►
From YouTube: OpenSSF TAC (April 4, 2023)
Description
Meeting minutes: https://docs.google.com/document/d/18BJlokTeG5e5ARD1VFDl5bIP75OFPCtzf77lfadQ4f0/edit#heading=h.9m0zi4b0wnne
A
A
A
Hey
Jack,
can
you
go
on
mute?
Please.
Thank
you.
Sorry,
congrats
no
worries
congrats
and
thanks
to
everyone
who
participated
in
the
elections,
for
both
the
attack,
as
well
as
the
security
Community
individual
representative,
the
election
results
were
announced
yesterday
and
so
I
put
the
names
of
of
those
folks
who
did
win
the
elected
seats
there.
In
the
notes.
A
The
there
are
a
couple
governing
board
seats
that
are
denoted
by
appointment,
and
so
the
process
for
the
governing
board
to
select
those
appointees
and
vote
in
on
them
is
underway.
So
by
the
next
attack
meeting
we
should
have
a
full
tack,
seated
and
ready
to
rock
and
roll
for
the
next
the
next
year.
A
A
So
once
we
have
that
once
we
have
the
full
attack
on
pointed
we'll
we'll
proceed
with
that
process
at
the
next
meeting.
All
right
next
item
we
have
on
the
agenda
is
an
update
from
the
supply
chain.
Integrity
working
group
and
I
see
Isaac
Hepworth
here
on
the
zoom
call
with
us.
So
with
that
Isaac
I'll
hand
it
over
to
you
slotted
it
for
about
10
minutes.
D
D
D
I'm,
given
that
they've
been
spending
their
considerable
open,
ssf
energies
elsewhere
recently
and
not
been
able
to
attend
or
drive
the
working
group,
so
that's
the
first
alien
change,
I
think
the
other
one
which
is
is
top
of
Mind
really
across
the
supply
chain.
Integrity
working
group
is
just
the
impending
Milestone
of
the
1.0
release.
This
also
specification,
and
so
we've
been
working
hard,
getting
the
specification
ready
for
1.0.
D
There's
now
a
separate
thread
of
work
which
Jennifer,
let's
see
here,
Jennifer
has
been
driving
around
the
comms
plan,
first
also
1.0
and
so
making
sure
that
we
land
that
1.0
specification
with
Maximum
Impact
in
a
couple
of
weeks,
time
time
and
so
we're
looking
at.
You
know
what
press
pre-briefings
we
want,
what
quotes
will
we
have
and
how
will
we,
you
know
I,
think
we'll
we'll
be
looking
to
use.
D
You
know
the
openssf.org
blog
and
and
press
release
as
the
center
of
gravity
of
the
launch,
and
then
we
have
a
constellation
of
contributing
companies,
including
Google
chain
guard,
VMware,
GitHub
and
so
on,
I'm
preparing
their
own
blogs
on
their
owned
and
operating
properties
on
an
operated
property.
Sorry
which
will
kind
of
echo
the
announcement
and
provide
you
know
some
additional
organizational
context,
but
pointing
back
to
that
that
center
of
gravity,
which
will
be
the
the
open,
ssf
press,
release
and
announcement.
D
You
know
in
in
Far,
flowing
corners
of
the
industry,
well
separated
from
the
open
ssf,
which
is
I,
think
Super
encouraging
as
to
you
know
how
it
spread.
So
that's
on
on
salsa,
Fresca
I,
dare
say
slightly
less
encouraging
news.
We
are
we're
trying
to
find
contributors
and
maintainers
to
help
us
push
the
project
forward.
D
D
You
know
a
great,
very
transparent,
very
legible
implementation
of
a
reference
architecture
which
they
can
learn
from
and
then
apply
the
patterns
from
that
to
their
own
build
system,
or
are
they
looking
for
something
which
they
can
migrate?
Their
builds
to
and
actually
deploy
in
production,
as
this
is
a
production
system
which
we
will
adopt.
D
We've
got
lots
of
ideas,
lots
of
things
with
lots
of
input,
lots
of
things
we
think
we
might
want
to
do,
but
in
terms
of
people
who
can
actually
type
things
into
GitHub,
we
have.
We
have
less
on
that
front
and
so
Michael
Liebman
is
going
to
publicize
that
he's
written
a
one-pager
to
frame
Fresco.
What's
it
for,
what's
it
not
for
what's
his
goals,
what
does
it
need?
D
Where
does
it
need
to
head
as
kind
of
almost
a
call
to
action
or
a
call
to
Arms
to
kind
of
gather
contributors
around
and
rally
the
community?
But
there
is
that
gap
between
knowing
and
doing.
We
know
what
we've
got
to
do,
but
we
don't
have
the
resources
to
actually
put
that
into
action
and
actuate
it
right.
Now.
D
Nothing
okay,
so
a
quick
update
on
on
s2c2f
s2c2f
is
a
more
recent
addition
to
the
SEI
working
group
and
you
know
we're
still
working
through.
You
know
an
initial
set
of
issues.
Just
some
training
material
has
been
developed
and
I.
Think
Jay.
You
maybe
have
a
little
close
to
this
than
I
am,
and
so
please
chime
in
if
I
get
get
any
of
this
wrong.
D
But
we
have
it
and
now
a
90
complete
training
course
around
sdc2f
and
we
have
a
talk
on
S2
c2s
and
which
is
prepped
and
ready
and
accepted
in
RSA,
and
we're
excited
to
to
get
that
done
to
be.
You
know,
continue
the
the
process
of
publicizing
it
and
gaining
momentum
around
SEC,
so
f
as
a
dependency
management
framework
for
supply
chain,
Integrity
and
then
zooming
back
out.
D
One
of
the
things
we're
trying
to
do
at
the
sci
and
the
kind
of
the
umbrella
working
group
level
kind
of
above
south
or
above
Fresco
above
s2c2f,
is
pulled
together
an
overall
vision
for
for
what
does
you
know
what
does
open
SS?
What
does
open,
SSA
open
ssfs?
You
know
Direction
and
vision
constitute
for
for
supply,
chain
integrity
and
so
I've,
Linked
In
the
notes
Here
at
draft
revision,
doc
we've
been
working
through
as
a
team
and
really
thinking
about
you
know.
D
We
have
salsa,
which
initially
you
know
salsa
0.1
talked
about.
You
know,
build
and
provenance
and
and
Source
requirements
for
getting
to
to
various
ulcer
levels,
for
the
1.0
we've
Scopes,
that
down
and
so
much
of
the
focus
is
on
build
and
provenance,
and
we've
moved
out
of
scope
that
the
source
requirements,
and
so
we
have
that
as
something
which
which
stands
now
in
Salsa's
future.
I
would
like
to
add
that
back
to
this,
also
in
a
subsequent
version
and
I
think
looking
at
what
other
pillars
of
concerns.
D
You
know
the
the
projects
we
have
within
the
working
group
today
and
think
more
expansively
about
the
problem,
space
as
a
whole,
and
we
can
then
look
at
you
know
what
gaps
do
we
have
to
fill
I
am
going
to
pause.
There
I
talked
a
little
bit
about
the
chair,
change
and
salsa
1.0.
The
comms
plan
Fresca
challenges
they're
in
where
we
are
with
s2c2f
and
then
the
supply
chair,
Integrity
working
group
Vision,
which
I've
linked
into
the
notes
as
well
and
I'll,
pause
for
any
feedback
or
comments.
No.
E
D
You
know
use
cases
what
do
actual
real
people
in
real
organizations
want
to
do
or
how
do
they
see
gaps
in
the
Fresco
problem
space
and
then
the
other
thing
is,
you
know
anything
that
that
can
do
to
help
Rally
or
encourage
folks
to
get
involved
with
Fresca
in
terms
of
in
Hands-On
keyboards
form.
Again.
We
we
have
lots
of
people
with.
You,
know
great
ideas,
and
you
know
suggestions
a
lot.
D
Fresca
may
become
what
we
may
do
next,
but
turning
those
things
into
reality
is
a
gap
that
we
have
so
anything
that
we
can
do
just
in
terms
of
I'm.
Gathering
Hands-On
keyboard
in
the
community
would
be
awesome
and
I
know.
I
see
is,
is
plugging
the
panel
as
well,
which
should
help
with
the
overall
kind
of
awareness
of
where
we
are
Zach.
E
Not
a
question
but
but
a
comment
just
wanted
to
say
how
excited
we
are
about
the
upcoming
salsa,
1.0
release
and
I.
Think
the
focus
on
on
build
integrity
was
exactly
the
right
one,
but
also
excited
to
hear
that
in
2023
you're.
Thinking
about
how
to
add
that
in
Source
controls
and
looking
forward
to
hearing
more.
D
It's
not
a
destination,
we're
not
stopping
there
we're
going
to
1.0,
and
we
do
very
much
want
to
have
you
know
not
just
an
internal
sense
of
what
the
future
of
salsa
looks
like,
but
an
externally
articulable
one
where
we
can
actually
talk
to
the
community,
and
you
know
to
to
folks
in
the
space
about
where
this
is
going
and
speak
with
some
consensus
and
continuity
about.
You
know
the
direction
for
for
salsa
and
supply
chain
Integrity
over
the
next
12
to
36
months.
F
Thanks
Bob
I
wanted
to
discuss
two
things
with
the
attack,
one
as
we're
moving
toward
open
ssf
day,
which
is
going
to
be
held
on
May
10th
we're
starting
to
build
out
our
press
kit.
So
what
kind
of
things
do
we
want
to
announce
there?
What
do
we
have
coming
up?
That's
going
to
kind
of
align
with
that
timing.
Please
be
thinking
about
that
and,
as
you
you
know,
come
across
items
that
would
be
good
to
announce.
F
We
have
a
new
blog
series
kicking
off
tomorrow,
big
shout
out
to
crobe
for
getting
us
started
with
a
feature
of
the
best
practices
working
group,
but
what
we'd
like
to
do
is
each
month
feature
a
different
working
group
or
project
on
the
blog
kind
of
talk
about
recent
accomplishments.
What
you
have
coming
up
and
then
really
highlight
ways
for
people
to
get
involved?
Where
do
you
need
the
most
help?
Where
can
people
jump
in
and
using
that
as
another
way
to
drum
up
some
participation.
A
A
A
F
E
A
G
Hey
everybody,
just
a
quick
update.
The
best
working
group
has
been
approached
by
a
group
of
enthusiastic
community
members
that
have
been
toiling
away
on
the
mobilization
plan.
So
we
are
pleased
to
announce
that
the
working
group
decided
to
adopt
the
memory
safety
Sig,
which
is
part
of
the
mobilization
plan
stream.
Four,
we
had
our
first
official
Sig
call
the
last
week
and
we
are
very
excited
to
continue
to
refine
the
initial
words
from
the
plan
and
put
forth
another
potentially
actionable
proposal
for
the
foundation
to
consider
to
work
with.
A
One's
twice
sold
all
right.
Thank
you
all
right.
We
have
two
final
items
on
the
agenda.
One
is
Brian
I
wanted
to
give
you
a
chance
to
talk
about
one
of
the
topics.
That's
on
the
governing
board
agenda
for
later
this
week,
which
is
a
proposal
to
expand
the
attack,
and
then
we
also
have
representing
Alpha
Omega
Jonathan
lichas,
who
is
one
of
those
security.
A
H
So
we've
talked
both
here
and
on
the
governing
board
about
whether,
given
you
know
a
lot
more
activity
since
our
since
we've
started
the
focus
on
the
Starling
tool
chain,
whether
we
wanted
to
increase
the
size
of
the
attack.
Also
given
the
the
growth
of
the
organization
as
a
whole
and
the
idea
that
we
might
want
to
make
sure
we've
got
the
attack
representing
you
know.
H
Emotion
yet
specifically
who
but
will
after
the
vote,
has
been
made
if
the
vote
is
made
to
expand
the
attack.
Those
will
be
drawn
from
the
folks
who
ran
for
this
tax
election,
so
no
surprises
it'll,
be
people
from
the
community
and,
generally
speaking,
it'll
be
people
who
scored
well
in
the
election
so
I.
You
know.
We
hope
this
will
serve
the
interests
of
all
of
us
and
trying
to
just
have
a
really
powerful
attack,
and
that's
that's
the
parameters
and
the
scope.
H
A
A
I'll
say
that
you
know
similar
to
my
comments
in
the
past.
I
certainly
welcome
participation,
I'm,
not
convinced
that
increasing
a
number
from
seven
to
nine
solves
a
problem.
I
think
making
sure
that
the
attack
is
set
up
for
success
in
terms
of
support
from
the
foundation.
Staffing
I
think
are
are
more
compelling
things
to
be
focused
on
right
now.
A
A
Certainly
you
know
Noble
and
a
worthy
place
to
go
looking
if
we're
simply
picking
people
out
of
the
electorate,
though
I'm
not
sure
why
we
wouldn't
just
frankly
expand
the
number
of
elected
seats,
because
if
it's
the
same
pool
then
letting
the
community
ultimately
make
that
determination
feels
more
appropriate
but
I'm
still
I
guess
going
back
on
the
broader
question
of
I
know
it's
been
discussed
but
I
think
it's
been,
there's
been
some
mixed
feedback
in
the
past
shock.
I
see
your
hand
is
up.
I
I
And
often
we
don't
have
the
same
sort
of
Insider
expertise
that
someone
who
comes
from
a
vendomite
so
I
would
leave
that
at
the
feet
of
the
governing
board
that
to
ensure
the
best
representation
and
also
the
best
ability
for
the
openssf
to
serve
the
ultimate
end
users
that
they
should
consider
an
end
user
representative
as
a
as
an
appointment.
If
that's
what
they're
doing
this
year.
H
B
Yeah
I
actually
I
mean
green.
You
know
partially
with
jock,
but
I
I
really
think
that
expanding
the
tech
would
be
very
helpful
that
and
maybe
to
address
your
concern.
Bob
is
instead.
Much
is
the
way
a
governing
board.
Most
boards
have
different
subcommittees
that
maybe
what
we
need
is
something
where
we
have
a
attack
that
is
broader
representation
of
both
Community
but
I.
B
That's
you
know
the
main
operations,
but
a
broader
representation
representation
of
the
attack
in
general
for
communication.
So
maybe
that
would
be
I
mean
again
not
trying
to
sort
of
split
the
difference,
but
a
way
of
trying
to
ensure
that
it,
the
tech,
remains
efficient
and
doesn't
become
unwieldy,
but
also
is
representative
of
the
broader
needs
of
the
this
broadening
security
community
and
of
this
broadening
organization.
A
No
thanks
thanks
for
the
the
input
David,
maybe
just
a
quick
response,
I'm,
certainly
plus
1
000,
on
more
folks
engaged
in
doing
the
work
I'm.
Just
not
convinced
that,
like
adding,
plus
nine
and
having
the
attack
not
set
up
for
Success
were
frankly
not
engaged,
really
does
move
the
needle
I
think
it's
about
engagement,
and
so
whether
it's
seven
engaged
people
or
nine
engaged
people
I
think
either
of
those
is
a
great
outcome
for
the
foundation.
I
just
want
to
make
sure
that
it's
not
simply
a
quantity
challenge.
Oh.
B
Well,
right,
I
mean
I
mean,
but
just
to
follow
me
I
completely
agree
with
your
your
other
point.
Bob
of
having
staff
I
mean
that
that
the
tech
needs
some
more
support
in
the
organization.
That's
a
it's.
A
large
role
is
a
large
job
of
the
attack
itself,
and
you
know
you
your
great
job
as
chair
of
the
the
past
cycle,
but
it
definitely
needs
you
know
more
support
staff
from
the
open
ssf
to
deal
with
all
the
logistics
that
the
is
required
of
attack
and.
H
To
that
point,
it's
a
good
reminder
to
note
that
we
do
have
additional
job
jobs
open
now
for
Chief
Architect
and
for
the
ecosystem.
Folks
and-
and
we
are
internally
pulling
in
additional
help
from
the
community
management
team
of
the
Linux
Foundation.
So
but
we
are
executing
on
that
as
well
and
and
we'll
be
fulfilling
that
that
ask
from
the
pack
from
back
in
November.
A
All
right,
oh
thanks,
thanks
for
that,
any
final
comments
on
the
proposal.
Otherwise
we
can
move
over
to
Jonathan
I,
don't
see
any
end,
so
all
right,
Jonathan
over
to
you
and
just
as
a
reminder
again.
Unfortunately,
we're
not
going
to
be
able
to
make
a
binding
vote
on
this
today,
but
certainly
you
know.
Hopefully
we
get
some
good
discussion
on
it
and
we
can
see
this
up
to
get
you
some
answers
either
asynchronously,
once
the
full
tack
is
seated
or
at
the
next
meeting
correct.
A
J
J
It
is
a
proposal
for
the
open
source,
security,
Foundation,
vulnerability,
disclosure
policy.
So
this
is
not
how
vulnerabilities
are
incoming.
That
is
another
bit
of
work
that
is
being
done
primarily
led
by
Luigi.
This
is
for
outgoing
reports,
primarily
revolving
around
Alpha
Omega,
but
any
other
security
vulnerabilities
that
are
discovered
in
the
course
of
the
work
of
the
open
source
security
foundation
and
dictating
how
those
disclosures
will
occur.
J
What
the
policy
is.
This
is
I,
think,
being
it's
good
to
know
or
good
to
clarify
up
front.
This
is
not
a
process
document.
This
is
a
policy
document,
so
it
defines
the
the
set
of
steps
that
will
occur,
but
not
necessarily
how
they
will
occur
and
at
a
high
level
it
covers
things
like
you
know:
the
90-day
deadline
or
a
disclosure
time
limit
for
for
reports
that
are
coming
out
of
the
open
ssf
and
how
we
will
deal
with
certain
things.
J
Like
you
know,
if
we,
if
we,
this,
is
very
unlikely
because
we're
mostly
looking
at
source
code
but
in
the
rare
event
that
we
run
into
an
a
zero
day,
vulnerability
that
we
uncover
that's
actively
being
exploited,
how
we
will
report
those
and
also
include
some
of
the
rationale
so
has
everybody
had
the
opportunity
to
read
through
this
document?
Do
we
want
to
give
like
five
minutes
to
be
able
to
skim
it.
A
J
I
can
do
that
so
at
a
high
level,
it
it
basically
communicates
the
open
source.
Security
Foundation,
adheres
to
a
90-day
disclosure
time
limit
and
then
at
90
days,
vulnerabilities
that
are
report
are
reported
by
the
open.
Ssf
will
become
public,
and
this
doesn't
include
major
major
public
holidays
and
not
well,
and
you
know,
doesn't
overlap
on
work
on
weekends.
So
it
will
be
a
work
day,
though,
when
the
vulnerabilities
is
disclosed.
J
We
similar
to
Google's
policy
will
offer
a
90-day
great
or
sorry
a
14-day
grace
period.
If
we
get
told
that
there
will
be
a
release
occurring
within
14
days
post
the
90
days,
there's
an
expectation
that
we
ask
maintainers
to
respond
to
us
within
21
days
and
if
they
do
not,
if
you
do
not
receive
any
engagement
from
the
from
the
maintainer
affirming
the
intention
to
fix
the
vulnerability
within
35
days,
the
open
ssf
reserves
the
right
to
publicly
disclose
the
vulnerability.
J
I
J
I've
talked
to
Katie
maserus,
her
her
line
I
think
she
said,
like
the
original
vulnerability
disclosure
deadline.
That
was
from
one
of
the
first
research
groups
was.
It
was
like
seven
to
14
days,
so
the
Norms
have
shifted
to
be
a
little
bit
longer,
and
this
is
this
is
so
90
days
is
a
pretty
respected
amount
of
time
in
the
industry.
I
J
G
And
just
to
provide
everybody
some
context,
the
vulnerability
disclosures
working
group
has
folks
from
many
community
and
vendor
security
teams
that
have
worked
with
Jonathan
on
kind
of
adjusting
the
language.
There
isn't
really
anything
kind
of
out
of
whack
with
the
suggested
timelines
or
practices
they
all
kind
of
align
with
other
communities
and
just
I
think.
The
big
thing
is
that
Jonathan
is
just
trying
to
provide
a
framework
that
is
flexible
enough
to
work
within
a
lot
of
the
existing
Community
norms
and,
ideally
trying
not
to
upset
maintainers.
F
K
Yeah,
just
real
quick,
Jonathan
I
know
you
thought
hard
about
it.
You
know
these
are
pretty
cool,
pretty
typical
vulnerability,
disclosure
time
frames,
I
guess
the
one
question
is
you
know.
One
of
the
things
that
is
being
planned
is
releases
of
a
large
number
of
reports
for
basically
essentially
the
same
vulnerability
to
many
projects,
and
that
may
create
complications
for
reporting
and
the
the
easy
way
to
report
is
here's
your
pull
request,
but
if
those
are
public,
that's
kind
of
a
problem.
K
J
J
C
Hello,
yeah
I,
don't
have
much
to
comment
on
with
the
times,
but
I
do
have
some
questions
around
the
the
zero
day
part.
So
it
would
need
to
be
a
vulnerability
that
you
see
in
the
wild
I
guess.
How
would
that
work?
If
you've
disclosed
this
vulnerability
to
someone
already
and
then
maybe
halfway
through
the
window,
you
find
proof
that
it's
under
active
exploitation
would
it
then
switch
to
the
seven
day
policy.
J
Not
something
I
thought
about,
but
yes
I,
believe
that
makes
sense,
so
it
it.
Yes,
I
think
that
it's
and
to
be
clear,
the
depending
upon
how
widespread
the
implications
of
the
exploitation
is.
The
seven
days
is
an
upper
limit
for
how
long
a
disclosure
will
have
before.
So
if
we
see
active
exploitation
and
it's
very
bad
that
that
is
that
it
may
be
shorter
than
the
seven
days,
but
yes
in
general,
that
policy
would
take
effect
at
that
point.
J
But
again,
I
think
it's
important
to
to
note
that
as
the
open
source
security
Foundation,
we
are
primarily
looking
at
source
code
of
Open
Source
software,
and
we
are
not
you
know,
Google
or
Microsoft,
where
you
have
deep
like
you,
you
have
a
lot
of
data
about
running
systems
because
you
have
logs
coming
back
from
large
numbers
of
machines.
You
can
see
active
exploitation
at
a
more
fine-grained
level,
so
the
likelihood
of
us
running
into
this
case
is
is
far
less
likely
than
other
research
organizations
potentially.
E
C
Then
it's
it's
very
bad.
Yes,
very
obvious.
Yes,
one
other
question
on
this:
is
it
just
that
they
need
to
kind
of
come
back,
say
they're,
dealing
with
it
and
make
a
public
statement?
I
know
it
mentions
like
mitigations,
but
they
wouldn't
necessarily
have
to
have
a
fix
and
I
guess.
The
question
is,
you
know,
there's
not
really
a
way
to
impose
consequences,
I
guess
if
they
don't
do
much
after
seven
days
other
than
just
saying:
hey
everyone
there's
a
problem,
and
we
don't
have
any
mitigations
ourselves
and
the
you
know.
J
We
may
come
up
with
mitigations
if
it
seems
like
something
that
is
something
we
we
have
enough
enough
of
a
grasp
to
reasonably
make
that
assertion.
It's
not
a
rule,
but
it
is.
You
know
the
the
the
line
about
mitigations
or
mitigations
may
may
involve
patches.
It
may
involve.
You
know,
documentation
that
gets
published
to
say
this
is
how
to
fix
this
right
so
and
that's
mostly
coming
out
of
the
maintainer.
If
the
maintainer
is
not
responsive,
we
will
do
our
best,
but
it
also
that
I
mean
that's.
J
That's
that's
I'm,
speaking
more
with
my
Alpha
Omega
Hat
on
at
that
point,
not
stating
that
that's
that's
necessarily
the
entire
policy
for
the
entire
organization,
but
Alpha
Mega
is
more
than
happy
to
be
involved
with
anybody
who's
doing
disclosures
from
the
open
SF
to
help
guide
that
practice.
Also,
the
vulnerable
disclosures
work
in
group
two.
So.
J
K
J
J
Okay,
all
right
so
I
will
hopefully
have
a
an
answer
from
them
within
that
time
and
at
that
point
we'll
have
any
updates
we've
made
from
their
feedback,
and
it
would
be
lovely
if
we
could
have
the
attack
vote
on
that
document.
At
that
point
on
the
on
the
the
policy
at
that
point
to
as
to
whether
or
not
to
accept
it
or
not.
So
if
you
could
provide,
if
you
have
any
feedback
that
you
have
not
provided
now,
the
next
vulnerability
disclosures
working
group
meeting
is
tomorrow.
J
So
if
you
could,
what
tomorrow
right
all
right?
So
if
you
could,
if
you,
if
you
want
to
provide
your
feedback
before
that
meeting,
it
would
be
great
if
you
could
get
it
in
before
11
A.M,
tomorrow,
Eastern,
otherwise
yeah.
It
makes
our
life
a
little
more
complicated
to
to
discuss
it
in
that
meeting.
So
that's
it
any
any
final
questions
before
I
yield
the
floor.