►
From YouTube: SLSA Positioning Meeting (January 17, 2023)
Description
Meeting notes: https://docs.google.com/document/d/1tpPOXVzNSwtpWA7cXhTPLAO6HIP50obUvoP85XqgVHM/edit#heading=h.yfiy9b23vayj
SLSA repo: https://github.com/slsa-framework/slsa
A
C
A
Forget
that,
for
some
reason
this
doesn't
have
like
a
little
ding
dong
when
somebody
like
joins
so
I'm
sitting
here
doing
other
things
and
I'm
like.
Oh,
let
me
go
check
to
see
if
anybody's
joined
sure
enough
two
people
joined
thanks.
Thank
you
for
joining
folks.
A
A
If
folks,
on
the
call
that
haven't
already
filled
out
the
meeting
time
survey
or
this
yeah
for
this
particular
meeting,
if
you
could
fill
it
out,
we're
trying
to
see
based
off
of
the
folks
that
regularly
attend
this
meeting.
A
If
there's
a
better
time
that
might
be
more
suitable
for
some
of
the
other
Sig
leads
so
that
we
can
know
what
each
of
the
different
cigs
are
doing
within
salsa,
so
we're
trying
to
see
if
a
an
earlier
time
might
make
more
sense
or
if
it
could
even
work.
So
if
you
have
a
few
minutes,
if
you
can
fill
that
out,
that'd
be
fantastic
and
then
second
item
is
obviously
signed
in
I
haven't
even
signed
in.
A
So
let
me
let
me
sign
in
myself
and
if
you,
if
I,
for
whatever
reason
you
hear
screaming
or
I,
go
on
mute
and
disappear,
I
have
two
sick
kids
at
home,
so
it
has
been
quite
the
the
day
today,
coming
back
from
I,
wouldn't
say
holiday
because
they
were
sick.
Yesterday
too,
so.
A
Okay,
let's
go
ahead
and
get
started.
Let
me
share
screen.
A
Everybody
see
my
screen:
okay,
okay,
awesome,
okay!
Let
me
zoom
in
real,
quick,
okay,
so
I
did
put
that
in
the
in
the
chat
for
the
meeting
time
survey,
so
I'm,
hoping
to
close
that
out
and
get
a
couple
more
folks
to
chime
in
this
is
a
quick
update
for
the
ossf
website
for
salsa.
A
Tracy
is
finally
back
from
vacation,
so
she's
gonna
set
up
a
meeting
to
kind
of
go
through
like
what
we
need
to
do
to
kind
of
kick
start
this
process
off
and-
and
you
know
what
types
of
things
that
they
need
from
us
and
before
I
go
on
to
other
things.
Does
anybody
have
any
topics
to
discuss
that?
Aren't
these
last
three.
A
Silence
is
I,
guess
golden
in
a
sense,
this
scenario:
okay,
so
I'm
hoping
to
to
get
through
these
two
things
finalize
the
conference
top
titles
I
think
we
did
a
pretty
good
job
last
time
with
with
Michelle
on
the
call
and
then
kind
of
start,
the
abstracts
for
those
talks
and
then
I
was
brainstorming
on
1.0
blog
ideas.
A
If
folks
on
on
this
call,
aren't
aware,
basically
1.0
is
scheduled
or
RFC
February
and
they're
going
to
give
about
a
month
of
Time
for
That
RFC
and
during
that
time,
what's
going
to
happen,
is
the
positioning
group
and
the
tooling
group
are
going
to
try
to
make
sure
that
they
are
ready
for
the
1.0
launch
tooling
can
handle
the
1.0
changes
and
then
positioning?
Can
you
know
get
ready
with
all
the
logs
that
we
need
for
the
1.0
launch
and
so
they're
going
to
give
it
about
a
month?
A
And
if
tooling
and
positioning
is
not
ready
or
something
else
comes
up,
then
they'll
just
push
the
RFC
for
a
little
bit
so
that
we
can
try
to
finish
the
the
1.0
push
and
and
kind
of
all
be
in
alignment.
So
that's!
What's
happening,
and
so
I've
started
to
think
about
the
blog,
like
the
blog
that
we
were
working
on,
that
we
probably
need
to,
we
might
need
to
tweak
hi
jumpsy.
Thank
you
for
joining.
A
A
A
Hi,
okay,
can
you
introduce
yourself
if
you
are
willing
I,
it
seems
like
you
are
a
newcomer
and
welcome
to
the
salsa
position
meeting.
E
Yes
actually
yeah
yeah.
My
name
is
Leon,
actually
I'm
part
of
Accenture
working
as
a
devil's
engineer,
yeah
and
I'm
just
interested
in
this
salsa
and
related
topics,
so
I
just
found
in
a
CNC
of
from
regarding
these
links
and
meetings,
so
I
just
joined
for.
A
Awesome
well,
thank
you
for
joining.
Basically,
we
talk,
obviously
anything
and
everything
about
salsa
and
how
to
how
to
educate
the
community
on
salsa
and
what
we
should
be
doing.
A
A
So
that
could
be
something
interesting
for
you
to
attend
as
well,
but
for
for
today's
meeting
we're
talking
about
the
open
source,
Summit
North
America
conference,
that's
coming
up
in
May
and
we
are
trying
to
submit
talks
as
a
salsa
group
to
discuss
salsa
to
the
community
and
so
we're
hoping
to
wrap
some
of
that
up
today
and
then,
after
that.
If
we
do
have
time,
then
we'll
talk
about
some
of
the
blog
ideas
for
the
1.0
launch.
A
That's
coming
here
soon,
but
thank
you
for
joining
appreciate
it
field,
so
the
other
okay,
so
blogs
so
I
started
thinking
about
the
blog
ideas
for
1.0.
A
Why
break
up
build
versus
Source
so
I?
Obviously
we
have
the
developer
blog
that
we
started,
and
then
this
is
an
obvious
one
right,
the
what's
new,
but
then
these
two
kind
of
came
up
in
my
head
of
hey
we're
going
to
get
a
lot
of
questions
on
this
right,
the
s-bomb
versus
it's
also
Providence.
Why
is
this
also
provenance
the
way
it
is?
A
Why
is
the
format
different
Etc,
so
I
think
that
would
be
good
to
tackle
head
first
and
then
why
the
breakup
right
people
are
probably
going
to
be
confused.
The
what's
new
will
probably
dive
into
okay.
We
have
broken
it
up,
but
it
may
not
go
into
detail
as
to
the
why
it
was
best
to
break
it
up.
So
that
might
be
another
area
that
we
might
want
to
discuss.
A
A
Okay,
questions
comments
before
we
move
on
to
the
conference
talks
so.
B
Melba
on
the
s
bomb
versus
salsa,
Providence
I
mean
I,
don't
think
it's
a
big
secret.
I
can
say
we
had
some
internal
discussion
within
IVF
as
to
whether
it
made
sense
to
keep
those
things
different
or
if
it
would
make
sense
on
contrary
to
kind
of
have
some
kind
of
convergence
and
for
those
who
are
not
familiar
with
this
I
mean
essentially
salsa
Providence
0.2
X
was
essentially
about
the
build
environment,
but
in
the
next
version
the
one
zero.
B
It
actually
encompasses
a
lot
of
the
stuff
that
you
would
typically
find
in
nesbomb,
which
means
you
have
the
is
especially
with
regard
to
the
dependencies.
So
it
goes
beyond
just
capturing
information
about
the
build
environment
and
also
provides
information
about
the
dependencies
which
you
would
typically
find
in
the
next
Bob
and
so
into
internally.
We
thought
well,
should
wouldn't
be
nice
to
kind
of
consolidate
those
things.
B
A
Yes,
yes,
and
so
what
I
found
on
Friday
was
that
there
are
certain
things
that
the
social
Community
is
wanting
to
capture
within
the
s-bomb
that
the
specification
doesn't
allow
for
today,
without
it
being
lumped
into
like
a
generic
or
other
bucket
right,
because
there
are
fields
that
you
can
say
you
can
add
additional
metadata,
but
it
anybody
can
add
additional
metadata
to
that.
A
It's
not
dedicated
to
that
right,
and
so
it's
not
off
the
table
for
it
to
converge,
or
you
know,
be
one
in
the
same,
but
right
now,
tactically
they're
not
able
to
get
what
they
need
from
the
specification
and
so
I've
asked
Matt
Rakowski
for
the
1.5
CDX
specification
draft
that
he's
helping
with
to
see.
If
that
helps
any
or
to
see.
If,
if
there
is
a
gap,
can
we
release
it
in
the
1.5
to
make
the
transition
quicker?
A
B
A
A
Okay,
so
for
folks
that
weren't
here
last
week,
we
went
through
some
of
these
conference
talks
for
open
source
Summit,
and
we
wanted
to
do
one
first
also
for
for
beginners.
These
were
all
the
titles
that
were
come
up
with
and
we
didn't
really
vote
on
a
final
one.
So
it
would
be
great
if
we
can
kind
of
narrow
it
down
to
one.
A
So
do
folks
have
a
preference-
and
maybe
I
should
number
these
so
that
way
we
can
just
vote
based
off
number
which,
which
title
you
think
would
better
shoot
a
salsa
for
beginners
conversation
now,
there's
also
the
app
set
condiment
salsa.
It
goes
with
all
your
apps
can
I
have
some
salsa
with
that
it's
salsa,
not
seltzer
salsa,
it's
absec,
not
a
dance.
It's
also
with
your
security
teams,
also
dancing
in
your
pipeline.
A
F
B
A
Yeah
so
I
put
the
that
the
link
I'm
going
to
comment
on
these
two
that
these
are
my
favorites,
because
it's
it's.
Let
me
zoom
out
issues
movie
right
because
it's
it's
almost
as
if
you're
explaining
that
it's
not
what
you
think
it
is,
and
so
that
almost
indicates
it's
for
a
newbie
conversation.
A
That
was
Michelle
Michelle
was
awesome.
Okay,
she
was
just
like
turn
like
putting
these
stuff
down
like
constantly
I.
Think
Bruno
came
up
with
the
good
bad
and
ugly
about
salsa
and
I
thought
that
was
really
good
for
a
panel
discussion.
So
I
think
we
have
that
one
settled
but
yeah
this.
This
was
all
Michelle
last
week
and
yeah
she
was.
She
was
on
fire.
A
So
what
do
we
think
folks
for
this?
Also
for
beginners
I'm,
not
seeing
any
votes
in
the
chat
or
on
the
dock
itself?.
A
Are
they
are,
or
maybe
here
how
about
this?
How
about
we
we
go
through
the
other
ones
so
that
we
kind
of
get
to
see
some
of
the
other
ones
and
and
maybe
that'll
help
too.
A
So
this
is
the
good,
bad
and
ugly
about
salsa
and
then
I
don't
think
we
didn't
come
up
with
salsa
Hands-On,
oh
salsa,
Hands-On
demo,
there's
three
there's
also
with
us
or
salsa
with
us
that
dance
of
abstract
or
Salsa
the
dance
of
absec,
so
they're,
very
similar
they're,
just
you
know
different
permutations
of
them
of
of
one
or
the
other,
and
then
for
s2c2s,
salsa
and
Fresca,
which
is
part
of
the
supply
chain
Integrity
working
group.
A
This
was
one
of
the
only
ones
that
Michelle
came
up
with
just
ketchup.
A
This
one
was
a
really
good
one,
so
I
I
like
this
one
and
I
like
the
the
Good
Bad
and
the
Ugly
right.
So
we
really
need
the
the
Hands-On
demo
and
the
that's
also
for
beginners
one
to
be
decided
so.
B
First,
one
is
not
descriptive
enough
because
it's
too
generic,
you
have
absolutely
no
clue
what
this
is
about.
At
least
the
other
one
have
up.
Second,
it
so
I
think
it's
a
bit
better
and
I
I
think
I
would
lean
towards
two,
because
the
withers
goes
well.
If
it's
well,
actually
it
depends.
Is
that
a
it's
not
a
workshop
right,
it's
just
a
demo.
It's.
A
A
Yeah,
but
if
they
didn't
have
a
laptop,
you
know
there
could
be
someone
going
through
the
demo
live,
but
that's
what
we
were
thinking
for
the
Hands-On
demo
that
people
could
Tinker
if
they
really
did
want
to
yeah.
D
F
D
F
D
D
Aaw
either
that
way
because
I'm
not
administered
but
like
what
we
are
in
mentioned
on
point
number
two
and
three
like
what
will
be
the
content
of
this
demo.
So
my
understanding
on
that
is,
we
will
demonstrate
how
a
CI
CD
pipeline
will
utilize
salsa
salsa
for
like
built
and
deployment,
basically
right.
So
that's
what
the
demo
I'm
expecting
to
be
there
as
part
of
this,
or
do
you
think
any
other
things
also
coming
in
the
picture.
A
Yeah,
we
were
thinking
a
level
one
and
level
two
demo,
so
keep
it
very
basic.
A
Obviously
we
could
have
a
a
more
higher
level
level,
three
or
level
four
I
don't
want
to
commit
to
level
three
because
I
know
there's
still
some
level
three
things
that
are
being
defined
and
level
four
we're
not
even
touching
so
I
think
we,
we
decided.
Okay,
if
we
do
a
level
one
level,
two
demo
and
then
just
talk
to
level
three
and
level
four.
That.
A
D
Have
seen
happier
salsa
level
192
demo
with
the
Google
Cloud
build
pipeline,
but
I
also
know
that
you
know
gitlab
also
supporting
this,
but
maybe
my
question
is
like:
are
we
showing
the
demo
with
gitlab
or
with
the
Google
Cloud,
build
pipelines
to
show
this
SLS
level
192,
or
are
we
having
some
other
thoughts
on
it?
How.
A
Do
we
demonstrate
it
yeah?
We
we've
not
decided
that.
Yet
this
is
just
okay,
hey!
We
want
to
submit
a
talk
on
this
because
between
the
tooling,
our
group
and
potentially
the
the
specification
group,
we
can
come
up
with
a
demo
of
some
sort,
but
we
don't
need
the
specifics.
Yet
it's
more
of
okay,
let's
see
if
we
can
get
a
Hands-On
demo
and
if
they
say
yes,
then
we
can
come
up
with
the
demo.
A
We'll
have
to
do
the
work
so
that
that
was
the
thinking
behind
it.
Actually
most
of
this
right,
we
have
a
high
level
thought
of
what
we
could
talk
about,
but
we
don't
have
to
prep
anything.
Yet
it's
just
to
submit
the
ideas.
A
So
for
the
the
Hands-On
demo,
what
are
we
thinking?
I
can
put
my
vote
here.
I
do
like
this.
Also
with
us
yeah
shows
collaboration,
lab
work.
F
D
And
like
I
mentioned
like
when
it
comes
to
the
real
demo,
then
salsa
dancing
in
your
pipeline
will
be
also
a
good
caption.
If
you
show
a
demonstration,
you
see,
git
lab
or
with
the
Google
Cloud
build.
F
G
D
A
Just
this
team,
it's
all
the
three
different
teams
to
try
to.
You
know
talk
about
salsa,
so
we
haven't
decided,
you
know
who
would
be
presenting
or
who
would
be
hosting,
but
we
thought
that
these
would
be
really
good
talks
to
to
submit
and
then
once
we
were
done
with
the
abstracts
we
were
gonna
put
it
out
for
the
other
sick
leads
to
to
take
a
look.
A
So
just
a
heads
up
on
that
yeah
yeah
enough
sounds
good
okay,
so
we
have
several
books
on
the
call.
We
need
to
take
a
little
bit
more
majority
on
the
salsa
Hands-On
demo.
What
we
think
the
title
should
be.
A
B
B
A
A
B
A
A
So
this
is
the
one
that
we
pick
great.
Okay,
there's
only
really
one
for
this
last
one
so
I
think
the
ketchup,
mustard
and
relative
supply
chain
security
is
probably
going
to
win
even.
F
A
Yes,
okay
and
then
this
one's
already
decided,
okay,
so
now
salsa
for.
B
F
B
B
B
And
three,
maybe
is
also
two
generate,
cannot
say
anything
at
all,
but
security
or
anything.
F
B
A
The
dance
of
absec
got
it
all
right.
F
D
Four
point:
number
six
as
well.
The
similar
command
like
salsa
is
not
only
with
the
security
team.
Even
developer.
Do
this
activity
that
also,
like
you
know,
included
inclusive
of
developers,
so.
A
C
F
D
But
just
like
Bill
last
time
also,
we
discussed
this
point
just
in
future.
Salsa
is
a
scope
only
for
the
absec
or
is
in
maybe
future.
It
will
also
consider
any
code
like
infrastructure
such
as
the
code
tomorrow
comes
into
picture.
Whether
are
we
defining
salsa
for
that.
Also,
in
that
case,
can
we
say
salsa
only
for
absec,
it
can
be
foreign.
F
B
F
A
Oh
Mike
I
just
saw
the
the
I
I
like
it
comment.
I,
don't
know
what
that
was
in
reference
to
I'm.
Sorry.
H
Oh
yeah,
that
was
just
the
mustard
relish
ketchup.
Oh.
A
A
For
hot
dogs-
and
it's
true
so
maybe
that
makes
it
a
good
one
because
of
that.
A
I
think
the
same
comment
you
had
here.
Well,
it's
also
with
your
security
team.
It's
not
just
for
security.
D
F
A
A
B
But
I
I
I
agree
with
that.
I
think
it's
it's
one
of
those
cases.
It's
like
you
know
trying
to
find
a
compromise
and
I,
don't
think
it
stopped.
You
from
you
know
expanding
when
you
present
about
it
and
point
out
that
it
goes
beyond
upset
strictly
speaking,
obviously,
but
I
think
it
kind
of
frames
it
and
pretty
well.
G
Well,
I
kind
of
a
agree
with
you
do
with
you
before:
I
I
did
like
it's
also
dancing
in
your
pipeline.
I
like
that
density
of
pipeline
one,
but
but
I
kind
of
I
kind
of
like
your
reasoning
before
about
about
the
Newbie
ones,
I
mean
other
than
that
I
think
I
think
there's
all
these
are
all
really
good.
G
These
are
all
really
good
I,
just
I.
Just
you
know
in
terms
of
so
some
of
the
plan
was
I'm,
not
a
marketing
person.
So
please,
like
you,
know,
I
I,
don't
even
I
think
for
the
most
part,
oh.
B
F
A
G
A
So
Jay
you
you,
we
lost
you
for
a
while.
Oh.
F
A
G
I
saw
the
whole
bunch
of
stuff
after
that,
so
salsa,
it's
abstract,
not
a
dance
like
that.
I
think
I
feel
a
bit
more
rigid
that
one
might
be,
might
be
your
flavor
if
you
like,
you,
know
kind
of
directing
you
you
don't
find
enjoyment
from
this.
You
just
want
to
get
your
information
and
get
in
and
get
out.
It's
also
dancing
in
your
pipelines
a
bit
more
fun
right.
If
you,
if
you
actually
enjoy
this
stuff-
and
you
want
to
you-
know
your
your
happy
go
lucky
about
learning
something
about
salsa.
G
That
might
be
a
bit
more.
Your
flavor,
but
I
also
like
the
comments,
the
four
and
five
because
they
really
go
towards
the
the
the
new
the
Newbie
right,
I
mean
I,
don't
know
I
I,
like
I,
said
I'm,
not
a
marketing
person,
so
you
you're,
you
know,
I'll,
read,
I'll,
read
an
article
without
looking
at
the
title.
B
B
From
that
point
of
view,
it's
good
to
be
a
bit
more
specific
than
just
saying:
can
I
have
some
salsa
with
that,
for
instance,
she's
really
too
generic?
In
my
opinion,.
A
I'm
trying
to
find
the
comments
for
this
one
Derek,
because
I
think
Jay,
you
said
you
know
this
one
too,
just
depending
on
the
audience
Okay.
So
jumpsuit
did
you
said,
did
you
say
even
with
this?
You
would
vote
for
it
or
or
only
if
you
change
the
title.
D
Yeah,
after
changing
the
title,
because
from
my
understanding
like
it's
not
only
limited
to
abstract
so
in
near
future,
we
will
also
come
the
infrastructure
as
God
yeah
right.
For
example,
I
I
have
done
earlier,
like
the
Tata
from
pipeline
implementation,
design
and
development
decision
implementations.
So
there
there
are
some
security
features.
We
added
using
different
tools
like
TF
sex,
Chaco
Etc.
D
So
tomorrow
we
will
also
do
a
specification
for
like
in
France
the
land
will
be
incorporated
to
the
field
and
deployment
vehicle
and
say
that
is
also
now
in
line
with
the
salsa
specification
and
in
version
two
or
three
like
that.
So
in
that
aspect
it's
not
limited
to
upset
so.
A
Don't
know,
is
it
this?
No
that's
clear,
formatting
I,
don't
know
how
to
do
strikethrough
in
Google,
Docs
format.
A
Happen
we
know
this
one's
not
gonna
happen,
pretty
sure
this
one's
not
happening,
but
not
not
Seltzer,.
D
F
F
D
A
Let's
dance
with
salsa
I
feel
like
that
would
be
more
of
a
Hands-On
lab
demo.
Okay,.
F
Yeah
right
yeah.
A
So
I
think
I
think
I'm,
okay
with
one
or
five
I
think
if
we
do
seven
and
we
say
pipeline.
A
A
Even
infrastructure
as
code,
we
might
be
a
bit
much
for
somebody
that
has
just
been
a
developer.
All
their
life
I'm,
not
saying
that
this
is
a
norm,
but
just
if
you're
trying
to
Target
true
beginners,
including
for
salsa,
you
might
have
to
lower
the
expectation
there
could
be
csos.
A
Could
be
you
know,
just
new
new
developers
that
you
know
they're
being
told
hey,
you
need
to
figure
out
how
to
do
this
right,
so
I'm.
Just
thinking
from
that
mindset
that
beginner
mindset,
you
can't
assume
they
know
anything
about
pipeline,
but
at
the
same
time
you
can't
assume
they
know
anything
about
appsec
either.
B
B
A
A
A
A
Okay,
the
panel
discussion
I
think
I
only
put
this
one
experiences
from
different
organizations
and
there's
also
an
adoption
Journey,
not
sure
what
else
we
might
want
to
talk
about
in
the
abstract.
A
H
I'm
sure
folks
are
going
to
want
to
hear
about,
like
you
know,
I
mean
I.
Think
number
one
is
probably
the
most
important
one,
but
I
think
you
know
to
highlight
some
of
those
experiences.
I
think
the
things
I've
always
heard
from
a
few
folks
is
is
like
how
do
they
like?
How
did
those
companies
get
started
in
the
salsa
adoption
journey?
I
know
that
was
one
of
the
the
big
things
we've
been.
You
know
asked
a
bunch
of
times
like.
H
Where
do
you
even
get
started
when
you're
starting
to
look
at
stuff
like
salsa?
Does
that
mean
like
you?
Should
you
should
start
at
Salsa
one?
Should
you
start
at
like
if
you
can
hit
salsa
tours
salsa
three?
Well,
what
should
your
focus
be?.
A
Okay,
one
of
the
things
that
I
I
think
I
mentioned
too,
is
like
how
1.0
affects
them
right.
I
think
that's
something
to
to
really
gain
from
folks
that
have
already
gone
through
their
Journey
with
version.1
and
then
thinking
about
okay.
Well,
what
do
they
now
have
to
think
about
with
1.0,
especially
having
just
come
out?
A
B
D
B
F
D
A
F
A
D
So
can
we
also
like
you
know
where
are
the
like?
You
know
publicly
people
can
use
it
like,
for
example,
as
I
told
like
you
know
the
products
or
the
correctly
available
industry
Solutions,
which
already
adapt
salsa
standards
so
like
gitlab
or
who
will
not
build
or
that
like
how
many
such
products
are
available,
so
that
people
can
start
using
it
and
get
the
benefit
of
salsa.
A
I,
don't
think
we
can
do
that.
Okay,
because
the
conformance
program
right
yeah,
the
we
would
one
need
to
I
mean
we
can
have
metrics,
could
potentially
at
metrics
from
the
conformance
program
right
right
now.
People
are
self-attesting
and
I.
Don't
know
that
everybody's
been
validated,
oh
man
so,
and
some
of
these
may
not
even
be
products.
I
believe
Aaron
was
all
internal
right.
It
wasn't
for
a
product,
it's
internal
I
think
this
was
a
product
I,
think
Google
had
internal
and
external
yeah.
H
B
B
A
F
B
B
Because
then
I
mean
there
may
be
one
question
which
is
about
what
you
were
saying
earlier
for
the
if,
if
it
affects
some
people,
it's
like
you
know,
how
do
you
anticipate
given?
We
have
families
that
have
already
experienced
you
know
which
also
one
zero
or
zero
one
you
can
ask.
So
how
do
you
anticipate
anything
specific
to
the
transition
from
zero
one
to
one
zero.
F
A
Okay,
anything
else.
B
So
there
are
a
broader
question
that
I
think
could
be
interesting.
I,
don't
know
how
long
this
would
be,
but
you
know
it's
more
like
because
now
we're
talking
about
like
all
the
technical
aspects,
but
to
anybody
does
anybody
have
already
some
kind
of
like
feedback
as
to
you
know?
Was
it
worth
it
in
a
way?
This
is
what
I
was
trying
to
get
to
it's.
C
B
B
Because,
right
now
it's
all
about?
Oh
well,
you
need
to
do
this.
You
need
to
do
that
to
to
improve
your
security
posture
and
salsa
is
the
way
you
measure
this
and
whatnot,
but
I
think
it'd
be
interesting
to
see
if
people
already
have,
and
obviously
this
is
the
kind
of
stuff
the
panelists
would
have
to
decide.
People
participate
if
they,
if
they
have
information
they
can
share
on
that.
But
I
think
it
would
be
interesting
to
ask
that
question
if
they
have
some
answers.
Yeah.
A
Any
anything
else
or
the
panel
discussion
I
know
we
only
have
four
minutes
left,
but
I
still
think
this
has
been
quite
productive
conversation
and
we're
almost
done
I
think
we
only
need
the
salsa
Hands-On
demo
and
then
the
supply
chain
Integrity
working
group
one
in
terms
of
like
what
we
would
talk
about
for
the
abstract.
A
So
how
about
this
does
do
folks
think
that
they
can
add
some
thoughts
on
abstracts
for
this
offline
I
think
we
are
targeting
or
24th
24th
is
supposed
to
be
the
first
draft,
meaning
everything
has
to
be
buttoned
up
and
ready
for
other
folks
to
review,
especially
from
the
other
six
so
that
we
can
get
buy-in
or
like.
A
Yes,
we
want
to
make
sure
that
we
submit
this
as
a
group,
not
necessarily
as
a
individual
person
and
then
once
we
have
those
comments,
then
we'll
try
to
fix
them
and
and
and
then
get
one
final
look
on
the
31st
to
submit
by
the
third.
So
let
me
let
me
look
at
a
calendar
calendar
calendar.
A
C
A
I'll!
Try
to
put
it
out
in
the
in
a
slack
Channel
too,
but
I.
D
D
Yeah
I
just
have
one
question
on
the
last
Point
for
the
group:
we,
what
is
a
supply
chain,
Integrity
working
group?
Could
you
brief
what
what
is
like?
You
know,
part
of
it
or
like.
A
A
We
never
finished
that
exercise
and
I
need
to
schedule,
calls
which
are
really
bad
about
remembering,
but
that's
that's.
Essentially
what
that
is
is
saying:
okay,
supply,
chain,
Integrity
working
group
has
these
three
subgroups
right.
What
are
their.
F
A
A
A
G
There
will
be
a
that's
a
tough
day.
The
expert
Lounge
is
still
unclear.
They
will
they.
There
will
be
an
ssf
day
that
they
open.
This
update,
not
sure
about
the
the
schedule
of
it
just
yet,
but
there
will
be
an
open
up
stuff
day.
Okay,.
A
Awesome:
okay!
If,
if
you're
able
to
keep
us
updated,
that'd,
be
fantastic
yeah,
because
if
we
couldn't
have
like
a
small
version
of
this
or
open
ssfd
I
think
that
would
be
very
helpful
for
for
the
broader
open,
ssf
Community.
Now.
G
I
think
we
have
until
the
fifth
of
February
to
get
that
in.
If
we're
trying
to
do
something
for
trying
to
do
something.
For.
G
G
A
Okay,
thank
you
yeah,
because,
obviously
we
want
to
as
a
group
you
know
talk
about
salsa,
but
I
I,
don't
even
know
the
first
thing
about
open
ssf
day
and
where
the
links
are
I
tried,
searching
for
it
and
I
couldn't
find
anything.
So
how
do
you
possibly
submit
call
for
papers
right
if
there's
no
link?
So
if
you
can
find
that
out,
that
would
be
fantastic.
F
A
Okay,
I
know
we
are
over
on
time.
Thank
you.
Thank
you.
Thank
you.
Everyone
for
joining
really
appreciate
the
collaboration.
I
will
try
to
post
notes
in
the
slack
Channel
and
we
will
meet
next
week.