►
From YouTube: SLSA Biweekly (July 6, 2023)
Description
Meeting notes: https://docs.google.com/document/d/1JbJZxeZOWE7rxT24iEozX35LIUl_Yoqd-DeSm6309GA/
A
Okay,
why
don't
we
get
started
hi
everyone
welcome
to
the
salsa
General
community
meeting
as
a
reminder,
if
you
could
record
your
attendance
in
the
meeting
notes,
which
also
has
a
convenience
Alias,
it's
also
the
slash
node
slash
community,
there's
an
attendee
list
right.
There
also
I,
see
other
folks
filling
in
the
Sig
updates.
Thank
you
very
much
for
that.
A
A
It
looks
like
actually
I
think
everyone
I
think
I
recognize
everyone
here.
Okay,
we
could
jump
straight
into
Sig
updates.
A
On
the
specification
side,
there
hasn't
been
a
ton
of
activity,
there's
some
mostly
minor
things:
the
GitHub
we
submit
a
new
GitHub
pull
request
convention
that
should
hopefully
make
our
git
history
easier
to
follow.
You
could
view
it
at
that
pull
request.
That's
Linked
In.
A
The
meeting
notes,
number
890.,
the
the
gist
is
that
we
have
a
convention
in
the
pull
request,
title
to
say
whether
it's
a
like
a
Content
change
or
a
editorial
change,
or
something
that's
not
to
do
with
specification
to
make
it
easier
to
kind
of
follow
along
like
which
ones
are
important
and
which
ones
are
not
and
update
the
convention
around
how
many
reviews
are
required
and
how
long
it
takes
like
how
long
the
waiting
period
to
make
sure
we
have
kind
of
lazy
consensus,
and
so
that
will
hopefully
make
the
project
run
a
little
bit
more
smoothly.
A
We
switched
hosting
of
the
website
to
netlify.
That
should
be
a
no-up,
but
if
you
see
any
website
issues,
let
me
know
in
the
spec
meetings
we've
had
I
think
there's
been
one
or
two
small
kind
of
editorial
pull
requests
that
have
been
submitted
and
we've
had
various
discussions
about
Clarity
to
the
spec
feedback
on
1.0,
and
we
kind
of
have
a
queue
of
things
to
work
on,
but
I
think
nothing
major,
that's
worth
bringing
up
here.
A
Unless
anyone
wants
to
chime
in
I
we
had
one
I
didn't
put
in
the
meeting
notes.
We
had
one
question
around
the
a
discrepancy
between
the
in
Toto
protocol
buffers
schema
and
the
salsa
like
our
copy,
because
there's
two
different
versions,
but
that's
been
resolved
on
the
in
Toto
side.
So
in
case
you
happen
to
see
that
that's
that's
being
resolved
and
because.
A
Ambiguity
in
the
spec,
because
we
effectively
list
the
schema
twice
in
two
different
languages
and
if
they
are
in
Conflict,
we
I
think
there's
an
open,
pull
request
that
defines
which
ones
you
know.
B
A
Independent
output
and
then
the
last
one
is
the
VSA.
A
A
Yeah
I
I
just
used
the
title
and
then
maybe
just
change
it
here.
You
know
what
let
me
just
comment
on
the
that
pull
request,
that
title
really
shouldn't
be
that
I
think
it
was
because
we
had
this
back
in
the
spec
meeting.
We
had
thought
about
doing
a
1.1
release
right.
C
A
A
Okay,
I
quickly
commented
yeah
and,
and
we
should
update
the
the
pull
request-
titles
in
the
match.
Yeah,
it
was
not
I
think
the
full
request
was
not
intended
to
say
that
we're
doing
a
1.1
release.
It
was
not
I
think
intended
to
make
that
decision,
but
we
do
need
to
make
that
decision
whether
what
we're
going
to
do
all
right
thanks
USA.
D
Oh
anything
but
positioning
and
tooling
I
just
want
to
make
sure.
A
B
A
The
essay
format-
okay,
good
thanks
I,
think
you
know
that's
a
good
point
and
I'll
double
check,
though
positioning.
E
So
we've
been
brainstorming
on
potential
next
steps
for
not
only
salsa
but
s2c2s
and
potentially
guac
going
forward
if
it
gets
approved,
of
trying
to
do
micro,
videos
and
embedding
training
modules
into
the
LF
con
LF
existing
content
and
so
I'm
working
with
Jennifer
Bligh
I
have
a
meeting
in
a
and
later
today
to
ask
what
kind
of
help
they
can
provide
for
the
micro
videos.
E
Since
none
of
us
have
video
editing
capabilities,
at
least
on
the
call
for
positioning,
we
have
the
content
we
that
we
want
to
talk
about
is
just
how
do
you
get
it
to
a
larger
audience
and
in
terms
of
the
training
modules?
I
I
do
have
the
the
contact
now
for
the
training
module,
so
I'll
start
reaching
out
so
that
we
can
have
not
only
salsa
training
modules
but
for
s2c2
I
think
S2
c2f
already
has
but
potentially
guac
or
Fresca
Etc
anything
supply
chain.
Integrity
related!
F
Yeah,
so
on
the
tooling
side
we
canceled
the
meeting
there
didn't
seem
to
be
a
lot
of
interest
to
keep
participating,
at
least
at
this
time
and
I.
Think
it's
mostly
focused
around
the
actual
building
of
the
tools.
We.
We
got
a
lot
of
folks
who
seemed
interested
in
better
understanding
how
to
consume
tools,
but
without
those
tools
currently
existing
yeah.
That
I
think
there
seems
to
be.
You
know
not
really
a
whole
lot
of
interest
there
so
cancel
the
meeting.
F
But
with
that
said,
I
think
that
there's
you
know
a
couple
things
that
that
are
worth
at
least
highlighting
one.
Is
that
there's
a
lot
of
interest
in
in
obviously
consuming
tools,
but
not
so
much
in
the
building
of
salsa
tools?
So
a
lot
of
folks
are
like
Hey.
How
do
I?
How
do
I?
You
know,
I
have
Jenkins
how
do
I
use
salsa.
F
You
know
what
what
do
I
start
doing
and
and
on
that
end,
but
as
far
as
you
know,
creating,
let's
say,
plugins
or
or
best
practices
or
or
things
on
that
end.
There
didn't
seem
to
be
a
lot
of
interest
in
participating
there.
We
switched
to
being
more,
you
know
async,
so
if
folks
have
things
they
could
definitely
Post
in
the
chat.
F
There
is
also
a
you
know:
interest
at
least
in
in
highlighting
where
they're
you
know
what
tools
hit,
what
things
in
salsa.
So,
for
example,
here's
like
salsa
production
tools,
here's
salsa
consumption
tools
and
maybe
other
Associated
sets
of
things.
F
So
there's
some
interest
there,
but
you
know
I,
think
at
this
point
you
know
gonna
put
most
of
the
tooling
stuff
on
on
on
the
back
burner,
at
least
in
the
open
source
space
I
know
there
seem
to
be
a
lot
of
folks
who
are
interested
in
the
salsa
side,
but
they
want
to
keep
that
closed
source
and
and
build
their
own
sort
of
stuff
that
they
can
sell
myself.
I
am
actually
also
working
on
a
bit
of
like
a
salsa
API.
F
Something
to
you
know,
one
of
the
big
things
that's
coming
out
of,
like
the
salsa.
The
sorry,
the
Sterling
tool
chain
from
the
open
ssf
side
is
some
of
the
stuff
that
was
discussed
is
stuff
like
building
kind
of
a
a
control
plane
or
building
an
a
set
of
apis
for
different
pieces
of
the
supply
chain,
and
one
of
the
things
is
hey.
F
If,
if
salsa
is
in
the
build
side-
and
you
might
imagine
that
one
of
the
you
know-
let's
say
the
build,
the
output
like
the
input
might
be
source
code
dependencies
and
the
output
would
be
a
salsa
attestation
and
the
idea
should
be
okay,
as
we
build
out
the
salsa
tool.
The
Sterling
Sterling
tool
chain,
or
whatever
it
ends
up
being
called
things
that
are
Downstream,
would
then
consume
salsa
at
some
level,
and
so
there's
some.
You
know
discussion
and
and
work
happening
on
that
end.
G
Yeah,
my
only
sort
of
massive
comments
is
on
the
tooling,
like
I,
wonder
how
much
but
I
know
there
are
some
people
implementing
salsar
and
I
wonder
if
we
should
be
trying
to
reach
out
to
other
projects
that
we
think
should
Implement
also,
but
that's
it
I
mean
it's
pretty
big.
Ask
doing
that
kind
of
Outreach
I'd
love
to
hear
how
useful
the
current
spec
is
for
the
people
doing
that
work,
though,
and
that'll
be
a
good
way
to
try
and
get
some
some
more
feedback
on
it.
F
Yeah,
so
there
is
some
work,
that's
happening
outside
of
openssf,
so
ostiff
is
doing
some
of
this,
as
well
as
the
cncf
on
sort
of
doing
audits
of
salsa
and
trying
to
at
least
highlight
where
people
might
want
to
start
using
it.
F
I
know
that
largely
most
the
LF
groups
have
and
including
the
projects
within
LF
have
a
lot
of
latitude
in
what
they
do
or
don't
do
so
as
far
as
like
so
and
and
I
think
a
lot
of
it
comes
down
to
incentives
so
right
now
a
lot
of
projects
don't
have
a
lot
of
incentives
to
do
salsa,
because
once
again
you
know
when
you're
talking
about
open
source,
unless
you
know
since
asking
a
lot
of
volunteers,
often
to
go
into
extra
work,
is
not
super
helpful
and
then
even
I.
F
Think
among
this
group,
outside
of
a
couple
of
you,
know,
companies,
obviously
that
are
quite
large
that
can,
let's
say
volunteer,
you
know,
have
have
employees
volunteer
where
they
are
still
getting
paid
for
their
work.
F
There's
a
lot
of
there's
not
like
a
lot
of
interest,
because
when,
when
speaking
to
some
of
these
groups,
one
of
the
things
that
said,
hey
I,
have
you
know
here's
my
list
of
things.
I
need
to
get
done
for
this
project
and
adding
salsa
on.
There
is
a
whole
bunch
of
stuff
and
from
for
the
most
part,
even
even
though
in
in
I
think
walking
them
through
and
seeing
hey.
It's
only
just
a
handful
of
things.
It's
actually
not
that
bad!
It's
just
I
think
folks
are
looking
for
hey.
F
If
you
gave
me
a
resource
to
just
help
me
implement
this
for
a
day
yeah,
it
would
be
more
than
enough
people.
G
Yeah
I
think
well
so,
where
we
ended
up
with
salsa,
one
was
effectively
that
for
teams
producing
software
salsa
adherence
is
mostly
about
choosing
the
right
platform,
but
so
the
tooling
meeting
most
makes
most
sense
as
a
discussion
forum
for
people
building
the
platform,
and
that's
who
we
are
seeing
a
lot
of
participation
from.
F
F
Well,
I
won't
say
because
it
seemed
to
be
I,
don't
say
completely
in
confidence,
but
it
seemed
like
a
couple
of
companies
were
like
we're:
building
a
closed,
Source,
salsa
Builder
and
that's
kind
of
going
to
be
our
thing.
We're
going
to
announce
it
at
some
point,
and
so
there
seemed
to
be
interest
on
on
that
front,
and
then
there
was
other
folks
who
were
interested
in
saying:
hey,
I
use
Jenkins.
How
do
I
prove
that
my
Jenkins
could
be
salsa
conformant?
F
What
are
the
practices
and
so
on
and
so
forth
and
I
think
that
there
is
interest
there.
But
as
far
as
a
contribution
standpoint,
there
didn't
seem
to
be
a
lot
of
interest.
There
seemed
to
be
a
lot
of
interest
in
hey.
This
is
a
thing
I
want,
because
I
don't
want
to
switch
off
of
Jenkins,
but
I
also
don't
have
the
time.
You
know
money
resources
Etc
to
to
actually
either.
F
You
know
build
a
best
practices
guide
for
you
know,
applying
salsa
to
Jenkins
or
or
building
tools
to
make
salt,
so
you
know
compliant
with
Jenkins
as
Jenkins,
compliant
with
with
salsa
or
conformant,
with
salsa.
G
Yeah
I
think
yeah
I,
think
that
makes
sense
I
do
wonder
if
we'll
see
interest
as
we
continue
to
build
out
the
notion
of
a
conformance
program.
Okay,.
F
I
think
on
on
that
end,
also
to
kind
of
go
back
to
your
first
point
of
it's
mostly
about
choosing
the
right
platform.
I
agree,
but
even
among
the
folks
who
are
using
GitHub
I.
F
Think
a
lot
of
folks
are
either
not
aware
of
the
salsa
Builders,
the
the
the
ones
that
for
for
GitHub
and
in
addition
to
that
I
think
even
the
folks
who
do
know
like
they
just
need
a
day
of
like
hey
I'll,
spend
two
hours
with
somebody
to
just
walk
me
through
this
because,
as
it
turns
out,
my
build
just
needs
to
be
rewired
a
little
bit,
but
I
just
don't
have
the
time
to
sit
down,
and
even
if
it
is
ends
up
being,
you
know,
10
lines
of
yab.
F
F
It's
like
all
those
trade-offs
get
get
taken,
which
is
actually
one
of
the
things
that
Austin
is
looking
to
to
do,
and
it's
actually
something
that
we're
working
with
you
know
my
company
kasari
is
working
with
Austin
is
like
hey
doing,
helping
do
those
sorts
of
things
because,
right
you
know,
we
all
have
a
million
things
to
do
throughout
the
day,
and
even
if
it's
like,
oh
it's,
it's
only
a
day's
worth
of
work
just
to
kind
of
refactor,
all
this
stuff
to
get
it
up
and
running,
and
then
to
maintain
it
it's
trivial,
but
it's
like
getting
that.
F
You
know,
given
that
a
lot
of
these
folks,
you
know,
don't
have
the
time
it's
just
it's
just
yeah,
but.
G
Was
just
gonna,
say:
I
think
one
thing
you
said
was
kind
of
like
indicative,
which
is
that
I
need
to
find
half
a
day
to
sit
down
with
someone.
But
if
you
need
to
sit
down
with
someone
to
understand
the
tool
and
adopt
it,
then
there's
there's
obviously
a
problem
like
it
should.
G
Yes,
you
need
to
find
the
time
to
do
it,
but
it
shouldn't
require
in
the
ideal
World
it
wouldn't
require
any
more
than
the
time
and
like
the
tooling's
documentation
right
so
I
think
it
would
be
yeah
really
I
wonder
if
we
could
have
like
a
task
force
almost
within
the
tooling
team,
and
it
sounds
like
to
a
certain
extent,
because
Sarah
is
doing
some
of
this
to
just
go
to
some
projects.
G
F
Yeah
yeah
so
on
on
that
end,
I
don't
want
to
pre-announce
too
much
because
I
do
plan.
We
do
plan
to
open
source
it,
but
one.
F
Yeah
yeah
I
know
we
are
building
out
using
an
an
open,
API
specification
for
almost
like
a
salsa
API,
where
the
idea
would
be
for
like
if
you
imagine,
and
it's
more
of
like
a
salsa
Builder
API.
So
the
idea
would
be
the
actual
builds
Could
Happen
anywhere
GitHub.
F
You
know
Jenkins
whatever
it
doesn't
matter,
but
the
idea
is
the
API
itself
is
the
thing
that
calls
the
actual
Builder
and
that
the
idea
it
would
also
be
that
that
API
is
the
trusted
control
plane,
because
you
are
sort
of
running
you
know.
So
the
idea
is,
it's
not
necessarily
a
full-blown
CI
CD
and
then
you
know,
and
so
this
would
be
for
stuff-
that's,
maybe
not
so
much
SAS
side,
but
you
can
imagine
hey
I'm,
running
I,
don't
know
I'm
running,
you
know,
go
build
great
well.
F
This
thing
has
a
very
specific
thing
that
it
runs,
go
build
or
it
uses
an
intodo
layout
or,
however,
you
want
to
kind
of
have
that
set
up,
but
the
basic
idea
is
the
inputs.
Are
the
inputs
salsa
expects
and
the
outputs
are
salsa,
and
so
everything
else
is
sort
of
an
implementation
detail,
as
long
as
it
meets
the
source
of
conformance
requirements
for
the
implementation,
but
I
think
for
the
end
user.
F
All
of
a
sudden
that
becomes
significantly
more
easy
because
you're
sort
of
just
saying
hey
as
long
as
anything
hits
this
API
great
here's,
the
selection
of
things
and
as
long
as
anything
conforms
to
that
right
and
that
could
even
be
a
GitHub
Builder
that
conforms
to
that
API
right
and
it
makes
it
very
easy
using
open,
API
stuff
of
just
saying
the
inputs
are
going
to
be
this
Json
schema
and
the
outputs
are
going
to
be
this
Json
schema
and
everything
else
just
gets
handled
by
the
the
the
actual
implementation.
F
So
that's
something
that
I'm
hoping
in
the
next
couple
of
weeks
couple
of
months
to
to
be
releasing.
You
know
and
open
sourcing
there,
but
yeah
I
think
the
the
other
things
just
generally
are.
F
You
know
I,
think
one
of
the
things
that
that
I've
been
talking
to
open
ssf
about
as
well
is
is
it
might
make
sense
to
do
something
like
here
is
a
salsa
implementation
guide
and
it's
a
case
study
based
on
an
actual
like
yeah.
We
worked
with
this
team
and
we
did
a
b
c
and
d,
and
this
is
salsa
and
it
could
be
just
a
simple
case
right
of
here's.
The
salsa
Builder
that's
baked
into
this
one,
and
in
fact
that
is
something
that
I
know.
Open.
F
Ssf
is
looking
at
to
actually
do
a
case
study
with
some
folks
on
that
and,
in
fact,
I
believe.
Open
ssf
is
willing
to
throw
some
money
to
help
that
make
that
happen
because
I
know,
for
you
know,
or
at
least
you
know,
for
for
certain
companies
where
it's
more
the
publicity.
That's
the
big
thing
you
know
help
work
with
folks.
G
F
So
it's
more
on
right
now,
the
latter
but
I
believe
the
former
is
something
else,
that's
also
being
discussed
because
I
think
at
least
right
now.
The.
F
The
the
this
latter
piece
it's
about
for
the
at
least
the
open
ssf
has
been
about.
How
do
you
drive
more
end
users
to
come
in
okay?
Well,
let's
build
some
end
user
guides
so
that
folks
better
understand
how
to
actually
adopt
what
openssf
is
building
out
and
then
with
that
said,
though,
I
think
that
there's
probably
is
probably
worthwhile
to
do
the
other
one
as
as
well,
though,
I
think
there's
going
to
be
a
lot
of
push
on.
F
How
do
you
do
that
with
it
probably
wouldn't
be
with
a
vendor?
It'd,
probably
be
hey.
Here's
an
open
source
tool
and
here's
how
we
salsified
it
as
opposed
to
here
is
you
know,
cicd
vendor
X
their.
You
know,
platform
for
doing
it.
Sure.
G
Yeah,
but
there
aren't
quite
a
few
open
source
tools
that
that
you
could
do
that
work
with
right
and
provide
that
kind
of
story
of
how
what
changes
were
required
and
how
what
changes
you
made
to
get
to
that
point,
which
I
think
would
be
really
useful,
but
yeah
cool
thanks
for
the
thanks.
Thanks
for
the
discussion,
I,
don't
want
to
take
any
more
time
unless
anyone
else
has
anything.
We
want
to
add.
G
Sounds
like
not,
then
I
think
we're
on
to
the
next
topic,
which
is
trishank,
providing
an
update
on
the
steering
committee.
D
D
Oh
little
students,
it's
not
an
easy
thing,
never
mind
so,
but
basically,
if
you
follow
the
notes,
what
basically
happened,
if
I
someone
correct
me
if
I'm
sunrising,
it
wrongly,
is
that
Rubino
helped
us
to
figure
out
what
the
election
process
should
look
like
for
the
next
steering
Community
right,
because
it's
about
time
and
out
of
that
fell
out
some
higher
level.
D
Questions
such
as
there
were
questions
at
the
last
meeting
about
oh,
should
the
steering
committee
be
more
transparent
or
should
members
be
more
active
and
there
was
even
a
a
higher
meta
level
question
which
is:
should
there
should
do?
We
even
need
the
steering
committee,
so
I
took
the
chance
to,
and
I
really
would
like
to
share
screen
now,
but
I'm
not
sure
why
Zoom
is
not
cooperating.
So
sorry
about
that.
D
So
this
is
just
my
thoughts,
I'm,
not
saying
that
this
is
what
everyone
should
be
agreeing
to,
although
I
think
it
gives
us
a
place
to
start
Forum
a
documented,
what
the
problems
were,
who
the
current
steering
committee
is
and
what
the
next
steering
committee
should
be
doing.
D
Some
high
level
thoughts
of
mind
and
I'd
love
to
hear
discussion
from
everyone,
but
by
the
way,
I
need
I
need
help
from
one
of
the
steering
committee
members
to
make
a
copy
of
this
document,
because
I,
unfortunately
can't
make
this
public.
So
if
anyone
who
has
power
can
do
that,
please
make
a
copy
of
this,
make
it
public
and
share
it
with
the
rest
of
the
community
please
so
anyway.
What
I
want
to
make
a
little
argument
about
today
is
why
we
need
a
steering
committee.
D
One
thing
that
I
found
missing
is
that
we
don't
have
an
explicit
Charter,
so
if
you
go
to
a
governance
dot
right
now,
it
talks
about
what
the
steering
committee
members
are
supposed
to
do,
but
in
way
of
example,
so
it's
not
really
clear
whether
we're
missing
anything
here,
whether
they
are
minimum
requirements.
In
my
view,
a
steering
committee
should
do
important
things
like
one
of
the
things
that
we
do
in
other
communities,
such
as
in
Toto,
which
I'm
going
to
use
as
a
large
example.
D
Here
we
use
the
steering
committee
as
one
of
the
things
is
to
define
a
roadmap,
for
example,
so
things
like
what
are
we
going
to
do
next
for
salsa
2.0,
conformance
program,
testing
policy,
still
security
level
four,
or
do
we
focus
on
source
security?
There
are
all
these
questions
to
answer,
for
which
I
think
we
need
a
certain
committee
and
then,
of
course,
the
basic
things
like
conflict
resolution,
which
we
hope
doesn't
happen
too
often,
but
I
think
that's
also
an
important
function
and,
of
course,
whatever
the
next
steering
committee
does.
D
It
does
need
to
address
questions
feedback
from
the
community,
such
as
being
sufficiently
active.
What
does
that
mean?
We
need?
We
need
to
show
more
transparency,
even
if
we're
meeting
once
a
month,
we
need
to
take
maybe
make
the
meeting
public
take
public
notes,
at
least,
and
all
that
sort
of
stuff
we've
also
to
add
some
other
values.
D
That
I
think
we
need
neutrality,
fiduciary
responsibility
for
the
lack
of
a
better
term,
in
other
words,
trying
to
make
sure
you're
doing
the
best
for
the
community
as
opposed
to
just
whoever
you
happen
to
represent,
and
so
I
had
this
document
here,
I
highly
encourage
the
current
committee,
as
well
as
the
community,
to
take
a
look
at
it.
I've
included
things
like
the
mission
and
the
charter,
and,
as
part
of
all
of
this,
we
need
to
use
Bruno's
excellent
work
on
trying
to
nail
down
the
election
process
too.
D
There
are
some
specifics
now
that
we
don't
I,
think
we
don't
need
to
get
too
hung
up
about
I
copied
it
from
in
dodo,
so
accidentally
reduced
the
number
from
seven
to
five.
That
was
not
intentional.
This
was
just
copying,
someone
else's
good
work,
and
so
we
should
talk
about
all
of
this.
One
thing
that
I
personally
like
to
see
that
I
like
to
end
with
the
next
committee.
D
This
leads
very
nicely
to
a
point,
Joshua
and
I
think
even
Michael
raised
earlier,
which
is
that
perhaps
the
next
steering
committee
should
actively
represent,
say,
build
platform
builders
without
going
into
names,
necessarily
and
should
be
an
active
representation
of
both
the
industry
and
open
source.
D
In
my
opinion,
something
that
we
haven't
really
considered
in
my
opinion
is
how
build
platforms-
proprietary
well,
not
entirely
proprietary,
but
self-hosted
build
platforms
such
as
those
used
by
say
the
districts
such
as
Debian,
how
they
would
be
able
to
use
also
anyway,
I
stopped
here.
I
hope
this
makes
sense
and
I
see
a
few
questions
in
the
chat.
Let's
see
yes,
yes
or
no
I
know
it's
right.
He
has
a
lot
of
the
feedback
here
that
we
saw
the
last
time.
Yes,
it
does
need
to
be
more
transparent.
D
D
Then
go
from
there
questions
please
and
discussion
more
important.
E
C
C
C
This
group
to
define
the
roadmap
with
some
kind
of
you
know,
trying
to
be
more
collegial
and
and
I.
That's
why
I'm,
like
you
know,
I
and
I
did
say
it
was
being
provocative
of
me
to
say:
hey.
Do
we
even
need
an
AC
because
I'm
not
trying
to
kill
it
necessarily,
but
I
think
it
has
to
be
clearly
defined.
What
the
value
is
so
I
will
read
it
and
you
know
I
reserve.
My
final
opinion
on
that
I.
E
C
E
Yeah
the
road
map-
one
I
mean
it
was
me
Aaron
and
I-
can't
remember
who
else
that
created
the
road
map
and
we
presented
to
this
broader
community
and
we
said:
does
it
make
sense
right
and
we
did
agree
on
what
we
should
do
in
terms
of
not
defining
timelines,
because
we're
always
missing
them
right,
just
high
level?
This
is
what's
now,
but
this
is
what's
later,
so
we
don't
necessarily
need
a
steering
committee,
but
for
a
roadmap,
but
I
do
think.
E
The
steering
committee
should
own
the
road
map
right
because
ultimately
they're
the
ones
that
are
trying
to
steer
salsa
in
a
certain
direction,
but
I,
don't
necessarily
think
they
need
to
be
the
sole
owners
of
the
roadmap
right,
because
we've
we've
already
done
that
without
steering
committee.
D
Sure
yeah,
let
me
try
to
clarify
that
what
I
meant
to
yeah
look
excellent
points.
I
guess
I
should
clarify.
So
what
I
mean
is
yes,
even
if
the
roadmap
is
not
entirely
defined,
perhaps
not
even
largely
defined,
but
is
there
in
committee
at
all,
as
you
said,
I
still
think
it's
important
to
try
to
have
a
group
that,
like
I,
said
earlier,
values
such
as
being
neutral
and
the
fiduciary
the
responsibility
of
the
lack
of
a
better.
That
makes
any
sense
to
try
to
make
sure
that
we
capture
the
community
voters.
D
But
again,
maybe
steering
committee
is
not
the
not
the,
maybe
two
two
two:
what
do
you
call
two
burdensome
an
option?
So
that's
something
so
here's
what
I
recommend
right,
I
think
I
think
it's
very
important
for
the
steering
committee,
the
current
steering
committee
before
the
next
monthly
meeting
to
read
this
document
comment
on
it
and
we
should
have
another
meeting
where
we
should.
H
A
I
think
maybe
to
the
point
about
like
who
does
it
perhaps
it
it's
it's
correct
to
say
that
the
steering
committee
is
a
count
like
in
a
racy
sense,
responsible,
accountable,
something
informed.
So
I
can
remember
what
this
is
I
either.
The
steering
committee
is
accountable
for
the
roadmap,
but
is
not
necessarily
the
one
responsible
for
actually
doing
doing
it.
Oh
consulted
and
so
I
think
there
could
be
multiple
people
responsible
or
consulted,
but
I
think.
C
C
We
need
to
have
more
transparency
and,
in
fact,
I
think
you
know
part
of
the
reason
that
some
of
us
say
do
we
even
need
an
AC
is
because
there
is
currently
no
transparency,
so
I
highly
recommend
that
you,
you
stopped
being
transparent
right
now
and
and
so
that
people
can
appreciate
what's
being
done
by
DSC.
Then
people
are
not
going
to
question.
Why
do
we
need
one
in
the
first
place
and-
and
you
know
last
time,
I
raised
that
question
I
would
sell.
C
Well,
that's
because
we
haven't
really
been
doing
much
and
then
it
just
reinforces
this
feeling
that
well
then,
why
do
we
even
need
one
if
you
guys,
aren't
really
doing
anything
anyway?
So
it's
a
bit
officious
vicious
cycle
that
I
think
you
need
to
try
to
Break
by
being
more
transparent
and
and
show
what
the
value
is.
F
Yeah
I
think
I
I
agree
with
Arno
on
on
that.
I
think
that
if
we
take
a
step
back,
you
know
we
haven't
had
any
sort
of
official
meetings
and
and
more
or
less
the
steering
committee
was
more
or
less
used
as
it
previously.
As
a
sort
of
hey
here
are
members
of
the
community.
Who've
been
more
like,
they
were
actually
more
like
maintainers
than
necessarily
purely
steering
committee
members,
and
it
was
more
of
like
hey.
This
doesn't
sound
like
what
we
want
to
do
with
salsa.
F
You
know
like
this
seems
like
out
of
the
scope
of
what
we
had
already
decided
on
and
and
kind
of
helping
push
things
back
in
that
direction,
but
yeah
I
think
like
I,
don't
know
if
if
we
necessarily
need
that
versus
just
purely
a
maintainer
track
a
outside
of
something
like
you
know
having
having
maintainers
on
on
this
with
that
said,
I
could
still
see
the
argument
that
having
a
steering
committee
is
valuable,
especially
as
time
is
going
on
like
you
know,
and
we
start
to
look
at
start
trying
to
build
stuff
like
the
road
map
and
say
like
hey,
this
sort
of
thing
doesn't
seem
like
what
we
probably
want
to
do
with
salsa,
because
it's
just
not
the
right
time
or
whatever
I
I
think
but
I
I.
F
B
For
some
reason,
I
have
issues
with
the
sound
on
the
on
the
box
here
so
steering
committees.
We
have
a
whole
working
group
that
sits
above
this
is
above
this
sig
right.
That's
where
your
steering
committee
should
live
the
steering
committee's
Drive
strategy.
They
don't
drive
road
maps,
they
drive
strategy.
B
B
That
being
the
case,
I
would
say
that
you
would
have
a
steering
committee
steering
committee
at
the
working
group
level
that
governs
all
of
the
work
being
done,
framework-wise
or
whatever
across
the
entire
working
group,
and
then
you
will
have
sub
committees
for
each
respective
framework
and
then
each
Sig
would
develop
their
own
road
maps
to
report
them
to
those
subcommittees.
That
reports
it
to
the
largest
steering
committee.
B
That
should
be
steering
strategy
across
the
entire
work
group,
with
respect
to
Frameworks
and
tools
that
are
being
developed
for
the
purpose
of
consumption
of
end
users
outside
of
that
environment.
This
is
just
a
hierarchical,
hierarchical
structure
that
could
be
developed.
That
would
take
a
lot
of
the
additional
thought
out
of
the
way
and
provide
that
racy
environment.
That
Mark
was
talking
about
earlier
right.
B
You
could
develop
a
solid
racy
structure
based
on
that
that
you
could
then
say
who's
responsible
for
what
who's
accountable
for
the
entire
situation,
who
should
be
consulted
and
then
who
should
be
informed
that
makes
that
linear
right
that
makes
that
well
understood,
well-defined
and
linear.
When
you
don't
just
try
to
bring
a
steering
committee
down
into
a
group
and
I
hear,
and
what
I
hear
here
with
respect
to
a
steering
committee
and
what
I
hear
about
about
the
the
the
the
the
the
yeses
and
no's
is
wrapped
around.
B
Well,
how
can
you
form
a
steering
committee
inside
of
a
Sig?
That's
been
going
I,
Won't,
Say
I'm,
not
going
to
say
aimlessly,
but
that
has
been
going
with
a
strategy
that
has
been
going
with
a
perceived
road
map
based
on
a
perceived
strategy
and
then
you're
going
to
form
a
steering
committee
out
of
all
of
that
for
what
purpose?
Now?
B
That
should
be
tossed
up
a
little
higher
so
that
it
could
be
formed
and
defined
in
such
a
way
that
can
now
provide
governance
down
to
the
Sig
rather
than
the
sick,
trying
to
govern
itself.
Hence
how
we
got
here
having
this
conversation
now
versus
when
Melba
and
Aaron
this
time
last
year
was
trying
to
provide
a
road
map
against
a
dare
I
say
a
non-strategy.
The
strategy
wasn't
even
formed
then,
but
Melbourne
Aaron
is
trying
to
form
a
road
map
against
what
you
form
a
road
map
against
the
strategy,
not
the
other
way
around.
D
I
think
that's
very
good
feedback
thanks
Joshua
at
least.
G
Yeah
I
think
I
just
felt
the
need
to
point
out
that
historically,
the
the
steering
committee
predates
like
some
of
the
structure
in
the
open
ssf,
so
we
can
set
we.
We
should
consider
whether
the
steering
committee
makes
sense
within
the
within
the
current
and
established
structure
of
the
openness
of
a
yeah
we're
not
trying
to
form
a
steering
committee
now
like
in
contention
with
that
structure.
We
have
a
steering
committee
that
has
been
super
useful
at
times.
G
Fortunately
hasn't
had
to
do
a
lot
of
what
does
exist
within
its
roles
and
responsibilities
and
I
think
one
one
of
the
responsibilities
we
imagined
of
the
steering
committee
was
reviewing
like
providing
those
strategic
oversight
and
reviewing
the
roadmap,
but
we
haven't
had
a
new
roadmap
for
a
while,
because
we've
been
focused
on
the
left
one
until
quite
recently,
so
I
I
felt
that
kind
of
historical
context
was
was
at
least
worth
raising,
but
yeah
I
think
there's
a
valid.
G
There
is
a
valid
point
that
we
should
consider
how
we
align
with
the
directive
structure
I'm
a
little
bit
reluctant
I
I
want
to
raise
the
point
that
this
is
an
open
source
project
and
it's
lies
to
be
volunteer
driven
so
like
the
racing
structure
and
accountability,
and
things
are
a
little
bit
more
squishy
than
normal.
G
We
can't
for
the
most
part,
we
can't
really
hold
people
accountable
for
deliverables
and
whatnot
because
they
are
volunteering
their
time
right.
So
we
need
to
be
aware
of
that
when
we
are
thinking
about
how
to
structure
this
and
proposing
any
structure.
C
Well,
to
a
point,
I
mean
just
because
if
this
is
an
election,
you
know
if
this
is
elected
roles,
people
volunteered
they
commit
to
a
you
know
some
role.
So
at
that
point
you
can
you
can
hold
them
responsible
for
doing
the
work
they
are.
They
run
for.
G
Yes,
I
do
agree
with
that:
yeah
the
full
structure,
I,
don't
like
the
the
full
emotion
of
racial,
yet
I,
don't
think
fits
with
an
open
source.
G
F
So
this
is
I
think
a
little,
because
I
think
this
is
actually
highlighting
a
separate
problem
just
purely
than
the
steering
committee,
which
is
is
more
around
host
1.0
and-
and
this
is
I
just
want
to
say
this
is
slightly
tangential,
but
it's
probably
something
we
just
might
wanna
tag
as
like
a
topic
for
a
future
meeting
to
really
dive
into
which
is
the
post
1.0.
F
We
don't
really
have
a
road
map.
We
still
haven't
really
decided
on
what
we're
really
focused
on
next
there's
a
couple
of
things,
obviously,
that
we're
still
you
know,
that's
still
being
done
like
the
conformance
stuff
and
and
some
folks
are
still
working
on
some
tools,
but
I
I
think
it
is
probably
worthwhile
for
us
to
maybe
go
back
and
do
a
deep
dive
here
on
on
salsa,
just
to
kind
of
go
back
and
say
hey.
F
What
is
the
thing
that
that
salsa
is
going
to
be
focused
on
next?
What
is
the
thing
that
that
the
community
has
decided
on
and
and
so
on,
because
I
think
the
you
know,
a
lot
of
these
points
are
a
little
boot
when,
when,
as
far
as
what
is
salsa
working
on
in
the
future-
or
you
know
even
just
from
a
general
Community
consensus,
hasn't
been
built.
Yet
sorry,
Imelda.
E
E
I,
don't
know,
maybe
aprilish
time
frame
of
what
we
were
going
to
work
on
now,
all
right,
post,
1.0
versus
what's
coming
up
next,
was
if
we
get
to
it,
we
get
to
it,
but
we're
not
it's
not
going
to
be
a
priority,
but
this
is
what
we
decided
as
a
group
I
believe
it.
It
was
actually
in
one
of
these
meetings
in
the
bi-weekly
meetings
that
this
is
what
we
were
going
to
do
now.
E
E
B
E
Just
want
to
remind
folks
that
this
is
here,
people
can
edit,
it
I
think
if
you
can't
let
me
know,
but
we
we
definitely
need
to
revisit
this
now
that
one
1.0
is
is
done
and
if
something
needs
to
be
added
or
removed.
F
So
I
I
agree,
Melba
I,
think
the
and
I
misstated,
what
I
meant,
which
was
the
thing
about
the
roadmap
that
kind
of
has
come
out
of
it
is
as
far
as
I
can
tell.
None
of
these
things
have
actually
been
started
outside
of
obviously
the
stuff.
That's
currently
working
right.
F
It
goes
back
to
that
first
problem
of
we're
all
volunteers
here
and
a
lot
of
folks
are
not
necessarily
don't
have
the
time
to
focus
on
some
of
these
things
right
like
there's,
the
day-to-day
stuff
of
like
hey,
people
are
pointing
out
a
couple
of
inconsistencies
here
and
there
in
the
specification
or
or
things
that
need
to
be
clarified
editorial
yeah,
but
as
far
as
something
like
you
know,
outside
of
I,
think
one
of
the
questions
being
like
that
hermetic
reproducible
thing
for
a
new
salsa
build
level.
F
Four,
not
a
lot
of
these
things
haven't
kind
of
gone
anywhere
outside
of
some
initial
discussions.
A
Mark
yeah
I
just
want
to
maybe
Echo
Jay's
comments.
A
I
think
Jay
brought
up
a
really
good
point,
which
is
that
we
are
missing,
like
a
different
organizations,
use
different
structure,
but
some
sort
of
like
Mission,
Vision
strategy,
permission,
revision
goals
or
some
sort
of
pyramid
type
of
thing,
and
we've
been
talking
about
like
the
road
map
and
maybe
the
strategy,
but
without
talking
about
the
higher
part
of
the
pyramid
which
is
and
agreed
upon,
I'm,
not
even
sure
if
we
can
how
it
really
works
in
an
open
source
organization
like
this,
but
like
a
a
mission
like
a
framework
that
we've
used
in
our
team,
which
is
I.
A
Think
pretty
successful,
is
like
a
mission
statement
which
is
like
a
one
sentence,
a
very
short
one
sentence
thing
and
you
could
look
them
up
online.
Various
companies
have
ones
and
some
sort
of
like
Clear
Vision,
for
what
we
want
it
to
look
like
in
the
future
and
I.
Think
I've
had
a
lot
of
I've
heard
feedback
from
a
lot
of
people
that.
H
A
Nice
certainly
to
anyone
outside
of
people
like
in
this
meeting.
They
don't
really
know
where
it's
also
going.
They
don't
kind
of
have
a
picture
for
like
what
we
want,
salsa
to
become,
and
so
agreeing
on
that
which
is
much
higher
level.
Much
more
abstract.
Maybe
you
know
like
ideally
a
couple
paragraphs
or
something
maybe
a
picture
I
think
is
really
valuable
and
then
once
we
have
that
and
to
Jay's
point,
then
we
could
work
and
it'll
be
easier
for
us
to
work
toward
that
and
we
could
talk
about.
A
Well,
what
are
the
strategies
we
want
to
use
to
get
there?
What
are
the
kind
of
intermediate
goals
and
I
think
that
really
is
value
would
be
pretty
valuable.
I
think
Trish
shank
was
first.
C
I
mean
it'll,
be
quick,
because
I
just
wanted
to
highlight
that
omkar,
who
is
the
new
general
manager
for
open
ssf
and
who
comes
from
Google,
is
pushing
for
that
very
approach
across
the
board.
So
you're
not
far
Mark
with
this
idea.
D
H
Yeah
I
on
the
roadmap
topic
as
well,
I
mean
knowing
what
we
know
from
the
1.0
process.
Right,
which
took
much
longer
I
mean
that
roadmap
has
a
lot
of
things
on
it
and
so
being
able
to
not
just
say
here
are
the
things
you
would
like
to
do,
but
here's
the
priority
I
think
is
something
that
we
could
probably
work
on.
H
But
I
don't
know
if
this
is
a
steering
committee
responsibility
if
this
is
a
community
responsibility
but
having
like
four
really
high
level,
things
were
if
we
can't
even
decide
what
we
want
to
do.
First
right,
it'll
be
really
difficult
to
make
progress,
so
that
was
just
some
comment.
D
Well,
thank
you.
Thank
you
for
feedback,
everyone.
It's
like
five
minutes,
left,
I'm
gonna,
make
sure
we
end
well,
here's
what
I
propose
and
it's
Dan
committee
kind
of
staying
feel
free
to
push
back,
but
I
think
we
should
meet
sooner
than
later.
D
I
think
we
should
read
this
document
as
soon
as
possible
and
then
meet
I
proposed
meet
as
early
as
next
week,
so
that
by
the
time
the
next
monthly
meeting
comes
along,
we
have
a
much
better
picture
and
a
story
to
tell
the
community
about
where
we
think
things
should
go
next
and
have
some
concrete
solution.
What
does
everyone
think.
F
Michael
yeah,
so
that
sounds
good
and
I
think
also
along
those
lines
is
I,
don't
want
to
go
the
full-blown
racy
thing
again,
but
I
do
think
that
it's
probably
worthwhile
to
even
just
sort
of
say,
maintainer
steering
committee
member,
whatever
you
want
to
call,
but
one
of
the
folks
who
is
who
is
being
core.
You
know
in
the
community
on
some
of
these
things
just
saying
that
they
are
sort
of
responsible
from
the
standpoint
of
just
keeping
Folks
up
to
date
on
what
the
status
is.
F
Even
if
the
status
is
nobody
seems
interested
or
there
hasn't
been
a
lot
of
work
on
it,
not
necessarily
saying
that
they're
doing
the
work
just
sort
of
driving
the
conversation
I
think
is
also
worthwhile,
because,
when
I
look
at
a
lot
of
the
different
things
on
the
roadmap,
one
of
the
things
that
kind
of
comes
to
mind
is
hey.
Who
is,
let's
say
the
one
who
is
just
saying:
yep
I
talked
to
the
community
about
doing
this
thing
and
I.
F
Couldn't
we
couldn't
find
folks,
because
even
that
I
think
is
helpful
rather
than
just
we
don't
know
so
so.
I
I
think
that
would
be
helpful
as
well
as
just
to
kind
of
say:
hey
who's
going
to
lead
up
at
least
the
conversation
on
you
know,
Chris
is
doing
conformance
and,
and
some
of
the
other
folks
are
doing
some
of
the
other
things.
F
But,
let's
say,
like
you
know,
I
could
take
like
the
tooling
pieces
and
say:
hey
I,
reached
out
to
these
folks
about
verification
tools,
and
here
there's
some
folks
working
on
it
or
I.
Don't
have
resources.
So
if
we
got
some
resources,
we'd
be
able
to
work
on
it,
but
I
think
even
that's
better
than
just
kind
of
where
we're
currently
at
which
is
just
it's
got
a
communication
silence
on
it.
D
A
A
End
and
other
things
begin
because
actually
this
is
probably
goes
a
long
way
to
what
we're
we're
talking
about
in
this
meeting.
I,
don't
know
if
other
folks
have
read
this
I've
not
seen
this
document
before
here
and
so
I
think
that
helps
a
lot,
but
thanks
trishank
for
getting
this.
This
going
I
look
forward
to
like
kind
of
resolving
this
and
making
the
org
work
more
effectively.