►
From YouTube: SLSA Positioning Meeting (September 28, 2022)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
B
B
A
B
I
think
that
it's
one
of
those
effects
of
pandemic
because
before
it
was
like,
we
have
a
fiscal
limitation
in
the
room
and
then
they
really
pick
you
can
go
to
the
meeting.
You
can
go
to
the
meeting.
We
don't
have
enough
space
in
the
meeting,
but
now
it's
just
another
box.
So
they
invite
everybody
everything.
Because
of
me
and
there's
like
400
people,
yeah.
A
Yeah
so
I
know
one
of
the
things
that
you
there
was
two
things
that
you
signed
up
to
do
before
the
previous
meeting.
One
was
looking
at
the
oscow
tools
and
then
the
other
was
helping
with
the
development
blog.
Yes,
so
thoughts
need
help.
Progress.
B
I
do
I
do
need
help
and,
and
that
and
I'm
I'll
be
in
slack
asking
for
that,
but
but
but
but
I'm
I'm
active
in
them
just
had
a
lot
of
competing
things
that
needed
to
get
done
over
the
last
over
the
last
week,
but
but
I'm
tracking
on
it.
These
things,
these
things
are
happening.
I'm.
A
Editing
the
wrong
agenda:
sorry
about
that:
okay,
okay!
So
yeah!
Let
me
know
what
you
need,
but
I
have
it
on
I'm,
trying
to
put
all
the
to-do's
up
here
so
that
we
can
kind
of
visualize.
B
The
the
old
scale
stuff
I
I'm
I'm
still
in
the
process
of
tracking
down
someone
that
can
talk
me
through
that
everybody
I
ask
they
are
everyone
agrees
that
oscal
is
you
know
everybody
everybody's
interested
in
it?
No
one
seems
to
understand
it
at
all,
so
so
I
gotta
I
gotta
track
someone
down
who
understands
it
and-
and
you
know,
but.
B
That
so
so,
I
have
a
few
questions
out
and
those
of
that
stuff
will
come
back
and
I'll
I'll
make
everyone
smart.
This
is
not
the
only
place
where
I
got
where
I
have
to
come
through
on
that
Oscar
stuff
and
I
can
blame
this
place
because
I
told
them
I'm
already
doing
it
as
a
result
of
this.
So
there's
nothing
that
says:
I
can't
do
that
kind
of
research
for
the
other
stuff
that
we
have
going
on
internal.
So
so
it's
so
I'm
killing
I'm
killing
a
few
birds
with
one
stone
here.
A
A
Smart
on
it,
no
no
worries
just
wanted
to
see
if
you
needed
any
help.
If
you
can
to
any
decisions,
because
then
we
could
potentially
work
towards
that
information
in
this
meeting.
But
here,
if
people
don't
have
this
I'm
sure
you
do,
I
am
looking
for
the
chat
where's.
The
chat
chat,
chat,
chat
there.
It
is,
if
you
can
sign
in
that,
would
be
fantastic.
A
Oh
yes,
this
is
a
lovely
thing.
That's
been
hanging
out,
so
I
am
trying
to
just
put
everything
in
one
spot.
These
were
the
some
of
the
two
dues.
A
D
Yeah
so
so
I
looked
at
that
I,
so
I
looked
through
the
oscow
like
so
so
there's
a
couple
of
things.
D
There
I
think
I'm
trying
to
find
like
something
along
the
lines
of
either
an
oscow
spec
or
a
similar
sort
of
thing
of
like
what
that
thing
normally
looks
like
in
the
outside
sort
of
world
of
like
hey,
here's,
a
set
of
controls
or
requirements
or
whatever,
and
then
what
would
the
Json
schema?
Look
for
that
look
like
that
for
that,
because,
like
just
to
be
clear,
I
think
your
your
stuff
looks
good.
D
It's
just
that
there
might
already
be
some
pre-existing
sort
of
like
oh
yeah,
here's
a
requirement
spec
and
so
there's
a
bunch
of
tools
that
already
work
with
requirement.
Spec,
you
know
documents,
so
that's
that's
the
one
area
I
couldn't
seem
to
find
anything.
So
in
that
case
it
might
just
be
fine
just
to
use
what
you
have,
but.
B
D
Going
to
do
one
last
kind
of
bit
of
research.
A
Okay,
got
it
okay.
Adaptive
much
to
collaborate
on
here
feel
free
to
do
that
during
this
time
too,
so
I'm
trying
to
think
okay,
we
went
through
that.
A
The
charter
and
the
group,
this
might
be
a
good
one,
because
I
don't
think
I
have
access
to
the
Google
Groups.
Do
you
like.
D
So
the
the
neat
the
need
to
to
migrate
to
groups.io
is
that's
something
that
we're
not
even
like.
That's
something
that
the
Linux
Foundation
themselves
are
somehow
organizing
exactly
what
that
means
is
also
stuff
that
they
haven't
really
made
clear
to
us.
Yet.
D
Yeah
I
I
I
I
get
that
that's
not
accurate.
It's
yeah,
the
the
Linux
Foundation
I
mean
as
much
as
I
love
them.
You
know
sometimes
they're
not
really
clear.
On
like
oh
yeah,
we
should
all
be
moving
over
to
this
other
thing.
Okay,
what
does
that
actually
mean?
I?
Don't
know
you
guys
figure
it
out.
It's
like.
A
A
A
Okay
got
it
got
it
okay,
so
then
that
leads
me
to
the
Charter
outside
of
maybe
brainstorming
on
on
some
of
the
blog
stuff,
I
kind
of
stopped,
because
Kim
raised
a
concern
but
I
know
there's
two
steering
committee
members
that
have
signed
off
on
at
least
two
of
these
or
not
two
sorry
several
of
these
sections
and
this
effort,
because
I
think
we
all
wanted
Clarity
and
if
I'm,
not
mistaken,
I
think
the
tech
is
going
to
start
requiring
some
of
the
groups
to
actually
have
this
in
place.
A
A
Correct
correct
right,
but
I
mean
I
I
know:
we've
talked
about
it
in
the
salsa
open,
Forum
discussion
with
other
steering
committee
members
and
we've
talked
about
it.
You
know
for
several
weeks
and
no
one
ever
brought
up
any
concern.
So
it's
it's
just.
It
took
me
a
back
that
there
was
a
little
bit
of
pushback
on
this
document,
but
my
understanding
is
that
the
attack
is
going
to
start
requiring
things
like
this
from
the
groups.
D
D
Which
is
the
which
is
the
supply
chain,
Integrity
working,
but
with
that
said,
a
lot
of
folks
are
saying,
like
salsa
is
large
enough
that
it's
probably
sort
of
graduated
purely
out
of
just
being
the
supply
chain.
D
Integrity
working
group,
in
which
case
yeah
it
would
need
to
have
its
own
sort
of
Charter,
which
just
to
be
clear,
it
does
I
think
that
there's
not
once
again
I
think
that
there's
nothing
wrong
with
having
a
charter
for
this
group
as
long
as
like
we
don't
spend
a
whole
day
just
being
like
hey,
we
need
a
charter,
but
no
I
think
this
is
fine,
just
to
kind
of
make
sure
that
we
can
go
back
to,
for
example,
like
the
idea
here
is
you
know,
salsa
should
have
a
charter,
so
it
could
go
to
the
attack
and
say
hey.
D
D
A
D
This
case
I
think
this
is
super
useful,
just
to
make
sure
that
you
know
if
the
tooling
group
says
hey,
we
want
to
be
the
ones
who
are
in
charge
of
Education
okay
hold
on,
let's,
let's
sort
that
out
before
tooling
starts
going
and
doing
stuff
with
education,
and
then
you
you
know
this
group
starts
going
and
doing
stuff
with
education.
So
on
that
front,
I'm
totally
I
think
it's
it's
yeah.
Okay,
that's.
A
Okay,
so
yeah
so
I
I
didn't
again
I'm,
not
spending
an
enormous
amount
of
time
on
this,
and
neither
are
the
rest
of
us
right.
It
was
a
point
of
okay.
What
are
we
trying
to
drive
towards
and
how
are
we
going
to
do
it
now
I'm
trying
to
think
where
is
it
the
goals
we
had
some
short-term
goals
and
I'm
trying
to
find
them.
A
A
A
A
So
that'll
be
one
thing
that
that
helps
and
then
the
other
blog
says
as
well
and
I
think
that's
pretty
much
it
as
long
as
we
can
try
to,
from
a
short-term
perspective,
get
closed
out
on
the
Oscar
and
start
truly
writing
those
blogs
I
think
we'll
be
in
good
shape
from
a
short
term
and
a
long
term,
obviously
that
that
can
be
a
discussion
for
a
different
day,
so
thoughts,
questions,
concerns.
A
A
D
D
But
there's
this
file,
which
is
sort
of
the
oscow
catalog
schema
and
these
the
areas
where
it's
a
little
unclear
to
me
and
once
again
this
is
the
the
Json
schema
that
you
would
then
follow
to
generate
the
actual
thing
there,
and
so
there
is
an
open
question
as
to
whether
or
not
the
salsa
requirements
really
fit
the
oscow
control
catalog.
D
So
that's
something
worth
I
think
discussing
with
probably
a
few
of
the
other
folks,
but
the
idea
here
and
so
just
to
kind
of
give
you
a
bit
of
an
understanding.
There's
like
there's
that
schema.
There's
that
catalog
schema
there's
also.
D
Yeah
so
yeah
sure
I
I
can
do
that.
Give
me
one
second
here.
D
Okay,
so
here's
a
bunch
of
the
schema
definitions
coming
from
ozcal
and
so
not
gonna
get
too
deep
into
this,
because
this
is
unreadable
over
over
a
presentation.
However,
there
is,
if
I,
just
move
this
out
of
the
way
so
I
can
get
the
link
here.
D
D
Potentially,
you
know,
there's
there's
some
tools
out
there
that
can
help
out
here,
but
pretty
much
anything
that
will
allow
you
to
sort
of
take
like
a
spreadsheet
and
turn
it
into
Json
or
whatever.
We'll
we'll.
Also
help
will
also
help
out
here,
but
there
is
also
the.
D
There's
a
bunch
of
stuff
in
the
nist
thing,
which
allows
us
to
sort
of
like
take
a
look
at
the
different
kind
of
like
layers,
so
there's
a
bunch
of
different
layers
in
here,
the
ones
that
are
important
here-
and
this
is
where
you
know
once
again-
is
salsa.
D
A
Eco
sauce
is
a
framework
not
really
a
set
of
controls,
but
we
might
still
be
able
to
still
leverage
it
and,
and
that
sort
of
thing
is
just
something
we
need
to
kind
of
like
talk
through,
but
there's
the
catalog
model
and
the
catalog
model,
if
I,
actually
kind
of
like
look
through
the
catalog
model
is
where
is
this?
D
You
could
actually
sort
of
see
like
you
know,
this
is
what
that
actual
thing
looks
like
there
is
going
to
be
a
set
of
controls
and
each
control
has
a
bunch
of
parameters
in
there,
and
so,
if
I
look
at
a
nist
853
control,
you
know
this
looks
like
and
you're
all
probably
familiar
with
this
sort
of
thing.
It's
like
ac1
policies
and
procedures
and
the
control.
D
You
know
be
thought
about
in
a
more
human,
readable,
sort
of
way,
related
controls,
control,
enhancements
and
any
sort
of
other
references,
and
so,
if
I
look
at
the
XML
or
Json,
it
looks
like
this
right,
and
so
you
can
imagine
at
some
level
the
salsa
controls
or
salsa
requirements,
I
should
say
could
be
described
in
the
same
way
right
where
you
have
something
like
the
label,
which
is
the
name
of
the
you
know
what
the
actual
label
name
of
the
control
is,
you
know
and
whatever
other
stuff
there
is
and
there's
a
bunch
of
different
things
in
here
which
I'm
not
going
to
get
too
deep
into.
D
You
know
guidance
around
the
control
and
and
whatever,
and
so
the
idea
here
right
is
is
we
could
encode
the
salsa
thing
in
here
and
then,
as
other
people
who
are
using
oscow,
tooling
and
the
obviously
the
big
question
now
based
on
some
of
the
conversations
is
like
a
lot
of
people
are
like.
D
Oh,
you
know,
oscow
looks
really
cool,
but
who's
actually
using
it
and
who's
who's
actually
doing
a
bunch
of
stuff
with
it
is,
is
kind
of
a
another
question,
but
this
is
really
how
A
lot
of
that
sort
of
stuff
works
at
the
level
down
and
as
far
as
what
tools
are
used
to
then
like
actually
build
out.
This
XML
is
a
little
unclear
to
me.
There's
a
couple
of
different
things
in
the
the
oscow
GitHub
that
they
have.
D
They
still
have
the
thing
up
there
for
seeking.
Where
is
this
thing?
They
have
one
for
go
which
allows
them
to
build
out
this
thing,
but
they
do
have.
They
did
have
a
well.
Let
me
see
if
I
can
find
this.
D
They
did
have
a
page
here
we
go.
Yes
that
included
a
bunch
of
tools.
A
D
A
D
D
It
looks
like
there's
potentially
an
oscal
editor,
which
maybe
can
help
you
you
know,
can
help
out
there
I
don't
know
I.
Think
also
with
that
said,
you
know,
given
that
like
nist
853
has
a
few
hundred
controls
or
whatever
like
and
our
thing
has,
you
know
20
requirements.
D
It
might
just
be
that
relatively
easy,
just
to
kind
of
write
up
a
quick
little
thing
that
you
know
copies
the
HTML
from
the
page
or
whatever,
like
I'm
sure.
It's
not
going
to
be
that
big
of
a
deal
to
do
that.
I.
Think
the
bigger
question
here-
and
this
is
something
that
I
think
we,
if
there's
folks
who
we
can
figure
out,
maybe
even
call
up.
You
know
get
some
of
the
folks
from
the
nist
side
to
say:
hey
does
salsa
fit
right
now,
because
we
also
don't
want
to
it.
D
Don't
wanna
end
up
in
a
situation
where,
if
salsa
is
more
of
a
you
know
a
square
peg
kind
of
thing
and
you
know
Oscar's
more
of
a
round
hole.
We
don't
want
to
kind
of
just
force
it
in
there
for
the
sake
of
it
outside
of
like,
if
that's
not
the
case,
maybe
we
just
put
something
on
the
roadmap
to
either
keep
track
of
nist
oscow
or
build
something
ourselves
eventually
to
sort
of
do
some
of
that
mapping
or
whatever.
A
Okay,
so
if
I,
if
I
go
back
to
this
real
quick,
so
I,
don't
think
we
need
to
parse
the
the
at
least
not
for
the
Alpha
version.
We
don't
need
to
parse
the
the
website
right,
because
that
that
was
this
exercise
that
I
did.
However,
what
we
could
do
is
if
we
know
the
fields
if
I
can
get
this
to
download.
Oh,
it
is
downloading
I'm,
just
not
noticing
it.
A
It's
opening
up
on
my
trying
to
get
it
open
there.
It
is
I,
don't
know
why
it's
using
this,
but
so
nope,
that's
not
yeah.
Actually,
this
is
it
right.
All
we
have
to
do
would
be
changing
the
labels
or
the
order
in
which
things
happen
right,
but
you,
you
showed
like
a
description.
A
So
as
long
as
we
know
the
fields
and
the
order
in
which
they
are
required,
then
we
can
just
alter
the
CSV
and
then
just
create
the
Json,
so
I'm
hopeful
that
we
can
do
this,
like
you
know,
with
the
sample
like
this,
this
is
very
small
right,
so
any
any
tool.
As
long
as
we
have-
and
you
said
what,
where
is
that
one
that
you
were
picking,
was
it
the
catalog.
D
Yeah,
so
the
the
catalog
is
the
one
because,
like
this
would
be,
you
would
essentially
have
the
requirements.
Would
each
be
a
thing
in
there
and
then
what
they
would
so
so
in
in
if
you
were
to
sort
of
to
take
a
step
back
just
for
a
second,
if
you
were
to
look
at
Salsa,
Salsa
would
most
likely
be
a
list
of
controls,
just
purely
the
requirements
and
literally
the
requirements
and
at
what
level
each
you
know.
D
So,
even
if,
like
certain
things
that
are
like
oh
there's,
a
couple
of
requirements
in
there
that
are
listed
as
like
at
level
two,
it's
required
at
level.
Three,
it's
required
and
authenticated.
D
For
that
specific
thing
you
would
those
would
probably
be
different
controls
under
the
the
the
the
oscal
model,
but
the
thing
that
they
would
also
have
is
they
would
have
the
the
concept
of
a
profile
which
so
there's
also
the
concept
of
a
nist
profile,
and
the
nist
profile
is
sort
of
saying
it's.
A
bunch
of
controls
that
meet
some
sort
of
like
Baseline.
B
A
So
because
what
you
were
showing
earlier
right,
yep.
D
Yep,
and
so
one
of
the
things
that's
sort
of
like
linked
out
of
here
is,
is
a
profile
and
a
profile
is
just
I.
D
Yep,
and
so
it's
so
it
just
to
kind
of
go
through
the
there's,
also
various
Json
references
throughout
here
as
well
that
allow
us
to
sort
of
like
look
at
what
each
of
the
individual
things
in
there
supposed
to
be
intended
for,
but
like
the
basic
idea
of
a
profile
is
according
to
just
their
own
website
is
an
oscow
document
that
describes
a
tailoring
of
controls
for
one
or
more
catalogs
with
possible
modification
of
multiple
controls.
D
So
in
this
case
you
would
imagine
a
profile
would
be
something
like
level
one
yeah.
Okay,
it
uses
these
requirements
in
these
ways,
level
two
would
be
a
profile
uses
these
controls
in
these
ways.
Level
three
is,
you
know.
A
Yep,
okay,
so
that
makes
sense.
So
let
me
write
that
down
so
I.
Don't
forget:
where
is
it?
Where
is
it
okay,
so
profiles?
So
one
two:
three:
okay.
D
If
you
click
on
reference
yeah,
not
that
one,
if
you
click
on
reference
in
there,
you
can
see
yeah,
that's
the
sort
of
stuff
that,
like
makes
it
very
easy
to
actually
see
what
what
what
are
the
things
that
are
you're,
actually
putting
into
that
that
Json
document
that
describes
something
like
salsa
yeah.
A
D
But
the
the
one
area
that
I
would
just
sort
of
say
I
would
take
a
step
back
and
just
sort
of
say
based
on
my
research.
That's
how
I
would
probably
do
it,
but
but
I
would
want
to
have
somebody
who's,
an
expert
in
oscow,
just
to
kind
of
do
a
sanity
check
and
say:
hey.
Does
that
seem
reasonable?
Is
there
something
that
I'm
missing
like?
Is
there
another
better
way
of
doing
it?
D
Is
this
an
abuse
of
oscow
I
just
want
to
make
sure
we
do
that,
as
opposed
to
saying
like
yeah,
we
did
this
oskal
thing
and
then
a
lot
of
people
are
like.
Oh
no,
don't
don't
do
it
that
way.
It's
it's
not
really
intended
to
do
it.
That
way
got
it.
A
Got
it
okay?
So
let
me
let
me
start
this
draft,
then
the
drop
of
okay.
This
is
for,
and
you
had
one
person
questions
that
you
had
recommended
before
in
the
slack
Channel.
B
A
Okay,
yeah,
you
mentioned
one
person
and
I
know
that
he
couldn't
make
this
time
so.
A
D
A
D
Yeah
I'm
actually
curious,
because
I
do
talk
to
him
relatively
frequently
what
the
status
is
on
his
end
and
like
whether
or
not
he's
also
an
expert
I'm,
not
sure,
there's
somebody
who
I
used
to
way
back
in
the
day.
So
this
is
probably
like
three
four
well
not
way
back
in
the
day,
but
three
four
years
ago,
when
I
was
starting
to
do
stuff
with
oscow,
was
it
David
Whitmer?
Something
like
that?
Well,
let
me
pull
up
his
name.
D
A
D
Yep
but
he's
I
I
believe
the
lead,
or
at
least
the
technical
lead
on
the
oscow
stuff.
A
D
A
D
You
and
you
know,
if
you
go
to
the
distribution
group,
usually
there's
there's
folks
who
are
who
are
pretty
reasonable
there.
They
also
have
there's
some
slack
alternative.
They
use
called
getter
I.
Think
as
well.
It's
hard
to
keep
track,
but
I'm.
D
I
mean
I
I,
it's
I've
right
now
on
my
on
my
my
workstation
here:
I
have
keybase
open
I,
have
a
matrix,
open,
I
have
Discord,
because
some
of
the
open
source
projects
use
Discord,
slack
Microsoft
teams
and
I.
Think
that's
all!
Oh!
No
by
the
my
book,
editor
likes
using
Skype,
so
yeah.
D
Oh
yeah,
there's
I
think
it
was
like
there's
jabber
and
pigeon
pigeon.
A
That's
what
it
was
pigeon
I
remember,
pigeon
days,
I
used
to
use
it
also
with
same
time,
because
IBM
had
same
time,
which
was
part
of
notes,
and
so
I
could
use
pigeon
to
not
only
use
do
same
time,
but
then
you
know
external
people
conversations
as
well,
so
it
was
quite
cool
but
I
I
I,
don't
know
if
it's
even
around
still
okay,
so
this
makes
sense,
I'll
reach
out
to
guitar,
okay,
I
I
figured.
Maybe
they
had
a
more
modern.
You
know
spunk
to
it,
and
it
didn't
have
the
e.
A
But
okay,
then
so,
why
don't
we
do
this,
since
that
is
gonna
require
a
little
bit
more
finessing
on
my
part
and
I?
Don't
think
anybody
wants
to
see
a
recording
of
me
going
through
the
email
or
slack
messages?
A
Why
don't
we
just
try
to
knock
this
out?
Then
where's.
The
there
was
only
one
section,
I
think
future
state
that
needed
work.
A
I,
remember
us
talking
about
it,
because
if
we
expand-
and
another
group
decides
to
take
on
the
education
that
this
may
change
and
so
I
think
that's
where
this
came
from.
So
we
can
probably
put
like
note.
B
D
So
I
believe
from
I
mean,
like
I,
think
the
guidelines
coming
out
of
openssf
I
think
is
like
once
a
year
unless
there
is
like,
unless
there's
like,
obviously
like
a
big
sort
of
shift
of.
Oh
it
turns
out,
we
took
on
a
lot
more-
maybe
let's
reevaluate
the
charter,
but
I
think
the
open
ssf
wants
projects
to
kind
of
just
you
know,
even
if
the
vote
is
no
changes
like
I,
think
it's
once
a
year,
I
I,
don't
know
just
to
be
also
clear
here.
D
The
the
even
talking
to
some
of
the
folks
in
the
attack
there's
been
a
bunch
of
back
and
forth
on
different
things
and
how
they've
gotten
adopted
and
certain
things
that
are
like.
Oh
we're,
probably
going
to
adopt
a
rule
that
looks
like
this,
but
we
haven't
adopted
it
yet
so
don't
don't
don't
hold
me
hold
me
to
it.
Okay,.
A
A
B
A
A
Otherwise
we
can
keep
it
as
is,
and
then
this
one
I
wasn't
sure
how
to
address.
A
This
is
the
only
other
thing
which
is,
if
there's
deficiency,
how
do
we
bring
it
back
to
salsa
Community
right
in
my
mind,
it
made
sense
because
we're
talking
about
identifying
other
use
cases
I,
think
where
is
it
identifying
new
use
cases
and
identifying
opportunities
for
salsa
expansion,
so
I
think
in
my
head?
I
had
already
considered
it,
but
it's
not
in
here
right.
It's
kind
of
education
and
I
think
you
know
I
guess
encouraging
had
those
elements.
A
B
A
A
A
step
after
evaluate
right
is
like
to
recommend
or
reconcile,
but
I
saw
that
as
educate
and
then
in
terms
of
identifying
ways
to
expand
salsa.
That
would
be
that's
kind
of
here,
but
the
real
question
is:
should
we
add
a
statement
in
here
that
explains
that
right
after
the
evaluation,
you
would
then
educate
and
bring
back
the
findings
for
the
the
Sig
members
and
for
the
broader
community,
Etc
et
cetera.
B
I,
don't
think
so.
I
think
that
it's
clear
the
way
it
is
at
least
you
explained
to
me
so
yeah.
B
A
Patients
are
performed-
let's
say,
We'll,
recommend.
A
Wait
wait
what
of
salsa
what
I
was
trying
to
say
and
see?
This
is
where
my
English
is
horrible.
Basically
saying
impacts
on
salsa
and.
B
A
C
A
B
A
B
Positioning
after
evaluation,
our
performance,
this
see
you
having
a
position
published
something
like
that.
It's
not
necessarily
education,
because
education,
my
opinion's
like
abroad,
you
go
when
the
and
you
try
to
make
people
understand
position
it
like
a
wow.
We
did
this
and
that's
the
the
position
that
we
have
that's
the
default
and
reason
that
we
arrived
that
that
that
that
that
conclusion,
okay.
A
Okay,
okay,
so
I
think,
okay,
so
this
one
has
floats
this:
one
has
votes,
I,
don't
know!
If
this
flows,
someone
can
look
at
that
and
then
I
can
give
it
a
thumbs
up
and
then,
if
other
people
can
can
come
in
here
and
put
their
own
pump
up
and
then
I
can
open
up
a
PR
to
incorporate
this
into
the
salsa
documentation.
A
Yep
yeah
those
were
the
last
two,
so
this
one
I'm
not
sure
everything.
A
B
D
B
A
I
have
that
broader
word
again,
Bruno
so
feel
free
to
give
me
different
wording.
There.
B
A
Then
so
I
have
three
of
Mike
and
Josh.
If
you
want
to
read
the
encourage
and
operating
rules,
this
is
just
basically,
you
know
what
we're
trying
to
aim
for
right
and
so
I
think
we
decided
this
like
in
one
of
the
first
few
meetings,
that
this
is
what
we're
gonna
do
and
then
anything
else
would
be
kind
of
more
long-term
as
we
get
situated.
B
B
A
D
Yeah,
so
it
helps
out
in
a
couple
of
different
ways:
one
is
it
lets
us
sort
of
Define
potentially
right.
It
helps
us
to
find
potentially
salsa
as
machine
readable
format,
so
that
somebody
could
go
in
and
say
great
if
I
want
to,
you
know,
build
a
document.
I
could
just
pull
down
that
Json,
schema
and
I
would
automatically
have
all
the
requirements
and
yeah
that's
one
reason.
Another
reason
is
well.
You
can
then
take
those
requirements
and
then
say:
okay
great
well.
How
does
that
map
to?
Let's
say
nist
853?
D
The
other
thing
that
folks
have
done
a
little
bit
here
and
there
with
with
oscow,
is
in
the
cases
of
nist
853,
mostly,
is
folks,
can
tag
elements
of
their
software
with
something
like
I
meet
this
requirement
and
here's
the
proof
like
here's
the
function
that
does
that
or
here's
the
control
that
does
that
or
here's
the
config
file
that
you
know
or
here's
the
document
that
that
shows
that
thing
and
then
that
would
allow
for
automated
tools
to
come
in
and
say
great
I
to
tell
you
that
I'm
doing
salsa
here
is
my
build
config
and
here's
this
here's.
D
This
and
here's
me
tagged
the
build
config
with
you
know
the
source
and
you
know
blah
blah
whatever
it
is,
and
so
then,
that
sort
of
thing
allows
people
to
potentially
just
automate
sort
of
compliance.
B
D
Yeah
pretty
much
is
we
want
to
be
interoperable
with
other,
you
know,
controls
and
other
requirements
and
other
Frameworks,
and
we
want
to
make
sure
that
you
know
if
there
is.
You
know
a
particular
requirement
here
that
matches
another
requirement
somewhere
else.
If
somebody's
doing
those
other
things-
and
they
say
oh,
do
I
need
to
go
back
and
do
all
this
work
to
figure
out.
If
I'm
you
know
salsa
compliant
and
it's
like
oh
I'm,
actually
already,
mostly
salsa
compliant
I'm,
only
just
missing
these
two
things,
because
I'm
already
doing
these
other
things.
A
A
C
So
right
now
so
we've
done
Red
Hat
a
cross
between
this
853
by
the
way
and
salsa
yep.
A
Yeah
Emmy
and
I
forget
the
other
girl's
name.
She
worked
with
me
and
not
Bruno.
B
B
A
How
do
you
get
it
back
without
having
to
do
manual
work?
It
is
very
difficult,
so.
A
Okay,
so
Mike
and
Josh.
If
you
can
do
these
last
two
and
then
I'll
stop
bugging
you
yeah.
A
A
A
A
Fine
yay,
we
have
the
minimum
three
okay
thanks
folks,
anything
else
in
terms
of
working
session
or
any
of
these
other
things
that
we
need
to
kind.
C
C
Yeah
we're
getting
close
to
I!
Think
that's
something
that
we're
going
to
want
to
kind
of
show
to
the
larger
positioning
group
Next,
maybe
next
week,
when
everyone's
around,
but
so
far
it's
in
a
it's
in
a
pretty
good
place.
And
if
anyone
wants
to
get
a
first
look,
then
please,
let
me
know
and
I
can
get
your
get
you
on
that
document.
Sure
on
Google.
A
Works
anything
up
and
thanks
for
joining
Josh,
of
course,
I
know.
Laura
said
that
she
she's
had
conflict
since
she's
been
trying
to
join
she.
She
has
conflicts
lately.
C
B
A
Yeah
that
that
I
I
don't
envy
that
that
situation
right
now,
because
I
can
only
imagine
the
chaos
of
boxes
and
all
that
other
stuff,
oh,
my
goodness,
I
still
have
boxes
from
like
when
I
moved
from
North
Carolina
to
Texas
10
years
ago
and
I've
never
touched.
Oh.
C
A
A
Not
super
important,
no!
It's
just
things
that
I
lug
around
gosh,
yeah,
anywho,
okay,
well,
I'll!
Let
you
all
go
I'm,
just
kind
of
cleaning
up
the
notes
so
that
they
are
human,
readable.
B
A
And
this
is
for
a
Blog,
and
so
we
I
forget
where
it
is.
There's,
oh,
where
is
it?
Where?
Is
it
I'm?
Looking
for
it
because
I
it's
hard
to
talk
to
where'd
it
go,
you
know
just
see
it
get
high
right,
no
framework!
Well,
there's
gonna
be
a
lot
of
Frameworks
well
and
I'm,
trying
to
find
I'm
trying
to
find
the
picture
for
you,
because
otherwise,
I'm
gonna,
oh.
A
That,
yes,
yes,
it's
this
end
to
end
but
I'm,
changing
it
to
life
cycle
instead
of
framework,
because
it's
not
a
framework.
It's
just
visualizing
the
life
cycle,
and
so
you
know
development
was
part
of
it.
Build
was
part
of
it
and
then
there's
a
published
artifacts
portion
and
then
at
the
bottom
there's
a
concept
of
continuous
compliance
where.
B
A
It's
not
just
a
one
and
done
what
do
you
do
from
a
devops
perspective
or
potentially
even
salsa,
to
ensure
continuous
compliance.
A
But
because
we
don't
think
we're
gonna
write
it
this
year,
it
was
just
like
if
I
could
write
some
general
thoughts
on
what
we
could
talk
about.
That
was
all
I
was
going
for,
but
there's
no
way
we'll
be
able
to
write
that
this
year.
We
need
to
focus
on
these
other
three
yeah
yeah.