►
From YouTube: OpenSSF TAC Meeting (September 22, 2020)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Today,
I
know
maya
said
she
was
unable
to
make
it
due
to
a
conflict,
but
we'll
go
and
get
started.
So
we
have
quite
a
few
things
to
cover
here
in
the
agenda,
so
there's
kind
of
a
an
overall
theme,
basically
just
trying
to
get
our
general
governance
here,
sort
of
figured
out
and
and
finalized.
A
So
we'll
start
with
dan
you,
you
would
put
the
role
of
the
tag.
I
think
it's
a
great
way
to
just
start
off
sort
of
re-center
figure
out
exactly
where
we
want
this
to
go
and
that'll
help
dictate
some
of
these
other
things.
A
So
we
can
talk
about
that
real,
quick
and
then
we'll
kind
of
work
into
some
of
the
the
working
group
updates
that
we've
got
as
far
as
updating
readme
and
governance
models
and
things
like
that
and
then
k.
A
I
know
you
put
in
the
1029
planning
milestone,
which
I
think
will
cover
a
lot
of
the
stuff
leading
into
that,
but
I
just
copied
wholesale
what
you
had
there,
so
we
just
kind
of
pick
through
what
makes
sense
to
cover
again
so
with
that
dan
did
you
have
ideas
on
this
that
you
want
to
start
with
we're
just
going
to
open
it
up
for
conversation.
B
Yeah
just
open
it
up.
I
guess,
if
you
know,
there's
one
kind
of
big
high
level
thing
to
discuss
it's
kind
of
just
how
hands
on.
I
guess
we
want
to
be
attacking
what
the
working
groups
are
doing,
how
much
oversight.
We
want
to
be
playing,
how
active
versus
just
kind
of
helping
the
working
groups,
with
whatever
they're,
doing
and
figuring
out
ways
to
help
along.
B
Maybe
that's
not
like
a
good
way
to
paint
it
as
one
versus
the
other,
but
I
guess
yeah
just
how
what
are
the
things
we
want
to
provide
oversight
with
versus
just
be
more
hands-off.
A
Yeah,
so
I
see
my
personal
opinion
on
this
is
that
I
see
it
a
couple
of
ways
like
our
initial
goal
is
to
kind
of
help
set
direction
right,
so
we
should
be
looking
at
what
our
overarching
strategy
is.
So
we
had
the
everything
about
this
the
past
couple
weeks,
because
we
had
the
governing
board
strategies
committee.
A
That
was
a
little
bit
focused
on
that
and
it's
pivoted
more
towards
this
planning
pr,
but
there's
definitely
some
relationship
there,
because
whatever
we're
planning
and
that
group
obviously
is
affected
by
the
strategy
of
this
group.
So
I
think
we
need
to
get
a
little
bit
more
crisp,
maybe
helping
to
identify
some
basic
themes.
A
So
if
we
kind
of
identify
those
and
then
once
we
have
that
sort
of
vision
going
forward,
I
think
it
will
help
with
deciding
where
new
working
groups
might
fit
in
and
how
they
sort
of
work
together,
and
once
we
have
that,
I
think
our
role
is
very
hands-off
in
terms
of
how
the
working
groups
operate.
I
think
we
should
sort
of
let
them
be
once
we've
identified
what
their
direction
is,
and
it
makes
sense
you
know
overall
and
it's
accruing
to
the
right
thing.
Just
let
them
go
operate
and
then
they
have
questions.
A
You
know
we
can
kind
of
be
the
liaison
between
the
governing
board
and
then
we
can
help
them
figure
out
funding.
We
can
help
them
spin
up
technical
resources,
things
like
that,
but
other
than
that
you
know
and
facilitate
you
know,
updates
and
that
sort
of
thing,
but
I
think
our
role
should
be
largely
hands
off
and,
let's
let
them
operate
as
they
see
fit.
C
Hi
on
this
note,
it's
still
a
little
unclear
to
me
the
boundaries
between
the
role
of
the
attack,
the
role
of
the
governing
board
and
the
role
of
the
strategy
committee.
In
practice,
I
was
wondering
if
we
could
maybe
flesh
that
out
a
little
bit.
I
don't
know
if
I'm
the
only
one,
that's
a
little
bit
feeling
like
there's
a
venn
diagram
here
and-
and
it
might
make
sense
to
shake
it
out
more
specifically,.
A
A
Board
member
or
we
have
two
companies
there,
so
yeah
certainly
there's
a
lot
of
overlap,
but
I
think
my
understanding
of
the
separation
here
is
the
governing
board
is
largely
in
existence
to
do
things
like
the
more
kind
of
administrative
things.
There's
budgeting
things
that
happen
there
and
there's
marketing.
That
happens.
A
The
overall
organizational
type
work
bylaws,
that
sort
of
thing
tac
is
more
technically
focused,
and
so
that's,
where
we're
oversight
for
the
working
groups
and
technical
initiatives
and
making
sure
that
all
makes
sense
and
of
course,
there's
a
rep
for
the
governing
board
to
make
sure
that
kind
of
left
hand
knows
what
the
right
hand
is
doing
and
then,
as
far
as
that
committee
goes,
that
kind
of
got
started
at
the
governing
board
side
and
then,
but
I
think
it
was
sort
of
brought
up.
A
That
attack
was
really
the
one
that
was
responsible
for
that,
and
so
we
sort
of
shifted
those
gears
a
little
bit
and
added
the
rest
of
the
attack
in
and
so
now
there's
this
sort
of
overlap
thing.
So
that's
probably
part
of
why
the
confusion
exists,
but
I
think
going
forward
once
we
have
final
attack
and
governing
board
there'll
be
more
separation
there
and
it
might
become
more
clear,
but
right
now
definitely
a
very
large
venn
diagram.
I
think
yeah.
C
But
when
you,
once
you
start
to
get
into
the
implementation
details,
I
feel
like
there's
a
lot
of
crosstalk
and
it's
probably
directly
a
function
of
the
fact
that
we
are
participants
in
so
many
groups,
but
it
might
be
interesting
to
go
through
a
bunch
of
like,
and
I
don't
know
if
here
is
the
form
for
that,
but
go
through
like
a
bunch
of
canonical
tasks
that
come
up
over
and
over
again
within
these
groups
and
figure
out,
which
ones
are
really
the
realm
of
the
governing
board,
which
ones
are
really
the
realm
of
the
tac.
C
Whether
the
strategy
committee
is
overlapping
with
some
of
that
just
because
I
feel
like
I
don't
know
where
to
bring
different
issues
to
different
things,
and
but
if
I'm,
if
I'm
alone
in
that,
I
certainly
don't
want
to
like
take
up
our
time
here.
Maybe
someone
can
connect
with
me
offline.
I
just
feel
a
little
bit
not
calibrated
and
not
sure
where
certain
things
are
going
and
I've
heard
agenda
items
come
up
in
different
groups
where
I
thought.
Oh,
I
thought
that
was
that
other
one.
A
A
I
agree,
there's
definitely
overlap
there
and
I
think
a
lot
of
it
will
get
resolved
over
time,
just
as
if
these
decisions
get
made-
and
it
probably
is
beneficial
to
at
least
create
a
dock
somewhere
that
has
a
table.
It
says
governing
board.
These
types
of
things
attack
these
types
of
things,
and
then
we
can
just
kind
of
have
that
there
and
then,
if
it
comes
up,
go
okay,
let's
use
that
as
a
as
a
way
to
try
to
defer
some
of
those
conversations
if
they
pop
up
in
the
in
the
wrong
form.
A
B
A
B
Max
sills
who's
like
one
of
google's
open
source
lawyers.
You
know
kind
of
his
thoughts
on
this
and
because
he's
involved
in
tons
of
different
foundations
and
stuff
on
google's
behalf,
and
he
said
that
I
think
he
put
it
really
well.
The
role
of
the
governing
board
in
general
in
most
of
these
groups
is
to
do
two
things
to
manage
budget
and
then
to
delegate
all
the
other
things
to
other
groups,
and
so
I
don't
know
quite
how
accurate
that
is.
B
But
that
seemed
to
be
his
kind
of
like
put
it
in
one
sentence,
and
so
I
think,
if
you
look
at
the
charter,
all
of
the
oversight
for
technical
stuff
has
been
delegated
to
the
attack
and
we
don't
really
have
a
ton
else
going
on
right
now,
because
there
is
no
budget.
So
I
think
that
might
be
why
some
of
the
venn
diagram
is
overlapping
and
confusing
right
now,
because
we're
trying
to
figure
out
all
the
other
things
that
exist
and
can
be
delegated
and
who
should
be
doing,
which
things.
A
Yeah,
it
might
just
put
in
the
chat
too
something.
I
think
that
pretty
much,
maybe
summarize
what
you
just
said
in
a
little
bit
more
detail,
but
you
know
tap,
is
around
coordinating
all
technical
work
right.
The
board
isn't
really
anything
about
the
work.
That's
happening.
It's
budget,
marketing,
trademarks,
that
kind
of
stuff.
C
C
If
we
were
like
one
item,
I'd
like
to
raise
is
around
organizing
a
like
research
workshop
around
these
topics,
and
I
don't
know
whether
to
raise
that
again
at
the
governing
board
at
this
tax
somewhere
else,
and
I
feel
like
there's
just
a
bunch
of
like
things
we're
coming
up
against
around
like
setting
our
goals,
and
some
of
them
are
technical
in
flavor
and
is
that
governing
border
tech?
Or
do
we
need
the
separate
strategy
committee?
C
A
B
A
E
A
E
A
B
I
think
we
do
have
a
couple
concrete
examples
later
in
the
agenda.
I
don't
know
if
we
want
to
change
things
around
by
moving
those
up.
I
don't
really
care
either
way,
but
like
a
lot
of
the
stuff
around
the
cii,
lf
consolidation,
I
think,
are
kind
of
post
some
interesting
questions
about
where
they
should
be
handled.
A
Yeah
for
flow
wise,
let's
get
to
things
really
quick,
because
I
think
those
might
take
on
a
longer
discussion.
So
so
the
next
thing
on
here
is:
we
need
to
fill
out
the
governing
board
track.
Rep
dan,
I
think
by
default.
That's
you.
Does
anybody
have
any
issue
with
that?
Or
can
we
go
ahead
and
move
on.
A
D
A
Then
the
next
one
is,
we
need
to
come
up
with
the
community
individual
representative,
so
I
think
this
is
pretty
open
to
thoughts
here
we
can
hold
a
poll
if
people
have
suggestions
of
who
it
might
be.
If
they've
worked
with
anybody
that
they're
interested
in
having.
I
think
this
is
pretty
wide
open
at
the
moment.
F
How
soon
are
you
supposed
to
name
that
person.
A
Yeah,
so
this
is
somebody
that
we
need
to
pull
in.
It
could
be
somebody
that
is
actively
involved
in
open,
ssf
or
not.
It's
basically
they're
a
non-member
right,
but
they
they
need
to
they'd,
be
attending
tech
meetings
with
the
best
of
interest
to
help
strategize
with
us
and
help
us.
You
know
reach
out
to
community.
You
know
that
that
sort
of
thing
be
sort
of
that
community
expert
so
nomination,
but
obviously
we
don't
want
to
nominate
people.
We
haven't
spoken
with
so.
F
F
A
B
B
C
B
Because
I
think
there's
some
context
in
there.
There
is
a
date
and
I
don't
remember
what
it
is.
A
Yeah,
I
was
just
going
to
say,
dana
put
together
a
sort
of
reverse
schedule
in
the
github
issue
that
lists
okay,
so
we
have
1029
as
a
press
release
and
if
you
work
back
for
the
times
of
nominations
and
voting
and
all
that
kind
of
stuff.
Basically,
we
need
to
try
to
cope
with
somebody
like
this
week.
A
B
D
D
So
it's
that
lifeline
between
the
tac
and
the
board.
The
other
role
that
I
think
is
being
collapsed
into
this
is
there
is
a
provision,
and
I
had
I'd,
have
to
pull
up
the
actual
charter,
but
there's
a
provision
in
the
charter
that
says
that
you'll
have
somebody
representing
the
community
that
isn't
a
member.
B
A
A
C
Okay,
yeah,
and
I
think
I
think,
the
spirit
of
having
a
community
member,
like
the
goal
we
were
trying
to
achieve
initially,
was
that
this
would
increase
kind
of
diversity
and
representation
on
the
board,
specifically
around
members
of
the
community,
who
you
know,
would
provide
a
valuable
insight
as
being
open
source
contributors,
but
maybe
have
a
different
perspective
or
different
kind
of
set
of
experiences,
as
is
more
typical
for
the
folks
in
the
governing
board
or
in
the
tech.
C
So
we're
really
just
looking
to
see
if
this
seat
could
be
used
to
find
someone
that
kind
of
represents
open
source
from
a
different
angle.
If
that
makes
sense,
I
don't
quite
know
how
to
phrase
it,
but
it
was.
It
was
really
around
bringing
in
a
different
a
different
and
valuable
viewpoint
into
the
governing
board.
A
Yeah
yeah,
I
definitely
remember
that
so
I
think
keeping
that
in
mind
so
k
you
had
mentioned
here
in
the
issue
a
proposal
around
anyone
who
subscribed
to
at
least
one
mailing
list
and
self-nominating
once
you've
subscribed,
can
vote.
A
So
I
guess
we
need
to
send
a
mail
out
requesting
nominations
and
you
can
self-nominate
or
nominate
someone
else
and
then
hold
the
vote
and
go
from
there.
A
lot
of
folks.
Think
of
that-
and
we
could
do
that
by
using
dan's
timeline
here
we
can
send
out
the
mail
in
the
next
few
days
and
then
get
that
initial
set
and
set
up
a
poll.
B
G
B
Move
on
a
little
bit,
I
think
somebody
had
mentioned
the
point
of
getting
a
community
person
on
the
tack
as
well.
I
think
that
was
you
chris,
that
I
think
would
fall
under
the
other
charter
piece
which
says
the
tac
is
supposed
to
figure
out
long-term
tax
membership.
So
I
think
that
is
still
possible
and
is
still
in
scope.
We
just
have
to
define
that,
but
that
has
a
later
due
date,
so
nobody
has
started
looking
into
that.
A
Yet,
okay,
so
that
all
sounds
great.
So
let's
do
let's
plan
on
9
25,
we
can
send
out
a
an
email
announcement.
So
a
few
days
by
the
end
of
the
week
we'll
get
that
out
there
and
start
collecting
that
initial
set,
and
then
we
will
hopefully
have
a
list
that
we
can
then
vote
on
and
we'll
get
that
figured
out,
looks
like
by
next
week
or
so.
B
G
The
the
hard
deadline
for
the
press
release
is
to
identify
this
three
additional
members
from
the
membership,
so
we
have
five
total
additional
members
that
we
need
to
put
on
the
governing
board.
Three
are
from
the
membership
and
that's
the
hard
deadline,
the
other
two,
the
attack
and
the
individual
community
representative.
I
don't
believe
that
there's
a
hard
deadline
specified
in
the
charter,
but
I
would
I
would
prefer
that
we
do
it
all
at
once.
If
we
can
and
sure.
G
A
Okay,
all
right
so
we'll
get
that
process
rolling.
Then
the
next
thing
in
the
agenda
is
some
working
group
updates,
so
I've
reached
out
to
the
all
the
old
osse
working
group
leads.
So
those
are
the
best
practices,
vulnerability,
disclosure,
tooling
and
identifying
security
threats
working
groups.
I've
invited
them
to
this
meeting.
A
Most
of
them
said
that
they
wouldn't
be
able
to
make
it
today,
but
they
would
be
attending
the
next
one
and
they've
also
been
informed
that
we
need
to
get
updates
as
far
as
where
they're
at
so.
A
For
those
that
aren't
aware
previously
in
osse,
with
these
same
working
groups,
we
sort
of
had
a
quarterly
sync
up
where
we
all
the
leads
would
get
together,
provide
status
updates
on
direction
if
they've
had
any
updates
on
that,
and
then,
where
they're
at
and
new
objectives,
what
they've
accomplished
that
sort
of
thing
and
then
that'll
sort
of
accrue
to
this
eventually
we'd
have
the
entire
order
we
get
together
and
have
presentations
on
it,
but
that
sort
of
kept
everybody
in
sync.
A
So
I
want
to
use
or
leverage
this
meeting
these
portions
of
it
at
times
to
have
the
working
group
leads
come
in
and
give
their
updates
as
well
on
some
sort
of
regular
cadence,
so
they're
aware
of
that
they're
kind
of
prepping
for
it
and
it's
sort
of
a
related
thing
is
they're
aware
of
we
need
to
start
formalizing
these,
these
working
groups
and
initiatives
making
sure
right
now,
everything's
listed
as
incubating
and
on
on
the
attack
repo.
We
say
that
they're
approved,
though
technically
they
haven't
gone
through
any
of
the
process.
A
So
we
need
to
go
through
that
process.
So
I've
submitted
a
pull
request
on
the
readme.
We
don't
have
to
go
through
it
here.
A
I
can
highlight
in
the
dock
real
quick,
some
of
the
things
that
that
I
added
to
it
and
subtracted.
But
if
you
will
go
look
at
that
and
comment,
it's
highlighted
here
so
they're
aware
that
once
this
gets
finalized,
they'll
need
to
go
through
and
full
out
or
fill
out
the
the
updated
readmes
and
then
that's
what
we'll
use
to
go
through
the
actual
process
and
we'll
start
that
by
this
next
meeting.
Hopefully
they
should
be
ready
for
that,
so
real
quick,
let's
say
so.
A
This
is
the
doc
version,
that's
easier
just
to
look
at
real
quick,
but
there
were
a
lot
of
comments
that
were
put
in
on
this
issue,
both
from
dan
and
katie
and
maya
and
others,
some
really
great
feedback.
So
this
is
just
again.
I
don't
want
to
dive
into
this
too
much
because
we
have
more
to
cover,
but
you
know
we
talked
a
lot
about.
We
need
a
description.
A
We
need
to
talk
about
what
the
motivation
for
this
working
group
is.
You
know,
what's
the
history
of
it,
what's
the
use
case
that
we're
trying
to
solve
be
very
clear
about
what
the
objectives
are,
so
what
are
we
trying
to
achieve?
Do
we
have
okrs
listed
for
these
things,
defining
the
scope
what's
in
and
out
of
scope,
specifically
one
that
I
saw
in
one
of
the
working
groups,
that
was
great
was
the
prior
work,
so
this
could
be
optional.
You
know,
there's
a
lot
of
working
groups.
A
We
have
right
now
that
have
other
initiatives
that
people
bring
up.
Oh,
have
you
talked
to
this
group
or
have
you
heard
about
this
project?
For
that
thing,
we
should
list
those
here.
If
they're
you
know
available
and
if
we're
involved
and
engage
with
those
groups,
we
should
mention
that
as
well.
A
So
that's
sort
of
the
the
background.
What
that
working
group
is
all
about
and
then
there's
the
okay
now,
how
do
I
get
involved
in
this
thing,
so
we
should
have
very
clear
guidelines.
Some
of
these
have
started
to
happen
and
taken
shape
on
some
of
the
readmes.
I've
noticed,
but
again
the
formatting
is
inconsistent,
so
we
need
to.
We
need
to
solidify
on
this
so
list
of
the
mailing
lists,
if
there's
slack
channels
to
join,
we
need
to
put
that
there.
If
there's
other
information,
we
should
have
as
well
a
quick
start.
A
A
Where
do
they
file
issues
and
right
now,
everybody's
using
github
issues,
but
if,
for
some
reason
in
the
future,
a
working
group
has
some
other
thing
for
some
reason,
we
should
list
that
type,
that
information
here
and
then
the
meeting
times
be
very
clear
about
what
the
actual
cadence
of
meetings
are
like
right
now
I
think
some
people
say:
okay,
every
friday
or
whatever
or
every
third
thursday,
you
know,
but
they
don't
dictate
when
it
starts.
A
So
we
need
to
be
clear
about
what
that
is
and
then
a
link
to
the
actual
calendar
invite
and
then
the
meeting
minutes
and
then
lastly,
is
the
governance.
So
we
can
list
out
a
link
to
the
charter
and
then
who's
leading
these
particular
working
groups
of
people
need
to
reach
out
to
them.
B
Yeah,
I
think
it's
a
great
start
thanks
for
putting
it
together.
I
think
I
mean
one
of
the
other
questions
I'll
have
to
figure
out
after
we
get
everybody
to
fill
this
out.
The
first
time
is
kind
of
what
the
update
cadence
is
and
how
people
go
about
making
changes
to
it.
A
point
in
time
snapshot
is
definitely
a
great
start,
but
I
think
we
probably
want
it
to
be
more
living.
I
guess.
A
Yeah
definitely
so,
like
you
know,
this
will
be
the
readme
on
the
repo.
So
as
things
change,
they
should
update
these
things.
The
other
part
too,
and
I
wanted
to
ask
this
group-
was
where
we
should
have
the
working
groups
fill
out
with
their
sort
of
updates
so
like,
for
example,
the
best
practices
group.
They
have
a
markdown
file
where
they
put
all
their
meeting,
notes
and
they're
listed
by
date
right,
so
you
can
kind
of
go
through
them.
A
I
was
considering
doing
something
similar,
but
I
don't
know
if
it
makes
sense
to
have
it
centralized
on
the
tac
repo
or
if
we
just
want
to
have
them
put
it
in
a
common
location
like
we
created
a
folder
and
everybody's
repo,
that
says,
updates
and
then
every
quarter,
that's
what
they
put,
what
they've
done
and
where
they're
at
and
if
directions,
changing,
and
then
we
pull
those
together
either
on
the
open
side
website
or
on
the
attack
repo,
so
that
there's
a
centralized
place
for
it.
A
A
Yeah
so
they're
they're,
starting
now
so
in
the
the
communication
I
had
with
them
last
week
as
part
of
filling
out
the
remainder,
I
think
they're
also
going
to
do
some
updates
and
I
told
them
sort
of
tbd
about
where
to
put
it.
So
knowing
that
yeah
we're
coming
up
by
that
10
29,
you
know
that
kind
of
puts
us
around
the
quarter
and
then
I
know
the
press
releases
from
then
on
are
going
to
be
every
quarter
correct
k,
so
that
sort
of
gives
us
that
that
quarterly
cadence
to
provide
updates.
G
A
D
A
Yeah,
so
I
guess
that's
kind
of
the
same
idea
process
wise,
but
also
trying
to
maybe
automate
it
a
little
bit
more
to
where,
like
that's
essentially
what
they
would
do,
but
it
would
all
be
done
in
some
spot
that
could
be
shown
on
the
working
group
repo.
So,
if
somebody's
interested
in
a
working
group,
they
could
go
and
see
what's
been
happening
and
where
they're
at
and
also,
if
somebody's,
just
browsing,
saying
the
tax
repo
and
trying
to
get
a
general
overview,
they
could
click
on
one
and
go.
Oh
okay!
A
That
they'd
all
be
collated
eventually,
but
I
don't
know
it
makes
sense
to
do
that
centrally
to
start
off
with
or
to
have
a
tool
that
pulls
them
together.
Luke
had
mentioned
in
the
previous
meeting,
we
talked
about
having
sort
of
some
metadata
files
that
we
could
pull
from.
Maybe
we
could
leverage
a
tool
like
that
that
sort
of
pulls
things
together.
G
Yeah,
I
think
it
was
mark
that
was
that
was
looking
at
that.
So
my
just
a
a
quick
thought,
just
as
an
individual,
not
as
a
governing
board
member
is,
it
seems
clear.
It
seems
like
it
would
be
pretty
clean
if
we
had
each
group
do
it
in
their
own.
So
we
have
created
a
google
drive
folder
for
each
of
the
working
groups.
G
Now
I
don't
think
they're
all
putting
documents
in
it
currently,
but
but
that
could
be
a
place
where
a
document
gets
started
and
maybe
you
know,
use
the
same
name
or
same
folder
name
or
something
so
anyway,
so
the
individual
working
group
could
put
their
content
there
and
then,
as
we're
rolling
up.
G
You
know
if
there's
a
tack
roll
up
from
that,
the
tap
can
pull
that
together
and
maybe
create
a
correlated
document
if
they,
if
they
want
it
or
maybe
just
a
file
that
has
links
to
the
to
the
to
each
working
groups
updates
and
then
we
could
use
that
same
information
as
we're
planning
for
the
press
releases
for
each
quarter.
But
probably
we
you
know,
do
another
coalate
and
wordsmith
and
and
such
for
the
press
releases
so.
A
So
that
actually
brings
up
sort
of-
I
guess,
maybe
a
more
fundamental
question:
do
people
have
a
preference
around
whether
these
updates
are
stored
in
a
document
or
if
they're
stored
in
like
a
markdown
file
on
the
repo,
because
I
sort
of
made
the
assumption
that
we
would
put
them
in
the
markdown
files
on
the
repo
because
they're
more
easily
accessible?
But
if
a
document's
easier
for
people
to
sort
of
party
on
together,
that's
fine
too.
F
F
Repo
idea
that
you
could
then
manage
you
can
manage
these
updates.
Like
you
would
release
notes,
I
mean
not.
Everybody
manages
their
release,
notes
in
their
repo,
but
that
would
give
you
a
pretty
structured
way
across
everything
and
then,
as
far
as
like
trying
to
correlate
all
those
or
collate
those
with
with
each
of
the
working
groups
right
now,
we
only
have
six
working
groups,
so
I
think,
coming
up
with
a
big
automation
scheme
for
for
a
handful
of
projects
isn't
might
not
be
necessary
in
the
end.
A
Yeah,
that's
right!
Well!
That
was
kind
of
my
thought
too.
So
it's
just
easier
to
put
it
on
the
repo.
It
could
also
be.
We
start
with
the
doc
and
then
it's
published
to
the
repo.
You
know
in
a
markdown
file
if
it's
easier
for
people
just
to
edit
in
the
doc,
and
then
somebody
myself
or
somebody
else
can
kind
of
publish
that
on
the
regular
cadence.
A
H
Yeah,
I
don't
know
if
anyone's
used
hackmd
in
a
community
you're
a
part
of,
but
as
far
as
you
know,
having
a
markdown
syntax
but
collaboratively
edited
doc.
They
now
have
github
integration,
where
you
can
then
push
the
result
to
that
to
a
repo
anyway.
It's
something
that
maybe
fits
kind
of
both
collaborative
editing,
but
gives
you
a
way
to
easily
put
it
in
a
github
repo.
A
Preferences
well
we'll
go
ahead
and
we'll
formalize
that
a
little
bit
more
and
then
get
the
working
group
leads
involved
and
we'll
start
we'll
continue
on
and
then
okay,
as
you
mentioned,
the
summaries
that
come
out
of
sf
will
get
used
for
the
1029
press
release
which
brings
us
to
the
1029
planning
milestone.
Okay,
do
you
want
to
give
an
update
on
this?
For
everybody.
G
Yeah,
so
I
actually
I
don't
have
this
as
an
update.
I
more
was
just
listing
out
the
things
that
so
in
that
separate
group,
the
strategy
group.
You
know
we've
identified
that
we're
working
toward
a
press
release,
and
here
I
was
just
trying
to
list
out
the
things
that
I
think
we
need
from
the
governing
board
or
the
working
groups.
G
So
the
two
of
them
we
talked
about
at
the
top,
so
the
tech
representative
and
the
security
community
representative,
and
so
you
know,
sounds
like
people
have
have
those
and
will
take
action
on
them.
So
perfect.
Another
thing
that
we'll
be
doing
is
announcing
that
that
we're
hoping
to
do
is
announce
the
consolidation
of
cii
and
l,
linux
foundation,
security
efforts
with
open
ssf,
and
so
there
is
an
issue
on
the
tack
about
that.
G
I
think
the
way
that
the
issue
is
worded
is
review
working
group
proposals,
so
the
the
proposed
so
david
wheeler.
Thank
you
kindly
david
put
together
a
really
great
proposal,
so
he
outlined
the
things
that
are.
You
know
the
projects
have
that
were
part
of
the
cii,
which
is
no
longer
currently
active,
but
got
started
under
the
cii
and
and
some
are
still
loosely.
B
G
So
david
has
listed
those
things
and
made
recommendations
for
which
working
groups
they
might
belong
under
and
david
has
been
driving
a
couple
of
these.
So
we
have
already
agreed
to
include
the
edx
course
with
the
best
practices
working
group
and
then
the
badge
program
david.
Do
you
want
to
update
on
where
I
I
don't
know
if
we
have
got
an
issue
somewhere
tracking
that
but
we're
thinking
we
want
it
to
be
in
the
identifying
security
threats,
working
group.
E
Well,
that's
one
of
the
proposals
there,
so
the
ci
best
practices
badge
has
been
around
for
a
number
of
years.
There's
two
different
working
groups
where
it
would
make
sense
to
put
under
the
identifying
security
threats
which
I'll
which
does
a
lot
of
the
metrics
and
the
best
practices
which
does
a
lot
of
the
education.
E
Because
it's
got
such
a
emphasis
on
the
metrics.
I
thought
the
identifying
security
threats
might
be
the
better
fit
but
they're
both
reasonable,
and,
I
think,
no
matter
what
both
working
groups
should
be
involved
and
changes
to
the
criteria
in
the
future.
Probably
just
having,
like
you
know,
hey
everybody
in
both
working
groups
vote
or
something
but
and
the
census
in
the
survey.
If
you
don't
mind
me
continuing,
I
think,
belong.
D
E
The
security
securing
critical
working
groups
securing
critical
software
working
group
again
trying
to
find
where
they
fit
under
the
open,
ssf.
G
G
Reviewing
that
and
getting
to
the
point
where
we
say
yes,
we
agree,
these
are
the
things
we're
taking.
These
are
the
groups
that
they
belong
in,
so
I
think
we
had
talked
in
some
other
forms
about
this,
being
something
that
the
individual
working
groups
evaluate
the
items
that
are
proposed
to
come
to
them
and
then,
if
those
working
groups
agree,
then
maybe
maybe
we're
done
so
maybe
the
decision
is
all
made
at
the
working
group
level.
If,
if
not,
does
the
tac
need
to
review
it?
G
So
that's
what
I
that's
what
I
need
to
understand
from
this
group
so
that
we
can.
You
know
from
again
from
my
perspective,
just
so
that
I
can
say
it.
You
know
at
the
end
of
this
you
know
we're
ready
to
announce
and
that
you
know
everyone's
agreed
along
the
way.
F
E
I
lead
the
best
practices
back
yeah.
I
lead
the
best
practices
badge
on,
so
that's
an
easy
one.
I
can
tell
you
all
about
that,
one
for
the
census
and
survey
I
mike
dolan
and
I
have
been
kind
of
reviewing
and
watching
that
is
that
go
the
actual
works
being
done
by
harvard
it's.
It's
actually
funded
work
by
the
aleph.
So
I
think
the
end
this
year
mike
can
correct
me
on
the
exact
timing,
the
and
the
ls
security
projects.
Those
openness
says:
ssl,
but
really
ssh.
E
Sorry,
open,
ssh,
open
bsd
in
linux
kernel.
Those
are
all
funded
activities
by
the
linux
foundation,
but
loosely
under
the
cii.
Up
to
this
point,.
E
D
F
E
Okay,
as
far
as
administration
goes,
yes,
I
mean
I'm
the
lead.
I
work
for
the
linux
foundation.
Now
I
mean
there
is
a
governance
process.
E
Any
proposed
changes
to
criteria,
there's
a
there's,
a
document
on
how
that
how
that
occurs,
but
as
far
as
the
you
know,
who
who
tries
to
make
sure
that
keeps
running
that
would
be
fundamentally
the
buck
stops
here.
It's
my
prayer,
it's
my
problem
to
make
sure
it
keeps
if
there's
a
problem.
I
get
the
problem.
E
B
To
put
it
another
way,
maybe
this
isn't
quite
what
damage
is
getting
up,
but
is
anybody
going
to
be
upset
if
this
ossf
and
you
just
decide
to
move
this
thing
into
one
of
the
working
groups.
E
Got
it
okay,
I
misunderstood
the
question
right.
No,
no
one's
gonna
be
upset.
The
there
was
some
confusion.
If
you,
if
you
probably
didn't,
read
the
I
wrote
this
tome
about
transitioning
to
the
cii,
the
cii
officially
ended
after
a
three-year
stint.
The
linux
foundation
has
kept
some
projects
going
because
it
seemed
that
they
were
valuable.
Hopefully
you
agree
that
you
know
things
like
the
badging
there's.
This
census
and
survey
work
work
to
help
improve
things
like
the
linux
kernel
and
open
ssh,
but
officially
the
the
original
steering
committee.
E
You
know
after
three
years
it
it
kind
of
disbanded,
and
so
it's
been
the
ls
just
wanted
to
keep
it
running,
and
now
that
this
group
exists
it
seems
like
a
sensible
thing
to
transition
to.
If
this
group
wants
them.
If
this
group
doesn't,
then
we
want
to
make
it
very
very
clear,
nobody's
requiring
you
to
take
these
on,
but
it
would
make
sense
for
them
to
go
to
a
new
home
and
you
guys
seem
like
the
right
home.
F
Yeah,
I
think
I
think
my
question
was
a
little
bit.
Would
there
be
anybody
upset
and
then
the
the
compliment
of
that
is
the
the
duocracy
aspect
that
you
know
where
the
hands
that
do
this
work?
If
they're
already
in
one
of
those
groups,
then
that
seems
like
the
likely
home
for
it
and
if
the
hands
aren't
going
to
follow
the
work,
regardless
of
where
it
goes.
That's
a
separate
issue.
E
The
badge
is
easy:
the
hands
are
here
and
if,
if
the
open
ssf
decides
it's
part
of
working
group,
I
will
immediately
become
I've
actually
been
trying
to
participate
in
all
the
working
groups.
I'll
become
a
member
of
that
working
group,
and
I
will
try
to
support
the
working
group
in
their
decisions
so
that
one's
easy,
the
census
and
survey
that's
being
done
by
harvard
the
issue.
There
really
is
gonna
be
long-term
funding,
but
I
mean
right
now.
E
What
I
would
say
is
wherever
they
transition
they're
gonna
have
to
work
with
them.
I've
actually
talked
with
the
harvard
folks
about
transitioning
securing
critical
software
working
group,
and
they
said
basically,
if
the
aleph,
if
the
yellow,
decides
that,
that's
what
should
happen
and,
more
importantly,
if
the
openness
ssf
decides
that
that's
what
should
happen,
then
that's
what
happens.
G
I
would
like
to
try
to
separate
out
the
the
funding
aspect,
so
there
is
the
question
of
funding
for
these
things,
and
I
would
like
to
discuss
that
at
the
governing
board
level
we're
meeting
on
thursday
and
I'm
proposing
that
we
have
time
to
discuss
that.
G
What
I
would
like
the
tax
to
do
is
look
at
these
things
from
a
sort
of
a
technical
and
a
charter
perspective
and
see
if
they
fit
in
attack
in
the
working
groups
and
see
if
they
fit
in
and
if
they
do,
then
we
should
move
to
consolidate
those,
and
then
you
know
separately,
work
out
the
funding,
because
between
the
linux
foundation
and
open
ssf,
we
both-
I
mean
we
want
these
efforts
to
succeed.
We
want
them
to
be
in
the
right
place,
we'll
you
know
we'll
we'll
make
the
funding
happen.
A
So
every
group
I've
been
in
all
the
meetings
so
far.
It
seems
pretty
obvious
that
open
ssf
is
fully
on
board
to
bring
these
things
in
right.
So
I
don't
know
what
we
need
to
do
to
just
go
ahead
and
and
put
this
to
rest
and
hold
an
official
vote
or
whatever
it
is,
and
then
we
can
start
focusing
on
logistics
to
actually
start
moving
these
things
together,
but
I
don't
think
it's
controversial
at
all
from
the
multiple
meetings
I've
had.
Speaking
of
our
of
our
overlapped
away.
A
G
Do
I
have
a
proposal,
I'm
good
at
making
proposals?
My
proposal
is:
can
we
can
we
make
it?
Can
we
have
an
agenda
item
for
this
next
meeting
to
to
essentially
approve
the
consolidation
of
all
of
the
identified
open,
ssf
and
linux
foundation
items,
and
then
that
kind
of,
or
maybe
it's
vote
or
whatever
you
want
to
whatever
you
want
to
call
it,
but
but
I
want
to
kind
of
reach.
G
Ideally
I
we
would
reach
resolution
by
the
next
tac
meeting
and
then
that
creates
a
backup
schedule
where
the
working
groups
need
to
review
and
make
sure
that
they're
comfortable
with
those
things
coming
into
their
groups
ahead
of
the
next
tac
meeting.
E
It
is
totally
up
to
you,
but
it
sounds
to
me
like
from
the
other
folks
that
they're
they've
seen
the
the
the
proposal
already
but
again
totally
up
to
you.
I
want
to
make
that
very,
very
clear.
G
B
A
This
week,
yeah
so
from
attack
perspectives.
Should
we
just
go
ahead
and
say
attack
approves
this
and
then
let
each
working
group
decide
where
it
best
fits
because
I
think,
like
I
said,
we've
got
two
out
of
three
and
you
know,
as
dan
just
mentioned
it's
on
the
agenda
coming
up
this
week,
the
other
one-
and
I
don't
think
it's
gonna-
be
controversial
personally.
B
Yeah,
I
think,
that's
reasonable.
I
guess
just
to
get
closure
quickly.
It's
from
a
process.
Standpoint
though
it
like
you
know
it
seems
to
me
as
long
as
like
you
know,
the
people
moving
this
stuff
into
the
working
group
are
happy
and
the
people
in
the
working
group
are
happy.
The
tax
shouldn't
necessarily
need
to
approve.
I
think
some
of
the
stranger
questions
come
around
the
funding
stuff
and
making
sure
that
you
know
working
group
isn't
adopting
something
that
has
strong.
B
You
know
legal
expectations
that
it's
going
to
be
funded
without
making
sure
the
governing
board
is
aware,
but
that's
not
the
case
here.
It
sounds
like
even
though
there's
funding
we
want
to
make
sure
it's
funded.
We're
not
really
you
know,
there's
no
ongoing
burden,
we're
signing
up
for
without
thinking
it
through.
A
Yeah,
I
agree
with
that,
but
I
would
say
that
I
think
the
tech
in
this
particular
instance.
It
does
kind
of
make
sense,
it
just
maybe
seems
obvious,
and
so
it
feels
like.
Maybe
it's
not
necessary,
but
you
know
otherwise
like
if
we
were
to
move
in
other
initiatives
into
working
groups
without
you
know,
attack
sort
of
being
aware
or
informative.
That
could
be
problematic
like
what
what,
if
the
cii
had
a
video
game
development
arm.
A
I
don't
you
know
like
we
would
say:
hey
that
probably
doesn't
fit
right
unless
it
was
to
somehow
teach
you
know,
security
best
practices-
I
don't
know,
but
so
I
would
say
just
as
a
formality.
It
probably
makes
sense
to
have
us.
At
least
you
know,
review
these
types
of
things.
In
this
case
I
just
think
we're
all
in
agreement,
so
it
feels
less
necessary.
B
Like
it's,
I
mean
so
what
I'm
looking
at
the
way
I'm
looking
at
is
a
little
bit
different
from
moving
stuff
in
it's
like
what,
if
one
of
the
working
groups
just
decided,
they
were
going
to
launch
a
best
practices
badging
thing
instead
of
moving
in
an
existing
one.
I
don't
think
we
really
have
a
process
in
place
for
where
they
would
present
that
and
that
for
the
tech
to
approve
it.
A
B
D
A
Yeah
yeah,
no,
definitely
not.
I
don't
think
we
want
to
vote
and
approve
everything
that
a
working
group
does.
I
think
if
it
fits
within
their
charter
and
it
makes
sense
it's
fine
and
then
if
it
becomes
an
issue,
I
think
holistically.
These
things
will
sort
of
fall
out
like
when
the
quarterly
update
happens
and
all
of
a
sudden
we
find
out
that
the
developer
tools
group
is
now
suddenly
you
know
implementing
a
crm
system
right.
A
We
might
go
hey,
that's
not
right
and
sort
of
they'll
sort
of
self
self
monitoring
in
that
sense,
but
I
I
don't
know
that
we
need
to
say:
hey
before
you
guys
can
do
anything
come
to
the
attack
that
that
seems
definitely
more
heavy-handed.
G
G
E
Right,
okay,
fair
enough
right,
so
I'll
report
back
on
the
top
I'll
make
sure
that
each
working
group
knows
about
these
and
start
that
process
and
I'd
be
happy
to
report
back.
Although
really
the
working
groups
will
probably
report
back
as
well.
So
I'll
report
back
if
needed,
the
working
group
themselves
may
report
back
all
the
techniques
that
it
wants
to
know
right.
Yeah.
E
B
Maybe
what
I'm
trying
to
get
at
is
instead
of
us
approving,
maybe
like
the
working
groups,
come
and
say,
they're
going
to
do
this
and
if
no
one
objects,
then
it's
just
approved,
and
you
know
that
way.
The
tax
still
has
a
chance
to
look
and
make
sure
it's
not
something
crazy,
but
we're
not
also
you
know
setting
it
that
stands
for.
We
have
to
vote
and
improve
on
everything.
Any
working
group
decides
to
do.
G
All
right
so
next
two
items,
so
we
want
to
for
the
press
release
we
want
to
enab,
I'm
just
calling
it
announce
the
technical
initiative.
So
we
did
announce
five
of
the
six
in
our
first
press
release
and
this
time
we'd
like
to
announce
all
of
them
that
are
ready
to
be
announced.
And
in
order
to
do
that
for
the
press
release
we
we
just
need
two
things.
G
One
is
a
short
name
and
a
short
description,
and
then
we
want
the
short
description
to
be
aligned
with
the
description
and
in
the
readme
and
then
a
note
for,
and
so
so.
We
believe
that
the
working
groups
will,
you
know,
come
up
with
the
name
and
the
description,
but
we
also
want
the
working
groups
to
be
aware
that,
because
this
is
something
that
we're
you
know
going
to
be
putting
in
a
press
release
and
then
also
on
the
open,
ssf
webpage,
there
will
be
some.
G
G
The
unless
we
do
what
we
discussed
in
the
the
strategy
meeting
yesterday
was
that
we'd
pull
them
out
of
the
out
of
the
readmes.
If
that
changes
we'll
make
sure
to
communicate
with
everyone-
and
we
might
even
want
to
you-
know,
create
a
separate
little
and
ryan
you
might
have
this.
Maybe
we
need
a
you
know,
separate
mailing
list,
or
at
least
the
names
of
the
people
from
each
working
group
who
are
responsible
for
providing
these
so
that
those
people
can
work
with
marketing
and
pr.
A
Yeah,
I
think
pulling
up
in
the
readme's
is
where
we
want
to
get
them
from,
so
that
these
guys
just
have
to
put
in
one
place,
and
then
it's
consistent
but,
like
you
said,
support
is
nothing
and
then
I
have
the
names
of
everybody,
but
we
do
need
to
get
a
a
mailing
list
for
all
the
working
group,
so
quote
leads
put
together.
That
would
be
very,
very
useful.
B
A
G
A
B
A
I
Is
the
press
release
going
on
linux
foundation
blog,
or
are
we
going
to
set
up
our
own
blog
for
this
on
the
website.
G
We're
we've
talked
about
setting
up
our
own
blog
lindsay
was
gonna.
Do
that
we'll
have
to
check
to
see
where
she's
at,
but
I
think
we
want
it
to
be
our.
I
think
we
want
it
to
be
our
own
blog.
If
not,
let's,
let's
discuss
that
at
the
at
the
strategy
committee
meetings,
yeah,
okay,
we
have
just
a
couple
of
minutes
left
so
I'll,
just
to
make
sure
everyone's
aware
of
the
last
piece
that
we're
doing,
which
is
that
we're
creating
a
new
get
involved
experience
that
starts
from
the
website.
G
G
You
know
how
we'll
want
to
link
to
the
readmes
for
each
of
the
working
groups,
but
then
we'll
probably
also
want
to
have
some
overview
information
about
here's,
the
here's,
the
calendar
where
all
of
the
working
group
you
know,
meetings
where
you
can
see
where
all
their
meeting
times
are.
Here's
how
to
you
know
we
we
record
all
of
the
meetings,
here's
where
you
can
find
the
recordings.
G
So
all
those
things,
here's
where
you
can
sign
up
for
mailing
lists,
so
things
that
are
consistent
across
all
the
projects
will
probably
expose
there
as
well
we're
still
working
on
what
that
experience
looks
like
and
we'll
you
know
I'll
and
I'm
reading
that
so
I'll
just
put
you
know
plant
it
as
we
work
through
it
I'll
give
a
quick
update
to
the
attack
at
the
meetings
as
we
go
along.
A
Thank
you
and
I'll
say
I
tried
to
model
the
get
involved
or
the
readme
off
of
the
conversations
that
we
had
around
those
things
in
the
that
you
just
listed
off
in
the
other
meetings.
So
all
right,
so
we
got
to
pretty
much
everything
except
for
reviewing
the
remaining
open
issues,
so
that
was
basically,
we
just
had.
I
think,
there's
some
stale
open
issues
in
the
attack
I'll
go
through
those
and
reach
out
to
anybody
that
opened
them.
A
There's
a
lot
that
I
think
that
we've
accomplished
and
can
just
go
ahead
and
be
closed
out.
So
I
just
don't
want
to
have
a
backlog
of
sort
of
debt
that
we
need
to
go
through
as
time
goes
on,
so
I'll
go
ahead
and
do
that,
but
with
that
we're
out
of
time,
so
thank
you.
Everyone
today
was
really
really
productive
reach
out.
A
If
you
have
things
that
you
wanna
talk
about
for
the
next
meeting
and
feel
free
to
put
them
in
the
agenda
future
agenda
as
well
and
we'll
see
you
guys
in
two
weeks.