►
From YouTube: Supply Chain Integrity WG (March 21, 2023)
A
I
have
a
stand-up
every
single
week
that
that
happens,
and
it's
not
like
a
a
quick
five.
Ten
minute
stand
up.
It's
a
large
team,
so
it
takes
a
while
and
I
can
never
join
now.
So
it'd
be
interesting
to
hear
Offline
that.
B
Way,
sometimes
these
meetings-
they
they
go
hard
and
paint,
sometimes.
A
B
A
Let's
see,
let's
go
ahead
and
get
started,
I
put
the
the
link
to
the
doc
in
the
chat
and
then
I'm
gonna
share.
A
A
Yes,
yes,
okay,
awesome,
so
please
feel
free
to
sign
in.
If
you
don't
have
the
link,
I
can
I
can
repost
it
or
someone
can
repost
it
again
and
I.
Don't
know.
If
some
of
these
folks
are
well
I
know,
Mike
is
on
right,
but
I
know.
Isaac
had
a
topic
and
Claudia
had
a
topic
that
they
wanted
to
do
last
time
and
we
ran
out
of
time
so
I'm
looking
at
the
list
of
participants
because
I
can't
quite
see
it
foreign
yeah,
so
they're
not
on.
A
So
that's
that's
fine
Okay,
so
good
news,
I
I
did
submit
that
panel
discussion
to
open
ssf
day.
They
required
a
lot
more
Fields
than
than
the
regular
ossna
submission.
A
So
I
I
stole
some
stuff
that
Isaac
wrote
in
the
just
supply
chain,
Integrity
working
group
mission
and
vision,
because
I
talked
about
well.
Why
should
the
Community
Care
things
like
that?
I'm,
like
I,
am
not
going
to
come
up
with
my
own
thing
here,
so
I
just
copied
and
pasted
some
of
the
things
and
just
kind
of
try
to
make
it.
You
know
sound
like
yes,
we
need
this.
The
audience
needs
this.
A
So
I'm
hoping
that
it'll
get
selected
but
we'll
we'll
see
in
terms
of
the
the
the
panel
and
I
keep
forgetting
newcomers.
Are
there
any
newcomers
on
the
call.
A
Okay,
okay,
good!
So
so
that
was.
D
It
took
me
a
second
Benjamin
Schmidt
and.
A
D
D
To
see
okay,
looking
for
some
point
where
I
might
be
able
to
chip
in
and
learn
some
more
about
it.
A
Yeah
well
welcome
this
I.
Don't
know
it's
like
a
fourth
or
fifth
beating
as
the
open,
ssf,
SCI
positioning
sick.
So
we've
gotten
a
lot
more
participation
from
folks,
I.
Think
I,
don't
know
if
it's
because
the
name
change
or
if
it's
because
of
time
change,
because
both
happened
at
the
same
time
so
but
yeah
we
just
try
to
evangelize,
educate
anything
and
everything
under
the
supply
chain.
Integrity,
so
welcome
any
and
I'll
help
you
or
your
colleagues
might
have
be
able
to
provide.
E
Oh
sorry,
that
that
was
I
inadvertently
put
that
in
there.
E
Sorry
that
was
actually
for
the
other
SCI
group
I
forgot
to
delete
it
out
of
this
month,
got.
A
It
no
no
no
worries,
but
for
folks
on
the
call
we
do
need
help
with
Fresca.
So
if
you
have
development
experience
or
know
some
developers
that
can
help
with
the
tooling
Fresca
could
use
some
some
new
Developers.
E
Oh,
so
so,
actually
one
thing
since
so
one
thing
that
I'm
doing
is
I'm
writing
up
for
tomorrow.
I
should
have
a
draft
for
the
Fresca
meeting,
which
the
Fresca
meetings
at
10,
A.M
Eastern
time
happens
every
other
week
on
on
Wednesdays
and
so
I'm.
Actually
writing
up
right
now,
like
a
little
bit
of
a
like
a
intro
like
what
is
Fresca,
what
what
are
the
the
the
high
level
goals?
How
what
is
how
does
it
plan
to
achieve
those
goals?
What
is
Fresca
today?
E
What
does
Fresca
plan
to
do
tomorrow
and
as
well
as
some
sort
of
practical,
like
hey
here?
Are
some
big?
You
know
you
know
here
are
some
big
items
that
we're
currently
working
on
so
folks
who
are
interested
in
there.
E
So,
for
example,
right
we're
we're
working
on
making
Fresca
a
little
bit
more
Deployable
more
easily
Deployable.
So
that's
one
big
one
and
then
the
second
big
one
being
we're
looking
to
Define
an
easy
way
for
users
to
interact
with
Fresca
since
Fresca.
Right
now
is
a
bunch
of
tools
like
in
like
tecton
tecton
chains
kiverno,
you
know
and
a
bunch
of
other
things
like.
E
How
can
we
make
sure
that
when
we
deploy
when
we
run
a
Build,
That
is
supposed
to
go
through
policy
supposed
to
go
through
tecton
I'm
supposed
to
go
through
stuff
like
spiffy
Spire,
that
we're
doing
it
all
the
right
way?
E
E
You
know
that
will
go
out
to
the
broader
Community
as
like
a
call
to
action
there,
because
you
know
I
know
a
lot
of
folks.
It's
funny,
because
I
keep
seeing
Fresca
show
up
in
a
lot
of
presentations.
A
lot
of
people
keep
bringing
it
up,
but
as
far
as
actually
getting
contributors
and
maintainers
to
help
out,
it's
been
a
bit
of
a
struggle.
A
Okay
and
I'm
guessing
you,
you
can
put
the
link
here
for
that
draft
so
that
people
can
review
once
it's
ready.
E
Sure,
actually,
you
know
what
let
me
take,
what
I
have
thus
far
and
just
copy,
because
right
now,
I'm
just
doing
it
via
markdown,
but
I
will
copy
paste
the
the
text
at
least
into
a
document
right
now
and
then
I'll
I'll
post
it
in
there.
Okay.
A
Awesome
and
then,
let's
see
anything
else
with
regards
to
Fresca.
A
We
did
kick
off
the
open,
SSS
comms
plan,
so
that's
in
the
works,
so
anything
the
blogs
is
one
thing.
The
roadmap
we
haven't
kicked
off
yet
in
terms
of
people
kind
of
revamping
that
okay,
we'll
get
the
okay.
So
blogs,
that's
going
to
be
important
for
the
1.0
release,
but
before
we
get
to
the
blogs
well,
Isaac
you
you
removed
it.
Oh
no!
You
didn't
you're
it's
right
there
do
you
want
to
go
over
this
Isaac.
F
Yeah
I
can
do
I
mean
it
was.
It
was
something
that
the
cat
has
come
up
into
a
discussion
once
or
twice
with
folks
I
think
Ryan
bellendorf
has
raised
it.
F
You
know
our
technical
writer
here
at
Google
commented
as
well,
and
it
was
just
this
just
this
idea
that
you
know
stuff
we
put
in
blogs
just
having
an
eye
to
what
what
stuff
should
belong
in
core
documentation
rather
than
blogs
and
I'm,
not
sure
that
we
have
any
kind
of
guiding
principles
or
kind
of
you
know
things
for
folks
to
think
about
as
they're
writing
blogs,
but
I
think
it
would
be
worthwhile
as
as
having
some
opinion
and
maybe
some
guidelines
for
people
as
they're
writing
blog
posts
to
think.
F
Oh
am
I
blogging
about
something
that
ought
to
be
in
the
core
documentation
reference.
Or
is
this
truly,
you
know
News
slash
time
sensitive
and
you
know
belongs
in
blogs
on
that
basis,
so
I
I,
honestly,
don't
know
what
the
guidelines
are
or
would
be,
but
I
think
that
in
order
to
make
sure
we
end
up
with
you
know
a
great
set
of
documentation,
we
don't
have
documentation
masquerading
as
blog
posts,
I
think
we
should.
F
We
should
consider
this
and
that's
that's
about
all
I've
got,
and
so,
if
anyone's
got
an
idea,
any
ideas
we
could
discuss
now
is
anyone
thinks
it
would
be
worthwhile
having
some
guidelines
I,
don't
mind
drafting
some
for
comment,
but
at
this
stage,
I
just
wanted
to
get
a
sense
of
like
do.
Folks
agree
that
this
the
Steel's
worthwhile
to
do
for
this
group
is
this
group,
the
right
Forum
and
what
would
be
the
right
way
of
kicking
it
off.
E
Yeah
I've
seen
this
actually
also
be
a
problem,
the
other
way
because
of
some
of
the
open,
ssf
governance
on
what
is
allowed
in
a
blog
or
sorry,
rather
around
like
how
blogs
they're
published.
For
example,
all
blogs
are
supposed
to
go
to
the
TAC
for
approval.
E
F
Oh
interesting
yeah,
you
kind
of
sidestep
the
the
centralized
tank
review
of
Vlogs
by
just
going.
Oh,
it's
project
docs.
In
that
case,
yeah.
E
Yeah
and
and
to
be
clear,
I
think
that
there's
there's
one
of
the
things
I
know
that
has
been
brought
up
multiple
times
with
attack.
Is
we
really
need
to
separate
out
what
is
an
open,
ssf
official
blog
as
in
like
this,
is
something
that's
on
the
core?
You
know
open
ssf
blog
and
what
is
like
hey.
These
are
thoughts
of
the
project
maintainers
or
the
community,
and
this
obviously
came
up
a
bunch
of
times
with
salsa.
But
one
of
the
things
that
that
kind
of
came
out
of
that
also
was
like
Hey
look.
E
We
don't
want
to
end
up
in
a
situation
where,
where
either
of
those
two
things
happen
right,
we
don't
want
to
end
up
at
a
situation
where
folks
try
to
Skirt
the
Rules
by
just
sort
of
saying
this
is
part
of
a
project
or
whatever,
but
then
also
at
the
same
time,
like
the
whole
point
of
of
these
projects.
Is
that
they're
supposed
to
be
some
independent
governance
of
those
projects
where
they
can?
E
You
know
they
don't
have
to
necessarily
approve
every
single
PR
right
through
the
attack
or
something
like
that,
because
that's
obviously
not
the
intention
either,
but
I
think
that
there's
just
to
be
clear,
I,
don't
think
the
I
think
the
governance
rules
from
what
my
at
least
interpretation
is
that
stuff
that
goes
on
the
the
open,
ssf
blog.
That
has
to
go
through
tech
review.
But
if
you
have
a
project-
and
you
have
you
know
some
messaging-
that's
not
considered
part
of
some
of
those
core
things.
That's
in
open,
ssf
governance
like
release.
E
That
means
you
have
to
go
through
Tac
and
yada
yada,
there's
a
bunch
of
stuff
in
the
community
spec
and
whatever
I
think
that
needs
to
go
through
Tech,
but
like
General
like
hey,
you
know,
as
an
example,
could
I
post
something
about
what
is
Fresca
would
I
need
tack,
approval
to
talk
through
what
Fresca
is
on
outside
of
the
open,
ssf
blog
I.
Think
that
sort
of
thing.
B
And
I
also
got
a
handle
for
Melba
afterwards,
so
it's
within
the
Melbourne,
so
so
as
a
caveat
to
what
you
both
are
saying
right
as
a
guy
absolutely
do
believe
that
we
should
provide
some
type
of
guidelines
on
what's
blog
worthy
versus
core
documentation
as
a
caveat
to
what
to
what
what
Mike
just
said,
we've
got
to
be
one
way
or
the
other.
We
can't
we
can't
be
both
like
I
I,
don't
I.
So
if,
when
we
come
up
with
these
guidelines,
we
have
to
also
say
for
what
we
do.
B
We
are
doing
it
this
way.
If
it's
we're
gonna
write
a
blog,
it's
going
to
go
before
the
attack
and
they're
gonna
weigh
in
and
then
we're
going
to
release.
What
we
can't
do
is
say
we're
going
to
have
these
guidelines
with
a
caveat
that
a
maintainer
can
go
off
somewhere
else
and
write
a
blog
and
or
something
else,
and
because
it
may
not
necessarily
be
open
as
a
Centric.
They
can
go
ahead
and
release
that
block.
B
We
need
to
be
able
to
have
some
type
of
visibility
if,
if
the
intent
of
our
sake
is
to
have
that
kind
of
a
role
in
the
process,
we
need
to
maintain
it
at
a
sick
level.
Visibility
of
what
kind
of
blogs
get
created
where
and
how
those
blogs
go
out
and
if
it's
to
write
the
card,
this
kind
of
guidance
which
I
have
to
100
agree
with
I
think
that
guidance
needs
to
be
Ironclad
in
one
way
and
there
can't
be
any
if
there's
so
many
exceptions
to
the
policy.
The
policy
is
wrong.
B
Right,
you've
got
to
acceptance
to
a
policy,
you
got
to
change
the
policy
right
and
it
doesn't
work
if
there's
always
an
exception.
Why
have
a
policy
at
all,
so
I,
I
I,
agree
with
creating
something
like
that,
but
I
just
want
to
make
sure
we
put
the
right
guard
rails
in
place
so
that
it
can
be
followed
and
enforced
as
intended.
So
I
I
as
a
caveat
to
what
Mike
is
saying
and
Isaac
I'm
right
here
with
you,
let's
go
ahead
and
do
it.
B
A
Hands
up
for
you.
Yes,
thank
you
for
folks
on
the
call
when
you're
sharing,
you
can't
raise
your
hand
and
zoom
for
some
reason,
so
I
have
to
ask
people
to
raise
their
hands
for
me,
so
somebody
I,
don't
remember
who
it
was.
That
said
it
it
could
have
been
Mike
that
project
logs
currently
could
you
know
potentially
blog
on
their
own
project
web
web
page
or
something?
But
if
it's
a
release,
it's
supposed
to
go
through
open
ssf.
A
So
that
makes
me
wonder
about
all
this
also
1.0
comes
and
the
blogs
that
we're
planning
do.
Those
blogs
now
need
to
go
in
front
of
the
attack
before
we
push
to
salsa.dev,
so
I'm
I,
I'm
I'm
concerned
confused
all
right
because
it
makes
sense
for,
like
you
know,
little
things,
but
now
that
somebody
mentioned
the
release
aspect
of
like
oh,
do
we
have
to
go
to
the
attack
for
all
of
these
laws
that
we're
trying
to
write
so
go
ahead.
Isaac
I
know
you
had
your
hand
up
after
me.
F
So
so
a
couple
of
things
so
I,
it
I
think
that
we're
we're
talking
about
there's
two
separate
things
here,
so
I
think
thing
number
one
is
eight
set
of
guidelines
for
when
you're
thinking
about
publishing
information
about
s2c2f
or
salsa,
here's
how
to
think
about
whether
it
belongs
in
docs
or
whether
it
belongs
in
a
blog
I
think
that
guideline
would
be
useful
for
Content
creators
and
so
that,
if
I
write,
oh
I'd
love
to
write
a
blog
post
on
how
to
use
salsa
with
such
and
such
a
build
system.
F
Actually,
that
should
be
in
the
core
documentation
set,
and
so
some
guidelines
for
people
creating
content
as
how
to
think
about
and
reason
about
the
question:
is
this
a
blog
post
or
is
this
documentation
and
so
I
think
that
set
of
guidelines
of
what
was
where
I
began
this
this
thinking
I
think
what
Jay
is
Raising
is
a
separate
point
which
is
governance
around,
who
is
authorized
to
speak
in
the
voice
of
the
project
and
how
does
that
authorization
and
review
occur,
which
is
a
slightly
different
question
which
is
kind
of
like
almost
like
once
we
have
an
opinion
that
we
want
to
blog
about.
F
How
does
that
get
reviewed
and
which
properties
are
subject
to
which
governance
like
is,
is
the
salsa.dev
blog?
Does
it
have
the
same
governance
as
the
open
ssf
blog
I
asked
that
not
even
knowing
the
answer,
I
honestly,
don't
know
until
now,
I
think
we've
approached
the
salsa.dev
bloggers,
it's
a
PR.
F
Anyone
can
do
it,
anyone
can
review
it
and
then
it
gets
published
but
I
think
I,
I
guess
what
I'm
saying
is:
I
think
that
there's
two
parts
this
part
one
is
a
guideline
around
which
types
of
content
belong
where
and
then.
Secondly,
for
blog
posts,
specifically
how
does
review
occur
and
so
on
and
I
think
you
know,
I
mean
I,
agree
with
Jay
that
we
want
to
create
a
set
of
rules
that
can't
be
circumvented
and
so
on.
We're
simply
not
going
to
get
that
right.
F
First
time
and
and
so
I
mean
I,
I
would
say:
yes,
that's
the
right
destination,
but
we
can
get
there
in
multiple
steps
like
we
can
start
off
by
saying
here
are
some
guidelines:
okay,
these
guidelines
and
their
recommendations,
these
now
recommendations
and
their
rules.
These
rules
are
now
enforced
by
this
governance
process
or
whatever
it
may
be,
and
so
I
think
that
there's
there's
a
phased
approach
to
how
we
get
there,
but
it
does
seem
like
we're
talking
about
two
separate
things
now.
E
Yeah
yeah
so
to
to
to
just
say
so,
as
somebody
who's
been
there
since
day,
one
with
the
first
salsa
meeting
and
kind
of
gone
on
from
there.
This
was
something
that
we
had
already
gone
through,
so
I
do
think
that
we
probably
just
need
to
go
to
the
attack
and
just
make
sure
that
we
have
the
have
everything
sort
of
correct,
because
there
was
actually
a
whole
bunch
of
discussions
on
stuff
like
and
in
fact
we
came
to
some
I.
E
Don't
know
the
exact
details,
but
we
did
come
to
some
sort
of
agreement.
I
believe
with
attack
around
certain
things.
Like
is
this
when
we
bro
when
we
put
something
out
on
salsa,
is
this
coming
from
a
Community
member
and
it
is
their
opinion
and
thoughts
versus
this
is
coming
as
an
official
statement
from
salsa
and
if
it's
an
official
statement
from
salsa,
then
yes
that
needs
to
go
through.
You
know
more
stringent
governance
than
necessarily
just
like
hey
recognize
that
this
is.
E
You
know
a
guest
blog
from
a
Community
member,
and
then
you
know
in
addition
to
that,
you
know
some
additional
things
there
right
right,
where,
like
certain
things
like,
given
that
we're
still
governed
under
the
Community
spec,
like
certain
sorts
of
announcements,
that
are
larger
announcements,
like
hey
a
1.0
announcement
that
needs
to
go
through
different,
you
know
governance
and
we're
already
Bound
By
by
some
of
that.
The
exact
details
are
where
I
think
there's
a
lot
of
Confusion,
And
I,
think
it
just.
E
It
really
would
be
nice
to
just
kind
of
hash
it
out
with
whomever
I.
Don't
know
if
that's
legal
I,
don't
know
if
that's
Tac,
but
just
kind
of
get
that
hashed
out
to
then
find
out
what
is
underneath
our
purview
to
to
Institute.
You
know
additional
governance
as
we
see
fit,
and
to
kind
of
go
to
what
Jay
had
said
right.
E
G
Hey
guys
so
I
can
tell
you
that
last
time
I
chased
this
issue
in
the
tech
minutes.
It
was
pretty
disappointing
because
I
ended
up
with
a
thread
where
there
had
been
a
discussion
on
the
tech
meeting.
Most
people
seem
to
believe
that
the
attack
should
at
least
be
notified,
but
there
was
no
final
decision
made.
There
was
no
Quorum
on
that
call,
and
this
was
never
picked
up
again.
As
far
as
I
can
tell,
and
so
I
support
the
idea
that
you
know
this
should
be
brought
up
for
clarification
to
the
attack.
G
G
You
know
which
group
in
which
call
this
came
up,
but
I
think
there
is
a
difference,
whether
it's
on
salsa
Dev,
for
instance,
or
if
it's
on
the
open,
ssf
main
blog
right,
and
so
you
can
imagine
this
that
you
know
not
the
same
level
of
controls
are
necessarily
necessary,
but
the
other
part
I
wanted
to
say
on
Sasa
Dev.
We
do
distinguish
between
what
is
called
guest
post
and
what's
just
post
from
the
group,
this
is
clearly
labeled
something
I.
G
Make
this
even
clearer
than
it
was
actually
and
if
you
go
to
salsa
there
and
go
to
blog,
if
you
scroll
through
this,
it
clearly
says
either
buy
like
Mark
lodato,
blah
blah
blah
or
guest
post
by
blah
blah
blah.
So
you
know
my
understanding
is
the
steering
committee
for
salsa
has
to
approve
those
posts
anyway
and
then
I
don't
know
that
we've
always
been
so
careful
at
being
completely.
You
know
making
sure
that
everybody
knows
there's
this
blog
post
being
worked
on,
and
if
you
this
is
where
it's
being
discussed
drafted.
F
A
F
So
this
gives
me
a
jumping
off
point.
Actually
so
maybe
I'll
put
together
just
a
quick
one
page
to
frame
this
discussion
and
what
we're
talking
about
and
where
we
have
gaps
and
I,
don't
mind,
drafting
that
up
and
sharing
it
and
getting
feedback.
But
I
I
think
this.
F
A
yeah
a
great
kickoff
discussion:
it's
raised
an
area
which
I
hadn't
even
considered,
which
is
about
like
this
whole
thing
about
Guest
posts
and
who's
authorized
to
speak
in
the
voice
of
whom
and
and
how
does
that
vary
across
the
various
properties
that
we
we
all
touch
and
so
on,
and
so
I'll
include
that
as
well
and
I'll
draft
up
just
some
thoughts
on
you
know
what
types
of
principles
might
guide
us
to
where
content
should
go
with
respect
to
blogs
or
documentation.
That's
the
question.
A
Okay,
Vlogs,
it
is
Mike.
E
So
that's
been
getting
some
feedback
on
it
from
folks
like
trishank,
Sam
and
Mr,
pepper,
yeah,
Tim
and
so.
D
E
Anybody
else
feel
free
to
add
stuff
in
there.
I
don't
know
when
we
want
that
sort
of
thing
to
go
out
once
again,
I'm,
like
you
know,
I
said:
hey,
I
wrote
my
draft
if
folks
need
think
it
needs
to
be
expanded
on
or
any
big
ticket
items
feel
free
to
put
it
in
there.
E
If
folks
just
want
to
talk
about,
let's
say,
like
you
know,
any
sort
of
things
that
they
feel
like
is
is
just
needs
rewarding
or
whatever
feel
free
to
add
that
as
well
and
whenever
I
guess
there
is
a
consensus.
Maybe
we
want
to
say
next
week
or
maybe
we
want
to
say
even
a
couple
of
days.
E
You
know
once
that
thing
is
sort
of
done.
I
can
open
up
a
I.
Can
you
know,
convert
it
to
markdown
and
open
up
a
PR
to
to
the
salsa
blog
or
for
that.
E
So
I
mean
that's
up
to
us
as
the
group
to
decide
like
I.
Don't
want
to.
A
E
Know
it
doesn't
matter
to
me
honestly,
like
it
could
be
end
of
day
today
it
could
be
end
of
week.
It
could
be
whatever
you
know
whenever
folks
in
this
group
feel
like
it's,
it's
ready
to,
let's
say
be
opened
up
as
a
as
a
PR
I
just
want
to
make
sure
that
yeah,
given
that
I
don't
want
to
it's,
not
the
easy,
like
a
a
Google
doc,
is
a
little
bit
easier
for
this
sort
of
review.
E
Like
the
you
know
that
initial,
like
actually
I,
think
your
you
know
the
way
you've
structured,
the
first
half
is
just
wrong-
is
a
little
bit
easier
to
kind
of
talk
through
on
something
like
a
a
Google
doc
compared
to
markdown
and
GitHub,
at
least
in
my
opinion,
and
then
I
know
that
you
know
once
we
get
to
the
the
the
actual
PR
where
it's
in
markdown
is
a
little
bit
easier
to.
You
know
talk
about
formatting
or
just
like
hey.
A
Okay,
folks
have
that
and
I
know
that
this
also
is
gonna
coincide
with
this
build
versus
source,
which
I
just
started
this
morning
and
I
I
shared
it
in
the
channel,
but
I
know
Chris
Chris
has
not
taken
a
look
yet
because
again,
I
just
happen
to
have
time
and
I'm
like
okay,
I
need
to
start,
because
I
do
reference.
A
This
blog
that
you
have
in
here.
Where
is
it
a
reference
a
Blog
by
by
you,
because
there's
a
Inception
of
salsa
tracks
as
an
example?
So
I
definitely
want
help
eyes
on
this
one,
because
it's
it's
very
much
not
done
it's
just
it
just
got
started.
So
if
folks
want
to
contribute
to
this
one
community.
A
To
contribute
review
that
would
be
extremely
helpful
right.
I'm,
not
a
Wordsmith
I,
have
lots
of
ideas
and
opinions,
but
it's
hard
for
me
to
convey
that
sometimes
on
paper.
A
So
that's
one
thing
and
then
I
forget
is
is
any
on
anyone
from
no
at
least
not
on
there
was
this
other
one
or
this
one?
This
is
a
lower.
What
about
the
what's
new?
A
And
if
they
will
be
updating
it,
anybody
know
well,
okay,
so
maybe
that's
an
action
item
to
follow
up
with
with
those
folks
just
to
make
sure
that
they
they
don't
forget
about
that.
One.
G
Thing
I,
wonder,
though,
is
that
the
the
specification
has
a
section
on
what's
new,
so
I
wonder
if
that's
not
enough
or
if
you
know
how
much
we're
going
to
be
able
to
add
in
a
blog
post
is
still
being
worked
on.
But
you
know
this
is
something
that
was
that
there's
a
page
and
if
you
look
at
the
rc1,
there's
almost
nothing.
But
if
you
look
at
the
draft,
there
is
more
and
I
think
there
may
be
even
more
opening
up.
A
A
Does
anybody
think
it
would
be
advantageous
to
release
a
Blog
to
say,
hey
thanks
for
the
feedback
from
the
community
as
a
result,
these
were
the
things
that
we
changed
and
these
are
the
things
that
we
kept
right
or
removed.
Something
like
that,
so
that
it
shows
progress
based
off
of
the
previous
blog.
What
do
you
think
that
would
be
helpful
for
the
community.
F
F
You
know
summarize
the
feedback
that
led
to
those
changes
and
so
I
think
in
that
update
blog
post
that
accompanies
ask
you
to
and
I
think
the
target
is
I
wasn't
actually
in
the
meeting
the
spec
meeting
yesterday.
So
this
is
second-hand
info,
but
I
think
it's
like
in
a
couple
of
weeks
time:
okay,.
B
Yeah
I
I'd
like
to
see
like
maybe
a
some
type
of
a
some
type
of
coordination
right.
Remember
we
didn't
put
out
the
initial
block
right
and,
and
so
and
since
there's
an
rc2
blog
I
mean
I'm,
assuming
we're
not
putting
that
up
either.
So
for
us
to
start
thanking
people
for
their
feedback
and
contributions.
When
we're
not
in
sight
of
the
ask.
B
Right
right:
well,
the
thing
this
thing
is
not
right:
the
Sig
didn't
put
out
the
original
blog.
This
thing
is
probably
not
going
to
be
putting
out
rc2,
so
if
so,
if
this
sig
is
talking
about
now,
writing
a
feedback
blog
to
say.
Thank
you
for
your
contributions.
We
don't
even
know
I
mean
aside
from
better
coordination
between
the
the
the
those
that
are
putting
out
that
blog
and
us
and
having
a
consensus
on.
What's
the
ask
where
you
know
we,
we,
you
know
whether
we
thanking
people
for
exactly
right.
F
I
mean
I,
I,
think
you're,
pointing
to
one
question.
We
don't
know
yet
evidence
or
I've,
not
seen
an
answer
to
Is
Like
There's,
also
specification
Team
put
out
the
previous
release,
candidate
blog
post
and
as
far
as
I
know,
didn't
consult
with
this.
This
team
here
and
and
this
this
sig
here
is.
F
We
have
an
opinion
on
that.
I
I
think
I
heard
that
the
opinion
was
that
was
a
bit
iffy
and
for
folks
in
this
group
felt
it
would
have
been
better
to
be
consulted,
in
which
case
do
the
folks
in
the
other
groups,
know
that
and
are
they
do?
They
know
what
the
process
is
to
gather
input
from
this
team,
like
I,
just
feel
like
yes,
you're
putting
into
a
lack
of
coordination,
but
it's
it's
beyond
just
this
RC
stuff,
it's
like.
F
B
Tell
You
by
Design,
I'm,
sorry,
I'm,
sorry,
Melba,
I'm,
sorry,
not
everything
they're
about
to
say
by
Design
all
right.
This
sig
this
particular
Stig
was
established
to
be
that
arm
right.
So
so
it
I
mean
and
by
the
way
I'm
not
saying
right
or
wrong
here.
What
I'm
saying
is
man
it
wouldn't
have
been.
It
would
have
been
nice
to
know
I
I.
It
would
have
been
nice
to
know
that
that
was
even
happening
before
it
happened.
B
I
Shrugged
my
shoulders,
but
but
I
I,
I
I
I
will
say
that
the
whole
intent
was
for
us
to
be
that
support
for
salsa
as
a
whole
that
that's
that's
my
that
that's
my
jumping
on
it,
but
go
ahead.
Melvin.
A
A
There
was
a
conversation
about
this
with
a
writer
thing
that
didn't
copy
and
paste
properly
a
writer
of
that
blog.
It
was
Chris
k
and
it
was
documented
in
the
notes
that
you
know
there.
There
was
some
disappointment
in
us
not
being
involved,
because
we
were
still
at
the
time
the
salsa
positioning
Sig
right,
but
we
didn't
have
a
a
decision
on
what
should
that
coordination
look
like,
because
we
don't
want
to
hold
up
every
blog
right,
but
there
are
certain
things:
hi
Jennifer.
A
There
are
certain
things
that
we
would
want
to
coordinate
on
something
as
big
as
the
release.
We
probably
would
and
don't
quite
know
how
to
navigate
that
right.
Where
do
you
draw
that
fine
line
of
letting
them
do
their
thing,
but
maybe
something
as
big
as
this?
A
We
should
be
involved
in
some
way,
because
that
is
the
intent
of
this
sake.
Right
is
to
help
with
those
Communications
make
sure
it's
not
I,
don't
know.
If
myopic
is
the
right
word,
but
I
know
Jay's
mentioned
like
well
what
about
the
other
legs
of
Sci
s2c2f
in
Fresca?
How
does
that
fit
in
with
the
blog?
Can
we
put
in
something
in
there
to
kind
of
give
the
audience
more
than
just
what
they're
given
in
this
little
bubble?
A
So
so
yeah
that
that
was
the
comment?
I
I
wanted
to
say
that
they
are
aware.
A
F
It
okay,
so
so
I
I,
think
I
mean
based
on
that
I
mean
that
seems
totally
valid
and
I
I
agree
with
you
this.
This
thing
here
is
in
a
position
to
provide
broader
context
around
blog
posts
which
may
be
narrowly
focused
in
one
particular
area,
and
they
benefit
from
from
kind
of
positioning
within
that
broader
context.
F
I
think
what
the
Gap
that
we
have
is
documentation
of
the
process
as
far
as
I'm
concerned,
because
Chris
didn't
know
and
I'm
not
sure
if
the
folks
in
the
salsa,
tooling
group
group
know
and
they're
also
out
there
blogging
about
supporters
also
in
this
build
system
and
that
build
system
or
verification
or
whatever,
and
so
I
think
that
we
have
a
process,
documentation,
Gap
and,
and
we
need
to
have
someone
volunteer
to
step
into
that
Gap.
E
Yeah
and
I
think
there's
also
going
to
be
obviously
like
so
there's
stuff
that
shows
up
on
the
salsa
blog.
That
I
think
is
going
to
be
one
thing,
but
there's
also
stuff,
like
I,
think
you
know
which
we
can't
necessarily
control
outside
of
our
community,
but
you
know
some
of
it
is
just
we
might
want
to,
or
rather
we
don't
like
I
guess.
E
The
thing
is
like
nothing
is
preventing
anybody
from
talking
about
any
of
this
on
their
own
blogs
like
there
might
be
stuff
where
hey
you
know,
if,
if
folks
preempt,
let's
say
something
that
that
we
plan
to
announce
or
we
plan
to
do
you
know,
that's
just
sort
of
you
know
bad
practice,
but
I
think
yeah
generally,
we
also
you
know.
Folks
are
going
to
be
talking
about
all
sorts
of
stuff
on
whatever
blog
they
they
want
there
as
well.
D
A
D
Curious,
if,
if
we
have
an
idea
of
the
story,
we
want
to
tell
as
as
that
broader,
more
cohesive
context
right,
like
I
I,
think
the
idea
of
allowing
every
individual
group
to
have
autonomy
over
what
they
describe
is
important
because,
like
we
talked
about
previously,
people
will
work
around
whatever
process
gets
put
in
place.
D
If
there's
something
they
want
to
say
or
they'll
say
it
as
individuals,
as
Michael
stated
like
on
their
own
blog,
so
I
think
maybe
like
for
this
group
as
it
as
it
gets
going
and
considers
that
broader
context
like
what
is
the
story
we
want
to
tell
about
how
all
these
different
Pieces
come
together
to
solve
the
the
broader
supply
chain,
integrity,
and
that
would
better
help
us
Define.
D
How
involved
we
need
to
be
with
the
sub-projects
and
exert
contributions,
maybe
rather
than
influencer
control
over
what
they're
saying
I,
don't
I,
don't
know
if
that's
captured
anywhere
or
if
that's
upcoming,
work.
That
folks
are
thinking
about.
A
Yeah,
so
we
we
have
talked
about
that,
which
is
another
reason
why
it
was
elevated
right
to
give
a
voice,
have
better
collaboration
across
the
the
sigs
underneath
supply
chain,
Integrity
working
group,
because
there
was
none
right.
It
was
like
okay,
just
even
within
salsa,
like
the
the
tooling
versus
fact
right
like
versus
you,
know,
positioning
right.
There
was
a
gap
in
communication
at
times,
and
so
we
identified
that
and
said.
Okay,
we
need
to
better
collaborate
right.
A
If
you
want
comms
or
something
come
to
us
and
we'll
help
right,
you
don't
have
to
do
it
on
your
own.
We
can
help
review
and
they
have
come
to
us
to
review
some
drafts
and
sometimes
I've
gotten
a
Blog
directly
from
some
random
person,
because
the
specification
group
told
them
to
come
to
me
and
like
I'm,
like
I'm,
not
an
authority
but
I'll
help.
You
know,
review
whatever,
is
there
right
and
for
SEI?
A
That's
what
we
want
to
do
not
just
across
you
know
just
salsa
but
across
Fresca
salsa
and
S2
c2f,
and
so
we
do
have
to
form
that
Vision,
which
we'll
have
to
do
so
very
very
quickly,
because
we
have
a
talk
on
it
in
open,
ssf
or
open
ssna
and
need
the
open
ssf
day
where
we're
hoping
so
that
that
is
absolutely
warranted,
and
we
do
want
to
have
that.
I
I
think
it's
the
not
being
the
red
tape.
We
don't
want
red
tape.
A
We
want
to
help
right
and
again
we
we
very
much
try
to
reach
out
to
help
as
much
as
we
can
and
it's
disheartening
right
when
they
don't
for
something
as
big
as
this
reach
out
to
us,
because
that's
what
we're
here
for
it
was
yeah,
so
anyways
I
I
get
off
my
soapbox
any
did
that
help
address
some
of
that
John
or
did
I
just
kind
of
ramble
and
go
off
on
a
different
topic.
D
Yeah,
no,
it
that
makes
sense,
I
think
maybe
there's
I
still
have
a
little
bit
of
a
question
of
like
what
are
we.
Where
are
we
going,
and
what
do
we
want
to
do
next
and
how
do
we
tackle
that
work
and
like
in
in
supporting
everything-
and
maybe
it's
not
necessarily
this
group-
that's
responsible
for
that
as
much.
It
is
as
they
like
supply
chain,
Integrity
working
group
like
at
a
higher
level
and
I,
don't
know
how
I
haven't
joined
or
contributed
to
that
group
at
all.
So.
A
Yeah
yeah,
we
do
have
a
a
CI.
A
Is
it
this
one
I
think
it's
this?
Yes,
so
this
is
the
the
the
new
Mission
Vision
that
Isaac
helped
draft
up
and
I
can
put
that
in
the
chat
on
where
we
want
to
go
in
2023
and
potentially
Beyond.
So
we
he
did
draft
this
up
early
this
year
when
we
brought
these
concerns
of
hey
the
the
working
or
the
sub
projects
are
not
talking
to
each
other
right,
they're,
each
doing
great
things,
but
they're
not
aligned,
and
how
is
that
providing
value
to
the
industry
right?
A
We
want
a
cohesive
story.
We
want
to
be
able
to
say
use
all
of
these
things
to
help
your
supply
chain
integrity
and
we
couldn't
because
nobody
was
talking
to
each
other
right.
Like
you
know,
Mike
is
very
much
involved
in
all
the
different
projects,
but
not
everybody
is
right.
So
we
we
can't
have
just
you
know
the
one
person
hopping
around.
We
need
collectively
a
group
to
make
sure
that
we
are
communicating
and
we
are
trying
to
make
sure
everyone's
aligned,
as
as
best
as
we
can
so.
A
And
then,
where
are
we
going
and
then
there's
also
a
salsa
road
map
that
we
helped
start
drafting
for?
This
was
when
we
were
still
the
salsa
positioning.
We
still
have
some
work
to
do
to
kind
of
clean
it
up,
but
for
the
most
part
it
was
well
received,
and
we
just
need
to
finalize
it.
2
mm
too
many
media.
A
If,
if
you
can
help,
you
know
myself
with
that,
that'd
be
fantastic
and
have
all
sorts
of
time
to
do
this
stuff.
Any
any
other
topics
on
on
this
slash
coordination,
slash
the
governance.
I
know:
Jennifer
Bligh
is
here
so
she
kind
of
came
in
at
the
tail.
A
A
There
doesn't
seem
to
be
an
official
decision
by
the
attack
on
when
they
should
be
consulted,
slash
when
they
should
review
versus.
Not
if
it's
not
on
the
open,
ssf
blog
versus
you
know,
it's
also.dev,
you
know,
or
do
releases
always
have
to
go
through
attack.
Do
working
groups
have
to
go
through
tag
for
the
right,
so
there's
things
like
that
that
we're
not
quite
sure
of-
and
maybe
that's
something
you
can
get
color.
C
Yeah
absolutely
I
think
there's
definitely
a
still
some
ambiguity
and
we
should
find
where
those
are
and
clarify
those
I
do
want
to
share
with
you
of
the
open,
ssf
content
policy.
I
think
that
might
be
helpful.
Okay,
let
me
drop
it
in
the
chat
here.
If
you
scroll
down
to
the
bottom,
there
is
a
little
bit
about
project
websites
and
social
media,
so
that
hints
on
it
a
little
bit
but
I
think
you've
identified
a
few
additional
areas
that
that
we
just
don't
have
Clarity
on.
Quite
yet,
okay.
A
C
Clarity
on
that,
I
would
say
for
any
release
for
sure
the
the
attack,
so
what
we
do
for
the
openssf
blog
overall
is
anything
that's
of
a
sort
of
a
technical
statement
on
behalf
of
the
organization.
We
run
all
of
those
things
by
the
tag,
and
so
in
a
case
like
the
salsa,
1.0
I
think
for
sure
run
it
by
the
attack.
I
also
want
to
run
that
one
by
the
governing
board.
C
The
marketing
committee,
you
know,
have
everyone
on
board
so
for
major
items
like
that,
but
then
for
some
of
these
more
detailed,
specific
pieces
that
might
be
just
going
on
salsa.dev
I
think
there's
where
we
could
have
additional
clarity.
F
Kids,
yeah
I
mean
I,
was
I.
Think
Jennifer
literally
did
her
last
sentence
covered.
What
was
about
to
ask
which
is
looking
at
the
guidelines
you
have
is
all
is
is
focused
on
openssf
properties,
and
so,
like
my
my
example,
is,
let's
say
a
part
of
you
know:
a
subgroup
of
salsa
wants
to
do
a
short
blog
post
on
salsa.dev
about
you
know,
I,
don't
know
a
new
technique
for
generating
salsa
Providence
fairly
Niche
concerned
only
really
results
very
Niche
audience
like
the
process
for
getting
that
blog
out.
I.
F
Think
we
were,
as
we
were
discussing
earlier,
is,
is
unclear
like
it's
unclear,
or
at
least
it
hasn't
been
published
or
documented.
Should
the
sci
team
be
involved
in
that
we
don't
know,
should
the
tech
be
involved
in
that
we
don't
know,
should
Jennifer
Bligh
be
involved
in
that
we
don't
know
and
I
think
we
need
Clarity
on
all
of
the
above
basically,
and
so
we
we
I,
think
we
identified
a
gap
around
things
on
salsa.gov,
specifically
with
openssf
I
have
much
greater
Clarity
and
Jennifer.
F
I'd
certainly
include
you
on
anything
that
I
was
intending
to
put
on
openss
owned
and
operated
properties,
but
for
salsa.dev
it's
it's
a
little
bit.
Blurrier
and
I
think
that
we
need
to
crisp
that
up
for
folks
wanting
to
get
a
Content
out.
A
A
Go
ahead,
you
can
respond
and
then,
before
you
Mike
I've
been
trying
go
ahead.
Jennifer.
C
So
I
was
just
gonna
say
that
I
think
the
way
if
we
look
at
how
it
works
within
the
sing
store,
for
example,
so
sing
store,
is,
has
their
own
process
that
they've
developed
that
works
specifically
for
them.
And
then
the
coordination
with
openssf
all
come
in,
and
you
know,
work
together
on
things
that
might
be
like
across
collaboration
type
of
thing,
so
I
think
maybe
starting
with
the
community
and
and
specifically
developing
a
process
that
works
for
for
salsa
for
Sci
overall
yeah.
A
So
yeah
I
had
a
question
on
like
the
release
as
an
example,
we
are
going
to
have
subsequent
material
to
explain
more
about
1.0
right
and
so
does
that
have
to
go
to
the
tech
to
be
reviewed.
It's
not
going
to
go
on
open,
ssf,
it's
going
to
go
on
software.dev,
but
it's
part
of
a
release
and
justifying
why
we
made
a
decision
to
be
made
and
trying
to
bring
Clarity
to
some
of
the
maybe
new
requirements.
C
I
think
we
should
ask
I
should
think
we
should
ask
them
that
question.
Do
they
want
to
be
looking
at?
You
know
very
specific
information,
I'm
cognizant,
that
they
are
already
very
busy
and
are
reviewing
a
lot
of
things
already
so
I
think
that
should
be
offered
yeah.
E
Yeah
and
I
think
related
to
that
I.
Think
one
of
the
things
we
we
really
want
to
make
sure
is
a
bit
clearer
is
so,
for
example,
the
one
area
that
I
know
is
there's
a
point
of
contention
is
under
process
under
what
you
you
linked,
notify
openssf
on
major
updates
announcements
and
new
content.
What
constitutes
this
major
is
has
been
a
huge
topic
of
debate
with
you
know.
E
E
You
know
exactly
what
counts
as
major
is,
is
very
much
a
a
sensitive
topic
right
now,
but
if
we
can
like
and
I
think
the
folks
here
on,
this
call
are
more
than
willing
to
to
provide
their
input
on
that
to
the
attack.
If
interested,
because
I
know
one
of
the
things
we
want
is
we
want
to
have
that
nice
balance
between
hey
yeah?
E
This
is
big
enough,
where
openssf
should
be
definitely
taking
the
lead
and
making
sure
that
you
know
we're
not
announcing
something
that
goes
against
anything
from
the
open,
SF
point
of
view,
anything
that
you
know
from
from
the
goals
of
the
open,
ssf
or
or
whatever,
and
make
sure
that
it's
also,
we
can
be
super
effective,
while
also
making
sure
that,
if
somebody
is
posting,
some
random
thoughts
about
hey
here
is
like
how
I've
done
such
and
such
with
salsa,
and
it's
relatively
innocuous
thing.
C
A
C
Just
gonna
say
yes,
I,
agree,
I,
think
having
Clarity
and
specific
guard
rails
in
place
will
then
make
it
very
clear
about
you
know
this.
This
does
this
doesn't
and
kind
of
help
facilitate
moving
through
the
process.
G
G
You
know
I
think
the
tag
doesn't
mind
to
be
notified
when
things
going
to
happen,
and
it
gives
people
the
opportunity
to
review
if
they
care,
but
it
doesn't
put
them.
You
know
on
the
critical
path
like
now
they
have
to
approve,
otherwise
things
get
stopped.
A
Where
would
that
it
would
like
that
attack
as
an
example.
G
G
Unless
you
make
it
a
binary,
you're
doing
nothing,
then
you
don't
need
anything
or
you're
doing
something.
Then
you
you
know
to
do
everything
if
you
try
to
to
have
different
categories
or
use
cases
you're
going
to
have
always
the
problem
of
age
cases
where
it's
like.
Well,
you
know
we
thought
it
was
that
way.
But
hopefully
you
know
we
have
a
enough
communication
and
then
collaboration
Goodwill
that
we
can
sort
it
out
as
a
community.
E
Yeah
and
I
I
think
to
kind
of
go
back
to
some
of
Isaac's.
Things
is
I,
think
I
would
be
told
I
think
it'd
be
totally
like,
at
least
in
my
opinion.
If
we
had,
you
know
we,
we
may
we
wrote
up
our
guidelines,
sent
it
over
to
the
talk
and
said:
hey
here's
our
guidelines
for
what
we
consider
major
or
minor,
does
this
seem
reasonable
and
if
so,
and
obviously,
there's
always
going
to
be
edge
cases
and
we're
just
going
to
go
and
say
oops
like
that
should
not
have
gone
out.
E
We
recognize
it
or
oh
yeah.
We
went
to
you
with
something
that
was
a
little
bit
on
the
edge,
and
you
said
it's
actually
not
that
big
of
a
deal,
so
you
know
oops,
sorry,
you
know
I
think
I
think
that's
totally
fine.
I.
Just
think
that
the
you
know
what
we
have
run
into
multiple
times
has
been
this
like
back
and
forth
about.
Oh
you
merged
this
thing
and
and
deployed
it
without
telling
anybody
and
we're
like.
E
A
Yeah
so
I
know
Isaac.
You
said
that
you
were
going
to
put
together
one
pager,
but
I
think
we
also
need
something
about
the
coordination
between
salsa
s2c2fs
Fresca
when
it
comes
to
comes
with
the
positioning
group.
A
I
just
don't
know
what
that
looks
like
so
I'm,
not
sure
if
anyone
has
thoughts,
ideas
if
they'd
like
to
help
draft
that
up,
because
obviously
we've
had
one
instance
at
least
one
instance
that
we
weren't
consulted,
but
we
probably
should
have
been
right,
not
necessarily
The
Gatekeepers,
but
so
I'm,
not
sure
who's
wanting
or
willing
to
help
start
drafting
that
up.
B
I
think,
as
a
group,
we
I
mean
what
I'm
going
to
put
my
hands
on
it.
I
think,
in
addition
to
that
will
be
a
question
of
when
is
it
appropriate
to
include
honorable
mention
of
all
three
and
when
is
it
not
it
being
one
of
the
when
that,
when
I,
when
I
proposed
that
in
that
blog
post,
one
of
the
replies
came
back
well
that
you
know
that
shouldn't
be
mentioned
here?
That
could
be
mentioned
in
a
subsequent
blog
post.
Well,
what
constitutes
that
subsequent
subsequent
blog
post?
B
A
B
Think
it
begs
to
to
have
a
discussion,
though,
when
it
comes
to
when
it
comes
to
those
those
blogs
and
in
the
coordinated
effort
and
and
how
we
talk
about
all
three
the
who.
What
where,
when?
Why
of
that,
may
also
need
to
be
scoped
out
with
it.
C
A
As
well
because
I
I
do
think
there,
there
needs
to
be
Clarity
and
I
know
even
the
whole
guest
versus
guest
post
versus
Community
I.
Remember:
adding
Clarity
to
the
governance
rules
of
salsa
to
make
sure
that
if
it
is
a
community,
it
has
consensus
from
the
community.
It's
not
just
one
individual
right,
so
it
needs
more
approvals
versus
guest
post
and
so
a
lot
of
the
stuff
that
we
write
together
as
a
community.
A
That's
a
community
post
but
I've
seen
that
being
flagged
as
a
guest
post,
not
a
community
post.
Even
though
there's
like
six
or
seven
of
us
writing
it.
So
there's
I
think
there's
even
ambiguity.
Ambiguity
there
right
that
we
could
kind
of
tighten
up
and.
B
A
A
Yeah
yeah,
so
I
Isaacs
is
more
about
what
is
a
Blog
versus
documentation
right,
Isaac.
F
Yep
I
mean
I,
I
was
gonna,
I
was
going
to
touch
on
the
other
side
too,
but
I
think
actually
having
two
one.
Pages
me
doing.
One
and
Jay
doing
another
is
is
a
great
outcome.
It
will
help
clarity.
A
F
Feels
like
Jay
is,
is
perhaps
a
guide
to
writing
blogs
on
and
on
behalf
of
the
sea
working
group,
and
that
would
cover
maybe
a
reference
to
my
doc.
Should
it
be
a
Blog
in
the
first
place,
but
then
also
here's
the
process,
here's
the
guidelines,
here's
the
kind
of
stuff
you
should
bear
in
mind
when
doing
things.
Here's
what
you
should
aim
to
reference
when
you're
doing
it,
here's
when
to
bring
in
Jennifer
and
when
not
to
bring
in
Jennifer
and
so
on,
and
so
I.
B
E
F
B
A
F
So
I
I
would
say:
let's
I
would
say
if
we
target
like
our
audience,
is
any
subgroup
within
SCI
and
if
we,
if
we
end
up
loving
this
I,
think
this
is
great.
We're
gonna
go
export
it
and
collaborate
with
the
best
practices,
working
group
or
the
memory
safety
working
group
or
whatever
and
see
hey.
Do
you
have
a
guide
to
blogs
because
we
just
wrote
one?
F
Would
you
like
to
adopt
this
too
and
we
could
spread
it
out
from
there,
but
I
think,
starting
with
the
SEI
working
group,
getting
it
locked
in
for
salta,
Fresca
s2c2f,
you
know
anything
else.
We
may
add
SCI
as
a
whole.
Let's
get
that
together
and
then
see
if
there's
opportunity
to
make
this
extended
across
open
ssf.
F
Maybe
Jay
I
mean
I,
know
you're
in
other
open,
ssf
Forum.
It
may
be
a
reasonable
starting
point,
for
this
document
is
checking
in
with
the
other
working
groups.
Do
you
all?
Do
you
all
already
have
one
and
we're
just
late
to
the
game
here,
because
if,
if
the
best
practices
working
group
already
has
a
guide
to
how
to
write
blog
posts
and
here's
the
stuff
and
how
to
do
it
and
who
approves,
then
maybe
we
can
just
look
at
adopting
that
yeah
Isaac
you're
already
in.
A
Collapse
in,
we
will
start
upward
this
week.
Work
our
way
in
okay.
Well,
thanks
folks
for
joining
I
know
we're
at
time.
Another
great
meeting
appreciate
the
participation,
the
collaboration
and
I'm
hoping
we.