some
cases,
but
it
almost
looks
like
an
afterthought
versus
this
should
be
front
and
center
like
this
is
the
problem
it's
trying
to
solve
right.
This
is
why
we're
doing
this
and
why
we're
focusing
on
Sig
store
the
same
thing
as
salsa
or
any
of
the
other
things.
A
We
should
highlight
that
10-point
mobilization
plan
and
how
it
fits
into
it
at
the
beginning,
not
necessarily
at
the
end,
and
so
that
kind
of
also
feeds
into
that
supply
chain
security
website.
You
were
mentioning.
D
You're
touching
and
one
of
my
paint
piece
with
open
ssf,
which
I
have
openly
shared
with
Brian
several
times,
which
is
there,
isn't
one
way
to
to
describe
how
things
are
organized
within
open
ssf,
and
so
the
mobilization
plan
was
actually
added
after
the
fact
and
they
went
through
this
exercise
and
tried
to
map
it
to
the
existing
activities.
We
don't
open
ssf,
it
is
an
afterthought,
and
so
here
I'm
even
surprised
they
put
a
reference.
Do
you
think
it
should
be
front
and
center?
D
Yeah
I
think
so,
but
when
I
asked
when
Brian
came
up
with
the
mobization
plan,
I
said:
is
that
the
way
we're
going
to
organize
everything-
and
he
said
no?
No,
no,
not
at
all
and
I
said
why
not
you're
just
adding
yet
another
way
to
look
at
the
way
their
the
activities
are
organized.
It's
a
nightmare.
It's
so
confusing
already
and
you
just
I
didn't
get
another
point
of
view.
You're
not
helping.
D
A
A
You
know
push
forth
as
recommendations
for
openss
that
that
is
the
purpose,
so
focus
on
that
and-
and
you
know,
communicate
that
as
much
as
you
can
and
how
everything
integrates
right,
anywho
anything
else
on
this
landing
page
thing
in
terms
of
what
we've
been
talking
about,
not
necessarily
the
content
of
the
landing
page.
C
Yeah,
no
I
I
think
you
hit
a
lot
of
the
good
stuff.
I
know
one
of
the
it's
still
a
big
thing
that
also
a
lot
of
end
users
have
been
asking
is
like
yeah.
How
does
salsa
fit
into
this
mobilization
plan?
How
does
salsa
fit
into
this
new
Sterling
tool
chain
that
folks
have
been
talking
about?
How
does
this
fit
into
you
know?
Alpha
Omega
is
one
of
the
big
projects
like
does
it
fit
in
yeah
yeah,
and
a
lot
of
that
sort
of
stuff
is
not
there
and
once
again,
I.
C
Don't
think
it's
on
us
to
necessarily
do
all
that
work,
but
I
do
think
bubbling
that
back
up
to
be,
like
you
know
to
some
of
the
folks
like
like
Brian,
to
be
like
hey,
you
know,
a
lot
of
us
are
very
confused
and
and
even
I
don't
want
to
go
down
the
rabbit
hole,
but
I
also
just
found
out
that
one
of
the
working
groups
plans
to
have
a
supply
chain
taxonomy,
but
they
haven't
yet
contacted
the
supply
chain.
C
Yeah
yeah
and
to
be
clear:
it's
not
necessarily
that,
like
there's
anybody
at
fault
outside
of
you
know,
it
would
be
great
if
there
was
a
general
like
hey.
If
there's
something
missing
like
a
taxonomy
thing,
then
it
should
be
a
partnership
between
the
folks
who
are
focused
on
that.
Plus
this.
You
know
the
end
user
group
or
whatever
right
yeah.
B
I
think
that
sort
of
stuff-
that's
something
I've
been
trying
I've
been
trying
to
get
I've
been
I've,
been
saying
that
since
the
summertime
you
know,
I
mean
there's
certain
things
that
we
ought
to
not
be
doing
like
in
in
a
silo
and
that
and
that's
one
of
them,
especially
since
we
have
the
best
practices
working
group
that
has
a
whole
damn.
You
know
terms
a
terms
and
definitions,
thing
that
they're
working
on
and
you've
all
heard
me
saying
many,
and
not
just
not
just
in
that
meeting,
but
also
many
a
salsa
meaning,
hey
guys.
B
Have
we
reached
out
to
the
to
the
terms
and
and
definitions
team
to
see
what
their
terms
and
definitions
are?
Maybe
we
can
take
some
of
these
terms
and
bring
them
over
there.
Maybe
we
could
take
some
of
those
terms
and
bring
them
over
here,
but
one
thing
we
need
to
do
is
be
speaking
with
one
voice.
No,
we
should
be
across
the
entire
open
ssf.
We
should
not
be
saying
one
thing
here
and
then
another
thing
over
there
and
they
mean
the
same
thing.
That
should
not
happen
across
the
whole
open,
necessary.
C
A
D
A
D
A
D
A
A
C
Oh
so
so
this
was
a
different
one,
so
yeah
that's
one
thing
that
needs
to
be
added
in
here.
C
So
so
there
was
a
slide
here
that
had
S2
c2f
on
it.
I
saw
that
one
at
the
CNS
con
keynote
that
Brian
Brian
gave
okay,
but
I
did
not
see
Fresca
on
there
and
yeah
yeah.
B
A
D
Let
me
we
can
ask
David
for
the
letters
version
if
there
is
one
somewhere
else:
oh
Brian,
maybe
as
it
okay
100.
What?
If
there's
somebody
in
the
staff
who
is
like
the
official
owner
of
the
slide
that
you
would
want
to
get
to
update
the
you
know
the
source
of
Truth
so
that
everybody
else
get
the
updates,
because
otherwise
you
know
it's
the
kind
of
game
that
never
ends
where
Mike
you
say:
hey
David
fix
it's
missing,
Fresca
they
added
there
and
then
the
next
guy
doesn't
and
then
it
gets.
You
know
it
propagates.
A
Fresca
and
S2
c2f,
and
if
you
know
of
others
that
need
to
be
added
to
the
mobilization
plan,
you
know
feel
free
to
point
them
out,
but
yeah.
If
we
can
get
the
the
actual
name
copy
of
whatever
it
seems
like
it
might
be
this
one,
but
because
I
don't
see
any
revision,
history
I,
don't
know
if
it
truly
is
or
if
it's
like
a
static
document
that
is
getting
published
every
so
often
and
it's
not
truly
the
live
one.
B
D
A
D
A
I
think
in
terms
of
the
taxonomy
we
could
definitely
I'm
pretty
sure
the
monthly
meeting
is
tomorrow
or
supply
chain.
Integrity
working
group
we
could
potentially
bring
it
up
tomorrow
to
say:
hey.
Does
anybody
know
about
what
the
end
user's
working
group
is
doing,
and
is
anybody
partnering
with
them?
If
not,
and
someone
raised
their
hand
to
go
partner
with
right,
because
it
would
be
good
to
know
if
they're
working
in
a
silo
or
not,
especially
if
they're
not
working
with
the
best
practices
working
group
I,
don't
know.
If
anyone
can
answer
that
even.
B
Oh,
no,
that
no,
it's
definitely
siled
work
that
I'm
that
I'm
actively
trying
to
get
some
some
tentacles
out
and
say:
hey,
let's
all
bring
this
in.
Let's
all
you
know
come
together
around
this.
It's
definitely
siled
work,
I
mean
there's
a
The
Proposal
is
being
pitched
to
the
tech
for
this
work
from
the
end
users
working
group
and
then
was
saying.
Well,
maybe
this
should
be
like
a
like
a
a
Consortium.
Maybe
maybe
we
should
come
together
and
Pitch
together.
This
shouldn't
be
pitched
by
you
know
it's
by
one
working
group.
A
Read
the
well
yeah
yeah
that
I
know
now
in
terms
of
other
content,
because
I
I
heard
hey,
we
should
probably
see
or
show
you
know
how
salsa
is
connected
to
all
these
different
things
and
I
think
that's
a
great
idea
not
only
from
the
mobilization
plan
but
to
some
of
the
other
projects.
A
A
Bligh
is
working
with
maybe
Isaac
on
the
launch
stuff,
or
at
least
that's
what
Isaac
said:
I'm
not
sure
if
Mark
or
Joshua
is
involved
in
any
way,
but
I
suspect
that
there's
going
to
be
some
sort
of
video
and
then
we
could
have
our
you
know
blogs.
A
Should
we
have
salsa
case
studies
right
for
maybe
version
dot
one
and
then
maybe
people
that
are
potentially
going
to
attempt
1.0
when
it's
in
RFC
I,
don't
know
if
that's
a
good
idea
or
not,
but
there's
a
lot
of
options
here
and
so
curious
about
your
thoughts
on
what
should
be
contained
on
this
page.
So
we
can
kind
of
start
putting
that
that
that
vision
and
message
together.
B
Yeah
I
mean
I,
I
I
agree
with
what
you
just
said.
You
know
that
video
of
1.0
launch
use
cases
definitely
use
cases.
Maybe
a
thing
with
with
the
doctors.
B
Doctors
organizations
who
have
adopted.
A
Oh
I'm.
B
Not
sure
if
we
could
even
put
that
down
there
like
that
I,
don't
even
I,
don't
even
know
if
that's
if
we
can
actually
do
that,
because
it
because
it's
a
I
mean
we,
you
know
we're
we're
working
towards
a
spec.
But
you
know
if
organizations
are
willing
to
say,
hey,
yeah,
we're
we're
adopting
or
we're
currently
using
it
in
our
organization
that
could
be
put
down
as
well
definitely
partner
organizations.
You
know,
organizations
that
are
working
to
to
make
it
better
right.
B
So
maybe
I
don't
know
what
what's
I
guess
we
have
to
check
on
check
with
legal
on
some
of
that
right
who
who's
willing
to
be
put
down
on
a
site
who's,
not
a
public
site
who's
willing
to
be
have
the
names,
have
the
name
shouted
out,
yeah.
B
Well,
each
each
individual
company
I
mean
I,
mean
this,
we're
all
volunteers
here
right,
so
yes,
having
our
names
on
it
right
I
mean
that
that's
just
you
know
we,
we
are
representative
of
of
our
respective
organizations,
but
at
the
end
of
the
day,
we're
all
volunteers
here
when
it
comes
to
being
on
this
or
having
companies
who
are
adopting
it
on
the
site.
B
That
might
be
a
different
case.
Where
do
does
a
company
want
to
say,
hey
yeah,
we're
openly
adopting
this?
Do
they
want
that?
To
be
known?
That's
a
that!
That's
that's
that
those
are
those
are
legal
things
right
there,
but
as
far
as
volunteers
are
concerned-
or
we
can
just
put
our
names
down
not
necessarily
put
down
the
organization
that
we're
that
we're
coming
from
now,
yeah.
A
B
The
what's
the
the
the
the
advantage
or
disadvantage
to
that
Advantage.
You
can
do
that
and
you're
doing
it
as
a
volunteer
disadvantage
for
the
organization
that
you're,
representing,
especially
if
your
organization's
member
organization
of
the
openness
and
stuff
is
your
organization,
will
probably
say:
hey
I
want
our
name
on
that,
because
we're
we're
actively
working
towards
producing
something,
that's
going
to
be
used
globally.
Then
another
organization
may
say:
well
we
don't
put
money
up.
Therefore,
we
don't
want
our
name
on
it.
B
Right
I
mean
there's,
there's
a
whole
bunch
of
stuff
like
that,
and
then
you
have
to
decide
as
an
individual
how
you
want
to
go
there
I'm
only
I'm,
only
putting
out
these
these,
these
little
I'm
spitballing
these
little
these
little
things
out
here
and
that's
only
because
when
it
comes
to
the
site
itself,
the
point
of
that
is
if
this
is
going
to
be
a
a
an
actual
spec
one
day.
B
I
know
I
know
that
this
is
a
project
currently
under
you
know,
currently,
under
the
the
dare
I
say,
the
the
Ella,
that's
being
worked
towards
becoming
a
speck.
There
are
certain
criteria
for
that
to
occur,
and
one
of
them
is
being
able
to
provide.
B
You
know
a
knowledge
of
who
are
the
adopters
of
this
yeah,
because
that
that
takes
it
from
being
a
great
idea
to
being
an
actual
spec,
and
it's
not
a
spec.
Unless
people
are
adopting
you
right
so
yeah.
A
B
You
can
put
a
if
you
could
put
that
up
on
a
site
and
have
that.
Actually,
you
know
a
location
where
that
information
is
present.
That
makes
it
less
for
the
the
the
the
the
the
body
of
of
people
that
have
to
look
at
it
and
approve
and
make
it
a
spec
that
takes
less
work
for
them
to
do
so.
A
What
about
there's
been,
you
know,
presentations
previously
given
by
companies
claiming
to
be
salsa
compliant
right,
so
potentially
we
could
add
like
a
not
necessarily
a
link
to
each
of
them,
but
maybe
there's
some
sort
of
folder
repository
to
say
hey.
These
are
my
access
has
expired.
What.
D
B
B
D
B
About
the
the
everyone
claiming
to
be
salsa
compliant,
I
I
think
we
should
take
that
with
a
grain
of
salt
right
now,
because.
A
D
So
it's
let
me
interject
on
that
one,
because
this
is
a
topic
of
discussion
within
the
South
suspect
or
and
so
there's
a
plan
to
develop
the
certification
program
to
try
to
clean
up
that
mess
there.
D
But
in
the
meantime,
what
the
spec
or
the
salsa
Dev
website
is
going
to
have
is
a
list
of
claims
without
any
kind
of
endorsement
from
the
open,
ssf
or
the
salsa
spec
group
saying
these
are
you
know
things
that
people
claim
are
compliant
at
whatever
level
they
want
to
come
to
claim
right,
and
so
there's
going
to
be
some
kind
of
list
like
this.
A
Yeah
so
I'm
wondering
if,
if
we
can
have
informants
program,
link
description
too
on
that
page
to
say
hey
if
you
believe.
A
D
Add
that
I
think
that
would
make
sense
yeah.
D
You
definitely
yeah
I,
know,
I,
think
that
I
mean
people
are
going
to
invest
money
in
being
compliant,
no
conformant
with
salsa,
and
if
they
are
members,
especially
of
openness
except
they
should
be
able
to.
There
should
be
a
member
benefit
yeah
to
be
able
to
advertise
that
they
are
conformant
yeah.
A
Yeah,
wait,
wait,
wait
for
you,
know
more
news
or
something
or
see
this
GitHub
repo.
If
you
want
to
participate,
I,
don't
know
yeah.
B
I
definitely
like
that,
though,
something
that
something
that
you
know
you
put
up
a
link
to
a
centralized
situation
where,
where
we're
actively
vetting,
because
anyone
who
says
that
salsa
can
compliant
right
now,
that's
a
that's
a
no
bueno
situation.
You
can't.
D
B
A
A
A
B
A
B
So
I
think
the
blessing
there
is.
That
is
that
there's
an
argument?
Oh
this!
This
is
truly
a
blessing.
There's
an
argument
on
why
there's
no
level
two,
because
if
you
do
this
one
thing
it
should
take
you
from
one
to
three
and
and
of
course
now
you
got
to
shrug
the
shoulders
and
say
well:
I
I,
don't
in
the
land
of
just
creating
in
the
land
of
creation
of
specs
man,
I,
imagine
you
can
do
whatever
the
hell
you
want,
but
but
I
think
I.
B
D
I
agree
with
you,
Jay
I,
think
that's
a
very
accurate
point
and
and
I
do
find
that
odd.
And
if
you
look
at
the
get
started
page
they
have
on
the
south
Sunday
website.
It
basically
says:
don't
bother
with
one
and
two
just
go
through
three.
It's
easy
just
do
this
and
you're
like
then,
why
do
we
expect
this
out.
D
D
B
Attend
the
tooling
meetings
as
much
as
I've
attended
all
the
others.
The
last
time
I
attended
the
tooling
meeting.
The
focus
was
only
on
s-bombs.
The
focus
wasn't
on
that
was
the
last
tooling
meeting
I
attended.
It
was
just
s-bombs
because
they.
B
A
A
Right
so
it'll
say
compile
your
go
project
using
a
salsa
3
compliant
Builder,
but
the
other
one
is
talking
about
generating
provenance
for
your
right.
So
there
are
two
different
tools,
both
claiming
to
be
salsa
level,
three
compliant.
But
again
it's
also
level
three
wasn't
even
well
defined
in
version.1.
So
how
can
and
it's
very
it's
not
finalized
in
one.
So
how
can
you
claim
Solstice.
D
A
D
Mean
Jay
you're,
going
to
love
that
one
I
mean
if
you
go
to
the
salsa
Dev,
you
know
website
get
started,
there's
a
pull
request
right
now
that
I've
objected
to
which
you
know
tries
to
revive
that
document.
Saying
basically,
if
you
use
GitHub,
do
this,
if
you
use
Google
Cloud,
do
that
and
if
you
use
friends
can't
do
this
and
if
you
use
something
else
well,
don't
just
use
one
of
those
foreign.
D
A
D
I
mean
I
was
like
come
on,
guys
I
have
to
say
Abhishek
or
yeah.
Some
Google
agreed
with
me
saying:
yeah
guys
we
can't
do
this.
This
is
not
right,
it
cannot
promote.
You
know,
proprietary
solution.
If.
B
I
say
if
I
say
something
it'll
only
sound
like
I'm,
so
boxing
again
this
this
certain
things
like
You're,
Gonna,
well,
I
mean
you
gotta
understand,
like
I
I've
been
I've,
been
working
on
policies
and
proceeds.
It's
been,
it's
been
over
a
decade,
I've
been
doing
this
stuff
and
you
there
really
is
a
a
you.
Gotta
follow
the
bouncing
ball
with
this,
because
otherwise
adoption
becomes
extremely
difficult
and
adoption
with
any
seriousness
becomes
difficult.
B
I
I
I
mean
if
you,
if
you
do
this
incorrectly
you're,
going
to
end
up
with
a
paperweight,
because
people
are
not
going
to
trust
you
anymore.
You
know
I
mean
you
have
to
be
very,
very
careful
about
how
much
you
try.
There's
a
certain
point
where
you,
where
you
try
to
get
adopters
to
to
a
spec,
and
at
that
point
you
should
be,
you
should
only
be
refining.
You
should
only
be
smoothing
out
edges
at
that
point.
You
shouldn't
be
tossing
back
and
forth.
B
What's
one,
what's
two,
what's
three,
what's
two,
what's
one,
what's
this,
what's
that,
what's
the
other
go
over
there
do
this,
because
this
is
three
well
didn't
you
just
say
that
that's
not
three!
Yet
because
three,
we
even
hit
version
one
you,
if
you
keep
doing
that
too
much
you're
going
to
lose
people.
Yes,
you're
gonna
lose
people
you're,
not
gonna,
trust.
You
yep.
A
Yeah-
and
that
was
the
point
I
made
I,
don't
know,
I,
don't
think
it
was
this
week.
It
was
probably
a
couple
weeks
ago,
where
I
said:
are
we
solid
with
one
with
level
one?
Yes,
okay,
are
we
solid
with
two?
Yes,
okay,
are
we
followed
with
three
no
don't
put
in
the
1.0
draft,
because
if
you
keep
changing
things
from
from
people
like
the
foundational
things
you're
making
people
do
rework
and
then
you
lose
that
trust
people
aren't
going
to
want
to
implement
it
and
you
have
to
make
it
easy
to
implement
so.
D
I,
don't
want
to
speak,
you
know,
I,
don't
want
to
speak
lbs
on
Google
I'm,
not
a
Google,
employee
I,
don't
know
exactly,
but
it
seems
to
me
that
they
are
pressing
to
get
someone
out,
so
they
can
claim
that
Google
cloud
is
salsa
3
compliant.
So
the
idea
of
removing
level
three
probably
doesn't
fit
their
agenda,
but
you
know
I.
This
is
speculation
from
my
point.
To
be
honest,.
D
A
D
I
am
an
old
standards
guy
and
you
know
standards
take
a
long
time
to
do
and
you
can't
just
rush
them.
It's
it's
solved.
It
doesn't
happen
like
yeah
when
I
heard
Mark,
you
know
back
before
it
was
before
Thanksgiving.
He
said
he
wanted
to
be
done
by
Thanksgiving
and
I
was
like
it's
just
completely
unrealistic,
and
now
he
says:
okay,
we
need
to
be
done
by
the
end
of
the
month,
but
I.
A
Okay,
I
have
to
run
great.
A
I
I
do
think
we
have
a
good
amount
of
things
that
we
could
put
on
the
website
outside
of
the
whole
mobilization
plan,
so
I'll
figure
out
how
to
change
the
permissions
on
that
Google
doc.
A
I,
don't
know
how
it
got
to
the
state
where
no
one
can
do
anything,
not
even
myself
so
I'll
I'll
figure
that
out
and
resend
out
the
the
link.
So
people
can
start
adding
comments
or
you
know,
content.