►
From YouTube: OpenSSF TAC (March 21, 2023)
Description
Meeting minutes: https://docs.google.com/document/d/18BJlokTeG5e5ARD1VFDl5bIP75OFPCtzf77lfadQ4f0/edit#heading=h.9m0zi4b0wnne
A
B
D
D
D
I
did
want
to
remind
the
broader
community
that
we
started
the
election
process
for
both
the
attack,
as
well
as
the
security
Community
individual
representative
that
started
yesterday
and
we'll
end
at
the
midnight
11
59
Eastern
Time
on
April,
2nd.
So
the
next
meeting
of
the
attack.
Well,
we
should
have
at
least
the
new
the
election
results
available
ahead
of
that
meeting.
D
E
Yeah,
so
just
wanted
to
do
a
quick
update,
I
didn't
have
like
slides,
prepared
or
anything,
but
here
is
our
our
working
group
page
on
GitHub
and
our
current
projects.
The
main
project
I
want
to
give
an
update
on
is
a
kind
of
the
main
project
of
our
working
group,
which
is
the
list
of
critical
projects.
E
E
So
we
have
a
a
new
process,
that's
under
development,
for
something
would
that
we
would
call
version
two
which
is
pulling
in
suggestions
from
you
know
a
broader
set
of
people.
You
know
engaging
communities
outside
the
open
ssf
to
suggest
which
projects
are
critical
and
then
collecting
that
data
and
pulling
in
automatically
pulling
in
metrics
and
all
that
data.
So
what
is
the
criticality
score?
What
is
the
the
download
count?
What
is
the
census
data
on
that?
E
So
that's
been
going
on
on
the
side
and
what
we've
decided
in
the
meantime
is.
We
need
to
make
an
updated
list
from
our
version
one
list.
So
that's
actually
what
we've
been
doing?
You
can
see
our
kind
of
tracking
table
here.
That's
what
we've
been
doing
for
most
of
this
year
is
getting
an
updated
version
of
our
olds
using
the
old
style,
while
in
parallel
working
on
that
that
new
style
collection
of
data,
so
right
now
we're
in
between
our
our
last
our
our
two
voting
and
discussion
meetings.
D
I
had
one
quick
question:
looking
across
the
room,
I
don't
see
any
hands,
so
I'll
just
jump
to
queue
with
the.
If
you
were
to
move
forward
with
the
AO
list,
would
you
would
you
envision
maintaining
both
your
top
100
spreadsheet
and
this
or
with
the
they
become
unified?
In
simply
the
top
100
is
the
top
100
of
a
unified
list.
I.
E
Think
they
would
be
separate,
separate
projects
and-
and
one
thing
to
call
out
here-
I
mean
this-
is
we're
updating
the
name
of
this
from
this
is
our
version
one
erupting
the
name
of
this
to
set
because
we're
not
really
ranking
these
projects,
so
I
think
we
just
will
have
two
separate
tiers,
a
tier
that
of
projects
that
that
come
into
this
list
or
set,
and
then
a
second
tier.
So
those
are
going
to
have
different.
E
F
E
Somebody
asked
to
repeat
the
question:
the
question
is:
what
do
we
do
at
the
list
and
the
short
answer
is
that's
outside
the
scope
of
the
working
group,
but
the
longer
answer
is
yeah.
It's
it's
picked
up
by
anybody
who
who
wants
to
engage.
You
know
like
needs
to
know
like
what
are
the
top
projects.
I
want
to
engage.
E
F
E
I,
don't
think
so,
I
think
the
main
again
the
main
thing
is
I,
do
want
to
make
sure
that
you
know
when
we,
when
we
get
project
proposals,
that
we
are
following
the
right
process,
so
yeah
we'd
have
happy
to
see
communication
on
that
flow
out.
I,
don't
see
a
lot
of
like
emails
and
when
we,
when
we
have
like
changes
and
procedures
or
new
procedures
where
there
wasn't
one
on
the
working
group
chair
list,
so
maybe
some
more
some
more
emails.
E
So
we
haven't.
As
a
working
group,
we
haven't
figured
out
how
we
want
that.
If
we
want
GitHub
issues,
we
have
on
a
doc
or
a
Google
form,
or
something
like
that
and
again
that's
on
our
version.
One
of
the
list
version
two
of
the
list.
The
whole
point
of
that
is
to
have
this
more
automated.
As
far
as
both
proposals
and
kind
of
giving
thumbs
up
and
things
like
that.
D
D
Once
twice
sold
all
right,
then
we'll
go
ahead
and
continue
on.
The
next
item
on
the
agenda
is
a
procedural
vote,
so
I
guess
for
for
mainly
targeted
attack
members.
Hopefully
you
recall
that
at
the
last
governing
board
meeting
I
believe
it
was
the
last
one
might
have
been.
Two
ago
the
governing
board
approved
the
creation
of
What's
called
the
governance
subcommittee,
which
is
aimed
to
provide
high
bandwidth
communication
between
the
governing
board,
the
attack
and
Foundation
staff,
as
we
work
through
building
out
business
processes.
D
D
The
edu
Sig
proposal,
as
well
as
the
funding
for
the
OSF
security
mailing
list
infrastructure
I,
believe
the
discussion
on
that
essentially
has
been
sent
up
to
the
GB,
but
from
a
procedural
point
of
view,
I
wanted
to
call
for
any
any
final
comments
before
we
open
those
issues
at
that
committee
for
discussion
later
this
week.
So.
I
D
Already
started
talking
about
them,
this
is
a
bit
of
kind
of
doing
process
in
Reverse,
but
again
in
the
interest
of
just
full
disclosure
wanted
to
raise
this
as
a
topic
and
rather
than
call
for
a
vote.
I
guess
I'll
just
ask
if
there
are
any
objections
to
proceeding
on
those
dialogues
at
the
GB
level.
D
Right
all
right,
then,
we'll
consider
that
an
abode
of
approval
all
right.
So
then
the
I
guess
the
more
meaty
topic
for
today's
discussion
is
kind
of
revisiting
the
last
some
of
the
dialogue
at
the
last
hack,
meaning
I
know.
This
has
come
up
in
a
couple
different
conversations,
even
in
Jeff's
dialogue
this
morning
around
the
current
state
of
project
governance
at
the
open
ssf.
D
That
was
a
you
know,
a
discussion
back
and
forth
amongst
a
number
of
different
dimensions.
Some
of
those
were
around
just
hey.
We
need
minimally
viable
process
and
let's
get
something
written
down
that
can
help
kind
of
guide
the
foundation
from
an
operational
point
of
view.
Some
of
that
was
a
more
strategic
conversation
around
you
know.
Where
did
we
see
the
foundation
ultimately
being?
Did
we
want
to
take
a
a
large,
larger
foundation
and
and
maybe
to
use
the
adage?
D
D
So
so
we
haven't
had
a
whole
lot
of
opportunity
to
test
out
that
mechanism
understand
where
it's
strong,
maybe
where
it
needs
some
tweaks,
but
at
last
week's
Tac
meeting
we
did
bring
a
proposal
forward
for
the
RS
tough
project
that
was
being
sponsored
by
the
supplying
software
repositories.
Working
group
and
I'll
just
say
from
my
own
personal
opinion.
Some
of
the
feedback
from
my
fellow
Tech
members
on
that
discussion,
I
found
a
little
bit
puzzling
I
think
there
was
a
general
sentiment
of
a.
D
Why
is
this
at
the
TAC
meeting?
Is
this
just
being
presented
for
awareness,
or
do
we
actually
have
to
vote
on
the
inclusion
of
a
new
project
into
the
foundation?
There
was
a
discussion
around
how
much
of
this
is
actually
delegated
down
to
the
working
group
level
versus
you
know.
Is
it
simply
the
sponsoring
body
which
can
either
be
a
working
group
or
the
attack
itself,
because
we
do
have
the
concept
of
a
top
level
project
in
the
in
the
governance
that
was
voted
on
and
merged?
D
That
there
is
a
a
bit
of
a
I
guess,
difference
of
opinion.
Maybe
is
the
nicest
way
to
put
it
around
kind
of
where
do
we
sit?
I
would
remind
folks
that
again,
where
we
sit
is
the
document
that
is
published
in
GitHub
under
the
attack
repo,
and
if
we
want
to
make
changes
as
a
body,
we
can
certainly
pursue
those
dialogues,
but
in
general,
part
of
our
role
of
a
foundation
is
not
operating
by
the
the
whims
of
opinion.
D
I
think
that's
the
best
way
to
operate
from
a
position
of
transparency,
from
a
position
of
fairness
and
from
a
position
of
just
efficiency.
If
we're
all
working
off
of
the
same
source
of
truth,
it's
a
lot
easier
to
operate
than
having
to
have
a
multitude
of
conversations
to
figure
out
what
what
is
it
kind
of
the
the
norm
within
the
organization
pointing.
I
D
D
I
D
D
We're
required
to
have
a
seven
at
least
a
seven
day
window
for
those
changes
to
exist
and
be
publicly
read,
and
you
know
ultimately,
we
also
we
need
to
be
wrecked
with
you
know,
just
cognizant
of
the
fact
that
we
are
in
the
middle
of
an
election
cycle
and
the
next
time
this
meeting
this
body
is
adjourned.
We
may
have
different
members.
D
Actually,
we
will
have
different
members
because
we
don't
have
everyone
running
for
for
re-election,
so
I
guess
the
tldr
is:
let's
have
a
discussion
today
around
the
nuance
and
some
of
the
guidance
here,
but
I
want
to
preface
this
whole
dialogue
with
the
output
of
this
conversation
may
be
additional
PRS
or
it
may
be
additional
issues.
We
should
not
take
any
marching
orders
from
the
discussion
today.
We
need
to
operate
off
of
GitHub
as
the
source
of.
F
D
I
D
D
F
D
J
J
Go
figure
out
how
to
make
this
work
across
all
of
your
working
groups
so
that
they
are
successful
because
otherwise
we're
just
sort
of
a
loose
Confederation
of
committees
that
happen
to
exist
that
are
entirely
driven
grounds
up
ground
up,
there's
no
direction
that
the
attack
can
provide.
If
there's
no
funding
or
you
know
other
resources
to
direct,
because
every
every
member
is
going
to
direct
their
own
energy
in
the
way
they
see
fit.
There's
nothing.
J
K
K
You
know
the
governing
board:
I'm
I'm
fine,
with
the
governing
board
having
sort
of
dollar
Authority
but
I,
don't
know
what
they're
doing
like
I've
I've
to
my
knowledge,
never
been
in
a
working
group
where
somebody
said
hi
I'm
here
from
the
governing
board
and
I'm
here
to
help
right
like
that.
That
just
hasn't
happened.
D
So
I'm
I'm
next
in
the
queue
the
I
guess,
a
couple
responses
I
wanted
to
make
to
that
and
I
do
recognize.
We
have
other
hands
up
as
well.
First,
do
your
last
Point
chalk
around
transparency
to
the
governing
board
I?
Would
we
could
certainly
put
the
the
link
to
this
in
the
the
minutes?
The
governing
board
meeting
minutes
are
publicly
posted.
D
So
if
you
are
curious
in
terms
of
what
happens
at
those
meetings,
we
certainly
can
make
sure
that
the
folks
have
ready
access
to
that.
That
was
a
change
that
we
we
discussed
at
the
governing
board
and
then
implemented.
Brian
can
keep
me
honest
roughly
the
second
half
of
last
year.
I
believe
don't
hold
me
to
the
exact
date,
but
that's
what
my
memory
gives
me
so
in.
D
Outputs
of
that
to
be
able
to
independently
introspect
that
is
available
to
Justin's
Point
around
money,
I
guess
I
would
phrase
it
slightly
differently,
but
I
agree
with
the
sentiment.
I
think
it's
a
sense
of
what
I
think
at
the
even
last
year,
I
talked
about
the
notion
of
gives
and
gets
and
Gibbs
not
being
as
strong
on
the
hey
I
want
to
donate
a
project
to
the
foundation.
It's
really
a
roar
around
what.
I
D
Support
is
there
Operational
Support?
Is
it
Cloud
hosting
and
money?
Is
it
added?
You
know
you
know
added.
You
know,
calls
to
the
member
companies
of
the
foundation
to
say
hey,
we
have
a
new
project
and
we're
looking
for
volunteers
or
we're
looking
for
contributors
in
these
specific
areas,
things
that
the
foundation
staff
can
ultimately
do
to
help
bring
resources
to
Bear.
D
Some
of
those
may
be
Financial
in
nature,
but
some
of
it
may
be
more
of
an
orchestration
or
supporting
role
to
help
make
sure
that
those
projects
are
successful,
as
as
they
can
be,
I
wouldn't
limit
it
simply
to
just
money.
Money
is
obviously
an
important
dynamic
in
the
context
of
resources,
but
honestly
to
some
of
the
other
comments.
Contributors
are
are
often
more
valuable
than
necessarily
just
pure
cash
that
can
that
can
be
thrown
into
things.
So
with
that
I
believe
Kroger,
your
hand
was
up.
Next.
Apologies,
if
that's
not
the
case.
M
Yes,
thank
you.
As
a
member
of
the
community
and
a
leader
of
some
of
the
working
groups,
I
have
had
the
great
opportunity
to
live
through
the
current
process
and
there
are
some
gaps.
I
think
we
need
to
better
refine
I,
think
we're
missing
some
type
of
pre
incubation
free,
sandbox
stage
that
allows
for
work
of
the
community
to
come
to
a
working
group
to
get
that
additional
collaboration
and
resources.
M
As
long
as
it's
aligned
with
our
mission
and
vision
and
kind
of
kicking
the
tires
and
experimenting
prior
to
a
full-on
commitment
of
anything,
whether
it's
Cloud
hosting
it's
somebody
to
help
with
minutes,
it's
money
for
whatever
and
then
I
think
we
also
need
to
Define.
There
appears
to
be
a
weighted
value
on
software
over
other
forms
of
contribution,
and
that
needs
to
be
I
think
laid
out
as
to
what
the
decisioning
criteria
are.
M
Why
are
some
things
required
to
go
through
a
formal
process,
and
why
are
others
exempt
from
that,
even
though
they
potentially
have,
at
the
end
of
the
day,
the
same,
if
not
greater
value
it
depending
so
that
those
are
my
two
points.
I'd
love
to
get
those
ironed
out,
so
we
can
move
together
positively.
N
Right,
unmute,
myself,
first
yeah
to
hopefully
just
a
few
real
quick
points,
I
hope.
Clearly,
yes,
money
can
be
very
very
helpful
for
projects
and
sigs
I.
Think
Waze,
arguing
against
that.
But
I
think
there
is
a
perceived
value
and
I
guess:
I'm,
I'm,
Bob,
I'm
kind
of
I.
Guess
emphasizing
a
point
you
made
earlier,
you
know
simply
being
part
of
the
open.
Ssf
does
have
perceived
value
for
a
lot
of
folks.
N
People
are
trying
to
start
projects
and
sigs
and
join
because
if
nothing
else,
it
gets
that
visibility
increases
the
odds
of
collaboration
and
so
on.
As
far
as
the
lack
of
visibility
of
governing
board
decisions,
I
think
that's
a
fair
concern.
I'm
not
entirely
sure
how
to
fix
that.
But
that
sounds
like
something
that
would
be
of
value
as
I'll
I'll,
probably
I'll.
Take
that
somewhere
and
try
to
see
if
we
can't
I
mean
obviously
governing
more
decisions
that
involve
things
like
Personnel
and
stuff.
N
D
O
G
I
Lowered
my
hand
instead
of
unmuting
a
few
things,
I
wanted
to
bring
out.
First,
we
have
a
Sandbox
stage
and
you
know
there
are
some
requirements
attached
to
that,
but
we
have
sandbox
before
incubation
it.
It
has
a
certain
you
know
set
of
criteria
for
entry
in
sandbox,
but
it's
there.
We
could
decide
to
revise
those
criteria
if
we
feel
like
they
are
not.
You
know,
meeting
the
needs,
but
I
just
want
to
point
that
out.
I
I
also
wanted
to
point
out
that,
as
part
of
the
Project
Life
Cycle,
we
Define
for
each
stage
a
set
of
benefits,
and
that
was
one
thing
we
actually
specifically
worked
on.
Is
you
know
we
wanted
to
give
some
kind
of
motivation
for
projects
to
try
to
graduate
from
one
stage
to
the
next
and
the
idea
is
well.
The
bigger
you
are
the
the
the
more
advanced
you
are
in
your
Project
Life
Cycle,
the
more
resources
you
get
I,
don't
think
we
have
implemented
any
of
this
today
and
I.
I
I
We
approved
this
process,
like
you
know
not
quite
a
year
ago,
but
many
months
over
six
months
ago,
and
this
is
the
first
time
we
have
an
opportunity
to
to
experience
it
and
I
I
wish
we
could
actually
get
through
this,
and
maybe
you
know,
go
back
to
some
of
the
other
projects
and
try
to
get
them
through
an
advent
in
a
faster
way
to
expedite
it.
To
see
where
things
are.
I
One
thing
I
wanted
to
point
out
is
I
think
we
should
not
lose
sight
of
the
fact
that
one
of
the
goals
of
the
process
we
designed
was
to
also
provide
us
with
the
a
central
repository
for
the
list
of
things
that
are
going
on
in
the
in
the
organization.
You
know
we
keep
hearing
this
for
any
newcomers
into
openssf,
they
always
say
invariably,
I
don't
know.
What's
going
on,
Warrior
is
the
least
of
all
the
working
groups,
all
the
projects,
the
sigs
and
the
activities,
and
so
the
Project
Life
Cycle.
I
The
way
it
is
designed
in
the
documentation
actually
provides
for
a
way
to
basically
maintain
this
list
at
all
times,
and
so,
if
we,
if
we
were
to
decide
the
control,
the
the
approval
should
be
changed.
I
wish
we
could
do
that
without
losing
that
you
know
mechanism.
So
practically
speaking,
we
might
still
want
people
to
have
a
pull
request
against
the
tech
repo
for
that
purpose,
and
then
say
hey,
but
the
tag
doesn't
actually
need
to
approve
it
in
a
formal
way.
K
So
maybe
it's
all
covered
in
there.
But
you
know
the
the
process
of
obtaining
funding
is
a
little
opaque
at
the
moment,
and
that
goes
back
to
my
complaint.
That
I
haven't
felt
like
I've,
had
much
visibility
into
governing
board
or
much
communication
from
the
governing
board.
I
didn't
know
that
Tracy
was
a
governing
board
member,
for
example.
That
was
news
to
me,
but
yeah.
To
summarize
those
two
things
I
think
one
the
whole
concept
of
like
a
project
that
graduates
is
very
software
Centric
and
two.
D
D
We
do.
The
governing
board
has
tried
to
take
a
pragmatic
view
of
saying
hey
if
we're
asking
for
a
hundred
dollars.
Let's
be
cognizant
of
relative
to
the
budget.
That's
not
a
lot
of
money.
Let's
you
know
try
to
move
expeditiously
and
make
those
things
be
as
streamlined
as
possible.
If
we're
asking
for
100.
D
D
D
D
Yet
sit
in
the
account
coffers
of
the
open
ssf
there
may
have
to
be
recruiting
and
pledging
and
work
that
the
foundation
goes
and
does
in
order
to
raise.
You
know
such
a
sum
of
money,
but
they
are
looking
to
the
tax
to
provide
a
filtering
mechanism
and
an
opinion
around
whether
we
think
that
is
good
or
bad.
D
So
even
the
three
issues
I
mentioned
earlier
around
you
know
edu
Sig,
the
cert
proposal,
as
well
as
the
mailing
list
proposal,
all
of
those
come
with
Associated
price
tags
in
terms
of
either
hiring
people
or
asking
for
resources
that
helped
us
proposal,
another
one
right
that
we've
talked
about
in
the
past.
So
in
that
view
the
governing
board
and
the
attack
have
essentially
said.
F
D
That
the
attack
has
a
chance
to
formally
evaluate
and
weigh
in
whether
or
not
like
yeah
it
doesn't
seem
like
it
would
hurt
sure,
go
do
it
if
all
things
are
equal
to.
No,
we
don't
see
it
as
a
priority
or
yes,
this
is
the
most
important
thing
we
should.
We
should
cause
a
a
re-prioritization
discussion,
because
we
think
this
is
timely
and
Urgent.
You
know
they're
looking
for
that
sort
of
feedback
from
from
an
attack
as
we
evaluate
things.
So,
while
we
don't
necessarily
control
budget
and
hand
out
money
to
individual
projects,.
G
D
Working
groups,
they
are
looking
us
to
provide
an
opinion
to
help
guide
their
decision-making
process
today.
So,
in
terms
of
that
overall
flow
bring
the
proposal
to
the
attack,
the
tack
will
evaluate
it.
It
will
take
a
vote.
We
will
then
forward
that
on
to
this
governance
committee
that
I
mentioned
earlier
in
this
call,
that
is
really
meant
to
be
the
let's
crystallize
the
ask.
Let's
make
sure
that
all
of
the
obvious
questions
are
ready
to
go
and
Tee
It
Up
for
an
appropriate
dialogue
at
the
governing
board.
D
C
Thanks
kind
of
circling
back
to
the
original
topic
of
project
acceptance
and
governance
process
and
all
that
stuff
I,
don't
think
anybody
is
saying,
skip
the
process,
I
think
a
lot
of
reasonable
people.
Everyone
here
is
a
reasonable
person,
can
read
that
process
and
interpret
it
a
whole
bunch
of
different
ways.
I
was
equally
as
confused
when
I
thought
last
week,
when
other
attack
members
thought
that
we
did
need
to
vote
to
accept
things
inside
of
working
groups.
C
That's
not
my
interpretation
of
what
the
policy
says
and
based
on
the
activities
of
the
last
six
months
and
no
one
raising
any
questions.
I
think,
like
we've,
seen
working
groups
acting
in
that
way
or
and
projects.
In
the
last
six
months,
the
Microsoft
sc2cf
Project
was
accepted
by
the
securing
the
supply
chain.
Integrity
working
group.
There
was
no
tax
vote
there.
The
Sig
store
project
is
just
accepted.
Two
or
three
donations,
as
well
with
just
say,
store
TSC
votes
with
nothing
coming
to
the
openssf.
C
There
are
quite
a
few
examples
of
this
where
working
groups
kind
of
assumed
that
that
was
the
intention
and
that
this
Tech
process
was
really
only
for
top
level.
Things
last
week
was
the
first
time
that
I
thought
that
it
had
come
up
and
I
think
a
lot
of
tech
members
thought
that
that
was
just
an
FYI
myself
included.
So
it's
kind
of
confusing
at
the
end
of
that
meeting.
When
we
rushed
the
vote,
I,
don't
think
it's
a
people
skipping
the
process,
thing
I,
think
it's
just.
C
That
was
the
way
the
process
was
written.
That
was
the
way
I
understood
it
at
the
time,
and
people
have
been
operating
that
way
with
no
complaints,
oh
I
think
that's
that's
sort
of
where
I
sit
in
my
interpretation
of
everything
and
based
on
what's
been
going
on.
That
seems
to
be
the
broader
interpretation
too.
G
B
Maybe
to
Echo
some
of
that
this
is
a
constructive
and
normal
place
to
be
as
a
project
grows.
Its
documented
processes
get
operationalized
more
and,
as
we
work
more
things
through
the
process,
we
start
to
discover
where
there's
a
need
for
clarity.
So
I
think
it's
great
that
we're
having
this
conversation
I
feel
like
one
of
the
aspects
of
this
that
it's
easy
to
infer
too
much
into
what's
written
just
in
GitHub
versus
a
conversation.
But
some
of
the
comments
are
out
well,
we
need
to
do
what's
in
the
document.
B
Of
course
we
need
to
do
that,
but
we
shouldn't
be
govern
solely
by
the
document
as
it
was
in
the
past.
What
was
sufficient
before
might
not
be
for
the
future,
so
we
do
need
leadership
and
I.
Think
Tac
is
a
great
place
for
that
to
Center,
because
it's
across
it
has
visibility
across
the
the
broader
organization
so
to
have
talk
leading
on
discussions
like
this
or
the
issue
that
was
open
to
say,
hey
what
is
our
next
level
of
iteration?
We
started
a
certain
process
like
a
year
ago,
it's
been
operating.
B
What's
the
next
level
iteration
it's
great
to
have
leadership
on
that,
so
I
I
want
to
make
sure
that
we
we
build
momentum
and
that
it
actually
turns
into
PR
is
that
we
do
add
some
refinements
and
of
course,
that
needs
to
go
through
its
own
process.
It
can't
just
be
arbitrary
and
quick,
but
there
is
there
also
isn't
a
rush
like
if,
if
we
iteratively
improve
a
bit
over
the
year,
that's
fantastic.
D
D
D
Sorry
about
that,
my
zoom
drops
every
20
minutes.
Do
we
have
sufficient
data
to
Warrant,
hey
we've,
we've
we've
been
operating
for
several
months.
It
does.
The
attack
feel
like
we
have.
You
know
desire
to
make
some
tweaks
in
One
Direction
or
not.
So
that's
really
the
point
of
the
dialogue
today.
Kirk
go
ahead.
M
M
I
To
add
to
this
I
mean
we
don't
really
have
some
kind
of
definition
of
how
decisions
are
made
for
that
matter.
Right
I
mean
it's
fairly
common
in
organization
to
say:
oh,
we
make
decisions
about
consensus
and
they
you
have
to
kind
of
Define
what
that
means.
But
you
know,
because
different
organizations
have
different
ways.
33C
is
a
very
extreme
view
on
what
consensus
means
you
know
it
doesn't
have
to
be
that,
but
that
extreme,
but
you
know
it
has
its
value,
but
it
takes
time,
but
you
know,
is
it
simple
majority
does?
I
Is
that
enough
to
create
a
new
activity
or
what
I
mean?
This
is
a
kind
of
situations
we're
facing
now
where
we
haven't
defined
it
beforehand.
So
we
start
having
votes,
it
becomes
controversial
and
you
don't
even
know
okay.
What
kind
of
work
are
we
having
what
the
role,
how
we
need
to
decide?
It's
a
bit
embarrassing
to
try
to
figure
that
out
after
the
fact.
D
D
I
appreciate
the
appreciate
the
offer
and
I
think
that
is
the
spirit
of
of
that
subcommittee
as
well
as
I.
Think
there's,
you
know
the
conclusion.
If
you
go
back
and
look
at
the
annual
report
from
last
year
is
there's
a
lot
of
great
work
going
on
within
the
projects
and
working
groups,
I
think
the
role
of
the
attack
going
forward
in
the
next
year-
and
you
know,
look
look
forward
to
seeing
the
results
of
the
election,
but
I
think
my
personal
feedback
would
be
the
tax
opportunity
years
to
serve.
G
D
Groups
that
again
to
even
Justin
and
David's
points
around
making
sure
that
they
are
reasonably,
you
know
as
reasonably
as
they
can
be
resourced
from
a
financial
or
Personnel
perspective,
whatever
the
definition
of
resource
is
for
that.
For
that
context,
and
also
just
to
be
clear
on
mission
and
vision,
right,
I
think
the
other
thing
that
the
governing
board
has
spent
a
ton
of
time
talking
about
over
the
last
nine
months
is
the
identity
of
the
foundation.
D
You
know
again,
there's
lots
of
great
work
going
on,
but
crystallizing
that,
down
to
you,
know
an
opinionated
organization,
that's
focused
on
efficacy
of
outcomes
and
making
sure
that
we
are
being
as
beneficial
as
possible
to
other
foundations,
individual
contributors
to
projects
and
individual
maintainers,
and
everything
on
that
Spectrum.
In
between
from
the
largest
of
projects
to
the
smallest,
you
know,
are
we
catalyzing
the
right
outcomes
to
help
move
along
the
industry
in
this
space,
and
so
some
of
that
is
through
software?
Some
of
that
is
through
education.
D
Some
of
that
is
through
establishing
new
things.
We
have
a
lot.
This
is
a
very
daunting
space
and
there's
a
lot
of
problems
that
are
going
on
right
now,
but
ultimately
our
opportunity
is
to
rise
to
that.
So
I
think
you
know
iterating
on
this
again
in
the
spirit
of
continuous
Improvement
is
I
think
where
we
need
to
be
focused
as
a
group
want
to
be
cognizant
if
we
have
10
minutes
left
in
today's
call.
D
A
One
is
interpret
the
current
Charter
as
requiring
Tech
approval
of
all
other
project
proposals
or
all
technical
initiative,
technical
initiatives,
even
at
the
working
group
level,
or
to
delegate
it
out
I
feel
like
there's
issues
such
as
the
open,
Vex
submission
where
this
is
kind
of
a
a
topic
that
needs
some
resolution
and
if
you
want
us
staff
to
try
to
enforce
some
of
the
process-
and
you
know
blow
whistles
when
we
see
things
approved
to
the
working
group
levels
without
being
elevated
to
the
attack.
We
need
some
clarity
too.
A
D
I
think
we
do
that,
doesn't
necessarily
a
given
a
post-election
right
so
making
sure
that
we're
clear
around
that
as
a
responsibility
of
TAC
members
to
ultimately
help
to
guide
and
steer
working
groups.
I
know
we're
all
busy
people
and
some
of
us
make
meetings
more
often
than
not
I'm
sitting
in
the
camp
of
not
making
meetings
as
often
as
I'd
like,
but
in
the
interest
of
again
trying
to
make
sure
that
we
have
accurate
representation
and
context.
D
I
Kind
of
you
know:
how
do
we
make
decisions?
Do?
Is
it
majority
vote
the
consensus,
meaning
like
you
know,
no,
sustained
objection
that
kind
of
stuff?
At
least
it
should
be
I
mean
one
possibility?
Is
we
don't
Define
it,
but
we
say
each
group
needs
to
Define
it
as
part
of
the
charter
or
you
know,
but
this
should
be
documented
somewhere
and
we
could
have
one
by
default,
at
least
that
we
Define.
D
H
Well
and
I
was
just
going
to
Lobby
for
consistency
to
not
leave
it
up
to
the
individual
working
groups,
but
to
provide
some
general
overall
guidance,
because
that
way
it
gives
the
community
a
better
sense
that
oh,
this
is
how
we
work
together
and
that
way
we
can
fly
in
formation
and
you
don't
have
a
lot
of
variety
in
how
that
happens
again,
not
not
to
set
up
huge
barriers
or
hurdles
but
to
Simply.
Have
consistency
in
open
governance.
M
M
M
It
starts
off
saying
we
try
to
work
with
consensus,
but
then
there
are
as
words
around
majority
vote,
so
I
I
think
it
would
be
very
helpful
to
have
that
Master
template
updated
to
better
clarify
like
the
membership
ladder
or
whatever
kind
of
Eligibility
criteria,
and
then
specifically
how
the
votes
are
conducted
and
recorded.
I
think
that
would
be
very
useful
and
then
get
that
filtered
out
again
to
each
of
the
groups.
D
P
M
M
M
Several
of
us
have
been
working
in
collaboration
with
a
few
different
industry
groups.
I
put
a
note
at
the
top
of
the
tag
agenda.
We
are
looking
at
starting
a
w3c
workshop,
calling
called
secure
the
web
forward.
It's
focused
on
helping
talk
with
web
developers
and
having
them
improve
their
security
and
secure
supply
chain
practices.
H
With
only
a
minute
left
and
another
Collective
hour
of
our
valuable
lives
just
spent
on
this
talk,
I
wanted
to
take
a
moment
at
the
end
here
to
thank
and
congratulate
the
tech
fearless
leader
for
the
last
12
months.
Bob
has
done
a
yeoman's
job
of
helping
to
evolve
the
attack
from
the
0.0
to
the
1.0
phase
successfully
and
I
just
want
to
say
heartfelt
thanks
and
nice
work.
Thank
you.
D
No
thank
you
Jeff
and,
like
all
good
efforts,
can't
do
it
alone.
So
certainly
thanks
to
many
of
our,
my
fellow
Tech
members,
as
well
as
many
of
the
contributors
that
have
helped
to
to
steer
us
through
the
last
year,
I
think
it's
been
a
an
interesting
sequence
of
times
in
the
world,
much
less
within
the
foundation,
but
I
think
we
all
have
a
positive
intent.
D
We
all
have
a
desire
to
leave
the
world
in
the
ecosystem
a
better
place
than
how
we
found
it
and
I
that
makes
the
work
worthwhile
and
and
gives
it
its
meaning
and
purpose.
So,
thanks
all
to
to
your
help,
good
all,
right
with
that,
we
will
close
today's
meeting
again
a
call
for
you.
If
you
have
not
had
a
chance
to
vote,
please
do
vote.