►
From YouTube: Supply Chain Integrity WG (January 18, 2023)
C
D
Yeah,
it's
a
it's
one
of
the
shields.
It's
a
second
Shield
that
was
made
for
my
fraternities
back
to
to
19.
Let's
say
this
was
1921
that
the
shield
it's
it's
long
since
changes,
but
this
happens
to
be
my
favorite
one.
So
when
I,
when
I,
when
I
like.
B
E
B
Was
fun
yeah?
You
know
what
I
hear
you
this,
so
my
wife
had
to
dash
out
of
town
yesterday
on
an
emergency
family
thing,
so
I'm
sort
of
parenting
with
the
two
kids.
My
boss
is
out
sick
and
today
is
a
snow
day
here
in
Boulder
and.
E
B
Right
I
know
it
crossed
my
mind
to
send
my
kids
out
first
thing
to
go,
get
fireworks,
so
we
could.
We
could
light
a
fire
and
keep
warm,
but
they
got
away
with
getting
up
and
just
getting
ourselves
breakfast
knowing
screen
time.
Of
course,
here
we
are
okay,
I'm
gonna,
try
and
share
this
thing
here.
B
B
My
screen
yep,
wonderful,
okay,
cool,
so
what
I
hoped
we
do
today
so
I
put
in
the
agenda?
We've
got
three
items
and
we'll
see
how
far
we
get
down
the
agenda.
This
document
we
talked
last
time
about
you
know
having
you
know.
We
have
something
about.
You
know
open,
ssf,
top
level,
Vision
Direction
scope.
What's
the
openness
is
f
about
and
then
I
think
you
know
we
have
individual
projects
like
salsa
and
Fresca
and
sgc2f
and
and
so
on.
B
Joshua
don't
tell
everyone,
but
we
so
we
have
we.
What
we
don't
have
is
a
really
crisp
and
clear
kind
of
north
star
or
direction
for
the
the
supply
chain.
Integrity
working
group,
which
kind
of
sits
between
the
two.
You
know
it's
a
pleasure,
Integrity
working
group
containing
the
salsa
and
Fresca
and
s2c2f,
and
who
knows
what
else
in
the
future
but
itself
doesn't
have
really
much
of
you
know
a
an
actionable
or
or
helpful
North
Star
I
mean
I
read
the
charter.
B
You
can
all
read
the
charter
too.
It's
linked
from
the
top
of
the
the
node
stock.
It's
broad!
It's
generic!
It
doesn't
seem
that
it
would
be
particularly
helpful
in
guiding
day-to-day
decisions
and
directions
and
that's
kind
of
what
I,
what
I'm
hoping
we
can
jointly
produce
I
a
document
which
and
I
think
Melbourne
made
the
comment
that
hopefully
we
don't
touch
very
much.
Hopefully
we
don't
have
to
continue
editing
and
refining
it.
B
Hopefully
we
set
this
and
say
you
know
what
this
is
probably
gonna,
Orient
and
guide
us
for
the
next
year
or
even
two
and
then
there'll
be
lots
of
activities
at
the
day-to-day
level
in
the
individual
projects
and
and
and
sigs,
but
this
will
continue
to
be
our
North
Star.
So,
with
that
in
mind,
I,
you
know
I've
done
several
things
in
slack
about
this
doc.
I
know
a
lot
of
you
reviewed
it
provided
comments
for
which
many
thanks.
B
My
proposal
is,
first
of
all,
just
to
kind
of
open
the
floor,
see
if
anyone's
got
any
general
comments,
like
does.
Does
this
with
the
problem
I've
identified
about
having
a
missing
middle,
not
having
something
which
guides
an
audience
and
and
helps
the
day-to-day
decision
making?
Does
anyone
have
opinions
about
whether
this
doc
gets
us
towards
that?
And
it
feels
to
me,
I
mean
I,
I,
say
it
with
my
author's
bias.
B
B
Got
a
thumbs
up
from
Joshua,
okay.
Well,
in
that
case,
we
can
dive
into
individual
comments
and
what
I
want
to
do?
You
know
I,
don't
proposally
read
through
the
top
to
bottom
I
promise.
We
do
a
quick
view
at
each
comment
and
then
for
each
one
decide.
What
do
we
want
to
do?
Do
we
want
to
assign
an
action,
I
kind
of
figured,
that
some
of
these
will
be
action
with
me
to
clarify
or
work
the
comment
into
the
dark?
B
So
this
first
comment
here
about
the
shared
vocabulary
and
problem
model
for
the
industry
or
he's
got
a
good
point
here
about
hey.
You
know
what
we're
going
to
be
talking
about.
My
intention
really
was
was
not
in
terms
of
you
know,
formalizing
or
coming
up
with
a
prescriptive
or
normative
standard.
It
was
more
of
the
observation
that
you
know
today.
B
I
think
that
salsa
itself
and
salsa.dev
has
provided
already
provided
a
useful
set
of
vocab
for
the
industry
like
when
people
say
you
know
provenance
now,
you
know
salsa
provides
a
useful
definition,
a
useful
anchor
for
that
term
when
people
think
think
about
Providence
and
I've
heard
people.
You
know
talk
about,
oh,
wouldn't
it
be
great
to
have
an
s-bomb
that
you
know,
links
a
binary
to
individual
source
files
and
I'm
like
wow.
That's
not
quite
an
s-bomb
I
think
you're
more
talking
about
binary
provenance.
B
But
again
my
thought
is
that
we
don't
need
to
get
super
formal
with
this
vocabulary,
but
more
recognize
that
part
of
the
value
that
we're
providing
in
the
supply
chain.
Integrity
group
is,
you
know
just
normalizing
some
of
these
Concepts
at
a
high
level
and
and
start
to
encourage
people
to
use
the
same
words
for
the
same
things.
Does
anyone
disagree
or
have
any
additional
thoughts
on
that.
D
Oh
yeah,
so
you
know
whenever
we
talk
about
any
type
of
standardization,
with
respect
to
Concepts
or
terms
or
or
vocabulary
like
that.
My
first
question
is
always
how,
in
sync,
are
we
with
best
practices
right
with
the
best
practices,
working
group
and
and
the
initiatives
that
they
have
around
building
guides
and
also
their
their
glossary
they're,
building
a
glossary
of
terms,
Etc,
right
and
I?
Think
always
while
I
I
mean
the
argument
comes
back?
D
Well,
you
don't
want
to
have
this
dictate
that
or
that
dictate
this,
which
is
all
true,
but
I
do
think.
As
far
as
the
openness
and
stuff
is
concerned,
we
should
be
speaking
with
one
voice
across
the
entirety
of
the
openness
and
stuff
and
I.
Think
that's
the
idea
behind
the
diagram
of
society
and
trying
to
build
that
that
trying
to
build
those,
those
schemas
and
trying
to
build
that
nomenclature
across
the
board.
Like
hey,
what
is
everyone
doing?
D
How
does
it
all
relate
to
what
how
was
every
working
group
doing
how's
it
aligned
with
what
how's
the
line
with
each
working
group
or
what
how's
the
line
against
the
the
the
broader
Mission
like
that,
but
I'm
just
thinking
this
is
great,
and
this
is
exactly
exactly
what
we
should
be
doing,
because
s2c2f
Salsa
Fresca
and
anything
else
we
do.
D
The
terms
should
all
somewhat
look
the
same
in
order
for
them
to
have
the
proper
balance
in
alignment
with
one
another,
but
so
should
how
we
communicate
these
terms
and
how
we
communicate
these
specs
across
the
entirety
of
the
openness
itself,
when
we're
reaching
out
to
different
parts
of
the
industry
with
respect
to
what
each
working
group
is
is
trying
to
do
right.
D
So
so
I
I,
so
I
go
back
to
it
and
say:
are
we
making
sure
that
we're
that
we're
aligning
one
way
or
the
other,
whether
it's
our
terms
or
the
best
ones
that
they
should
use
right
so
take
from
us
and
then
put
into
your
glossary,
or
should
we
take
from
that
glossary
and
bring
it
back?
Bring
those
some
of
those
terms
back
to
what
we're
doing
here.
G
B
No
I
I
love
that
I
think
that's
exactly
right
and
I'm
going
to
add
some
notes
and
tag
the
comments
as
we
go
here
with
follow-up
and
so
I'll
I'll.
Definitely
make
that
note
here.
Joshua
you
overview
yeah.
F
I
just
wanted
to
like
I
completely
agree
that
we
need
a
shared
vocabulary.
Problem
model
I
think
we
need
to
like
I
I
see
this
as
being
a
phase
thing
like
we
need
to
get
our
own
house
in
in
order
like
the
SEI
WG
and
the
projects
that
form
part
of
that,
then
we
can
try
and
get
like,
of
course,
open
ssf
agreement
or
normalization
of
terms.
The
industry
is
going
to
be
a
long
battle
like
provenance.
F
Salsa's
definition
of
provenance
does
not
agree
with
how
half
of
the
people
I
talk
to
interpret
Providence.
It's
an
ongoing
ongoing
battle,
so,
like
I,
think
I
fully
agree
with
the
goal.
Let's
just
be
aware
that
this
is
a
long-term
thing,
but
having
a
set
of
definitions,
we
all
agree
on
that.
We
can
start.
Socializing
is
like
super
valuable.
B
Love
it
I'm
going
to
follow
up
with
you
about
those
those
conflicting
definitions
of
provenance.
I'm
super
interested
I've,
seen
some
of
that
emerging
here
internally
at
Google
as
well,
and
then
I'm
trying
to
get
a
handle
on
it.
So
I'd
love
to
hear
what
you're
seeing
too
okay
I'm
I'm
going
to
close
out
on
that.
B
One
and
I've
got
some
some
follow-ups
tagged
in
the
comment
here,
so
that
we
don't
forget
that
what
we're
up
to
this
point
about
interoperability
here
or
erased
I
think
you
know,
there's
much
that's
easy
to
say
and
how
to
define
a
more
concrete
definition.
I
actually
I
mean
I
I
struggle.
With
this
a
little
bit
I
mean
I.
I
wrote
ready
interoperability,
meaning
that
hey
you
know
we
have
you
know.
B
Supply
Chain
by
its
nature,
is
a
chain
with
you
know:
parts
of
the
chain
living
in
different
organizations,
perhaps
living
in
different
technology
technology
ecosystems,
perhaps
living
in
the
open
source
domain,
and
you
know,
parts
of
it
in
the
closed
Source
domain,
and
so
I
meant
to
interoperability
that
these
various
domains,
whether
you
divide
up
by
language,
ecosystem
or
by
technology
or
by
open,
closed
Source
or
across
organizational
boundaries,
that
the
various
pieces
of
the
supply
chain
interoperate
and
speak
themselves,
a
Common
Language.
F
Yeah
I
think
we
are
looking
for
like
a
coherence,
interoperability,
interoperable
set
of
projects
within
the
working
group
like
how,
when
I
was
thinking
about
this
a
bit
earlier
and
adding
comments
to
the
doc.
It's
not
entirely
clear
to
me,
because
I
haven't
had
a
chance
to
dig
into
them
like
how
scorecards
and
I
think
you
refer
to
it
as
S2,
but
the
acronym
that
I
cannot
remember.
F
F
The
context
of
this
working
group
have
a
consistent
narrative
and
can
be
coherently
plugged
together
into
a
into
a
sort
of
cure
software
supply
chain.
That's
the
first
step
for
interoperability,
I
think
and
then
yeah
part
of
that
is
just
being
super
creative
about
what
the
what
the
interfaces
are
between
them
and
and
therefore
like
what
the
apis
or
data
formats
or
whatever,
that
they
Expose
and
therefore
can
be
adopted
more
broadly
yeah.
That's
how
I
would
interpret
that.
B
That
makes
sense,
I
couldn't
I'll,
add
a
little
bit
more
detail.
I
don't
want
to
get
this
I,
don't
this
document
to
kind
of
Veer
too
far
into
into
problem
solving
but
more
describing
the
problem.
But
I
will
your
comments
there
on
point
Joshua
and
I'll
I'll
work,
those
in
and
thank
you
let's
see.
Do
we
have
a
daughter
on
the
call
here.
C
B
C
Yeah
I
mean
ultimately
we're
calling
out
the
pragmatic
supply
chain
security
framework
right
then
covering
key
functional
areas
from
my
perspective
would
be
making
sure
vulnerability.
Management
is
involved
procurement,
depending
on
how
kind
of
like
the
the
software
is
ingested
right.
So.
D
C
From
an
Enterprise
view,
how
do
all
the
parts
from
domain
perspective
come
together
right,
yeah
does.
A
B
Okay,
Melba
I
think
I
I
unilaterally
gave
you
an
action
here
to
to
reword
this
one
to
your
preference.
I.
Don't
think
I
think
we're
talking
about
the
same
thing
and
just
word
smithing
here.
So
unless
anyone
has
additional
comments
on
this
one
I
suppose
we
move
on
to
the
next,
and
maybe
you
can
take
that
one
up
offline,
the
the
point
about
Fresca
here:
do
we
have
Mr
Lieberman
with
us
today,
I,
don't
think
we
do
Melvin.
E
Yeah,
it
was
because
it
said
if
you
scroll
up,
see
also
Fresca,
and
so
my
point
was
hey.
We
shouldn't
limit
ourselves
to
just
Fresca.
E
Because
there
is
tooling
coming
from
the
different
subgroups,
salsa,
potentially
S2
c2f,
and
maybe
there
might
be
more
down
the
road,
so
my
recommendation
was
don't
just
say,
Fresca
or
remove
it
all
together,
but
Mike
said
well
what,
if
we
do,
EG
an
example,
Fresca
and
so
I,
like
more
of
the
example
versus
see,
also
Fresca,
because
that's
almost
saying
like
that's
the
de
facto
that's
what
we're.
B
B
No,
but
it's
important
like
I
mean
this
is
we're
hoping
this
document
lasts
a
while
we're
gonna
have
lots
of
people
look
at
it.
Some
with
you
know
where
everyone's
varying
degrees
of
context,
so
I
I
appreciate
the
value
of
wordsmithing
and
I.
Think
it's
important
that
we
get
this
right,
so
I
will
I'll
make
that
change
of
clarify
ooh
interesting
one.
Here
we
had
do
we
have
William.
Oh,
we
do
have
William
here
today.
I
I
would
love
to
hear
your
additional
thoughts
on
this
and
and
Melba.
B
You
too,
I'll
give
you
what
what
my
intent
was
with
with
this,
that
this
this
framework
shouldn't
require
you
to
get
value
from
this
framework.
It
shouldn't
require
that
you
trust
GitHub
or
you
trust
Google,
or
you
trust
Microsoft,
or
you
trust
this
entity
or
that
entity
or
ideally
it
should
be.
You
know
that
who
you
trust
should
be
up
to
you
and
me,
as
a
consumer.
B
I
can
say
well,
I,
trust,
Pipi
and
I
trust
GitHub,
and
that
is
going
to
you
know
give
me
the
anchors
from
which
my
policy
decisions
would
be
based.
It's
not
up
to
the
framework
to
tell
me
who
is
trustworthy
in
this
ecosystem.
That
was
my
intent
with
this,
but
but
William
melber
give
me
your
thoughts
so
so.
G
You
just
described
I
think
that
that
is
I
agree.
What
we
should
be,
we
should
be
saying
here:
I
was
responding
to
ori's
comment
of
of
consumer
selected
versus
he
was
suggesting
regulator,
selected
and
I.
Think
what
Melvin
and
I
were
kind
of
saying
there
was
well
I,
was
first
saying,
like
I,
think
consumers
can
select
if
they
want
to
have
a
regulator
selected.
So
it
assumes
that
and.
A
G
Melba's
comment
was:
have
we
really
defined,
what
we
meant
by
a
consumer
in
this
and
I
could
see
a
consumer
being?
What
you
described
would
be
someone
with
a
different
context,
could
view
consumer
being
an
end
consumer
or
a
company
using
software
from
a
provider,
so
I
think
we're
clear.
The
consumer
is
really
a
consumer
of
like
the
supply
chain
right,
because
that's
really
the
focus
here
and
that's
not
what
we
need
and
clarified
I,
don't
think
we're
fine.
B
Great,
that's
so
I'll
note
that
I
think
there
was
that
Echoes.
Some
other
comments,
also
in
the
talk
about
consumer
and
Josh,
had
a
a
different
preferred
term.
I.
Think
consumers
are
it's
it's
great
because
hey
it's
a
very
consuming
software,
it's
terrible
because
some
some
people
think
consumer
means
and
consumer,
or
you
know
someone
who
goes
and
buys
software
retail
Off,
the
Shelf
at
Best
Buy.
B
Some
people
think
about
consumer
as
someone
who
uses
something
up
and
consumes
it
gradually
over
time
until
there's
nothing
left,
neither
of
which
is
intended
here
and
so.
I
will
I'll
close
this
out
with
additional
Clarity,
but
I
think
it
sounds
like
we're
agreed
on
the
principle.
D
B
That's
a
good
point
so
I'm
just
writing.
The
consumer
main
include
anchor
suitable
clone
regulatory
context.
Given
that
you
know
every
consumer
is
going
to
exist
in
a
different.
You
know
regulatory
domain
and
hey
you
know
in
the
EU.
Maybe
there
will
be
a
requirement
to
trust
this
entity
or
that
entity
who
knows,
but
it's
a
good
point
and
I
will
note
that.
B
Okay,
scrolling
down
I
think
there's.
This
is
a
totally
fine
point.
I
mean
I
noticed
that
lots
more
needed
I
already
made
a
specific
suggestion
about
what
could
be
included
in
that
lot.
I
agree
with
it
and
I
thought
it
looks
like
you
do
too,
and
so
I
will
I'll
upload
some
additional
thought
and
work
into
that
and
I
invite
you
all
to
do
the
same.
B
Actually,
anyone
who
requests
edit
access
to
this
document
I'll
give
it
I
just
don't
want
to
make
it
editable
by
the
entire
internet,
because
it
feels
like
that's
a
something
of
a
recipe
for
disaster
Melba.
You
made
the
point
that
we
could
up
level
Fresco
to
the
the
top
level.
E
B
That's
a
good
point
again
reflect
my
authorial
bias
that
I
espresso
is
the
area
I,
know
least
about,
and
so
there
we
go
okay.
So,
let's?
What
are
we
talking
about
here?
Oh,
yes,
collaboration
and
Melbourne.
B
I
really
agree
with
with
your
point
here
that
I
think
that
you
know
we
should
be
cautious
about
trying
to
boil
the
ocean
and
trying
to
immediately
go
from
from
zero
to
100
and,
like
kind
of
you
know,
for
going
from
an
insular
Community
to
one
that
includes
the
entire
world
and
its
collaborative
universe
and
I
think
we
have
a
natural
set
of
concentric
Rings
here
and
with
you
know,
salsa.
You
know
next
scope,
workers,
SCI
and
xcopark.
B
It's
open,
ssf
next
goes
up
with
LF
and
and
so
on,
and
we
can
work
on
collaboration
in
that
order
and
I
think
that
you
know
I
mean
I,
think
I,
don't
know
whether
you
wrote
it
but
getting
our
own
house
in
order.
First,
like
let's
go
to
get,
let's
get
good
at
collaboration
with
that
in
our
own
group
and
then
the
group
surrounding
us
and
then
work
out
from
there
rather
than
trying
to
solve
everything
at
once
and
I
I.
Very
much
agree
with
that.
F
So,
just
to
add
on
to
that
Isaac
I
think
we
can
add,
like
better
communication
with
those
other
groups
prior
to
like
more
explicit,
more
active
collaboration
right
like
being
more
aware
of
what
they're
doing
and
better
communicating
what
we
are
doing
is
a
first
step
that
we
can
call
out
separately
to
a
more
deeper
engagement
and
collaboration.
B
Cool
okay.
B
Specific
Outreach
plan
Melba,
you
got
me
and
Joshua
both
ganging
up
on
you
now
that
about
this,
the
SEI
positioning
idea,
I
I
mean
it
feels
to
me
I
mean
certainly
looking
actually
at
the
the
notes
that
you
shared
from
the
positioning
meeting
yesterday.
It
feels
to
me,
like
you're,
already
doing
the
work
of
SEI
positioning
and
at
this
stage,
actually
it's
probably
more
just
about
renaming
the
thing.
B
To
be
honest,
I
mean
looking
at
Salsa
positioning,
you're
already
thinking
at
a
you
know
about
salsa
and
Fresca
and
s2c2f
and
other
things
and
how
they
all
fit
together,
and
so
I
think
that
you
know
yeah
it
just
as
a
matter
of
pragmatics,
you're
already
doing
the
work,
and
it's
just
a
matter
of
you
know,
renaming
the
thing
to
reflect
the
scope,
you're
actually
working
on,
but
I'd
love
to
hear
your
thoughts.
E
Yeah
I
think
we
would
need
and
make
sure
that
there
are
co-leads
from
the
other
groups
right
because
I
don't
know
everything
about
Fresca
I,
don't
know
everything
about
s2c2fs.
As
long
as
we
have
co-leads
from
each
of
the
different
subgroups
than
I
think
we
would
be
fine,
but
that
would
be
the
biggest
challenge.
E
D
So
I
mean
we
talked
about
this.
We
talked
about
this
until
last
year,
and
this
was
just
this.
D
This
colored
inside
the
lines
of
where
we
were
headed
when
we're
talking
about
this
Focus
right
here
right
and
and
how
we,
how
we
position
everything
coming
together,
I
think
the
one
thing
that
if
we
joined
the
last
the
last
statement
about
collaboration
and
getting
our
own
house
in
order
and
then
merging
that
into
this
when
it
comes
to
positioning
I,
think
those
things
work,
hand
in
hand
right,
you
get
get
our
own
house
in
order
where
we're
at
with
salsa
s2c2f
fresca
I
mean
hell.
D
There
are
other
things
that
happen
out
there
too,
and
the
point
about
getting
a
house
in
order
is
just
that
I
know
in
the
CDF
and
their
supply
chain.
Integrity
working
group
they're
working
on
something
over
there
maturity
model
over
there,
that's
supposed
to
be
something
bolted
onto
the
back
end
of
salsa,
and
they
actually
say
this
inside
of
their
repo
inside
of
their
working
group.
D
That
is
to
bundle
all
of
the
artifacts
that
are
being
created
through
these
things
in
such
a
way
that
they
can
be
archived
properly
and
that's
what's
being
discussed
over
there.
So
we
get
our
house
in
order
and
then
do
some
of
that
Outreach
too.
D
But
that
can
only
happen
if
we
do
what
we,
what
we're
talking
about
here
and
then,
of
course,
maybe
race
positioning
up
to
the
point
where,
once
we
have
our
house
in
order,
we
can
properly
position
some
of
the
things
we're
doing
and
creating
those
conversations
so
that
when
we
take
those
tentacles
and
reach
out,
we're
reach
reaching
out
with
that
one
voice.
Right
I
mean
that
all
that
all
makes
perfect
sense.
B
It's
a
good
point
Jay
that
we
should
make
sure
that
we
we
have.
You
know
in
the
first
instance
a
situational
awareness
of
the
you
know
the
adjacencies
around
us.
You
know
what,
like
you
say,
I
mean:
there's
the
supply
chain,
maturity,
working
group
in
the
CDF
and
that's
chaired
by
actually
a
colleague
of
mine
at
Google,
and
perhaps
we
could
have
him
come
and
talk
to
her
sometime
about
his
intent
of
what
he's
doing,
but
Step
One
is
like
kind
of
becoming
aware
of
these
adjacency
step.
B
Two
is,
is
kind
of
figuring
out
how
we
fit
alongside
them
or
where
we
don't
fit
or
where
we
need
more
active
collaboration
and
then
step
three
is
providing
a
map
of
the
entire
universe.
I'm
open
to
success,
of
just
being
one
Galaxy
quickly
on
companies.
I
can
clarify
this
in
in
the
dark
now,
but
my
intent
was-
and
you
know
if,
if
we
decide
here,
this
is
what
we
want
to
do.
We
want
to
think
about.
B
You
know
supply
chain
Integrity
in
in
the
macro,
and
we
want
to
think
about
this.
This
Uber
framework.
We
may
decide
that
we
don't
have
sufficient
representation
in
the
open
ssf
to
succeed.
We
may
decide
that
gosh,
wouldn't
it
be
great
to
have
a
couple
of
folks
from
Amazon
who
are
really
leaning
in
or
maybe
two
from
GitHub
or
an
encore
or
I
mean
I,
don't
know
I'm
just
suggesting
that
we
should
we
can.
B
We
can
open
our
doors
and
see
who
walks
in
and
we've
got
a
great
set
of
people
here
already
and
then
great
representation
from
IBM
and
Microsoft
and
VMware
and
and
AMD
and
Intel
and
the
rest.
It
could
be
that
if
we
take
this
more
deliberate
approach,
we
may
decide
gosh.
We
need
to
go,
find
some
people
from
company
X
or
company,
or
welcome
new
Z
and
encourage
strong
on
them
to
participate,
and
that
was
the
intent.
Does
that
make
sense.
C
E
If
it's
about,
like
you,
said
ecosystems
right,
perhaps
we
say
you
know
Partners
in
the
industry,
that
you
know
that
manage
ecosystems
or
something
making
sure
that
we're
not
making
it
seem
like
I
said
that
it's
favoritism
or
it's
about
funding
right.
If
it
is
okay,
then
we
should
state
that.
But
if
it's
not
I
think
we
need
to
be
a
little
clear
about
what
why
companies
and
what
the
intent
is
behind
that
I.
B
Love
that
point
made
a
note
here
in
the
comments
and
I'll
clarify
in
the
doc.
I
think
that's
really
important,
and
this
is
why
we're
going
to
end
up
at
a
document
from
the
fact
we're
all
looking
at
it
and
versus
just
me.
So
thank
you.
Mr
Lieberman,
you
have
your
hand
up.
H
Oh
yeah,
yeah
and
I
think
yeah
I
agree
with
Melba
on
that
one
and
another
thing
just
to
be
cognizant
of
is
I
believe
late.
Last
year
the
governing
board
did
vote
on
the
sort
of
new
direction
for
2023,
which
includes
sort
of
that.
Like
they're
calling,
you
know,
hey
a
I,
don't
know
if
it's
an
open
source
tool
chain
or
but
like
pretty
much
trying
to
kind
of
really
push
the
the
open
bit
of
of
open,
ssf
and
so
I
think
the
idea
should
be
also.
B
Open
in
it
for
a
reason,
Let's
see,
we
have
a
comment
here
about
Fresca
again
and
I.
Think
I
mean
again:
Michael
I'm,
not
sure
whether
you're
here
when
I
you
know
declared
my
biases
Fresca
is
an
area
that
I'm
out
of
everything
that
we
have
in
the
inscope
for
SEI
working
group
rescue
is
the
one
I'm
least
familiar
with,
and
so
please
forgive
me
and
and
then
it
also
educate.
H
Me
sure
yeah
yeah
I,
could
definitely
help
out
here.
So
I
mean
the
the
quick
sort
of
elevator
pitch
right
was,
was
Fresca
started
off
as
hey.
We
tie
together
a
bunch
of
Linux
Foundation
tools
like
tecton
and
and
spire
and
and
a
bunch
of
other,
also
open
source
tools
into
a
secure,
build
system.
So
something
like
you
know
you
could
imagine
something
like
GitHub
actions
or
whatever,
but
but
it's
it's
it's
like
tecton,
but
with
opinions
on
top
of
it.
H
There
were
some
discussions
between
a
few
other
folks
at
open,
ssf
like
Brian,
and
there
was
some
cure
there.
There
is
some
interest
in
potentially
making
open
SF
a
bit
opinionated
about
like
hey.
If
here's
a
bunch
of
Linux
Foundation
tools
that
could
be
a
demonstrative
architecture
that
could-
or
you
know,
be
tied
together
in
a
demonstrative
architecture
once
again,
not
the
only
architecture,
not
a
reference
architecture,
but
something
that
is
like
hey.
H
If
you
use
these
tools
configured
in
these
ways,
we
think
you
can,
you
know,
secure
your
supply
chain
secure
your
applications,
Etc.
That
seems
to
be
one
of
the
things
that's
kind
of
coming
out
there,
and
so
one
of
the
things
that
was
brought
up
was
like
Hey.
Fresca
is
doing
part
of
that
already
a
little
bit
for
the
build
right.
It's
not
you
know.
Fresco
was
not
some
new
build
system
built
from
scratch.
H
It
was
tying
together
existing
sort
of
open
source
tools,
so
that's
kind
of
where
Fresca
is
today,
but
there
was
you
know
there
was
some
interest
as
to
whether
or
not
you
know
how
do
we
sort
of
expand
that
into
what
the
open
ssf
wants
to
do
with
this
in
2023?
And
how
can
we
make
Fresca
a
part
of
that
and
separately?
What?
What
else
can
we
do
from
the
Fresca
side
of
things
to
make
it
more
of
that
demonstrative
example?
H
H
Well,
as
potentially
also
being
something
that
is
also
a
consumer
of
stuff,
like
S2
c2f
right,
where
hey
you're
running
a
build,
are
you
you
know
is
the
is
the
things
you're
ingesting
into
the
build
you
know
salsa
compliant?
Is
it
S2,
c2f,
compliant
and
so
on?.
B
Yeah,
no,
that's
that's
a
that's
super
helpful
and
so
I
mean
what
I
I
characterize
it
here
and
please,
let
me
know
if
I
can
close.
This
rescue
is
not
just
a
reference
architecture,
but
an
actual
instantiation
of
it.
It's
an
actual
implementation.
It's
not
just
you
know,
boxes
and
arrows
in
theory.
This
is
how
it
fit
together,
but,
like
hey
here,
are
the
actual
binaries
and
tools
that
you
use
to
create
something
that
works.
H
Yes,
yeah
exactly
yeah,
it's
intended
to
be
opinionated.
It's
intended
to
be
the
sort
of
thing
where
you
can
imagine
it
hits
that,
like
70
or
80
use
case
box,
where,
like
yeah,
if
you
just
have
something
simple,
you
have
another
Go
app
or
you
have
another
Java
app.
You
know
this
is
just
a
way
to
build
it.
That
is
salsa
compliant
and
it's
all
kind
of
tied
together
in
a
nice
way.
Where
you're
getting
you
know,
you
get
your
spiffy
Spire.
You
get
your.
H
You
know,
Secrets
management,
you
get
all
that
sort
of
stuff
baked
into
a
build
system
and
then
yeah
the
the
other
thing
just
sort
of
tied
in
there
was
that
there
was
interest
from
the
broader
open,
ssf
side.
I've
seen
the
term
Sterling
tool
chain
thrown
around
a.
B
A
H
Yeah,
so
there
was
this
idea
of
a
sterling
tool
chain,
and
one
of
the
things
that
was
brought
up
was
not
necessarily
that
you
know
Fresca
is
the
the
Sterling
pool
between
by
any
means,
but
sort
of
what
Fresca
is
doing
where
it's
like
hey.
We
took
some
tools,
we
combined
them.
Together
we
configured
them.
We
wrote
scripts
to
sort
of
tie
everything
together.
H
That
could
be
something
that
the
open,
ssf
is
sort
of
interested
in
is
sort
of
taking
more
of
these
open
source
tools
like
that
are
part
of
openssf
or
LF,
and
figure
out
how
to
tie
them
all
together
to
help
secure
applications,
and
then
you
know
the
for
us.
You
know
how
do
you
sort
of?
Could
you
use
some
of
these
tools
together
to
help
secure
your
supply
chain.
B
B
I
would
see
Melba
you're
so
on
on
this
one,
it
sounds
like
you
were
saying:
hey
before
we
go
after
you
know,
let's
get
kubernetes,
you
know
shipping
salsa
Providence.
We
should
make
sure
that
you
know
our
own
open,
ssf
tools
which
we
produce
and
maintain
ourselves
should
conform
with
our
own
best
practices.
Is
that
right.
E
And
correct,
and
the
main
reason
for
that
is
really
just
work
out:
the
Kinks
right.
If
you
can't
trust,
openss,
tooling
right
and
our
communities,
our
repos,
then
why
would
people
adopt
right.
A
A
E
We
can
get
really
good
in
open,
ssfs,
then
I
think
more
people
are
willing
to
adopt
is,
is
my
take
right,
lead
by
example.
C
B
Okay,
are
we
going
in
I
I
think
that
I
mean
to
be
honest
with
you,
I
think
for
2023
I
I
want
to
I
want
to
paint
the
picture
that
you
know
our
direction
as
major
as
there's
projects
on
onboarded,
I
think
you're.
Absolutely
right.
It's
going
to
be
difficult
to
even
make
the
case
and
it's
a
good
idea.
B
If
we're
not
doing
it
ourselves,
and
we
should,
like
you
say
it's
at
the
standard
and
walk
the
walk
as
well
as
talk
or
talk,
so
I
I
know,
there's,
there's
a
there's,
a
team
that
I
work
with
here
at
Google
who've,
begun
to
kind
of
at
least
take
inventory
of
open
ssf
projects
and
and
start
to
engage
with
them
to
look
at
you
know
best
practices
and
but
I'll
make
sure.
That's
in
the
document
as
well
I
think
it's
yeah
I
mean
I,
wrote
it
as
inexcusable
I.
B
Think
it's
kind
of
inexcusable
that
we
don't
have
that
today.
Let's
see
you
make
an
ad
here,
yeah.
E
D
E
Don't
know
if
this
is
going
too
far,
but
I
I
almost
want
to
even
say,
like
I,
think
about
the
salsa
tooling.
Why
isn't
this
also
tooling
handled
by
Fresca
again,
I,
don't
know
anything
about
the
two
I
know
Mike
does
right,
but
why
have
multiple
tooling
right?
Why
not
have
one
tooling
for
a
supply
chain
integrity
go.
H
Ahead,
Mike
yeah
I
can
provide
a
little
bit
of
that
that
history,
so
when
salsa
was
originally
spun
up,
there
wasn't
really
any
tooling
sort
of
associated
with
it
other
than
a
couple
of
small
little
scripts.
H
Fresca
was
already
being
built
out
and
then,
when
open,
and
when,
when
City
contributed
Fresca
to
open
ssf,
we
were
looking
at
it
just
more
as
a
build
tool,
but
then
it
became
something
that
could
sort
of
integrate
with
salsa,
and
then
the
idea
would
be
to
create
a
bunch
of
other
things,
and
this
is
not
to
also
diminish
anything
that
the
the
salsa
side
is
doing
like
a
lot
of
the
stuff
originally
from
the
salsa
side
was
more
like
here
is
a
GitHub
generator.
H
You
know
here's
an
example
of
what
what
it
could
be
I
think
those
tools
have
gotten
hardened,
where
their
their
production
systems
in
their
own
right,
but
the
other
thing
that
Fresco
was
intended
to
be
was.
It
was
intended
to
be
also
agnostic
to
any
underlying
you
know
provider.
H
So
in
this
case
you
know
a
lot
of
the
a
lot
of
the
salsa
tools
by
and
large
require
either
Google
Cloud
build
or
require
GitHub,
whereas
Fresca
only
requires
kubernetes,
and
so
you
know
anybody
can
run
it
anywhere,
which
which
was
another
thing
thing
there
and
then
the
other
idea
also
was
Fresco
is
not
intended
to
be
purely
salsa,
like
the
idea
also
is
to
support
ssdf
stuff
like
S2
c2f,
you
know
a
as
well
as
any
other
things
that
might
come
out
and
try
and
be
sort
of,
even
maybe
even
go
beyond
what
some
of
the
standards
currently
Define
and
show
what
like
hey.
H
B
That's
super
helpful
for
for
me
to
understand
better
this
universe.
I'm
I'm
kind
of
I
still
have
what
Melba
said
ringing
around
my
head.
That
should
we
should
Fresca,
say:
okay,
you
know
what
we're
the
implementation
side
of
the
SEI
working
group
where
the
implementation
wing
of
this
working
group-
and
you
know
what
we
have
a
reference
architecture
instantiated
in
a
playful
magnetic
way.
We
have
a
suite
of
salsa
tools
on
the
generation
verification
policy
side.
We
also
are
incubating
tools
to
and
produce
s2c2f
attestations,
and
we
just
say
Fresca
you'll.
B
H
I
I
think
that's,
maybe
something
that
we
want
to
have
a
little
bit
of
that
broader
conversation
with
the
openssf
generally
to
see
where
they're
going
with
some
of
it
as
well,
because
I
I
do
think
one
is
is
we
do
want
to
have
like
closer
alignment
with
a
lot
of
these
different
things
like
so
just
as
an
FYI
right
like
open
S.
H
Our
tool
can
also
like
we're
looking
to
sort
of
support
stuff
like
scorecards
from
openssf
and
some
of
the
other
stuff's
in
there
in
Fresca,
but
I
think
it's
worth
a
sort
of
a
broader
conversation
with
just
sort
of
the
open,
ssf
Direction,
just
to
kind
of
say,
hey.
We
think
you
know
if
folks
think
it
could
be
this
thing.
It
could
be
this
thing.
I,
don't
know
like
right
now,
I
will
say
with
the
the
existing
set
of
maintainers.
H
H
It's
definitely
something
that
I
think
you
know
we
would.
We
would
be
happy
to
have
that
discussion
about.
You
know
supporting
some
of
these
other
things.
We
just
want
to
make
sure
that
a
it's
done
in
coordination
with
the
rest
of
the
open
ssf,
so
that
you
know
there's
a
lot
of
work
that
overlaps
with
some
of
these
other
things,
and
we
want
to
make
sure
that
we
can
kind
of
tie
tie
together
in
yeah.
B
That
makes
a
ton
of
sense,
I
mean
I.
Think
with
respect
to
resourcing.
I.
Could
imagine
like
approaching
that
in
parallel,
where
we
we
could
decide
hey,
you
know
what
Fresca
is
is
responsible
as
a
working
group
for
the
entire
tools
Universe
in
supply
chain,
Integrity
right
now.
It's
only
staff
to
support
this
part
of
the
scope.
So
this
subset
of
the
scope
is
resourced.
We
have
a
roadmap
for
this
subset,
maybe
in
24
or
25,
we'll
have
Staffing
enrollments
or
other
areas,
but
at
least
nominally
conceptually.
B
We
think
of
the
scope
as
this
big,
even
though
the
Staffing
is
way
smaller,
but
I
I
hear
you
that
there
are
more
conversations
to
be
had
here,
including
presumably
with
the
open,
ssf,
tooling,
working
group
and
and
so
on.
B
F
Oh
yeah,
okay,
so
I
think
this
was
just
the
idea
that
salsa
like
when
we
first
announced
salsa.
F
A
lot
of
folks
were
interested
and
we
tried
to
like
describe
what
salsa
means
to
different
audiences
and,
as
we've
refined
the
specification
over
time,
we
were
increasingly
realizing
that
this
is
mostly
you
know,
useful
document
for
people
creating
build
systems
and
package
ecosystems,
and
that
made
me
wonder
whether
the
kind
of
the
SEI
working
group
good
luck
at
personas
and
try
to
think
of
like
what
the
strategy
is
across.
Those
personas,
which
I
think
we've
probably
kind
of
gotten
to
already
in
the
discussion
during
this
meeting.
F
B
B
I
think
you
can
do
a
problem
without
anchoring
in
terms
of
who
is
experiencing
this
problem
today
and
how
to
ties
us
to
Persona,
so
I
think
what
we're
saying
is
this
document
could
usefully
include
a
a
better
articulation
of
what
problems
are
we
solving
and
for
whom
and
I
totally
agree
with
that
and
I
think
I
mean
that
speaks
to
a
common,
further
down
thread
here
in
response
to
Melba,
though
I
think
that
reasoning
about
the
the
universe
that
we're
in
independent
of
the
solutions
that
we
have
today,
let's
start
from
there
like
we've,
we
have
we
happen
to
have
in
front
of
us
s2c2f
and
salsa
from
Fresca.
B
Without
talking.
First
about
the
problem
space,
we
can't
assess
whether
these
are
good,
Solutions
or
not,
and
so
I
think
what
we
first
needed
to
say.
What
is
the
problem?
Space
What
problems
are
we
solving
and
for
whom?
What
challenges
do
they
have
today?
Why
are
they
the
important
and
the
right
ones
to
solve?
Now
we
can
look
at
what
do
we
have
in
our
hands
and
what
do
we
need
to
go
build?
How
do
we
apply
what
we
have
to
these
problems?
Where
do
we
have
gaps?
Where
do
we
have
overlaps?
B
Where
do
we
need
to
think
again,
and
it
could
be
that
we
conclude?
Oh
well,
you
know
what,
for
the
problem,
space
at
hand,
suc2f
and
salsa
and
Fresca
already
cover
75
of
this?
The
725s
are
missing.
We
need
a
fourth
group
and
here's
what
it's
going
to
look
like.
We
could
conclude
gosh.
B
Actually,
when
we
look
closer
at
the
problem
and
the
personas,
the
people
who
care
about
the
problem
best,
you
see
to
fight
themselves
from
Fresco,
don't
really
directly
address
them
or
we
have
bigger
gaps
than
that,
but
I
think
that
what
you're
speaking
to
Joshua
is:
let's
figure
out.
You
know
what
what
like,
who
who
is
it
who's?
B
You
know
who's
having
challenges
today
and
what
are
we
going
to
do
for
them
or
you
know
what
what
problems
do
we
want
to
solve
and
then
we
can
assess
the
appropriateness
of
the
solutions
that
we
have
and
where
the
gaps
are
Melba
I
know
you
had
thoughts
on
this
too.
E
E
B
Statement
and
from
there
we
can
start
to
talk
about
Solutions
and
how
well
or
they
address
the
problems
or
not
I'm
edited
together
and
so
on.
So
I'll
I'll
take
that
up
as
something
I
can
add
to
the
document
and
again
we
can
continue
to
iterate
on
it.
Offline
I
have
I
think
just
met
a
comment
quickly.
I
have
been
super
encouraged
by
the
amount
of
review,
comments
and
people
reading
the
doc
and
throwing
in
comments
and
ideas
and
thoughts
and
asking
for
clarification.
B
It's
awesome
to
see
this
level
of
collaboration
and
I
want
to
say
thanks
to
everyone
who
did
that
and
just
encourage
you
all
to
to
jump
in
and
if
stuff
isn't
clear
and
comment.
If
you
things
could
be
worded
better,
go
and
make
the
suggestion.
I
am
we're
going
to
end
up
with
a
much
better
document
for
the
fact
we
have
a
dozen
people
working
on
it
than
just
one
or
two.
So
thank
you.
B
With
that
said,
we've
gone
to
talk
to
the
bottom
through
the
doc.
Looking
at
comments,
I've
obviously
got
a
bunch
of
follow-up
work
to
do
to
address
and
much
of
this
stuff.
Unless
there's
anything
else,
we
want
to
cover
on
this
topic.
We
can
move
to
the
next
one
and
I
think
Melba
you
how
you'd
have
added
2023
future
robot
priorities
is
that
right.
E
Yeah,
so
that's
where,
for
folks
that
weren't
here
in
the
last
the
last
meeting
for
last
year,
I
had
brought
up
this
this
topic,
which
resulted
in
this
document
that
Isaac
created,
and
so
it
sounds
like
you
know,
we're,
and
it
looks
like
we're
very
much
coming
to
an
alignment
on
the
vision
and
the
next
step
would
be
okay.
Once
we
have
alignment
on
the
vision,
what
do
we
think
we
can
accomplish
in
2023?
E
I
do
see
the
the
2023
priorities,
but
you
know
what
are
we
truly
aiming
for
collectively
as
a
group
for
2023
as
an
example,
someone
mentioned
conferences
right.
So
as
a
working
group
are
we
trying
to
Target
specific
conferences
right,
I,
know?
E
First
also
positioning
I'm,
trying
to
Target
Target
the
open
source,
Summit
North
America
conference
and
represent
the
salsa
Community,
not
IBM,
but
this
also
Community
as
a
positioning
group
lead
and
trying
to
invite
the
other
leads
as
well
so
I
feel
like
we
need
that
kind
of
prioritization
of
like
what
are
our
you
know,
concrete
deliverables,
so
to
speak
and
I
think
you've
have
some
of
that
documented,
but
I
think
if
we
all
come
to
an
agreement
on
what
we
want
to
drive
towards,
then
that'll
help
set
up
the
the
roadmap.
B
Love
it
Josh
Michael.
F
E
F
And
I
think
it
would
be
cool
if,
like
there
was
a
formal
adoption
of
that
and
continuation
of
that
by
the
open,
ssf
and
also,
let's
not
restrict
it
to
North
America
because
having
to.
E
Fly
to
have
conversations
is
exhausting.
Yes,
yes,
of
course,
yeah
that
that's
just
something
that
the
the
deadline
is
on
the
fifth
of
February
and
we're
like
okay,
let's
just
try
to
go
for
it.
This
is
what
we
know
about
now,
but
yes,
most
certainly
not
just
North.
F
E
F
I
mean
that's,
it's
not
a
criticism.
It's
a
challenge
right
because
a
lot
of
the
co-located
well
a
lot
of
the
Limerick
foundation.
Events
are
larger
in
North
America.
They
have
more
kind
of
participants
in
North
America.
More
of
the
folks
doing
this
kind
of
work,
as
evidenced
by
this
call,
are
based
in
North
America.
And
how
do
we
there's
a
challenge
ahead
of
us
as
a
lonely
European
that
how
do
we
pull
it
over
and
have
discussion
here
too?
F
But
I'd
love
for
that
to
be
kind
of
someone's
like
a
goal
for
someone?
Maybe
it's
not
for
this
group
waxing
lyrical
a
bit
on
on
that
topic,
I
guess
so,
I'm
going
to
defer
to
Mike.
H
Oh
yeah,
so
yeah
there's
a
couple
things
I
and
I
Echo
Joshua's
comment
there,
and,
and
also
there
was
actually
a
surprising
amount
of
folks
over
in
Japan
who,
who
I've
been
poking
around
with
with
salsa
as
well
I.
Don't
I
I
know
that
one
of
the
things
that
should
also
be
a
goal
for
us,
as
well
as
I,
think
to
see
how
we
can
help
Foster
some
of
those
folks
who
are
not
on
a
time
zone.
That
is
makes
this
sort
of
time
work
for
them.
H
You
know
the
whether
it's
salsa
or
just
you
know
the
supply
chain,
Integrity
working
group,
so
that
could
be
potentially
gold.
The
other
thing
I
was
just
going
to
say,
is
I.
Think
I
think
we
should
push
on
the
Open
ssf
Leadership
a
little
bit
to
do
something
similar
to
what
the
cncf
does
where
they
have
like
a
maintainer
track.
H
So
as
opposed
to
us
needing
to
pitch
talks,
you
know
if
the
idea
here
is
like
hey,
you
know
a
couple
of
members
from
salsa
the
supply
chain,
Integrity
working
group-
you
know
you
like
the
supply
chain.
Integrity
working
group
will
have
something
like
x
amount
of
talks
assigned
to
them
and
then
they
can
figure
out
like
okay,
we're
gonna
have
one
talk
on
salsa
one
talk
on
S2
c2f,
another
talk
on
implementations
or
whatever.
A
B
Makes
sense
to
me
and
I
think
Melba
to
your
point
about
actual
kind
of
you
know
what
what
work
can
we
align
to
this
stuff?
I?
Think
potentially
I
mean
not
wanting
to
get
too
horribly
corporate
about
it,
but
you
know,
potentially
we
could
we
could
turn
you
know
we
got
2023
priorities
or
proposed
ones
in
this
SEO
working,
Group
doc.
We
could
reformulate
those
priorities
in
terms
of
things
like
objectives
and
then
we
could
look
at
mapping.
A
B
Results
on
those
objectives-
forgive
me,
but
something
along
those
lines.
I'm
not
worried
about
okr
is
but
actually
getting
specific
about.
Okay.
If
we
think
that
these
are
our
priorities,
what
specific
work
are
we
going
to
do
and
what
specific
outcomes
are
we
going
to
look
to
enable
and
how
will
we
measure.
B
And
how
will
we
talk
about
progress
towards
them
and
so
on
and
so
I
think
what
you're
speaking
to
is
well
yeah,
it's
great
to
have
the
vision,
dark
and
some
of
the
orients
and
guides
us.
But
then
we
need
to
say:
okay,
there
is
actual
work
to
be
done
and
and
things
that
need
to
be
typed
and
conversations
that
need.
B
Doing
that,
well,
those
work
streams
look
like,
and
how
do
we
organize.
C
B
That
makes
great
sense
to
me:
okay,
I
think
we,
some
of
this
work
and
someone
someone
actually
made
a
comment.
I
think
it
was.
It
was
Joshua
about
General
kind
of
collaboration.
B
How
do
we
I
think
one
of
the
failure
modes
or
one
of
the
the
the
dangerous
habits
one
can
get
in
with
these
things
is
making
progress
only
synchronously
during
meetings,
a
particular
hours
of
the
day
and
I
think
that
we
need
to
try
studiously
to
avoid
that
and
so
I
don't
know
to
what
extent
we
can
get
there
straight
away,
but
I
would
love
to
have
you
know
more,
you
know
intra
meeting,
you
know
discussion
in
slack
and
collaboration
with
with
people
commenting
in
docs
and
writing
things,
and
you
know
asynchronous
collaboration
using
slack,
as
the
kind
of
you
know,
lockers
of
communication,
but
then
hey,
we
can
adopt
something
like
GitHub
repos
and
we
can
have
all
kinds
of
things
happening
and
we
don't
have
to
you
know,
save
actual
collaboration
to
occur
in
these
meetings.
B
I
really
totally
agree
with
that,
and
so
one
of
the
things
I'm
going
to
try
and
try
and
push
everyone
in
this
working
group
to
do
is
help
me
get
the
next
revisionist
doc
together,
and
so
we
have
a
great
draft
in
time
for
the
next
monthly
meeting,
and
but
let's
do
that
asynchronously
in
slack
through
dot
comments,
and
if
people
would
rather
have
this
thing
in
markdown
and
GitHub
I'm
totally.
B
Okay
with
that
too,
but
I
I
would
like
this
working
group
to
get
into
a
mode
of
you
know,
default
collaboration
happens
in
between
meetings.
Meetings
can
provide
a
sync
point
and
a
roll
up
and
a
you
know
just
a
checkpoint
to
look
at
course,
Corrections.
Obviously,
a
lot
aligned,
but
a
majority
of
the
work
should
happen
in
the
30
days
between
meetings
rather
than
the
60
minutes
we
have
together
each
month
Michael.
We
have
one
more
gender
item,
which
was
the
road
map
for
Fresca.
We've
only
got
four
minutes
left.
B
H
Yeah,
so
so
we're
actually
the
the
thing
was
going
to
be.
So
our
meeting
is
every
other
Wednesday
at
10
a.m.
So
actually
it's
you
know
not.
Today,
it'll
be
next
week,
and
next
week
we
are
looking
to
maybe
work
on
the
2023
roadmap.
Most
likely,
one
of
the
big
things
we're
working
on
is
we're
building
out
using
q,
a
pretty
much
a
framework
for
configuring
and
tying
everything
together
inside
a
queue
where
the
big
idea
here
is.
H
You
know
we
would
make
it
very,
very
simple,
almost
trivial,
for
you
know
an
end
user
to
just
sort
of
plop
in
their
go
code,
their
Java
code-
and
it
would
automatically
sort
of
you
know,
apply
salsa
and
S2
c2f
and
Etc
all
in
there,
and
so
we're
looking
for
sort
of
a
collab
operators
on
some
of
that
stuff
that
that's
the
yeah.
That
I
think
is
the
big
one.
We're
also
looking
to
maybe
even
have
an
initial
sort
of
like
pre-v.
H
You
know,
like
some
pre
1.0
releases
Fresca
soon
as
well
and
yeah
we're
looking
just
to
kind
of
get
more
contributors.
Anybody
who
might
be
interested
in
learning
more
about
it
I
can
drop
a
link
in
the
in
the
meeting
notes
with
the
sort
of
like
calendar,
invite
and
whatnot.
B
Cool.
Thank
you
awesome.
This
has
been
great
super
productive
and
again
really
appreciate
all
your
collaboration,
leaning
into
the
document.
The
discussion
I
welcome
any
feedback
you
want
to
provide
offline
or
continue
edits
and
comments
in
the
doc.
I
got
a
whole
bunch
of
work
to
do
to
incorporate
some
revisions
from
audio's
feedback
and
then
I'll
continue
to
Ping
in
slack
and
poker
people
and
and
nag
you
all
to
to
help
make
this
awesome
in
time
for
next
month.
Thank
you.
Thank
you,
Mike.
B
Thank
you.
Melba
in
particular,
you
are
doing
absolutely
fantastic
work
and
positioning.
I
I
really
appreciate
your
help
with
that,
and
this
and
everything.
A
B
Melba,
yes,
big,
plus
one
on
that
Joshua
thank.
A
You
so
we
enjoy
the
rest
of
your
day.
Everyone
or
a
school
snow
day
here
in
Boulder,
get
out
Build
a
Snowman
have
fun.