►
From YouTube: OpenSSF TAC Meeting (February 22, 2022)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
A
A
A
A
C
C
D
Good
morning,
everyone-
I
don't
know
if
we're
waiting
for
for
someone
else
to
pop
up
and
say
hello
good
morning
but
I'll
say
hello.
Good
morning,
let's
see,
I
don't
see
a
previous
chair
of
the
attack
here,
ryan
haning,
I
think,
would
normally
host
this.
So
I'll
jump
in
and
say
hello
and
welcome
to
the
tech
meeting,
and
I
think
I
hear
other
people
suggest
you
can
is
my
audio
working
I'll
just
make
sure
yeah
yeah
you're,
good
brian,
okay,
great!
D
Oh,
I
see
okay
ryan's
on
vacation
great
all
right.
Well,
I
I
am
happy
to
pass
the
baton
from
this
to
the
new
tac.
Would
somebody
for
on
that
new
attack
like
to
pick
up
the
ball
and
and
not
not
saying
volunteer
for
chair
out
of
the
shoot
but
be
willing
to
play
mc
for
this
meeting.
E
I
can
do
it
if
not
takers.
Oh,
who
is
that
bob?
That's
luke,
oh
luke,
okay,
great!
Go
for
it,
luke!
Okay!
So
I'm
I'm
pretty
much
just
going
to
read
from
the
agenda
and
but
you
know,
let's
kind
of
co-chair
this
while
we
don't
have
a
chair
right
so
so
I
guess
first
of
all,
it's
the
new
attack
yay.
E
So
welcome
everybody.
It's
great
to
to
see
the
the
the
last
three
remaining
tech
members
great
to
have
you
on
and
good
to
see
everybody.
E
So
I
guess
really
the
first
one
really
is
to
jump
into,
which
is
an
election
of
attack
chair,
okay,
so
we're
going
to
need
a
chair
because
ryan
has
obviously
rotated
off
after
doing
a
really
great
job.
E
So
yeah
anybody
have
any
points
to
kick
us
off
with
there.
D
I
I
I
I'll
start
just
by
mentioning
you
know.
The
the
main
role
of
the
tech
chair
is
to
convene
this
meeting
and
during
conversations
try
to
just
make
sure
everyone
gets
hurt.
D
You
know
that
even
people
beyond
the
attack
are
able
to
hear
their
observations
and
the
like
and
they're
not
supposed
to
be
the
note
keeper,
but
you
know
it's
partly
their
responsibility
to
make
sure
that
at
least
at
the
very
least,
whatever
decisions
get
made
and
attack
get
recorded
into
the
notes
here
at
some
point
and
then
finally,
the
tech
chair
sits
on
the
the
governing
board
as
well,
so
there's
a
role
there
that,
I
think,
is
pretty
important.
D
That
means
being
available
for
what
are
currently
the
first
thursday
of
the
month.
Six
a.m.
Pacific
time
meetings-
and
you
know
I
think
that
that
boils
it
boils
down
the
main
responsibilities.
As
I
see
it,
I
might
be
missing
something.
E
And
sort
of
ancillary
somewhat,
but
we
have
to
remember
to
give
the
new
tap
chair
access
rights
to
open
the
zoom
bridge.
I
think
maybe
did
you,
did
you
open
it
for
us,
brian.
F
This
is
jen,
I
opened
it
for
y'all
and
myself
yeah,
either
myself
or
david
wheeler
has
access,
and
one
or
both
of
us
will
always
be
here.
E
Okay,
so
has
anybody
got
any
thoughts
to
kick
us
off
on
on
how
we
should
go
around
the
election.
G
E
Sure
sure
so
so
the
election
would
just
be
amongst
the
tax,
the
existing
tax
members
to
vote
for
their
own
chair,
correct
okay,
so
I
guess
probably
a
good
thing
to
do
is
start
off
and
see
who
has
an
interest
in
standing
for
the
election
to
be
attacked
chair.
So
we
can
work
out
if
we
actually
need
an
election
in
the
first
place.
So
does
anybody
have
an
interest
in
the
chair
position.
I
Okay,
I
would
also,
but
I
do
want
to
ask-
are
all
current
tac
members
present
to
you
know
be
able
to
participate
in
this
question,
or
should
we
have
a
post
on
the
mailing
list,
saying
hey
if
you're
attack
member
yeah?
So
let's
see.
C
I
Then
I
don't
see
any
problem
with
going
around
here.
Having
that
discussion.
E
Okay,
so
is
there
any
other
nominees
at
all
for
sure.
E
No
okay,
so
so
we
can
go
ahead
and
get
the
voting
system
up.
What
medium
do
we
use
same
as
last
time
or.
D
Well,
you
know
it's
the
tack
itself.
Good
luck,
the
chair,
just
the
seven
members
you
all
can
decide.
Do
you
want
to
do
it
anonymously,
so
we
can
set
up
a
an
open
vote
thing
just
for
that,
not
a
problem.
If
you
wanted
to
just
do
a
round
of
hands
in
this
meeting
here,
you
could
also
do
that.
D
You
know
I
I
happy
either
way
we
have
a
governing
board
meeting
coming
up
before
the
next
tac
meeting
might
be
nice
to
have
that
sorted
out
by
then,
but
not
not
essential.
No,
don't
don't
make
that
a
hard
constraint.
C
C
E
Good
stuff,
okay,
so
any
other
points
on
the
touch
here.
E
K
E
So,
let's
see
our
next
topic
is
assign
sponsors
from
the
tac
to
each
working
group
brackets
initiative.
E
C
D
D
David
has
a
family
issue,
so
I
think
I
think
he
just
wanted
to
make
sure
that
there
is
a
connection
between
the
working
groups
and
the
tech.
You
know
in
a
kind
of
guidance
and
assistance
and
and
ultimately
you
know,
an
oversight
role.
So
maybe
there's
a
larger
question
here
of
like
what's
the
structure
and
format
for
that
kind
of
you
know
touch
point
the
time
of
engagement.
One
way
to
do
it
is
with
volunteers
from
the
attack
kind
of
being
responsible,
but
that
does
feel
like
a
single
point
of
failure.
D
Kind
of
issue-
I
don't
know.
Perhaps
this
is
a
longer
conversation
than
you
know,
then
we
have
time
for
this
week,
but
I
think
I
think
the
key
thing
is
for
this:
the
new
tac
to
figure
out.
How
does
it
want
to
you
know
own
these
projects.
These
projects
are
kind
of
like
you
know,
free,
isn't
puppy
right,
so
where's
the
where's.
The
new
attack
on
this
kind
of
thing
would
be
interesting
to
talk
about.
D
I
I've
mentioned
a
couple
times
trying
to
draw
on
work
that
ann
perducio
and
I
did
in
the
ccc
and
that's
parallel
to
some
of
this.
I
just
dropped
a
link
in
the
zoom
chat
to
the
description
of
project.
Mentors
from
that
foundation,
probably
not
exactly
the
same
here.
Working
groups
project's
a
little
different,
but
I
think
this
is
a
good
thing
for
the
new
tag
to
work
on
and
we
can
draw
from
that.
E
D
Still
we're
still
at
six
working
groups
and
we're
at
about
three
of
these
special
initiative
projects.
There's
alpha
mega
gti
and
six
store.
D
Information
tracked
that
list
of
six
and
three,
the
the
the
main
open,
ssf
github
page,
has.
J
D
Pinned
at
the
top
their
their
home
repositories,
which
essentially
should
be
their
their
their
home
web
pages.
I
mean
the
main
open
ssf
website
is,
you
know
more,
I
don't
say
marketing
focus
but,
like
I
feel
like
most
of
the
substance
of
what
goes
on
in
those
working
groups
happens
in
in
in
github
or
occasionally
slack
or
whatever.
I
E
I
E
D
And
person
persia
is
not
yet
a
project,
it
is
something
that
is,
you
know
we're.
D
M
E
Great
okay,
so
any
more
on
sponsorship
of
various
tax
members
to
the
different
groups.
Before
we
move
on
to
the
next
topic,.
E
No
okay,
so
let
me
see
abhishek
concerns
on
os.
The
schema
project
in
vulnerabilities
disclosure
by
here.
G
So
this
concern
was
raised
on
slack
by
two
of
the
members,
which
is
the
osv
schema
project
was
approved.
G
I
think,
like
sometime
in
september
by
the
working
group,
like
the
members
that
attended
that
time-
and
these
are
some
new
members
who
just
raised
concern
that
it's
not
actively
developed
inside
the
working
group
itself,
but
but
it
was
approved
there
so
just
wanted
to
see,
and
they
wanted
to
see
if
there
was
any
approval
needed
from
the
tax
as
well.
So
I
wanted
to
bring
the
project
here
just
for
re-approval
and
see
if
any
of
the
tax
members
have
any
concerns
around
it.
G
It's
very
actively
developed
with
the
community
because
we
work
with
the
language
ecosystem
partners
there.
We
are
also
collaborating
a
lot
with
github
security
advisory.
Folks,
justin
is
here
too
so
just
wanted
to
get
it
rechecked
with
attack.
A
G
Yes,
definitely
we
presented
it
at
that
time,
but
we
can
represent
it
again
on
what's
the
current
status
and
look
for
active
collaboration,
the
really
bad
part
is
oliver
is
in
sydney
time
zone.
So
that's
where
the
time
zone
we
might
have
to
reschedule
the
meeting
at
a
different
time,
but
very
happy
to
get
him
come
to
the
working
group
again.
E
That'd
be
awesome,
yeah
and
and
for
fox
boron,
I
guess
that's
a
github
avatar
name
and
jason
kirsten.
I
mean
it.
I
don't
know
we
don't
know
what
their
concerns
are,
but
only
they
could
possibly
get
to
the
meeting
where
you
present
that
the
working
group
meeting
and
then
you
can
take
on
their
concerns
and
if
they're
not
resolved,
then
we
can
look
at
them
in
the
tax.
Does
that
sound
good.
A
L
E
J
E
A
Sounds
great
luke
if
I
can
get
those
names,
email
contacts
I'll
reach
out
right
after
this
call
sure.
E
J
Was
so
this
was
me,
I
I
hope
it's
relatively
self-explanatory
from
the
title.
The
link
there
is
to
an
issue
that
has
been
open
on
the
tag:
repo
there's
a
little
bit
of
commentary
there,
folks
in
favor,
looking
for
more
details,
it's
all
great
to
give
you
some
color.
This
started
as
a
an
informal
call
between
a
handful
of
ruby
folks,
a
handful
of
python
folks,
five
people
were
in
the
initial
invite
and
18
folks
showed
up
so
there
is.
J
There
is
a
great
deal
of
energy
and
demand
for
us
to
all
workshop
together
across
multiple
open
source
packaging
ecosystems.
J
During
that
meeting,
the
question
came
up
like:
should
we
be
doing
this
under
the
auspices
of
the
openssf
and
the
general
consensus
was
yes.
Obviously,
we
want
to
make
sure
that
we
go
through
the
correct
process.
We've
seen
some
some
links
in
the
attack
issue
and
we're
going
to
be
pursuing
that,
but
I
wanted
to
make
sure
that
was
on
your
radar
that
we're
doing
this
and
that
we
will
be
sort
of
coming
back
during
your
tenure.
E
Yeah
so
things
that
come
to
mind
for
myself.
Obviously,
the
the
the
inspiration
behind
this
is
security
concerns
that
there
are
okay,
that
we
know
about,
and
it's
d
I
I
notice
it
says
this
working
group
being
less
about
end-to-end
security,
but
you
do
plan
to
focus
on
security
aspects.
I
guess
it's
the
main
thing
or
is
it.
J
Yes,
that
was
that
was
a
poly
phrased
way
of
saying
that
we're
not
sort
of
like
looking
at
the
entire
of
a
of
a
salsa
flow
from
end
to
end.
I
see
yeah,
but
we're
more
we're
more
specifically
interested
in
the
problems
facing
package
managers
and
the
questions
of
both
technology
and
policy,
because
you
know
every
package
manager
has
a
mix
of
both
of
those
things.
J
Yeah,
because
the
other
thing
too,
is
that
we'll
all
be
attacking
different
sort
of
technological
solutions
and
social
slash
prescription.
You
know
policy
solutions
at
different
times,
so
there's
a
lot.
We
can
learn
from
each
other.
So,
for
example,
you
know
python
have
made
an
invested
enormous
amount
of
work
in
peps,
four,
five,
eight
and
four
eight
zero
yeah
we've
done
an
enormous
amount
of
work
in
ruby
gems.
Looking
at
six
store,
you
know,
npm
are
really
starting
to
look
at
this
whole
area
hard.
So
there's
a
lot
of
shared
interest.
J
Folks
have
already
pointed
out
that
we
should
get
new,
get
on
board
they're
interested
as
well.
So
it's
it's
burgeoning
pretty
quickly.
I
think,
there's
a
there's.
A
spontaneous
outcry
for
this
kind
of
cooperation.
E
J
Yes,
we
we
thought
about
that.
I
think,
based
on
my
experience
of
that
first
meeting,
there's
a
lot
of
nitty-gritty,
like
there's
a
lot
of
just
down
down
on
the
details,
work
that
wouldn't
dominate
any
existing
work
groups,
agenda,
yeah
and
crowded
everything
else.
So
I
think
the
best
arrangement
is
a
new
working
group.
J
Bike
shared
question:
there's
so.
J
Big
area,
it
is
a
big
area
and
I
I
think
we
could
probably
solve
it
with
some
dice
swear
and
a
couple
of
buckets
of
words
sure.
But
I
I
think
we'll
wind
up
just
picking
one
and
and
going
with
that
and
accepting
any
any
issues
that
don't
match.
E
Understood,
yeah
yeah.
I
think
it's
definitely
I
mean
just
talking
personally,
I
think
it's
a
worthwhile
effort,
and
coincidentally,
I've
been
speaking
to
the
ruslan
folks
at
cargo
and
crates
and
they're
starting
to
to
assess
this
space
as
well,
and
what
they're
doing
so,
I'm
sure
I
could
get
them
involved
as
well.
J
Well,
happily,
the
the
ruby
gems
rfc
template
is
is
closely
modeled
on
the
the
cargo
rfc
template.
So
if
they
want
to
do
some
copy
pasting.
D
This
is
this
a
working
group
that
should
sit
next
to
the
other
six,
because
it's
nicely
orthogonal
to
what
they
all
do
or
is
it
something
that
you
know
should
be
like
an
effort
organized
within
one
of
the
existing
working
groups
might
be
a
question
for
the
tech
to
consider.
J
I
would
advocate
for
a
new
working
group,
just
as
I
said
above
the
the
amount
of
fairly
fine
grained
technical
detail
that
comes
up
like
literally
down
to
questions
of
like
you
know.
How
do
we
use
the
six
door
log,
you
know
how
do
we,
what
kind
of
mfa
do
we
use,
and
while
these
could
be
discussed
in
an
existing
workgroup,
most
likely
supply
chain
integrity?
I
I
fear
that
they
would
overwhelm
it
and
take
away
oxygen
from
all
the
other
initiatives.
E
Yeah,
it
might
be
prudent
to
have
a
in
scope
out
of
scope.
Let
me
see
what
I
mean
so
yeah
wait.
So
it's
quite
clear.
The
the
the
the
level
of
separation
to
what
the
secure
supply
chain
working
group
are
doing.
D
I
see
I
see
kim's
saying
no
problem,
which
I
assume
is
her
indicating
they
have
no
fear
of
jumping
into
the
technical
details
being
over
overwhelmed
by
them.
I
I
I
should
let
her
speak
for,
for
her
words,
sorry.
G
K
D
Go
ahead,
but
I
was
was
gonna
say
I
think
the
question
of
does
something
belong
in
an
existing
working
group
or
not
should
be
less
about
you
know.
Would
this
new
effort
overwhelm
existing
working
group
efforts
and
more
about?
Is
it
in
scope
or
not
because
one
of
the
most
important
things
to
make
sure
we
cultivate-
and
this
is
okay,
I'm
sorry
I'm
going
to
editorialize
a
bit,
I'm
not
on
the
tag
myself.
D
This
is
all
up
to
you,
but
one
thing
to
consider
about
the
working
groups
is
to
somebody
who's
learning
about
openssf
coming
in
and
trying
to
figure
out
what
happens
where
having
kind
of
clear
orthogonality
between
the
different
working
groups
is
is
important
to
try
to
to
attempt
right,
especially
for
what
we're
doing
where
I
think
we
want
to
try
to
minimize
overlap
or
minimize
the
amount
of
disparate
efforts
that
solve
the
same
problem,
thinking
about
what's
in
scope,
and
then
this
and
then
you
can
always
sub
out.
D
You
know
sub
working
groups
or
committees
or
or
whatever,
but
just
just
something
to
keep
in
mind.
We
have
a
limited
amount
of
bandwidth
at
the
top
of
the
project.
J
I'm
perfectly
fine
with
the
sub
working
group-
I
I
don't
sort
of
have
particular
religion,
I'm
I'm
just
basically
taking
the
view
that,
given
the
amount
of
discussion
we
have
and
how
crammed
it
was
in
that
first
meeting
and
given
that
we
will
be
increasing,
no
doubt
the
number
of
people
who
are
involved,
I
do
fear
that
it
would
overwhelm
existing
working
groups.
I
Influx
of
excitement
that
I'm
seeing
in
the
jit
bomb
project
in
the
same
way
that
it's
across
a
lot
of
package
formats
and
language,
ecosystems
and
so
seconding
jack's
point
that
that's
gonna
be
a
lot
of
activity
for
some
for
some
group
to
manage.
I
G
So
one
thing
I
feel
like
there
is
quite
a
bit
of
overlap
with
the
supply
chain,
integrity,
working
group
and
it
can
be
its
own
project
so
think
of
like
how
scorecards
project
has
its
own
meeting
and
members.
It's
part
of
the
security
best
practices,
but
now
it
has
its
completely
own
meeting
and
discussion
forum.
So
I
feel
like
there
is
quite
a
bit
of
overlap
but
effort
in
itself.
Definitely
we
should
spin
up
like.
I
think
we
have
quite
a
bit
of
interest
from
different
language
ecosystems
like
python.
E
H
Throw
my
two
cents
in
I
mean
I
think,
there's
there's
something
to
be
said
for
optics
around
this,
as
well
as
the
open
ssf
being
a
a
rallying
cry
for
putting
investment
in
energy
and
just
having
the
the
brand
affiliation
with
various
communities.
I
think
would
go
a
long
way.
So
my
my
personal
opinion
is,
I
wouldn't
get
too
hung
up
over
sub
group
versus
separate
group,
but
really
focus
on
hey
we're
we're
trying
to
facilitate
that
sort
of
cross-collaboration.
K
H
I
I
So
you
know
they
go
to
the
top
github
page
or
they
go
to
the
website
and
they
can
identify
which
working
group
based
on
a
charter
has
the
work
that
they
feel
inclined
to
join
or
to
help
out
with
or
to
learn
about,
and
if,
if
nesting
this
in
a
sub
working
group
or
a
specific
project
or
a
meeting
series
that
is
chartered
within
a
working
group,
how
we
do
that
doesn't
matter
to
me
so
much
as
that
we
do
it
intentionally
and
visibly
makes.
E
Sense
so
I'd
like
to
propose
we
go
without
looking
at
jack's
comment
where
he
says
they
go
ahead,
keep
their
initial
meeting
when
they
reach
five
meetings,
bring
it
back
to
the
attack.
We
can
assess
your
sort
of
scope,
that's
played
out
and
how
well
attended
the
meetings
are.
Then
we
can
make
a
decision
on.
You
know
yeah.
This
makes
sense
to
be
its
own
wg
or
you
know
things
have
not
been
as
busy
as
expected
and
then
it
can.
You
know
it
can
sub
under
an
existing
wg.
Does
it
does
that
sound
good.
J
B
B
I
think
we
could
use
a
lot
of
help
here
to
make
sure
we
clarify
this
like
an
easy
example.
Is
so
what
it?
What
is
the
process
right?
There?
Is
the
process
says
proposal
of
scope
for
review
by
tax
like
what
the
hell
does
that
mean.
You
know
what
I
mean
like.
We
have
an
issue
in
the
tax
repo,
but
the
details
are
very
pros.
B
Can
we
I
mean
I'm
happy
to
take
the
lead
on
this,
but
can
we
agree
to
maybe
clean
this
up
and
then
have
some
expectations
for
this
new
group
whenever
they
come
to
the
tack
of
being
like
this
is
what
we
expect
from
you,
for
example,
and
then
I
think
additionally
to
that
we
need
clarification
on
the
existing
working
groups
to
make
sure
we
understand
what
that
looks
like
big
picture,
and
then
we
can
decide
where
what
this
does
there's,
I
feel
like.
Those
are
two
very
large
missing
pieces
completely
agree.
I
I
I
would
like
to,
and
I'm
happy
to
either
join
or
lead
an
effort
to
review
the
documentation
around
the
working
group
life
cycle
project
life
cycle
projects
joining
the
attack,
what
they
get
from
the
joining
the
open
ssf,
what
they
get
from
that.
I
think
I
would
like
to
propose
that
sorry,
we,
you
know,
pick
a
tac
group,
maybe
the
entire
attack
and
it's
20
minutes
out
of
this
meeting,
plus
mailingless
traffic,
or
maybe
it's
a
subgroup.
I
Other
people
want
to
join
I'd,
love
to
have
anne's
help,
for
example,
and
we,
you
know
open
the
pr
to
update
all
of
that
documentation
and
that
can
be
a
guide
to
new
working
groups
or
new
new
groups
like
the
track
is
proposing
and
we
get
input
from
the
current
working
groups
that
you
know
it
aligns
with
their
hopes
as
well,
because
some
of
them
have
also
been
asking
for
this
for
a
while.
I
C
Yeah-
and
I
think
one
of
the
things
you
mentioned
there-
I
think
we
might
not
actually
have
the
answers
to
yet,
which
is
what
do
you
get
out
of
joining
the
open
ssf?
What
do
we
have
to
offer?
I
know
there's
all
this
money
in
a
governing
board
budget,
but
I
don't
know
where
that
is
or
how
we
offer
it
to
people.
There
have
been
long
like
wish
list
items
of
like
how
do
we
pay
for
ci
or
buy
domain
names
for
the
last
year,
and
I
don't
think
we
have
answers
to
that.
C
I
Would
absolutely
love
to
include
that
in
what
we're,
what
we're,
addressing
and
formalize
the
relationship
between
the
governing
board
the
responsibilities
to
control
the
check
and
the
tac,
which
is
to
support
projects
and
help
direct
the
money
coming
from
the
governing
board
into
projects
where
they
need
it?
I'd
love
to
formalize
all
that
there
and
I
love
your
input.
C
I
B
E
E
Okay,
so
let's
see
so
we
closed
up
about
the
so
jax
you're
good
about
the
cool,
okay
and
I've.
I've
tagged
there
that
we're
going
to
create
an
issue
around
the
previous
discussion,
so
brian
new
chair
for
security
tools,
working
group.
D
Yeah,
so
you
know
the
tools
working
group
has
had
difficulty
meeting
on
a
regular
basis,
even
kind
of
figuring
out
what
time
they'd
like
to
to
set
up
for
regular
meetings
and
the
like
and
part
of
it
was
the
the
current
chair
got
a
little
bit
busy
simon.
I
don't
think
he's
on
the
call
here,
but
I
signaled
actually
a
few
months
ago.
He
needed
to
to
hand
off.
D
We
had
two
folks
volunteer,
one
named
paul
dupless
and
another
name,
josh
brussers
paul
indicated
he
was
going
to
be
pretty
busy,
though,
for
the
first
half
of
the
year
for
first
third
of
this
year,
with
a
conference
he's
putting
on
josh
is
newer
to
the
to
the
community,
but
very
eager
josh
is
on
the
call.
Here
I
had
a
conversation
on
liss
josh
volunteered.
I
wrote
privately
with
them.
D
I
think
josh
would
be
a
great
chair
for
the
working
group
but
absent
kind
of
a
sense
of
core
on
the
on
the
working
group.
It
was
unclear
to
me
how
somebody
becomes
a
chair
and
so
other
than
sheer.
You
know
bravado
and
stepping
up
and
saying
all
right.
I'm
the
new
chair:
let's
go
so
I
figured
it'd,
be
worth
bringing
to
the
tech
here
just
to
see.
D
Does
the
tech
want
to
name
josh
as
the
chair
for
the
for
the
working
group,
and
so
he
could
get
started
on
rejuvenating
it
a
bit
and
you
know
finding
a
new
center
for
it
or
is
there
some
other
process
that
you
prefer
folks
to
follow?
It
seems
like
there's,
there's
consent
on
the
list,
but
you
know
it's
been
quiet
so
and
I'm
very
nervous
about
you
know:
silence
equaling,
equaling
consent.
So
I'd
love
your
guidance
on
what
you
all
think
we
should
do
here.
F
A
The
groups
I
was
in
the
chairs
were
looking
for
help,
so
I
became
a
co-chair
and
then
those
chairs,
one
totally
dropped
out
and
the
other
one
stepped
back
for
work
reasons
he's
still
an
active
participant,
but
no
longer
helps
so
we
asked
the
group:
were
they?
Okay
with
this
move,
and
you
know
working
group
call
now
there
was
no
objection
to
that.
So
that's
how
I
got
elected
to
the
lofty
position
of
to
facilitator
roles.
B
Doesn't
doesn't
the
open,
ssf
charter
specify
working
groups,
decide
their
chairs,
which
makes
this
super
weird?
Because
now
we
have
a
chicken
and
egg
problem.
E
D
E
B
D
Like
I
don't
think,
emotion
is
needed.
I'm
happy
to
relate
to
the
group
that
it
was
discussed
here
and
you
know
general
consent
was
that
josh
make
a
fine
chair
and
let's
get
started
on
scheduling
our
our
next
meeting.
A
A
D
N
Otherwise
you
know
every
time,
there's
a
call.
There's
like
a
few
of
us
who
comes
or
or
not,
and
it's
you
know
it
doesn't
make
sense
to
have
a
call
and
ask
five
people.
Are
you?
Okay
with
that
new
chair?
It's
like
no,
you
need
to
first
signal
to
everybody.
Okay,
we
are
relaunching
the
working
group.
B
E
Great
okay,
so
anything
else
on
the
topic.
E
Okay,
so
what
we're
going
to
do
now
is
hand
over
to
priya
who's
going
to
do
our
I'll
cover
the
topic
of
six
doors,
general
availability.
O
Hey
everyone,
my
name
is
priya
in
case
you
haven't
seen
me
around
before
I'm
only
talking
about
six
star,
ga,
it
says
20
minute
presentation
in
the
agenda,
but
I
think
this
should
only
take
five.
Let
me
just
figure
out
how
to
share
my
screen.
E
Just
while
you're
doing
that
brie,
I
just
noticed
it
says
libby
heinz
and
that's
my
daughter
where
she
does.
She
does
ballet
on
zoom
and
I
don't
know
why
I'm
using
it
seems
like.
Maybe
it's
my
account.
I've
got
used
and
got
changed
so
we
expect.
E
Yeah,
I'm
not
as
I'm
not
as
good
as
she
is.
O
Sorry
about
that
everyone
it
made
me
like
quit
everything
so
that
I
could
share
my
screen,
because
I
have
not
done
this
before.
Okay,
can
everyone
see
these
slides.
O
Perfect,
thank
you
great,
so
600,
ga
and
okay
great.
So
what
are
the
goals
of
60
ga
so
we're
focusing
on
the
main
signature
projects
which
are
cosine,
recoil
and
focio,
and
we
want
them
all
to
achieve
1.0
versioning,
so
cosine
actually
already
did
this
a
few
months
ago.
So
we're
mostly
focused
on
getting
very
core
and
full
seo
there.
O
This
we
also
want
record
and
full
co
each
to
be
production,
ready
and
we're
shooting
for
99.9
percent
of
time
right
now,
usage
of
full
skin
recoil,
especially
within
the
cosine
cli,
basically
comes
with
a
lot
of
like
experimental
warnings
and
like
use
at
your
own
risk,
so
we're
hoping
that
we
can
get
recoil
and
co
to
a
state
where
they're
stable
enough
that
we
can
remove
all
these
experimental
warnings
and
sixth
or
users
can
start
to
rely
on
the
public
instances
of
record
and
full
seo
with
confidence.
O
O
So
around
automation,
we're
working
on
automation,
automating,
cutting
and
deploying
releases
we're
working
on
setting
up
a
staging
environment
so
that
everything
isn't
just
immediately
pushed
to
production
and
we're
also
working
on
automating
impermissions
for
the
gcp
project
that
the
production
services
live
in.
So
this
means
that
basically,
to
have
permissions
to
access
the
kubernetes
cluster
that
everything
runs
on
you'll
need
to
go
through
a
whole
flow
in
version
control
and
get
approval
by
at
least
two
other
owners
of
the
code.
O
We're
working
on
setting
up
some
monitoring
for
the
different
components
of
the
services
and
setting
up
alerts
to
slack
so
that
the
maintainers
know
when
something
is
going
wrong
and
we're
also
setting
up
probers
on
github
actions
in
case.
Anything
ever
goes
wrong
with
gcp,
we'll
have
probers
on
a
different
service
setup
to
make
sure
that
the
services
are
up
and
running
yeah
and
then
alerting
from
gcp
and
github
actions
sent
to
slack
so
that
they're
visible
to
the
community
and
everyone
can
kind
of
see
if
something
starts
to
go
wrong.
O
Cosine
is
kind
of
the
easy
one
in
terms
of
what
we
actually
need
to
do
within
cosine.
We
just
want
to
remove
the
experimental
warnings
and
everyone
can
start
to
use
some
of
our
experimental
features
and
with
confidence.
I
guess
recour.
We
have
a
little
bit
of
work
to
do
here.
We
want
to
set
up
rate
limiting
on
the
recourse
server
set
up
the
log
sharding
and
also
test
log,
starting
and
staging
before
we
can
like
confidently
say
that
record
is
1.0.
O
O
At
the
same
time,
we've
been
working
on
a
security
audit
with
include
security,
so
they're
going
to
do
a
third
party
security
audit
of
our
whole
infrastructure
and
of
each
piece
of
each
of
the
three
services
and
tools
as
well,
and
meanwhile
also
planning
an
on-call
system
to
make
sure
that
once
we've
announced
general
available
availability,
people
can
be
certain
that
if
something
does
go
wrong,
there's
someone
available
to
fix
it
within
a
certain
amount
of
time.
O
So
how
long
is
this
all
this
going
to
take
honestly
we're
not
totally
sure
just
yet
we're
hoping
it's
going
to
take
a
couple
months,
but
the
expectation
is
that,
once
the
security
audit
finishes,
there
will
be
obviously
more
work
that
maybe
we
didn't
initially
expect
that
we're
going
to
need
to
do.
But
progress
has
been
good
so
far
and
I'm
hoping
that
within
a
couple
months
we
should
be
pretty
much
ready
to
start
expecting.
Ga
will
be
ready
soon.
O
O
I
Yeah
I'll
go
and
repeat
it
for
more
than
just
the
ga,
but
the
versioning
are
you
planning
to
use
semver
specifically
with
regards
to
api,
when
you
call
it
1.0.
C
There
are
a
few
different
apis.
I
guess
there's
like
go
module
stability,
where
we
do
it
here
december,
then,
there's
like
open
api
stuff,
that's
exposed
differently
or
yellow,
and
the.
C
I
This
sounds
a
great
plan
to
reach
ga,
but
I
think
calling
it
1.0.
I
would
suggest
being
clear
as
to
whether
you
are
committing
to
that
api
version
and
following
some
verb
for
either
or
both
of
those
or
for
not
just
as
long
as
that's
clear
to
everyone
who's
using
it.
That'll
help.
E
I
can
see
jim,
you
have
your
hands
up.
M
Yeah,
my
name
is
jim.
I
work
in
idvs,
cryptography
and
us,
and
a
lot
of
our
customers
have
a
lot
of
interest
in
this
space.
That
cigstore
is
targeting
and
we
have
a
lot
of
questions
about
the
implications
of
the
sig
store,
how
it's
set
up
and
using
it
in
large
ecosystems
and
how
that
relates
to
what
kind
of
feature
sets
would
be
available
in
1.0.
M
And
I
don't
know
if
this
is
the
right
forum
to
ask
these
questions
or,
if
there's
a
better
place,
to
to
ask
detailed
questions
about
some
of
the
implications,
around
authorization,
blast,
radius,
control,
trust
management,
configuration
and,
and
what
that
would
look
like
for
in
the
in
1.0.
And
then
you
know
going
forward.
M
H
Is
we
have
a
the
six
door
community
meeting
coming
up
in
45
minutes
on
a
weekly
basis,
and
I
would
say,
that's
probably
a
great
place
to
dig
into
some
of
those
details.
Okay,
happy.
E
H
You
on
the
agenda,
I
mean,
if
folks
want
to
talk
about
certain
issues
here.
I
won't
preclude
that,
but
you'll
have
a
better
representation
from
you
know
the
folks
within
the
six
store
community
that
can
speak
to
the
breadth
of
those
those
areas.
Okay,.
E
Okay,
great,
so
any
any
other.
I
can
just
see
the
chat.
Okay,
it's
the
agenda.
Okay,
so
any
other
questions
at
all.
E
No
okay,
that's
great!
Thank
you!
Priya!
It's
really
useful
presentation.
Thank
you.
So
let
me
just
look
at
the
so
that
brings
us
to
the
end
of
the
agenda
so.
E
I
can
give
you
10
minutes
back
early,
but
I
imagine
by
the
next
meeting
we'll
probably
have
our
new
chair,
elected.
J
F
Yeah
yeah,
I
believe,
ava's
motion
specified
that
the
vote
closed
by
next
tuesday,
so
I'll
open
it
as
soon
as
possible.
I
just
need
to
confirm
like
how
much
information
y'all
want
to
include
and
descriptions
and
things
as
I
import
into
overvote,
but
we
can
discuss
it
all
offline
and
get
that
opened
up
within
the
next
day
or
so
at
about
the
longest.
All.
I
E
I
just
one
idea:
that's
randomly
come
to
mind
that
I'll
bounce
off
your
as
we've
got
two
folks
going
forward,
but
it
makes
sense
that
the
individual,
that
is
the
follow-up
they
could
perhaps
be
a
an
alternative
chair,
a
vice
chair.
Even
yes,.
E
Because
I
you
know,
I'd
like
to
reward
both
individuals
coming
forward
and-
and
you
know,
and
it
makes
sense
that
you
know
to
to
have
a
vice
chair.
I
E
Yeah
sounds
good,
okay,
great,
so
unless
there's
anything
else
really
particularly
important
or
burning
that
needs
anybody
wants
to
raise
up
quickly,
we
can
we
can
close
the
call
sorry
brian
you're,
just
saying.
D
Oh
sorry,
yeah
yeah
parallel
conversation
same
meeting.
Apologies
for
that!
No
just!
I
was
intrigued
by
the
mention
that
there
was
this
next
door
community
called
today
and
just
you
know,
I
want
to
make
sure
that
that
community,
as
an
open,
ssf
community,
uses
the
same
kind
of
structure
and
is
engaged
in
the
same
processes
as
the
other.
You
know
openness
of
working
groups
and
projects,
so
it
wasn't.
I
I
didn't
know
that
there
was.
There
were
separate
community
calls
and
like
yeah.
E
I'm
happy
to
feed
you
in
on
what
we
do
and
yeah
you're
welcome
to
come
along
as
well.
It
starts
in
10
minutes
if
you'd
like
to
come
along.
It's
a
weekly
call,
it's
actually
open
to
anybody,
anybody
that
wants
to
come
along
and
what
I'll
do
is
I'll
quickly.
Just
before
we
close
get
the.
E
To
where
you
can
get
a
calendar
entry
for
the
meeting.
E
Okay,
all
right,
so
unless
anybody
has
anything
else,
I
will
see
you
all
in
two
weeks.
Thank
you
for
being
the
facilitator
today,
luke,
I'm.