►
From YouTube: SLSA Meeting (October 26, 2022)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
Yeah,
so
we
so
we
have
yours
right
and
then
I've
been
talking
about
this
one
from
him
that
he
he
goes
from
end
to
end
right.
I
mean
I
mean
like
he.
He
goes
from
end
to
end
and
he
you
know,
talks
about
the
you
know,
source
and-
and
you
know,
from
the
accounts
on
the
GitHub
site.
Build
infrastructure
goes
into.
You
know
the
the
just
a
Docker
Hub,
and
you
know
whatever
vendor
stuff
going
on
right.
B
If
you
start
over
at
source
code
and
and
you
know
the
GitHub
portion-
and
you
lay
S2
c2f
over
that-
and
you
slide
over,
get
get
over
past
the
ingestion
process
past
the
binary
repository
process,
and
then
you
lay
salsa
over
that
and
go
off
into
the
Go
off
into
the
towards
the
end.
B
That
I
mean
that's.
That's
what
we're
looking
at
I
mean
in
the
nutshell
right
that,
like
they
like
they
might
hell,
there
might
even
be
some
some
overlay
some
some
some
crossover
like
like
you,
look
like
a
I
want
to
say
a
Venn
diagram.
If
that's
what
you
that's,
if
I
remember,
that's
how
you
called
it.
A
Yeah
yeah,
so
this
yeah-
this
is
neat
I,
think
this
would
be
good
for
like
a
a
drill
down
because
it
might
be
overwhelming
to
a
user
for
at
first
glance,
so.
A
Is
a
lot
I
think
this
is
like
a
a
a
story
right
the
whole
story,
and
we
need
to
chunk
it
up
into
smaller
stories.
To
get
to
this
point.
C
A
So
let
me
show
I
did
update
it
and
then
I
have
a
couple
of
things
like
it's
kind
of
similar,
it's
not
the
same,
but
it
shows
like
pipelines
and
associations,
and
things
like
that,
so
this
is
the
original
I
was
kind
of
looking
at
it
and
thinking
okay.
Well,
you
know
this
is
salsa
build
when
you
think
of
like
a
PR
pipeline
right,
the
cryptographic
signatures
right.
You
would
do
that
during
the
build
any
pipeline
metadata
publishing,
but
I
didn't
really
see
anything
else.
A
That
was
billed
every
the
rest
was
more
of
source
right.
So
if
we
think
of
salsa
source
and
what
what
we
could
potentially
imagine
and
then
there's
that
salsa
common
security
requirements
that
aren't
really
fleshed
out
and
I
feel
like
those
are,
the
things
in
purple,
yeah
I
thought
maybe
deployed
to
production,
might
be
Fresca,
but
I
I.
Don't
remember
if
Fresca
handles,
like
validation
of
the
package
before
it
gets
deployed,.
B
Well,
this
also
the
the
Social
Security
requirements,
I
I,
once
I
once
again,
that
is
out
of
scope
for
salsa
I
I,
don't
I
I,
don't
know
how
I've
like
you're
God
the
I
when
I,
when
I
saw
the
build
track
versus
the
source
track.
I
said
Okay
I
I
see
what's
happening,
I
kind
of
like
it
too,
because
it
keeps
the
scope
intact
right.
There's
no
scope
creep.
B
You
start
talking
about
vulnerability
management.
That's
a
that's!
A
that's
a
that's
a
bit
of
a
that!
That's
a
that's!
A
bit
of
scope
creep!
Now:
you're
you're!
You
know
you're
asking
a
a
something
like
salsa
who
that
you're
asking
salsa
now
to
sit
there
and
have
like
you
know,
security
scanning
portion,
you're,
asking
salsa
to
do
too
much
with
that.
B
Do
to
do
too
much
with
that.
That
should
be
conducted
a
little
earlier
on.
C
B
B
B
You
know
no
level
one
versus
level
two
and
the
language
being
used.
I
mean
it
lends
itself
to
being
a
compliance
requirement.
Have
something
in
place?
Doesn't
matter,
have
something
in
place:
a
secure,
your
framework's,
a
little
different.
You
know,
security,
firm,
he's
like
and
I
have
something
in
place
have
this
in
place
and
have
use
this
tool
to
create
this
thing
to
provide
this
level
of
control
right,
so
that
so
that
that
would
be
a
security
framework
which,
even
in
version
one
of
salsa
that
doesn't
it
doesn't
do
that
the
s2c2f.
B
C
B
The
compliance
checks
and,
and
all
that
kind
of
stuff-
that's
very
salsa-
that's
very
salsa,
specific,
very
salsa
Centric,
but
when
it
comes
to
security
controls
and
like
I
said,
that's,
why
that's
why
it's
very
consumer
focused
and
consumer
based
right,
providing
those
security
controls
to
help
to
help
provide
the
security
required,
the
security
controls
necessary
for
ingestion?
So
how
are
you
scanning
packages
as
they
come
in?
What's
just
first
of
all,
how
are
you
ingesting?
B
D
So,
just
just
before
you
make
that
color
adjustment
I
mean,
like
sqc2f,
doesn't
say
anything
about
the
published
workflow,
so
security.
D
In
in
publish,
doesn't
make
sense
to
be
to
be
that
color,
it
doesn't
say
anything
about
vulnerability
management
left
to
right
through
the
sdlc.
It
says
vulnerability
management
it
makes
specifications
and
requirements
around
your
dependencies
so
like
at
the
highest
level.
I
I
would
I
would
propose
that
like,
if
you
think
about
a
software,
build
I'm,
a
software
producer
and
I'm
sitting
right
in
the
middle
of
your
diagram
and
I'm
doing
a
build,
and
what
are
the
materials
that
I
build?
D
The
materials
and
I
build
are
Source
The
Source,
my
first
Party
Source,
which
I
wrote
and
I
own
and
then
the
dependencies
that
I
imported
and,
if
you
think
about
Salsa
Salsa
as
I
said
of
requirements
around
how
sources
managed
and
how
build
is
done.
It
doesn't
say
anything
about
dependencies.
An
s2c2f
speaks
only
about
dependencies
and.
D
Like
that,
there's
one
world
in
which
these
two,
these
things
work
super
well
together,
because
if
you
look
at
producing
software,
I
have
a
build
which
takes
my
source
and
my
dependencies
and
produces
an
artifact.
Now
salsa
talks
about
what
the
build
should
look
like
and
it
talks
about
what
your
Source
management
practices
should
look
like.
D
Definitely
like
kind
of
crayons
on
the
wall
level,
but
like
it
seems
to
me
that
actually
s2c2f,
you
could
imagine
an
Uber
security
framework
where
you
say:
okay,
there's
a
set
of
practices,
you
need
for
your
Builder
Salsa's
got
a
good
stab
at
that
there's
a
set
of
practices
you
need
for
Source
management.
Salsa
has
a
reasonable
Step
at
that,
or
it's
not
very
fetched
out.
There's
a
set
of
practices
you
need
for
dependency
management.
D
Here's
what's
important
for
dependency
management
requirements
and
practices
there
same
for
Source
same
for
vulnerability
management
and
putting
these
under
a
single
umbrella
that
the
open
ssf
owns
and
says.
Here's
our
overall
supply
chain
framework
s2c2f
is
where
we
begin.
When
we
start
to
think
about
dependencies,
salsa
is
where
we
begin.
We
start
to
think
about
build
vulnerability
management.
We
don't
have
anything
left
to
right
at
the
moment,
and
so
it
seems
to
me
that
the
Pieces
come
together.
That
way
and
that's
why
I
feel
like
you
know
it's
altering.
D
B
Oh
yeah,
no,
no,
absolutely
that
makes
perfect
sense,
I'm,
actually
trying
to
pull
up
pull
up
here
to
so
that
we
can
look
at
the
different
levels.
B
If
we
can
look
at
the
different
levels
and
like
like
right
like
you
know,
because,
because
you're
absolutely
right,
Isaac
one
does
this
salsa
does
pick
up
where
s2c2
c2f
ends.
It
should
pick
it
up
and
any
gaps
that
there
are
ahead
of.
That
is
what
we
can
work
on
in
these
respective
sigs
to
close
these
gaps
or
identify
whether
or
not
these
Fresca
or
guac
or
the
the
mature
and
I
know
that
the
supply
chain
material
worked
in
the
CDF.
B
That's
for
artifact
life
cycle
stuff
after
the
fact
so
I
I
know
what
that's
is,
but
what
would
fill
these
gaps
in
the
in
the
in
the
in
the
middle
Let
me?
Let
me
pull
up
here.
B
D
And
what
just
while
you're
pulling
that
up
just
just
to
continue
my
thought,
I
mean
given
that
you
know
salsa
has
some
traction
with
respect
to
adoption.
It
could
well
be
that
you
know
adding
SDC
to
S
style
levels,
just
also
around
hey.
It's
how
you
do.
Dependency
management
actually
helps
get
that
adopted,
because
salsa
already
has
some
adoption.
It
already
has
people
moving
up
the
salsa
level
already.
Has
you
know
both
in
open
source
and
Commercial
people,
thinking
about
salsa,
implementing,
salsa
and
adding
you
know
requirements
around
dependency
management
is
also.
D
C
A
D
C
D
So
I
I
think
that
that's
a
fair
criticism,
this
Altar
and
so
I
think
the
potential
for
o2c2f
to
come
in
and
say
well
gosh.
We've
got
a
super,
well
well
reasoned,
well,
thought
out!
You
know
fleshed
out.
You
know
framework
for
how
you
do
OSS
dependency
management,
that
that
does
feel
like
a
critical
Gap
in
our
overall
story.
Yeah.
A
The
other
thing
I
wanted
to
make
a
comment
on
before
we
start
on.
This
is
so
for
the
common
requirements,
common
security
requirements.
A
lot
of
them
are
coming
from
the
ssdf
right,
so
like
vulnerability,
management
and
making
sure
you're
scanning,
Etc,
I
wouldn't
say,
that's
also
necessarily
isn't
it's
in
scope
of
salsa,
but
I
feel
like
salsa,
as
with
any
other
framework
should
have
something
that
says
you
should
be
doing
this,
and
you
should
provide
attestation
that
you
are
doing
this
right,
not
necessarily
a
whole
vulnerability,
Management
program,
but
it's
more
of.
A
But
it
is
part
of
the
ssdf,
which
is
why
I
call
it
out
because
a
lot
of
times
people
think?
Oh
well,
you
know
once
we're
done
we're
done
right,
there's
no
more
scanning
yeah.
D
B
Well
and
I
think
and
I
think
that's
that's
where,
where
you
differentiate,
you
know
between
the
the
security
framework,
that
is
the
s2c2f
versus
the
the
compliance
nature
of
of
salsa.
If
you're
going
straight
on
artifacts
and
you're
attesting
to
the
fact
that
something's
been
done
per
the
artifact,
that's
been
generated
right
and
whether
or
not
you
can
validate
that
artifact
where
s2c2f,
like
you
said
organizationally,
are
we
doing
these
practices?
Are
these
things
being
done?
Just
so
happens
that
the
sec2f
is
structured
in
the
way,
whether
it's
where
it's
a
maturity
model.
B
So
how
mature
is
your
organization
against
some
of
the
practices
in
the
s2c2f
and
then,
of
course,
on
on
the
on
the
back
end,
where
if
there
are
artifacts
artifact
generated
artifacts
generated,
those
can
be
pulled
in
to
say
hey
these
artifacts
support
these
claims
made
under
salsa
right.
So
so
you
can
clearly
see
where
One
hand
washes
the
other
here
right
right.
D
D
You
know
unreputable,
like
kind
of
claims
about
the
thing,
and
so,
if
you
say
I
trust
a
tool
called
GitHub
actions,
GitHub
action
is
going
to
say,
I
built
this
thing
and
it's
also
level
three
and
I
signed
that
and
and
so
there's
a
there's,
an
end-to-end
kind
of
cryptographic,
assertion
that
you
can
make
through
the
supply
chain.
That's
that's
anchored
in
the
trust
you
have
in
a
tool
yeah
and
with
with
s2c2f
I,
think
you're
always
going
to
be
essentially
trusting
an
organization
which
makes
an
attestation
about
it
rather
than
a
tool.
D
There's
a
chance
to
develop
tools
to
do
you
know.
S2C2F
type
audits,
I
mean
I
I,
don't
know
if
you've
thought
about
this
Jay
of
how
that
would
look,
but
it
would
be
neat
to
explore
that
space
so.
B
The
so
so
the
great
thing
about
this
well,
where
I
put
up
here
right
now,
is
just
levels
and
I
put
the
levels
there.
I'll
come
back
to
that
part
in
a
second
but
and
of
course,
there's
different
products
about
eight
different
practices
under
the
framework,
but
but
you,
but
you
mentioned
it
here
right
so
so
these
are.
These
are
just
the
common
threats
and
I'm
trying
to
come
down
here.
I
think,
there's
a
tools
area
here
where
we
talk
about
respective
tools
as
well.
B
You're
gonna
find
that
find
that
area,
because
that's
something
that
we
did
talk
about
who's,
gonna
and
then,
of
course,
of
course,
who's
going
to
create
these
tools.
A
B
Right,
so
that's
that's
this
part
right
here.
Yeah
I
can
prove
that
artifacts
and
reduction
has
full
chain
of
custody
from
all
this
stuff
and
that,
but
that's
so
when
we
say
audited,
let's
distinguish
the
difference
between
other
thing
that
you
have
that
something
was
done.
You
have
a
an
artifact
that
says
it
was
done
and
we
can
validate
that
versus
the
fact
that
you
have
an
artifact
at
all.
C
B
Right
so
that
so
that,
so
so
that's
the
when
I
think
about
salsa,
I,
think
about
attestation
and
what
my
vision,
but
when
I,
when
I
think
about
visioning
I,
think
about
not
just
being
able
to
self-attest
that
this
has
been
done,
but
a
third-party
attestation
So,
eventually
being
able
to
contract
like
a
I,
don't
know
one
of
the
big
four
companies
come
down
and
say:
are
you
salsa
can
fly
and
the
way
in
what
the
way
in
which
you
met
salsa
compliance.
D
I
think
yes,
but
I
think
when
I
think
about
you
know
certification
of
salsa
compliance
that
applies
to
the
Builder
and
so
the
certification.
So
there's
a
point
of
Leverage
which
can
be
done
in
a
certifying,
Authority
can
come
and
say:
GitHub
actions
can
build
at
Salsa
level
three,
and
so,
when
you
see
assigned
data
stations
from
GitHub
actions
that
says
sales
level,
three,
you
can
trust
that
certification
and
attestation
and
SGC
to
F
land
isn't
done
at
the
tools
level.
It's
done
at
the
organizational
practices.
D
Yeah
and
I
think
there's
there's
potential
to
have.
You
know
how
what
parts
of
s2c
to
F
can
be
automated
by
tools
which
can
then
make
those
automated
and
cryptographically
assertive
attestations.
A
So
I
was
trying
to
go
through
the
levels
they
actually
took
a
screenshot
and
put
it
in
this
mural
that
I
have
to
try
to
start
capturing
notes.
B
Let
me
well,
let
me
just
let
me
stop.
Oh,
did
you
am
I
still
share,
let
me
stop.
A
Sharing
no
yeah
I,
just
I
just
took
over.
So
these
are
the
four
levels
right
use:
package
managers,
local
copy
of
artifact
inventory,
OSS
manual,
OSS
updates.
A
So
this
is
about
just
in
general,
your
I
guess,
first
level
dependencies
right.
This
is
the
things
that
you
need
this
one:
let's
get
rid
of
Life
Auto,
almost
it's
not
quite
bone
management,
but
because
it's
just
about
scanning
making
sure
that
you
have
updating
and
cyber
hygiene
phone
this
right
here,
this
clone,
OSS
storage,
I,
think
that's!
This
remember
we
were
talking
with
Marcella
and
and
others,
and
we
came
up
with
this
diagram
of
well.
How
do
you,
how
do
you
use
or
how
do
you
do
OSS
when
you
also
have
proprietary
code?
A
Do
you
just
clone
it
directly
from
the
repo
or
do
you
have
an
internal
mirror
yeah
for
active
Security
reviews,
opponents.
B
Than
anything
else,
but
and
but
for
the
purposes
of
this
this
that's
very-
this
is
very
aspirational,
so
so
validating
s-bombs
is
one
thing,
but
then
there's
a
lot
of
it.
That's
that
we're
still
trying
to
build
the
tooling
around,
so
the
tooling
is
the
issue
there.
Okay,.
A
B
So
I
it
doesn't
speak
to
it
directly
and
I
get
the
feeling
that
these
are
one
of
the
things
that
we
can
work
on
with
it.
I
think
I
think
this
might
be
a
gap
because
it
doesn't
speak
to
it
directly,
but
when
we
are
scanning
for
for
malware
and
we're,
we
know
that
should
be
inventoried
correctly
and
remediation
steps
of
that
should
be
tracked,
so
I
I
would
CL.
I
would
say
yes,
because
you
can't
have
one
without
the
other.
B
C
B
A
Most
of
us
are
Marching
towards,
as
the
government
says
hey.
If
you
want
to
do
business
with
us,
you
need
to
do
this,
so
guess
what
people
are
going
to
do
it?
Okay,
okay,
so
I
think
I
understand
this
now
now
the
conversation
that
you
and
Isaac
were
just
having,
you
know,
I'm
trying
to
think.
A
Is
this
helpful
because
I
know
you
had
that
huge
diagram,
Jay
I
was
going
to
call
you
Jason
for
some
reason:
I,
don't
know
why
sorry,
this
kind
of
goes
into
that
you
know
who's,
providing
the
attestation
right.
What
artifacts
that
they're
providing
build
versus
like
a
customer
right
who,
who
now?
Who,
where
is
the
trust
line
right
when
it
comes
to
hey
here's,
here's
this
artifact
that
says:
hey
I'm,
doing
everything
I'm
supposed
to
be
doing.
Do
you
actually
trust
that
artifact?
A
Do
you
trust
that
provider,
but
then
I
think
this
down
here?
A
Is
it
useful
to
show
that
together
somehow
in
a
nice
way
to
build
that
story
of
hey
here's,
the
here's,
the
high
level?
Now,
let's
walk
you
through
an
example
of
let's
say:
s2c2f
inaction,
and
then
the
next
step
would
be
you
know,
maybe
social
source
and
then
social
build
right,
I'm
just
trying
to
get
a
sense
of
where
do
we
want
to
go
from
here.
B
B
C
D
Like
I
think
one
of
the
one
of
the
challenges
that
we've
got
in
open
ssf
is
that
the
kind
of
so
there
is
there's
limited
overlap
and
motivation
between
the
parties
and
the
openness
and
stuff
I.
Think
for
folks.
Some
folks
are
motivated
to
to
see
you
know
their
own
products
get
adopted
or
their
understandings
get
adopted.
D
Others
to
kind
of
push
the
state
of
the
industry
forward,
others
are
focused
on
the
Enterprise,
other
open
source
and
so
on,
and
one
thing
I
was
going
to
point
at
again,
which
I
think
thinking
about
suc2f
and
salsa
is
that
you
know
salsa
was,
was
conceptualized
and
oriented
or
a
lot
of
the
activity
around
solves
the
results
for
adoption
and
open
source
right
now,
and
so
literally
there
are
people
at
Google
who
are
tasked
with
okay,
we
want
cells.
You
know
we
want
salsa
builds
and
salsa
Providence.
D
For
you
know
the
top
end
100
open
source
packages
go
make
that
happen
s2c
to
F,
because
it's
a
set
of
organizational
practices
has
a
different
applicability
model
to
open
the
source.
Like.
D
It's
gonna
start
saying:
I,
have
you
know
these
organizational
purposes
about
how
I
manage
dependencies
it's
much
harder
to
see
s2c2f
being
adopted
by
the
open
source
Community
where
a
salsa
can
be,
whereas
looking
at
these
diagrams
here,
which
have
an
Enterprise
focus
and
about
Enterprise
production
of
software,
there's
much
greater
applicability
of
s2c
to
f,
as
I
said,
of
organizational
practices
for
Enterprise,
and
so
again
it's
it's
kind
of
it's
tough,
because
the
the
balance
is
different,
where
we
have
our
Focus
and
I.
D
Think
I
think
this
is
a
pattern
that
I've
seen
elsewhere
in
the
openness
f
as
well.
That
there's
folks,
who
are
you
know,
thinking
of
all
the
time
about
applicability
to
open
source
and,
as
folks
like
you
know,
the
end
users
working
group,
for
example,
is
chaired
by
you,
know:
Jonathan
who
works
for
City,
and
you
know
his
focus
is
very
much
an
Enterprise
use
case.
It's
rightly
so
I
think
that's
an
important
part,
but
recognizing
that
there
are
these,
these
two
possible
areas,
the
focus
and
areas
of
applicability
and
and
some
Frameworks
May
span.
D
Both
some
may
be
more
appropriate
for
one
than
the
other
and
so
on.
I'm
really
sorry
I'm
going
to
have
to
dash.
But
this
has
been
incredibly
eye-opening
for
me,
I'm,
so
impressed
by
your
mural
here,
Melba.
C
Thank
you
amazing.
It
makes
you
want
to.
D
Try
and
mural
to
be
honest,
but
also
I,
I'm,
really
heartened
and
encouraged
by
just
how
much
agreement
we
have
between
the
three
of
us
that
I
think
we
can.
We
can
produce
something
jointly
here,
which
speaks
to
the
complementarity
of
s2c,
turf
and
salsa,
how
they're
similar,
how
they're
different,
how
they
work
together
in
concert
and
and
also
you
know,
help
people
understand
how
you
should
think
about
these
two
in
an
Enterprise
context.
D
How
you
think
about
these
two
in
an
open
source
context,
I,
think
that
they're
both
you
know
all
good
they're,
both
targeted
towards
folks
who
produce
software
but
s2c2f
around
producers
who
are
consumers
of
upstream
dependencies,
and
it's
also
is
very
much
on
build
anyway,
without
I'm
gonna
have
to
dash
I
look
forward
to
much
more
on
this
and
I
will
share
some
diagrams
of
my
own
channel.
Okay,.
C
A
Thanks
Isaac
and
I
guess
for
for
Jay
I'll,
trying
to
figure
out
the
best
way
of
sharing
this
I.
Don't
know
that
I
can
share
this
outside
without
downloading
it
as
a
picture.
A
No,
this
is
actually
it's
just
a
web
browser
I,
don't
have
anything
installed.
Okay,.
B
A
C
A
You
won't
be
able
to
yeah
that's
the
problem
so
because
I
know
I
can
ex
like
I
can
literally
do
an
export
of
like
either
everything
or
nothing
and
I
can
do
like
a
PDF
file.
I
can
do
a
PNG
image,
I.
B
There
are
some
holes
on
both
ends
that
we
can
plug
up
to
like
make
these
things.
Jive,
yep
I
bet
Jive
better.
They
jive,
if
they
jive
well
together,
as
is
but
I,
think,
there's
some
some
gaps
that
we
can
Shore
up
on
both
ends
and
I
think
this
is
fantastic.
A
I
I'm
downloading
this
one
as
a
picture,
because
this
is
kind
of
the
higher
level
one.
This
one
is
already
out
there
and
I.
Don't
think
we
need
that
one
right
now,
this
one!
You
have
this
one's
also
out
there.
If
you
want
me
to
read,
read:
do
this
not
redo
but
re-upload
it
that's
fine,
but
this
is
more
of
a
hey
from
a
consumer
perspective
when
you're
getting
me
that
testation.
This
is
what
you're
getting
and
who
you're
getting
it
from
I.
A
Don't
know
that
we're
there
yet
and
then
this
is.
B
Kind
of
yeah
yeah
this
this
right
here
we
we
we're
working
towards
it,
but
we
got
to
get
there
I
like
that,
though,
because
that
speaks
to
what
I
was
saying
before
about
what
gets
created
versus
what
what
what
what
gets
created
versus
what
is
used
for
attestation
purposes.
So
how
does
what
gets
created
get
gets
rolled
up
into?
What's
what's
being
used
for
attestation,
yeah.
B
Of
you,
you
can
I
I,
I
I,
don't
know
how
I
think
right
now
I
mean
just
less
is
more
because
we
still
have
more
Cycles
on
this
between
you,
yeah
right,
so
we'll
be
meeting
on
this
more
I
mean
you
send
it
now,
I'll,
probably
the
next
time.
I
look
at.
A
A
Yeah
I
think
it's
more
in
case
like
you,
you
will
need
it
for
something:
I,
don't
know
if
you're
talking
to
someone
or
you're
like
brainstorming
and
you're
like
wait,
a
minute
I
wish
I
had
that
picture
in
front
of
me.
A
Didn't
I
didn't
go
through.
I
would
like
to
kind
of
consume
that
that
PDF,
you
had
a
little
bit
more
because
it
was
hard
for
me
to
read
on
my
screen
from
oh
I
forgot,
the
gentleman's
name
that
created
it.
John.
B
A
There
you
go,
I
thought
it
was
a
John,
but
I
wasn't
sure.
But
let
me
let
me
upload
this
to.
B
I
want
to
say,
I
shared
this
in
our
in
our
thread.
B
C
B
A
Awesome
yeah
yeah
because
I
wanted
it's,
it
was
hard
to
read
and,
and
maybe
it
just
is
naturally,
maybe
it
doesn't.
The
resolution
is
compressed
or
something
let
me
see
can
I
read
it
now.
Yes,
I
can
because
I
was
like
what
is
it
saying
under
like
IDE
plugins,
okay,
I
see
it
now.
A
Cool
I
will
try
to
consume.
This
I
will
try
to
see
if
there's
a
way
of
me.
A
Merging
some
of
the
s2cf
stuff
in
here
as
like
modules
or
something
but
I,
have
to
take
time
to
read
it
and
I
think
that's
sagacha
is
is
I
need
to
read
it
I've
not
had
the
chance,
so,
okay
I
will
let
you
go
that
I
know
we're
over
on
time.
A
Hope
you
have
a
good
day
and
I
guess.
If,
if
you
need
something
from
me,
feel
free
to
Ping
absolutely.