►
From YouTube: OpenSSF TAC Meeting (May 4, 2021)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
I
actually
wanted
to
talk
about
real,
quick
first
thing:
town
hall,
I
don't
know
who
all
was
able
to
make
that
I
thought
it
went
fairly.
Well,
I
wanted
to
hear
other
people's
opinions
and
kay
I
don't
know
if
you
have
access
to
any
of
the
stats
and
things
that
you
might
be
able
to
share.
C
I
think
really
well
I
mean
the
only
thing.
Only
thing
that
I
was
sad
about
was
we
didn't
have
as
many
people
but
the
actual
content
I
thought
was
was
worth
showing
up,
which
is
all
you
can
hope
for
for
any
meeting.
D
Yeah
I
like
the
in
new
section-
it's
basically
it's
kind
of
providing
value
to
the
people
attending
right,
so
I
think
we
get
more
attendance
based
on
that.
B
Right
and
I
think
over
time,
if
we
keep
showing
how
there's
the
in
the
news
and
here's
what
what
we're
doing,
you
know
how
what
we're
doing
addresses
these
things.
Then
it
creates
this
confirmation
of
the
value
that
we're
providing.
A
Yeah
I,
like
the
new
format,
I'm
curious
to
see
what
the
feedback
is
on
some
of
that.
If
anybody
had
comments
on
it,
because
we
didn't
seem
to
get
a
lot
of
interaction,
there
wasn't
a
ton
of
questions.
That's
why
that
was
my
only
big
concern
was
are
folks
finding
it
useful
or
not,
especially
with
the
format,
change.
B
So
we
had
just
you
know
some
stats,
our
first
meeting
we
had,
I
think
it
was
like
140
registered
and
about
90
plus
that
attended
most
of
the
meeting.
The
second
meeting,
I
think
we
had
around
70
right,
no
90
registered,
I'm
just
recalling.
I
might
have
some
of
these
wrong
and
about
70
throughout
the
meeting
and
then
this
time
we
had
about
70
registered
and
a
little
over
40
throughout
the
meeting.
B
So
so
we
definitely
have
gone
down
in
the
number
of
attendees.
I
was
thinking
after
the
meeting
and
you
know
happy
to
brainstorm
with
this
group.
I'd
love
your
thoughts.
You
know
it
could
be
that
I
mean
we
could
just
keep
doing
what
we're
doing
and
you
know,
have
our
quarterly
meetings
and
you
know
as
we're
showing
we're
adding
value.
Maybe
the
attendance
will
pick
up.
We
could
try
to
shift.
We've
talked
about
in
the
planning
committee
meeting.
You
know.
B
Maybe
we
go
to
a
little
longer
cadence
between
meetings,
maybe
four
months,
maybe
six
months.
Another
thought
I
always
happen.
Is
you
know,
maybe
as
we're
getting
through
the
coveted
cycle?
Maybe
we
try
to
do
these
as
joint
in-person
and.
B
Virtual
conferences-
and
you
know-
try
to
hook
up
some
in-person
conferences
with
other
conferences
that
are
going
on
that
I
think
co-locate
is
the
word
that
they
use.
So
we
could
have
open
ssf
conferences
every
six
months
or
something
I
don't
know.
I
was
just
thinking.
D
D
You
explain
yeah,
so
I
was
thinking
one
one
like
one
time
more
friendly
for
the
europe
audience
and
one
for
the
america
either
we
could
alternate
between
those
or
we
could
have
maybe
duplicate
of
the
town
hall.
I
wonder
if
that
adds
some
more
audience
yeah.
That's
a
good
point.
C
B
E
On
the
town
halls,
I
don't
know,
I
think
they've
been
really
nice
so
far,
maybe
in
promoting
them,
we
should
lead
up
front
with
what
we're
going
to
talk
about,
like
maybe
there's
a
tweet
or
you
know
in
the
title
of
the
email,
even
like
we're
going
to
mention
this
this
and
this.
If
there's
specific
things
that
might
draw
people's
attention
other
than
that,
I
don't
know.
Maybe
it
is
a
cadence
thing
like.
E
A
Yeah,
I
would
tend
to
agree
with
that,
actually,
I'm
mildly
concerned
yeah
about
the
cadence
and
the
lack
of
updates
that
maybe
we're
just
trying
to
show
off
too
soon
before
things
are
really
ready
or
that
there's
something
interesting
to
show
right,
because
this
work
does
take
time.
So
maybe
going
to
every
six
months,
type
thing
might
be
beneficial.
E
We
could
also
think
about
like
the
different
ways
we
can
provide
value.
So
some
of
this
is
definitely
working
group
updates,
because
it's
so
nice
to
be
able
to
get
a
short
summary
of
what's
going
on
in
a
working.
B
E
And
to
see
that
for
all
six
groups
and
be
able
to
like
as
someone
that
wants
to
participate
or
even
just
someone,
that's
monitoring
the
space
to
get
a
quick
summary
of
what's
going
on,
but
we
may
want
to
switch
up
the
format
even
that
we
do
perhaps
shorter
updates,
and
maybe
we
do
an
extended
session
that,
like
you,
know
we're
going
to
do
a
20-minute
panel
on
supply
chain
security
and
here's
all
these
people
that
are
really
good
at
this
and
media
is
welcome,
or
you
know,
maybe
we're
going
to
do
a
deep
dive
on
transitive
dependency
risk
and
we're
going
to
have
like
a
15-minute
presentation.
E
That's
going
to
show
you
know,
project,
that's
helping
us
visualize
this
and
some
of
the
stats
that
came
out
of
it
or
whatever.
So
we
find
like
a
hot
topic
that
correlates
with
either
research
that's
actively
or
you
know,
r
d-
that's
actively
going
on
in
a
working
group
or
we
bring
in
a
mix
of
folks
from
the
tac
or
from
you
know,
open
ssf
in
general
and
or
perhaps
our
our
friends
externally
as
well
and
put
together
like
interesting
panel
discussions.
C
Perhaps
this
is
this:
is
david
wheeler
I
mean
that
sounds
like
an
interesting
idea.
I
would
just
want
to
make
sure
call
it
something
really
different.
So
it's
clear
that
it's
different,
maybe
you
know
I
mean
maybe
it's
an
open
ssf
thing,
but
it's
a
completely
different
event
with
a
completely
different
name,
just
to
clarify
things.
C
E
Yeah
or
we
could
even
have
it
that,
like
we've,
run
super
on
time,
and
it's
like
you
join
us
at
this
time.
If
you
want
the
open,
ssf
updates
rundown,
which
is
going
to
take,
let's
call
it
half
an
hour
and
then
the
second
half
an
hour
is
going
to
be
this
this
times
deep
dive
presentation
which
is
going
to
be
about
this
and
here's
the
abstract.
D
B
Right,
yeah,
okay,
these
are
these
are
all
great
thoughts
and
we'll
take
these
back
to
the
planning
meeting
where
we
are
making
the
making
decisions
about
town
hall
and
maybe.
E
One
final
thing:
sorry:
to
interrupt
k
just
before
we
go
home
topic.
Another
thing
we
might
want
to
think
about
is:
if
there
is
a
way
we
can
make
them
more
interactive,
but
like
meaningfully,
not
just
performatively.
E
So
if
there
were
a
way
that
by
attending
the
town
hall,
you
were
able
to
give
feedback
about
either
the
direction
that
projects
could
go
or
should
go
or
you
somehow
get
an
opportunity
to
either
contribute
ideas
or
thoughts
on
something
or
to
contribute
to
some
output
thing
by
attending.
I
don't
know
exactly
what
that
looks
like,
but
maybe
part
of
the
meeting
instead
of
the
deep
dive
presentation.
E
Maybe
it's
a
facilitated
discussion
with
attendees
and
it
totally
depends
who
attends
as
to
whether
that
would
be
successful
or
not.
But
perhaps
if
people
felt
that
we
were
somehow
giving
them
the
mic
at
these
like
in
a
meaningful
way
that
influences
what
we're
doing
in
some
way.
That
could
be
another
option.
A
Yeah,
I
think
it's
a
really
cool
idea,
probably.
F
F
I
posted
like
a
half
hour
before
the
call
on
linkedin,
because
I
saw
it
on
my
calendar
and
I
got
a
great
response
from
people,
but
I
don't
that
anyone
showed
up
it's
hard
to
do
in
the
middle
of
the
day,
but
then
my
other
comment
is
I
did
sound.
I
enjoyed
the
new
format
and
I
thought
you
know
the
deep
dive
into
like
what
the
the
dashboard
was
doing.
F
I
thought
was
valuable,
so
potentially,
if
we
can
find
something-
and
it
becomes
more
like
a
an
online
conference
or
a
virtual
event-
hey
we're
going
to
talk
about
these
topics
more
involved.
I
like
some
of
these
ideas,
we've
espoused
and
I
think,
panels
and
giving
people
the
ability
to
pose
questions
or
to
grill
experts.
A
Yeah,
I
really
like
that
idea,
like
I
think
in
the
past
like
in
the
beginning,
it
made
sense
for
us
to
have
sort
of
these
administrative
updates
right
because
we're
introducing
ourselves
and
talking
about
structure
and
all
that
stuff
that
it
might
be
wise.
I
think,
to
evolve
towards
these
things
that
you
know,
jennifer
and
folks
are
mentioning.
I
think,
moving
towards
that
conference
style
sounds
very
beneficial.
We
have
more
interactive
panels.
A
We
have
demos
of
the
work,
that's
being
done,
and
it
just
it
feels
more
interesting
that
way,
and
I
think
it
kind
of
goes
hand
in
hand
with
some
of
the
working
groups
that
have
had
you
know
a
ton
of
really
awesome
presentations
that
came
in
and
we
want
to
share
some
of
those
things.
We
could
like
jennifer
said
pick
that
hot
topic
and
bring
some
folks
in
to
give
a
presentation.
And
then
we
have
an
open
panel
discussion
and
I
think
that'd
be
really
good.
Exactly.
D
D
F
E
Just
to
slightly
off
topic-
and
it's
not
on
the
agenda
but
it'll
be
10
seconds.
Linux
security
summit
cfp
is
open
right
now,
so
just
as
a
parallel
thread,
we
might
want
to
think
about
what
we
want
to
submit
there
in
terms
of
outreach.
So
just
making
the
tack
aware
if
anyone
wants
to
get
involved
message
me.
A
I'll
add
another
thing
really,
quick
too,
is
that
I
noticed
that
so
yesterday
I
kind
of
got
dueling
meetings
going
on,
so
cert
is
having
a
a
vendor
conference
right
now
and
they
use
discord
so
they
have
a
zoom
meeting.
Then
they
have
a
discord
chat
and
I
found
that
to
be
highly
engaging
and
a
lot
of
really
good
discussion
on
that.
It's
something
to
consider
something.
C
By
the
way,
real,
quick,
mentioning
the
linux
security
summit,
you
actually
know
somebody
on
the
committee,
so
we
would
love
to
hear
from
you
bring
it.
G
A
Awesome,
okay,
so
next
thing
so
dan,
obviously
not
here
we'll
move
that
to
next
time
and
then
before
we
jump
into
the
road
map
discussion.
This
is
somewhat
related.
Actually
so
in
the
identifying
security
threats
working
group
meeting
last
week,
there
was
a
proposal,
so
mike
scaveto
was
talking
about.
A
Essentially
we
were
talking
about
typo
spotting
and
a
bunch
of
different
things,
and
you
know
all
these
things
affect
a
lot
of
the
package:
vendors
right
and
there's
a
lot
of
commonality
across
them,
so
whether
it's
npm
or
nougat,
or
whatever,
like
they
all
kind
of
potentially
suffer
from
the
same
thing
right
and
they
could
all
be
addressed
in
a
similar
way.
So
he
he
had
this
really
cool
idea.
A
I
wasn't
sure,
if
he's
gonna
be
able
to
make
it
today,
but
I'd
love
to
get
his
direct
feedback
on
this,
but
I'll
just
kind
of
pitch
the
idea.
Now
we
can
talk
about
it
in
more
detail
later,
because
mike
is
very,
very
deep
in
this,
but
creating
either
a
working
group
or
a
forum
or
whatever
we
want
to
call
it,
but
some
sort
of
mechanism
or
place
that
these
different
vendors
can
kind
of
come
together,
possibly
within
openssf
or
under
the
umbrella.
A
To
have
these
discussions
you
know
almost
like
a
panel
in
some
ways,
but
more
of
just
a
way
to
share
ideas
and
talk
about
some
of
the
risks
and
identify
some
of
the
threats
and
some
potential
fixes
for
them.
I
think
this
would
be
a
really
cool
opportunity
for
us
to
want
to
engage
more
members
of
the
community
and
also
to
give
some
of
the
expertise
that
a
lot
of
folks
at
openssf
have
to
help
drive
some
real
some
real
improvements
there.
A
E
B
E
Out,
like
maybe
it's
like
package
manager
folks
right,
maybe
we
do
like
the
the
open
ssf.
You
know
package
management
security
summit
and
specifically
invite
people
from
that,
and
then
maybe
we
change
focus
and
host
another
one
in
the
future.
That's
like
the
open,
ssf,
whatever
whatever
and
we
carve
out
particular
like
subgroups
of
audiences
that
share
a
security
problem
or
a
set
of
security
problems.
A
A
You
know
the
idea
of
a
panel
and
this
this
could
be
one
of
those
topics
right
like
package
managers
and
and
their
inherent
risks
and
typo
squatting
and
then,
and
then
that
could
turn
into
an
ongoing
discussion
amongst
those
people
and
future
conference
type
settings
and
things
like
that,
just
as
a
way
to
sort
of
kick
it
off.
C
Just
as
a
quick
note,
I
love
the
idea.
I
would
suggest
calling
them
suppliers
instead
of
vendors,
because
some
of
them
aren't
really
selling
anything
and
I
think,
there's
kind
of
almost
two
sides.
There's
package
managers
and
the
folks
who
manage
the
repos,
who
are
not
necessarily
the
same
groups.
Yes,
but
we
need
to
get
those
folks
talking
together.
A
Cool
I'll
see
if
we
can
pull
in
mike's,
give
that
on
a
future
meeting,
we
can
kind
of
do
more
of
a
deep
dive,
but
it
sounds
like
this
is
a
plan
that
everyone
is
in
favor
of
so
that's
exciting.
A
C
A
E
Maybe
we
think
of
them
super
in
advance,
like
we
calendar
out
a
year's
worth
of
you
know
two
or
three
of
them
perhaps,
and
we
invite
people
well
in
advance
like
a
couple
months
in
advance,
even
and
we
like
hand
curate,
who
we're
definitely
going
to
reach
out
to
and
it's
open
to,
whoever
wants
but
like
we
personally
dig
into
like
who
are
the
maintainers
of
all
these
different
things?
Who
do
we
actually
need
to
get
involved
if
it's
going
to
be
effective
so
that
we
can
have
some
targeted
outreach
for
it
as
well.
B
This
was
something
that
the
the
github
did
a
year
and
a
half
or
so
ago,
and
I
don't
remember
what
they
called
it.
It
was
something
like
it
was
held
at
one
of
the
github
multiverse
or
whatever
their
conferences
are-
and
I
remember
william,
bartholomew
from
github
was
leading
it
and
they
did
have
representatives
from
all
the
major
packaging
ecosystems
there.
B
B
A
A
I
had
to
go
refresh,
but
I
forgot
about
a
lot
of
the
stuff
that
was
in
here
so
before
we
dive
into
it,
then
maybe
what
we
should
do
is
say
how
would
folks
like
to
sort
of
drive
the
creation
of
this
list?
I
have
a
couple
of
thoughts
on
it
because
I
think
what
we
I've
been
talking
about
doing
is
pulling
this
into
essentially
like
a
backlog
of
some
sort
right.
A
So
what
I
was
thinking
is
leave
this
document,
as
is
the
way
it
structured,
is
great,
and
I
like
how
it's
just
blue-
and
we
can
drop
ideas
in
here
if
we
pull
things
out
as
like
individual,
either
initiatives
or
work
streams
or
whatever
you
know,
single
items
pull
those
into
a
section.
As
like
a
github
issue,
you
know
attack
repo,
we
just
call
them
out
separately
and
then
we
can
have
people
vote
on
them
as
a
sort
of
a
stack
rank
way
to
figure
out
what's
high
priority.
A
That
has
advantages
and
disadvantages
right,
like
people
could
just
vote
for
the
thing
they
think
is
cool
right,
but
doesn't
necessarily
fit
with
our
vision
and
isn't
cohesive
with
the
other
working
groups.
Another
approach
would
be
for
all
of
us
to
kind
of
sit
down
and
collaborate,
build
a
table
or
document
or
something
we
manually
stack
rank.
These
are
things
you
know
ourselves
and
then
put
the
out
into
the
github
universe,
and
let
people
join
and
vote
and
decide.
A
You
know
what
might
be
useful
as
a
working
group
or
something
that
could
be
a
part
of
another
working
group.
What
what
the
folks
think
about
that?
How
they
like
to
see
us
whittle
this
this
down.
E
I'm
not
quite
answering
your
question,
so
I'll
be
honest
with
that.
But
maybe
one
kind
of
tangential
thing
I
would
add,
is
like
it
might
be
useful
as
well
for
us
to
think
about
things
of
varying
scope.
E
Just
because
I
know
that,
like
I
don't
know,
I
guess
from
the
experience
that
I
have
in
my
job
running
a
research
team.
I
have
found
that
I
have
a
working
group
model
there
as
well,
and
it
works
really
well,
but
there's
certain
things
and
certain
people
for
which
it
just
breaks
down.
So
we
may
want
to
pull
off
not
just
a
few
of
the
top
initiatives
that
can
be
done
in
broad
scope.
That
might
take
several
months.
E
That
might
need
a
working
group,
but
also,
if
there's
smaller
things
like
do
a
blog
post,
explainer
on
such
and
such
or
other
kinds
of
like
lightweight
deliverables
that
an
individual
could
take
on,
and
we
should
be
clear
about
how
to
declare
that
one
is
doing
the
thing
so
that
there's
not
a
duplication
of
effort.
A
Yeah,
I
think
that's
a
really
great
idea
and
it
almost
kind
of
feels
like
if
we
do
that
it
would
almost
just
be
like
these
are
work
streams
within
a
working
group
or
whatever
you
want
to
call
them
right,
but
they're,
bite-sized
things
that,
like
you
said,
don't
have
the
overhead
and
I've
created
a
whole
full-blown
working
group
and
that
sort
of
thing
and
then
people
can
just
jump
on
them.
A
Yeah
yeah
like
so
maybe,
let's
see
you
will
keep
create.
A
You
know
a
backlog
issues
within
the
tag,
repo
and
then
folks
could
just
link
to
that
and
if
they
assign
it
to
themselves,
they've
got
it
right
or
you
know,
a
working
group
could
grab
it
and
say:
okay,
we're
all
gonna
go
work
on
this
type
thing.
E
I
like
the
issue
approach,
because
then
it's
very
transparent
and
easy
to
navigate
for
status,
updates
and
stuff,
like
if
someone's
wondering
you
know,
oh
so
and
so
signed
up
for
this
six
months
ago.
I
wonder
how
it's
going.
You
can
comment
in
thread,
get
feedback
and,
if
someone's
abandoning
the
project,
you
can
easily
take
it
over.
E
I
like
the
idea
of
like
writing
it
down.
I
wonder
if
we
could
do
something
like
people
go
through
and
comment
on
stuff,
or
you
know,
put
your
initials
in
a
different
color
at
the
end
of
the
ideas
that
you
personally
think
are
the
most
important
ones
or
some
method
where
we
can
like
kind
of
get
buy-in
from
the
group,
but
in
a
way
that
isn't
having
to
read
through
it
together
line
by
line,
because
it
might
make
more
sense
to
see
other
people's
ideas
in
context.
But
I
don't
know
many
approaches
so.
C
A
Yeah,
okay,
why
don't
we
do
that?
Then?
Why
don't
people
take
if
you
want?
You
know,
I'm
not
gonna
dictate
your
time
here,
but
we
do
have
25
minutes.
A
So
we
could.
We
could
end
the
meeting
early
and
use
that
time
for
folks
to
go
through
this
document,
and
you
know
I
should
ever
suggest
it
just
highlight
things
that
we
look
at
that
look
like
reasonable
chunks
of
work
and
then
say
hey.
I
think
this
is
important.
A
Let's
break
this
out
and
then
we,
when
we
reconvene
next
time,
we
can
review
that
and
see
which
ones
we
actually
want
to
pull
into
actual
issues
within
the
tack
repo,
and
I
can
just
as
administrator
you
know
overhead
go
ahead
and
just
create
the
tags
and
things
so
we're
all
ready
to
go
once
we
decide
to
do
that
and
then
we
can
just
pull
that
in
and
then
share
it
with
everybody.
After
the
fact.
E
Oh
as
a
note
when
people
are
going
through,
it
might
make
sense
to
also
highlight
what
are
good
beginner
projects
like
if
people
just
trying
to
get
involved.
That
might
not
have
a
ton
of
experience.
A
B
C
E
I
was
just
gonna
say
we
could
also
do
something
where,
if
you're
willing
to
be
like
a
mentor
or
like
an
advisor
to
someone
working
on
something
that
could
be
helpful
as
well,
because
I've
noticed
sometimes
people
are
shy,
especially
beginners,
but
not
exclusively,
and
sometimes
they're,
waiting
for
a
kind
of
permission,
so
optionally.
We
may
also
want
to
include
like
if
you
need
a
mentor
to
work
on
this
project.
You
can
reach
out
to
any
of
these
people
and
they'll,
be
your
mentor.
A
That
could
even
be
something
that
we
could
track
either
within
the
tax,
repo
or
individual
working
group
repo.
Where
people
say
hey,
I'm,
you
know
I
can
help
in
these
areas,
and
so
it's
like
we
have
a
we
have
a
thing
at
microsoft
is
very
similar.
We
call
it
the
open
source
champs
program,
it's
company-wide,
but
it's
all
the
people
at
the
company
that
have
a
lot
of
knowledge
in
open
source
and
can
help
people
out
right.
A
You
can
go
to
the
central
place
and
be
like
I'm
good
at
open
source
security
or
I'm
good
at
npm
or
I'm
good.
You
know
whatever,
and
so
someone
needs
help.
You
can
go
to
that
list
and
you
know
engage
with
and
it's
been
pretty
successful.
Maybe
if
we
do
something
kind
of
similar
to
that
like
it
could
be,
it
could
be
pretty
useful.
E
C
C
C
A
Cool
well,
these
are
some
wonderful
ideas.
I
think
we'll
we
can
kind
of
think
about
how
best
to
structure
that,
but
I
think,
maybe
just
even
creating
sort
of
a
a
markdown
file
on
github
somewhere.
A
Even
people
can
add
themselves
to
the
list
and
designate
what
expertise
they
have
and
and
give
context
would
be
super
super
useful
and,
in
the
meantime,
let's
all
go
through
this
document
that
is
conveniently
linked
here
and
go
highlight
the
things
you
think
are
cool
and
and
important,
and
and
then
we'll
use
that
for
our
follow-up
discussion
in
two
weeks
at
which
hopefully
dan
will
be
available
and
can
give
us
his
presentation
as
well.