►
From YouTube: OpenSSF TAC (February 21, 2023)
Description
Meeting minutes: https://docs.google.com/document/d/18BJlokTeG5e5ARD1VFDl5bIP75OFPCtzf77lfadQ4f0/edit#heading=h.9m0zi4b0wnne
A
B
A
Doing
very
well:
what
organization
are
you
with
if
you're
with
one,
indeed,
indeed,
first
For
a
Moment,
I
Saw?
Oh,
that's
something!
Oh
yes!
Actually,
indeed,.
A
So
welcome
welcome
I
this.
Maybe
if
this
is
your
first
hack
meeting,
especially
welcome,
but.
B
A
Okay,
okay,
excellent!
Thank
you!
So
much
for
being
here.
All
right,
we
are
I,
am
trying
to
do
multiple
things
at
once.
Here.
D
I
get
lazy
like
I'm.
My
haircut
lady
got
carpal
tunnel
surgery,
so
I'm
still
about
a
month
away
from
a
haircut,
so
I'm
gonna
look
even
Crazier
by
the
time
this
is
done.
I
know,
I
could
trim
them,
but
I'm
lazy.
So
it's
like
yeah,
whatever.
E
A
Excellent
here
we
post
the
I'm
just
gonna
whoops
I'm,
just
gonna
keep
reposting
the
meeting
notes
URL,
since
people
would
come
come
afterwards,
don't
see
it
whoops.
G
Looks
like
we've
got
three
of
the
tech
members
here
by
my
account,
not
quite
a
quorum
of
of
seven
but
enough
to
probably
get
started.
G
Ava
is
the
Vice
chairperson.
Would
you
like
to
run
the
agenda.
B
Happy
to
facilitate
today,
I
will,
you
know
I
see.
Bob's
regrets
are
already
captured
here.
I
found
out.
Bob
would
not
be
running
the
meeting
in
just
about
15
minutes
ago,
so
I
have
not
prepared,
but
I'm
happy
to
hold
space
and
act
as
a
chair
and
time
keeper
and
facilitator
I.
G
Think
I
think
the
the
agenda
that
Bob
Left
Behind
is
pretty
good
and
and
I
think
just
you
playing
timekeeper
four
would
be
would
be
more
than.
B
G
Fact
the
other
three
are
pretty
straightforward
and
are
mostly
just
updates
from
us.
Well,
two
of
them
are
at
least
updates
from
the
staff
to
you
all
and
then
the
other
was
ask
who's,
reviewing
the
other
open
PRS
on
funding
requests.
G
So
probably
you
know
we
could
start
with
the
the
simple
update
stuff
and
then
move
to
the
tech
election
and
then
end
with
discussion
on
the
open,
PRS.
B
Elections,
update
I,
guess,
starting
from
the
stack
side
what's
going
on
there,
what
what
news
can
you
share
and
same
for
the
open
ssf
a
day?
Any
updates
there
I
know
the
open
question
who
is
on
the
program
committee?
What's
the
timeline
for
that
and
we'd
all
love
to
know
the
sort
of
what
to
expect.
G
Okay,
why
don't
we
start
with
a
program
committee,
one
just
because
that's
the
simplest
and
and
I
don't
have
the
list
of
names
in
front
of
me,
but
Jennifer,
Bligh
or
kahil?
Do
you
have
the
list
of
names.
I
I,
don't
see
kaheel,
but
he
did
send
a
list
of
the
names
earlier.
Shall
I
share
them
or.
G
And
when
does
the
cfp
close
because
I
know
we
we
put
up
the
the
announcement
about
the
day,
I'm,
pretty
sure
we
opened
the
cfp,
but
I
think
we
have
a
date
for
for
its
closing.
G
You
know
and
like
the
other
openness
of
days,
you
know
we'd
really
like
this
to
just
you
know
to
be
both
an
overview
of
you
know
the
the
range
of
different
projects
going
on.
Obviously,
we
won't
be
able
to
cover
everything,
although
I
think
you
know
skewing
towards
shorter
updates.
Shorter,
shorter
presentations
with
explicit,
like
calls
to
action
and
ways
for
people
to
be
involved
is,
is
kind
of
the
ideal
just
in
terms
of
tone
and
kind
of
flow
Also.
G
If
anyone
has
thoughts
about
an
outside
speaker
that
they'd
like
us
to
bring
in
to
start
the
day,
I
I
think
I
think
we're
open
to
that
as
well.
Sometimes
it's
fun
to
have
kind
of
a
voice
from
Beyond
kind
of
telling
us
about
things
that
are
going
on
or
things
to
be
watching
watching
for
so
so
that
would
be.
That
would
be
of
interesting.
E
Jennifer
I
had
a
question
several
of
the
working
groups
and
sigs
I'm,
a
part
of
submitted
for
other
open
SS,
open,
ssna
events.
What
would
what
are
the
options
to
reuse
or
potentially
distill?
Some
of
that
information
and
submit
for
open
ssf
day,
foreign.
I
Yeah
I
think
it's
going
to
be
a
separate
program
committee.
Who's
going
to
select
so
I
think
there
could
be
overlap.
I
don't
know.
Are
there.
G
Other
thoughts
there
I
I,
don't
think
that's
a
problem
and
I
don't
know
that
the
program
committee
will
be
looking
at.
You
know
whose
talks
have
been
accepted
elsewhere
and
other
other
tracks
or
other.
You
know,
side
events
or
anything
like
that.
So
a
little
repetition
wouldn't
wouldn't
be
bad.
Okay,.
G
Okay,
one
other
thing
I
wanted
to
mention
is
this
is
happening
on
the
same.
On
the
first
day
of
the
the
main
ossna
track,
we
chose
to
overlap
with
it,
partly
because
we
didn't
want
people
to
have
to
come
in
on
a
Friday,
which
was
the
only
other
open
day
at
the
very
end
of
what
would
otherwise
be
a
pretty
busy
week
and
I
think
we'd
get
people
kind
of
exhausted.
G
Nor
did
we
want
to
overlap
with
the
cdcon
event,
which
we
think
will
have
quite
a
bit
of
overlap
from
a
Content
point
of
view.
So
we
are
avoiding
overlap
with
the
opening
Keynotes
of
ossna,
but
then
we'll
get
started
about
what
is
it
11,
A.M,
I,
think
Jennifer
and
then
go
till
5
30-ish.
So
oh
and
we
will
have
lunch
served
so
that'll
keep
people
there.
G
Yeah
I,
know
exciting
Hawk
Grove,
just
to
kind
of
keep
people
from
breaking
away.
After
you
know,
in
the
middle
of
the
day,
wandering
too
far,
you
know
for
food.
B
Yeah
and
it's
a
little
a
little
response
to
your
question
about
the
different
tracks:
I've
been
on
the
papers
committee
for
other
events
and
I'm
on
a
different
track
at
the
OSS
Summit
as
well.
The
committee
members,
the
program
committee
members,
do
have
the
ability
to
say
this
should
be
in
a
different
track.
It's
a
better
fit
but
they're,
not
looking
across
tracks
to
sort
of
de-duplicate
they're,
only
looking
at
their
own
track.
H
Thank
you
quick
question.
The
open
ssf
tracks
running
in
parallel
will
they
align
with
the
other
tracks
of
the
main
conference,
so
that
individuals
that
you
know
want
to
go
back
and
forth
are
able
to,
or
do
you
view
this
as
a
block,
because
there
are
trade-offs
to
going
in
either
direction
and
I'm.
Just
curious,
I
think
that
my
observation
recently
was
that
when
you
make
it
kind
of
an
All
or
Nothing
thing,
you
don't
get
people
dropping
in
to
check
it
out
for
the
first
time
so
thoughts.
B
There
I'll
add
to
that
question:
how
is
the
ticketing
being
done?
I
know:
there's
been
some
discussion
within
LF
and
open
source
Summit
about
whether
tickets
are
to
each
sort
of
event
or
tickets
are
shared
between
them,
which
would
facilitate
moving
that
so
many
of
the
staff
members
can
comment.
G
So
you
have
to
be
a
registered
attendee
of
ossna
in
order
to
attend
this
and
there's
a
25
extra
fee
to
cover
lunch
also
to
try
to
mitigate
often
what
you
have
is
a
lot
of
people
signing
up
and
then
you
think
you're
full
and
if
it's
a
free
thing,
sometimes
you
get
a
whole
bunch
of
people,
not
not
showing
you
said
they
show
so,
but
the
20,
it's
mainly
because
we
have
these
extra
costs
for
serving
food
and
some
other
things
and
and
so
it'll
be
integrated
with
the
event
you
know,
walking
to
a
different
session
will
be
just
a
matter
of
changing
a
room
or
changing
a
floor.
G
Maybe
I
I,
don't
know
that
we're
holding
the
program
committee
to
align
the
breaks
and
other
changes
in
sessions
with
what's
going
on
in
the
rest
of
the
event,
it's
up
to
them.
I.
Think
to
figure
that
out.
My
personal
take
is
I'd,
love
to
see
more
speakers,
more
content
and
shorter
talks
on
average.
So,
however,
they
want
to
accomplish
that
that
we'll
leave
that
to
the
program
committee.
I
J
B
Okay,
let's
move
on
to
elections
update
then.
G
We
just
really
combined
with
the
next
section
on
attack
elections
there
and
I'm
wondering
if
I
could
put
George
okay
work.
Sorry
on
the
on
the
on
the
day
is
here
and
ask
if
he
could
talk
about
the
work
that
that
he
and
the
other
election
observers
have
been
doing
to
that's
captured
in
this
pull
request.
F
Sure
no
problem
so
yeah
well
I've
I've
volunteered,
among
others,
to
be
on
the
the
election
committee
and
as
part
of
our
discussions
earlier
last
week.
We
realized
that
the
there
has
been
a
discussion
among
Tech
members
to
prepare
the
procedure
for
last
year's
election,
and
that
was
also
what
we
used,
but
it
has
not
been
documented
in
a
in
a
good,
concise
manner
in
one
of
our
community
reposts.
F
So
before
commencing
the
the
entire
process,
we
wanted
to
at
least
have
this
documented
and
kind
of
make
it
available
for
review
to
everybody.
F
The
the
text
in
there
is
based
primarily
on
an
email
that
Jen
I
think
used
last
year
to
announce
and
and
basically
describe
the
process.
So
from
that
perspective
it
is
nothing
new
in
there,
but
still
to
kind
of
create
the
most
transparency
and
get
everybody
on
board.
We
wanted
to
bring
this
to
the
attack
for
review
and
and
kind
approval,
so
to
say
not
not
trigger
weeks
of
discussions
really,
because
I
think
the
timeline
is
a
little
is
a
little
tight
a
little
late
anyway.
F
So
if
there
are
no
fundamental
issues
but
please
review,
then
we
The
Proposal.
The
idea
was
to
get
you
guys
to
approve
it
and
then
ideally
open
the
first
phase
of
the
election
right
after
this
call
kind
of
so
still
today
we
would
open
up
for
two
weeks
of
self-nomination
phase
for
the
the
tech
candidates,
the
seir
candidates
and
the
voters
themselves.
Obviously
so,
and
that's
a
summary,
I
didn't
really
walk
you
through
the
the
document
or
the
pr
itself.
I
I
hope,
that's
fine!
F
So
that's
basically
the
summary
and
the
intention
of
this
all
this
work.
So
thanks
for
all
the
kind
of
the
work
on
short
notice,
in
collaboration
with
the
other
election
official
members,.
B
I
very
much
want
to
thank
all
the
election
official
members
who
worked
on
getting
this
put
together
and
digging
through
our
old
meeting
minutes
chatting
with
tack,
members
and
other
folks
to
put
this
together
big
Kudos.
Thank
you.
So
much
I
have
not
read
this
proposal
in
its
current
form,
so
I
should
go.
Do
that
I
also
notice?
We
are
not
quarrett
as
attack
right
now,
so
we'll
have
to
take
the
vote.
Asynchronously
I'm,
not
sure
what
Bob's
availability
is
I.
B
Definitely
you
know,
as
chair
want
his
his
vote
as
well,
but
I
would
like
to
propose
that
the
tap
members
officially
vote
on
this
issue
on
GitHub
as
quickly
as
possible
to
unblock
all
of
you.
B
To
the
election
committee
members
present,
were
there
any
surprises
or
things
that
you
had
to
sort
of
make
a
decision
on
in
the
content
of
this,
as
you
were,
compiling
the
notes.
Basically,
what
what
should
tax
members
as
we're
reviewing
it
pay
extra
attention
to.
C
I
might
ask
that
Tech
members
in
particular
think
about
how
much
time
they
want
these
periods
to
be
open
for
call
for
nominations.
In
particular,
you
know,
there's
always
a
balance
to
strike
between
making
sure
that
we're
giving
folks
enough
time
to
really
think
about
what
it
would
take
and
what
the
roles
and
responsibilities
of
being
a
tech
member
are.
Can
they
work
that
into
their
schedule?
C
Can
they
really
commit
to
it,
but
also
not
keeping
this
open
so
long
that
it
becomes
sort
of
a
onerous
process
that
we
that's
hard
because
it
takes
some
time
so
think
about
that
in
particular
and
and
how
much
time
you
think
is
fair
and
and
reasonable
for
each
stage
and
I
think
that
would
be.
That
would
be
great.
B
In
skimming
this
myself
right
now,
I
do
not
see
a
sort
of
candidacy
statement.
B
F
I
have
to
admit
I,
don't
fully
sorry
I
didn't
fully
get
your
your
question.
B
In
other
foundations,
when
someone
is
running
for
a
position
like
this,
I
have
generally
seen
a
process.
You
know
after
the
elections,
officials
validate
the
candidates
and
then
their
their
candidate
statements
might
be
posted
somewhere.
Here's
what
why
I'm
running
what
I
think
I'm
going
to
do
why
this
is
important,
all
those
sorts
of
things,
and
then
the
community
can
can
ask
questions
of
the
candidate
in
a
public
forum
so
that
the
the
questions
Republic
the
responses
are
public.
B
It
creates
a
dialogue
between
back
between
potential
Tech
members
or
Tech
nominees
and
the
community
to
help
the
community.
All
sort
of
see
who
they're
voting
on
is
that
something
that
we
want
to
have?
Has
that
been
discussed.
K
J
K
Depends
a
little
bit
about
on
the
size
of
the
response
for
the
LF
silver
membership.
Recently
they
had
so
many
people
applying
it
don't
think
they
did
that
whereas
I
just
went
through
this
process
myself
with
Finos,
because
there
were
seven
of
us,
I,
think
or
eight
of
us,
so
they
went
through
that
interview
process.
So
I've
seen
both
sides.
B
Yeah
now
in
in
the
OSI,
an
openstack
and
kubernetes,
those
were
all
that's.
Sort
of
a
discussion
was
part
of
the
elections
process.
David
I,
see
your
hand.
A
I
A
B
And
I
I
don't
see
in
here
and
maybe
I
just
missed
it
as
I'm
skimming
this
PR
I.
Don't
even
see
that
mentioned.
What
is
your
candidacy
statement
and
where
is
it
posted
or
where
should
it
be
posted?
Is
it
posted
on
GitHub?
Is
it
posted
on
the
TAC
mailing
list
Etc?
So
it's
just.
C
We
didn't
direct
participants,
you
know
to
to
do
anything
other
than
that,
which
you
know
I
think
it
that's.
That's
probably
fine
and
less
noisy
for
for
GitHub,
but
we
shouldn't
discourage
people
from
saying
hey.
My
name
is
Jory
and
I'm
running
for
president
of
the
United
States.
Please
vote
for
me.
I,
wouldn't
not.
A
F
Yeah
I
think
we
can
still
make
this
part
of
let's
say
the
the
announcement
emails
one
once
all
of
the
candidates
are
in
saying
hey.
This
is
like
all
of
the
the
candidates,
including
the
the
statements
and
there's
like
a
two-week
voting
period.
You
can
reach
out
to
them
and
ask
questions
if
you're
interested
right,
I
think
this
is
not,
but
we
didn't
consider
to
put
it
into
the
formal
framework
that
we
described
here
to
make
it
a
mandatory
requirement
to
have
an
interview
Forum
in
place.
B
So
I
just
clicked
into
the
link
of
the
the
nomination
form.
The
selfie
nomination,
form
and
I
do
see
a
candidate
statement,
but
it
is
250
words
or
less,
which
is
pretty
short
for
you
know:
hey
here's!
What
I
want
to
accomplish
in
the
next
year
in
the
pack,
so
I
might
ask
for
a
little
bit
more
flexibility
there.
But
joy.
If
that's
the
process
we
did
last
year
and
you
want
to
keep
that
on
totally
fine
I
think
that's
fine.
C
And
we
can
make
that
a
lot
longer
thing.
I
think
the
issue
is
just
you
know,
do
try
and
say
what
you
need
to
say
it
concisely.
But
but
if
you
wanted
to
say,
you
know
make
it
a
500
word
or
some.
That's
fine,
okay,.
J
L
People
need
to
think
about
whether
they
want
to
do
this
and
what's
going
to
take
and
I
realized
I,
don't
think
we
have
a
very
clear
definition
of
what's
expected
of
people.
I
mean
there
is
some
level
of
definition
in
the
charter
that
defines
the
tech
responsibility.
L
I
was
doing
and
she's
like,
oh
man,
I
I
wish
somebody
had
told
me
that
before
it
wasn't
so
bad,
but
you
know
we
felt
like
hey.
It
would
be
a
good
idea
to
write
that
down
somewhere.
So
I
think
this
is
something
doesn't
have
to
be
done
for
this
time
around,
but
something
that
I
should
take
into
account.
Moving
forward.
Yeah.
B
I,
that's
a
great
point
right
now,
I
think
having
a
sort
of
job
description
of
the
TAC
member.
Here's
what's
expected
of.
You
would
definitely
help
in
in
this
process.
B
Yeah,
maybe
that's
something
that
the
attack
can
work
on
in
between
now
and
when
the
candidate
submissions
closes.
B
E
So
do
we
want
to
have
an
email,
Vote
or
vote
on
the
express
your
opinion
on
the
pr.
B
I
would
like
to
have
express
your
opinion
on
the
pr
so
that
we
can
just
see
the
TAC
members.
You
know
thumbs
up
thumbs
down
before
merging
it
right.
There.
G
G
We
get
a
quorum
of
Tech
members
proving
the
pr
can
we
consider
that
closed
then
and
and
start
because
the
the
schedule
does
presume
you
know
acceptance
today,
I
mean
we
can
push
back
day
for
day,
but
I
think
we're
already
feeling
a
little
bit
late
on
this
process.
B
Yeah,
let's,
let's
go
Trace
pack,
members
down
and
I
think
we
should
just
move
forward
as
soon
as
possible.
I
agree.
We
are
a
bit
a
bit
behind
the
ball
on
it,
but
I
don't
want
any
Tac
members
to
be
surprised.
G
Fair
enough,
fair
enough
and
then
there's
always
things
we
can
look
at
doing
as
even
accepting
this
process
and
then
adding
things
such
as
you
know,
a
questionnaire
or,
or
you
know,
kind
of
a
having
having
a
a
one-off
town
hall
with
the
candidates
or
something
like
that.
I.
Don't.
K
B
Okay
and
I'm
going
to
thank
again
our
elections
committee
members
for
all
the
hard
work
on
this,
and
what's
next
scheduling
or
rescheduling,
the
working
group
updates
to
the
fact.
G
No
I
I
think
we've
been
remiss
in
not
updating
the
calendar,
that
is
at
the
top
of
the
tech
meeting
notes
document
for
2023..
If
I
mean
we
could
have
one
of
the
support
staff
go
in
and
and
put
in
proposed
dates
for
this
at
the
risk
of
surprising
somebody,
I
think
I.
G
Think,
though,
if
we,
if
we
scheduled
the
first
one
for
well
for
two
weeks
out
that
shouldn't
be
too
too
honorous
the
first
two
I
guessed,
we
were
doing
two
updates
for
a
group
each
meeting.
So
maybe,
if
we
just
ask
for
volunteers
for
the
one
in
two
weeks,
that
way
we
avoid
surprises,
and
then
we
can
just
kind
of
do
a
random
walk
to
assign
sign
the
rest
out.
Does
that
make
sense
works.
B
B
B
G
G
Okay,
so
two
volunteers,
two
working
groups,
they're
working
group,
leads
one
to
volunteer
to
report
next
week.
Five,
ten
minute
updates
on
progress
of
the
working
group.
J
Sorry,
no,
it's
a
question
and
it's
more
about
the
election
thing.
Actually
it's
just
so
you
can
pick
me
afterwards.
B
K
E
E
G
Between
the
end
users
and
the
best
ones,
I'll
bring
the
popcorn
okay
and
then,
and
then
on
our
side,
our
program
management
team
can
can
I
walk
through
and
assign.
Some
dates
for
the
rest
and
notify
working
group
leads
sounds.
F
B
B
Thank
you
did
I
see
another
hand
go
up
and
if
not,
then
down
back
to
you
for
the
elections,
question
yeah.
J
Sorry
I
just
wanted
to
clarify
the
election
timeline.
When
do
we
expect
the
call
for
nominees?
When
do
we
expect
the
actual
election
to
happen?.
G
The
schedule
is
in
the
pr
the
companies
will
it
happen,
I
mean
we
could.
Hopefully,
if
we
get,
you
know
four
sign-offs
on
that
PR
today,
then,
either
this
evening
or
tomorrow
morning,
we'll
send
out
the
the
first
email
to
get
get
things
rolling
yeah
and
stick
to
the
schedule.
Thanks.
B
Then
the
last
item
on
today's
agenda
is
just
review:
open,
PR's,
there's
a
lot
of
them,
so
there's
probably
a
couple
specific
ones
that
we
should
look
at
I
know
we
have
the
funding
requests
that
was
brought
up
last
time
for
cert,
which
I
promised
to
review,
and
then
stuff
happened
and
I
just
apologize.
I'm.
Sorry
I
didn't
finish
my
review
of
it
yet
I
also
don't
see
votes
on
it
at
the
moment.
E
I
just
sent
out
emails
for
both
the
cert
and
then
also
the
education
plan
for
the
tech
to
review,
provide
feedback
and
then
vote
on.
If
this
is
worthy
to
be
moved
up
to
the
governing
board
for
review.
B
You
do
you
want
to
maybe
give
a
quick
update
for
the
attack
and
everyone
present,
maybe
folks,
who
weren't
here
last
time
on
what
this
is.
E
Ish,
let
me
find
my
window
issue.
131
is
a
proposal
from
the
open
source
security
incident,
Response
Team
Sig
to
refine
the
immobilization
plan
stream.
Five.
They
have
taken
the
original
plan,
reworked
it
with
a
proposal.
They
feel
could
be
achieved
with
current
volunteers,
additional
volunteers
and
hiring
of
some
staff
and
acquiring
some
tooling.
E
So
if
the
attack
feels
that
is
still
in
line
with
our
missions
and
goals,
I
would
love
not
only
specific
feedback
on
we
like
this
or
we
don't
like
that.
Or
did
you
think
about
this
other
thing,
but
you'd
also
like
to
talk
to
recommend
to
the
plan
to
get
moved
to
the
governing
board
for
review
for
funding
and
then
issue.
134
is
the
same
deal
with
the
education
Sig,
where
we
have
taken
stream.
E
One
of
the
mobilization
plan
refined
it
and
built
it
out
with
the
proposal
to
have
a
core
of
volunteers,
create
a
new
a
series
of
new
educational
content
for
the
foundation
around
application,
security
and
secure
best
practices
that
developers
and
developer
adjacent
personas
would
benefit
from
and
then
there's
some
other
goals
where
we
wanted
to
get
better
engaged
with
underserved
communities.
We
have
Rewards
Pro
silver
Rewards
program
proposals
to
help
encourage
open
source
developers
to
adopt
some
of
these
tools
and
practices.
E
J
I,
don't
have
a
question
about
that,
but
I
have
a
question
about
one
three:
two,
the
thing
about
the
mailing
list.
I
was
just
wondering
if
that's
happening
now,
because
I
see
that
it
got
approved
by
the
tax.
So
is
that
is
that,
like
something
that's
happening
or
what.
E
G
Yeah
time
for
some
real
talk
about
the
budget,
all
right,
the
approved
budget
for
2023
for
openssf.
G
That
includes
the
money
that
we
know
we
have
and
can
spend,
does
not
include
extra
call
outs
for
these
kinds
of
things.
So
once
the
tech
has
approved
these,
as
you
know,
suitable
uses
of
funds,
you
know
whether
from
course
is
a
budget
or
elsewhere,
but
that
these
technically
are
good
ideas
and
and
really
ought
to
be
pursued
and
are
well
researched
and
and
represent
the
best
set
of
balance
of
interest
and
compromises.
All
that
kind
of
stuff.
G
Our
job
is
then,
to
go
out
and
find
the
money
to
go
and
support
this.
Now
that
could
come
from
the
governing
board
deciding
to
make
a
change
to
its
approved
budget,
which
we
tend
to
try
to
limit
to
only
doing
once
a
year
kind
of
at
mid-year,
to
course
correct,
but
there
may
be
other
opportunities
now.
Just
to
be
honest,
though,
like
right
now,
the
current
funding
climate
and
others
has
folks
being
pretty
conservative
about
that,
which
it
also
would
affect.
G
The
second
approach,
which
is
going
around
someone
had
in
hand
to
the
members
not
just
of
the
governing
board,
but
also
to
our
broader
General
membership
and
saying,
hey,
here's
something
we
think
is
really
worthy.
Does
anyone
want
to
go
and
jointly
fund
it?
There
are
some
other
sources
potentially
of
funding
as
well.
The
you
know
this
could
is
the
kind
of
thing
that
potentially
Alpha
Omega
could
consider
funding.
G
Some
of
these
are,
although
you
know
none
of
the
three
so
far
fit
squarely
and
it's
kind
of
mandate,
but
a
future
one
might
I've
also
been
initiating
conversations
with
for
folks
like
The
Sovereign
Tech
Fund
in
Germany,
which
has
26
million
dollars
to
spend
over
the
next
two
years
to
to
go
and
invest
in
open
source
initiatives
and
and
we've
put
forward.
G
You
know
to
them:
hey
here's,
some,
some
promising
ideas
coming
out
and
let's
talk
further
and
they're
still
thinking
and
talking
and
evaluating
that
so
I,
don't
no!
No,
nothing
don't
want
to
promise
or
or
even
even
suggest
anything
happening
there
yet,
but
basically
the
honest
will
be
on
us,
then,
to
go
and
and
figure
out
where
the
funding
can
come
from
and
including
potentially
from
openness
is
core
budget,
but
that
I
think
is
probably
less
likely
than
from
from
other
streams.
G
So
this
step,
the
attack
approving
these
things
is
important,
as
validation
important
when
we
go
out
and
raise
those
funds
to
be
able
to
say
this
has
been
reviewed
by
a
wide
Community,
this
alliance,
with
where
people
think
things
are
heading.
Obviously,
there's
proposals
also
do
have
expiration
dates.
G
So
you
know
we
can't
go
in
fundraise
for
a
year
on
something
and
expect
it
to
be
the
same
proposal
as
before,
and
sometimes
New
Opportunities
emerge
too.
So
this
will
be
an
organic
process.
Some
of
these
things
might
come
back
for
further
discussion
if
they've
been
adjusted
based
on
where
we
think
we
can
get
funding
or
or
something
like
that,
but
I
do
want
to
emphasize.
G
This
is
a
useful
thing
for
the
tax
be
doing,
which
is
sending
the
signal
that
they
think
you
know
one
or
all
three
of
these
are
valuable
on
the
mailing
list,
one
in
particular
it
since
it's
small,
especially
if
you
put
out
the
the
side
thing
of
the
optionality
of
the
you
know,
promoting
advocacy
and
and
recruiting
which
I
think
was
an
additional
100K
or
something
like
that.
G
It's
basically
down
to
a
setup,
cost
I
think
it
was
of
60
or
50-ish
K
and
then
75k
for
the
first
year,
or
something
like
that
I,
that's
small
enough
that
hopefully
we
can
get
that
funded
sooner
but
again,
you
know
many
of
these
companies.
Many
of
all
of
your
companies
have
had
some
painful
cutbacks
in
the
in
the
last
quarter
or
two.
So
I
just
wanted
to
be
a
bit
realistic
about
our
ability
to
removing
this
and
I
might
need
to
ask
some
of
you
to
help
me.
G
E
So
I
had
two
questions
for
you.
Brian
last
year
we
were
told
the
TAC
had
the
ability
to
approve
underneath
a
certain
line
and
like
we
did
that
with
the
spdx
enhancements.
Is
that
not
the
case?
Do
we
not
have
that.
G
E
G
Budget
discretion
there
was
a
budget
allocation
last
year
for
a
couple
of
different
categories
of
work
that
stuff
like
this
could
fall
under.
There
is
one
I
still
believe
for
investments
in
education
materials.
So
let
me
come
back
to
that
because
that
might
be
something
we
can
tap
for
the.
E
Educational
sake
and
then
my
second
question
was
I
thought
that
there
were
specific
donations
for
the
mobilization
plan.
Is
that
not
the
case
or
is
that
change
that
idea
changed.
G
So
there
have
been
pledges
and
we'll
certainly
start
by
going
to
those
organizations
that
have
made
those
pledges
and
say:
hey,
here's
a
way
to
to
meet
some
of
the
the
pledged
amount
that
you
made
back
in
May.
Again,
those
were
pledges
made
in
may.
They
were
not
signed.
You
know
most
commit
documents,
but
but
it's
it's
a
plausible
case
that
those
are
the
first
ones
to
start
with
and
say
Hey.
You
can
help
fulfill
some
of
your
pledges.
G
We
did
receive
one
donation
last
year
from
Amazon
focused
on
improvements
to
scorecard,
and
so
we're
working
now
with
the
scorecard
leads
to
figure
out
what
what
should
a
you
know,
a
funding
process
for
that
look
like
and
and
we'll
come
back
to,
the
attack
with
with
an
update
on
that
and
and
and
kind
of
a
discussion
review.
But
that's
that
was
that
was
the
only
donation
for
future
work
that
that
we've
received
that
this
kind
of
specifically
identified
to
that
and.
E
G
B
In
terms
of
the
process,
since
I
think
the
132
is
the
first
time
that
the
attack,
at
least
recently
this
year,
has
voted
on
a
funding
proposal,
any
comments
from
Tech
members
or
others
present
on
the
process
of
that
vote.
Since
we
have
a
few
other
things
that
we
now
need
to
vote
on,
should
we
use
the
same
process
for
those
foreign
I
think
it
worked.
We
we
discussed
it
here.
We
have
to
take
some
email
discussions
because
didn't
have
Quorum
in
a
call
and
is
now
recorded
on
the
GitHub
issue.
E
B
I
think
the
131,
the
the
search
mobilization
plan
review,
probably
needs
to
bake
a
bit
more,
as
it
were
more
folks
need
to
read.
It
comment
on
the
GitHub
issue,
myself
included.
So
let's
skip
that
for
now.
Thanks
for
the
update
earlier
and
talk
about
one
three,
eight,
the
slack
upgrade
request
since
that's
had
a
little
bit
of
discussion
already.
E
E
And
I
try
to
Route
people
towards
mailing
lists
or
comments
and
issues
or
PR's
for
the
have
that
things
that
need
that
long
long,
tail,
I.
B
Agree
with
slack
not
being
a
permanent
system
of
record,
certainly
not
for
decisions
that
have
always
found
in
distributed
decentralized,
sort
of
time
zone
spanning
organizations
that
having
both
a
long-form
discussion,
emails
or
message
boards
and
a
real-time
chat
forum
is
incredibly
valuable.
It
augments
the
the
synchronicity
of
these
Zoom
meetings
with
a
way
a
place
for
us
all
to
sort
of
Converse
and
share
thoughts
over
time.
J
D
B
That
it
is
very
often
useful
to
be
able
to
go
back
and
reference
things
read
things
that
happened
both
from
a
community
standpoint
of
like
gosh.
There
was
this
really
cool
conversation,
I
was
having
with
Josh
I
think
it
was
about
three
months
ago,
on
this
topic,
Let
me
refresh
my
memory
and
from
the
moderation
perspective,
we
are
not
a
large
enough
Community,
yet
we
haven't,
as
far
as
I'm
aware
had
you
know,
contentious
code
of
conduct,
style
issues,
but
from
a
moderation
standpoint
in
bigger
communities.
That
archive
is
important.
B
D
That's
fair
I
mean
I
I
like
to
always
say
that
the
slack
not
keeping
messages
is
a
featured
because
it
theoretically
makes
us
write
things
down,
but
like
that's
only
a
theory,
because
we've
all
seen
how
well
that
works,
yeah
but
yeah
I
mean
I
I.
Think
the
challenge
we're
going
to
see
with
this
one
is
you're
going
to
get
people
on
every
Side
of
Everything.
Can
we.
G
The
conversations
with
slack
are
very
personality,
driven
and
very
much
dependent
upon
the
right
person
as
on
one
side
asking
the
right
person
on
the
other
side,
which
is
pretty
fragile
when
you
think
about
how
often
people
change
organizations,
and
so
I
worry
that
in
good
faith,
it'd
be
hard
for
me
to
base
a
decisional
or
or
critical
infrastructure
upon
I
mean
I.
Guess
we
do
all
the
time
anyways
but
like
on
on
the
back
of
a
relationship
that
could
change
without
much
recourse,
and
you
know
yeah,
it's
it's
it's
it's!
B
G
I
think
if
we
took
probes
kind
of
understanding
and
codified
it
a
little
bit
more
clearly
so
that
when
folks
logged
into
slack,
they
understood
the
you
know
what
when
and
how
its
appropriative
conversations
there
and
when
and
how
it's
important
to
capture
things
and
move
them
or
or
take
a
conversation
that
feels
like
it's
heating
up,
you
know
and
or
turning
to
something
substantive
and
turn
it
into
an
issue
or
turn
it
into
a
you
know,
a
a
PR
or
something
like
that
is
a
really
solid
one,
and
if
anybody
does
know
of
any
export
tools,
that
can
then
say:
okay,
this
great
conversation
that
two
people
had
on
slack
capture
that
and
make
it
easy
to
import
into
an
issue.
G
You
know
the
with
a
single
click
or
something
like
that
that
might
might
also
help
with
that
kind
of
flow.
One.
B
Of
the
issues
that
I
I've
been
chatting
with
folks
about
for
a
while
and
sort
of
casually
is
accessibility
and
welcomingness
of
our
community.
How
does
a
new
party
interested
in
contributing
find
out
where
to
go
where
to
contribute
diagram?
Society
is
a
huge
effort
in
that
in
that
direction.
Github
discussions
are
not
good
for
that
they're
siled
into
each
repo,
and
so
someone
who's
like
who's
heard
of
the
open,
ssf
and
wants
to
come
contribute
they'd
have
to
figure
out
which
particular
repo
to
go.
Look
in
for
a
discussion,
as
opposed
to
slack.
B
They
can
just
hop
on
slack
and
start
chatting
with
people
in
the
community
and
find
a
welcoming
voice
to
help
them
get
oriented
and
land
somewhere
that
onboarding
experience
has
been
crucial
to
Growing
the
communities
in
openstack
in
kubernetes
in
a
lot
of
other
projects,
and-
and
we
don't
really
do
too
much
there,
but
we
could
do
more
and
slack
or
something
like
it
is
really
key
to
that.
Onboarding.
D
Can
can
I
I
feel
like
there's
two
conversations
happening
here.
There's
the
I
feel
like
one
side
is
saying
we
shouldn't
use
slack
in
another
size,
saying
we
should
just
pay
for
Slack
I,
don't
think
anyone
suggests
we
should
not
have
slack
right
just
just
that
we're
on
the
free
one.
Now
we
don't
have
the
old
stuff
and
I
also
suspect
that
a
new
person
showing
up
isn't
going
to
scroll
back
so
I
mean
they
might
but,
like
generally
speaking,
I
suspect
like
a
couple
weeks.
Max
is
what
we're
going
to
look
at
so.
D
M
Was
gonna,
say
Josh?
You
may
have
stolen
many
of
my
points,
but
I
think
you
know
one
of
the
key
things
culturally,
with
with
an
ephemeral,
ephemeral.
M
Communication
tool,
like
slack,
is
making
sure
that
people
understand
the
role
of
it
and
you
know
so
as
we're
having
this
conversation,
it
would
be
good
just
to
make
sure
that
we're
letting
all
of
the
work
stream
leads
in
particular
know
that
if
they
have
decision
making,
that
is
happening
on
slack
that
it's
kind
of
their
responsibility
to
make
sure
it
gets
memorialized
on
the
repository
and
make
sure
that
they
are
the
ones
sort
of
curating
the
community
for
their
particular
work
groups,
because
you
know
the
attack
is
not
everywhere.
M
You
know
nor
the
staff
and
that's
the
thing
that
we
can
sort
of
push
as
a
cultural
expectation.
It's
just
that
important
decisions
make
it
into
GitHub
so
that
people
can
find
them
later.
B
Yeah
I
like
that
and
my
concern
is,
like
you
said:
the
attack
isn't
everywhere.
Neither
are
the
staff
we
don't
really
have
a
moderation
team
right
kubernetes,
for
example,
has
a
dedicated
moderation
team
for
all
of
their
their
official
spaces.
I
worked
with
them
for
a
while.
It's
a
much
it's
like
tourism
attitude,
larger
Community
granted,
but
imagine
a
situation
where,
35
days
later,
someone
in
a
working
group
says
Hey
I
was
on
vacation
for
a
week.
B
I,
don't
remember
this
decision
ever
being
made
and
the
lead
failed
to
Archive
it
or
copy
it
somewhere.
There's
now,
no
longer
a
record
for
anyone
to
go
review.
How
decision
was
made
that
kind
of
a
lack
of
transparency,
lack
of
accountability
might
be
in
one
person's
side.
Just
a
small
mistake:
oops
I
was
busy
and
forgot
on.
The
other
side
suddenly
leads
to
a
loss
of
trust
and
faith
in
the
working
group
leader
I've
seen
that
situation
arise
more
times
than
I
can
count
in
other
orgs
and
even
back
in
the
openstack
days.
B
A
decade
ago,
we
added
a
an
IRC
chat
bot
to
every
single
official
room,
hundreds
of
them
simply
to
archive
all
of
that,
so
the
attack
equivalent,
when
called
upon
to
step
in
and
mediate
a
process
like
that
go
well,
okay,
who
who
actually
messed
up
here?
What
should
we
do?
Who's
right
had
a
reference
to
go
back
to
so
I
I.
Don't
think
we
have
that
problem
today,
but
I've
seen
it
in
every
Community
as
they
grow
and
I
I'd
love
to
set
us
up
for
Success.
There
bless.
G
A
quick
comment
and
a
quick
proposal:
I
want
to
speak
up
for
the
value
of
forgetting
I.
Remember
when
the
Usenet
message
archives
became
searchable
by
Google
in
the
early
it
was
early
2000s
and
you
could
go
and
find
all
sorts
of
silly
posts
of
mine
from
the
early
90s
on
completely
on
news
groups
that
I
had
no
business
being
posting
to
it,
but
but
it
was
on
a
presumption
that
you
know
messages
were
somewhat
ephemeral
and
I
think
actually,
especially
for
people
who
are
newbies
to
a
community.
G
The
idea
that
these
messages
aren't
going
to
go
down
on
their
permanent
record
is
actually
a
positive
thing.
Many
of
us
are
Old-Timers
who
don't
have
any
problem
being
fools
in
public,
but
a
lot
of
other
people
tend
to
so
yeah
I
think
I.
Think
there's
actually
a
you
know
a
welcoming
thing
about
slack
being
you
know,
having
that
cut
off
at
90.
B
Days,
yeah
Ryan,
it
actually
doesn't
in
in
even
in
a
free
version
of
slack.
The
slack
system
records
all
those
messages
they're
available
in
the
future.
G
True,
that's
true,
so
so
I
think
that
gets
to
my
second
point,
which
is
we
can
document
what
it
sounds
like
is
the
consensus
on
this
call,
which
is
slack,
has
its
place.
Real-Time
Communications
has
its
place.
Slack
has
its
place,
here's
how
to
use
slack
to
to
get
the
most
out
of
it
and
and
and
here's
when
you
want
to
move
those
conversations,
those
topics
to
a
pull
request
or
a
GitHub
issue
or
or
to
craft
a
document.
G
You
know
to
get
consensus
around
this
shouldn't
be
a
pretty
long
policy,
I'm
thinking
like
a
paragraph
or
two
and
could
be
the
thing
that
we
link
to
from
the
Welcome
Banner
when
you
land
on
slack,
to
try
to
make
sure
that
even
newbies
see
it.
G
I
I'd
offer
us
on
the
staff
side
being
willing
to
draft
a
paragraph
or
two
that
captures
this
to
try
to
take
this
off
of
everyone
else
has
been
Z
plates
and
then
you
can
bring
it
back
here
for
discussion
and
approval,
but
but
I
think.
If
we
do
that,
then
I
think
we'll
steer
folks
in
the
right
direction.
So
I
don't
know
how
folks
feel
about
that,
or
somebody
else
wants
to
volunteer
to
write
that
feel
free.
E
N
Yeah
I
just
I
mean
that
so
I
created
the
issue
against
attack
repository
just
from
the
conversations
that
I
saw
with
some
of
the
general
population
about
you
know,
should,
should
the
ossf
be
paying
for
slack,
the
the
I
think.
The
thing
that
just
needs
to
be
considered
here
is
there's
the
policies
of
how
you
should
be
using
slack
and
then
how
it
actually
ends
up
getting
used
in
the
real
world
and
trying
to
differentiate
those
two
things
and
to
what
I'm
trying
to
say
here
is
like.
N
We
should
be
realistic
about
sure
we
can
put
these
policies
in
place,
but
if,
if
slack
has
already
got
this
place
in
the
community,
that's
that's
been
created.
Do
we
want
to
try
to
force
that
or
do
we
want
to,
let
that
be
as
it
is
or
find
another
you
you
did
about.
You
did
a
bunch
of
digging
and
pull
a
bunch
of
statistic,
statistics
about
Slack's,
current
usage
for
anybody
who
hasn't
seen
that
do
you
want
to
quickly
share
those
stats
with
the
group
here?
I,
don't
have
it
up
myself
sure.
B
I
linked
it
in
the
in
the
GitHub
issue,
it's
I
think,
second
from
the
bottom.
The
short
version
is
on
our
mailing
lists.
There
are
approximately
1
500
accounts
active
most
mailing
lists,
other
than
announce
have
less
than
100
subscribers
on
each
list
and
very
little
activity.
The
tack
list
has
less
than
700
messages
in
its
entire
lifespan.
B
By
contrast,
slack
is
incredibly
active
out
of
2
000
total
accounts
a
little
more
than
the
mailing
list.
We
actually
have
about
three-fifths
two
two-fifths
about
700
weekly,
active
members
in
any
given
week
about
a
hundred
thousand
messages
sent
total
in
the
lifetime
of
that
slack
instance,
and
about
75
percent
of
those
are
in
non-public
channels
which
could
be
DMS.
It
could
be
private
channels.
B
So
it's
it's
a
very
active
place
where
our
community
spends
time
connecting
with
each
other
talking
about
stuff
relevant
to
this
Mission
I
I
do
think
we
have
to
have
something
like
that
for
real-time
communication.
I,
ask
folks
in
the
chat
right
now
and
zoom
chat
are
mentioning.
Switching
costs
are
high
I
unless
there
were
a
strong
reason
to
switch.
B
For
example,
if
the
Linens
Foundation
said
hey
we're
going
to
host
a
thing
like
rocket
chat
or
element
or
something
that
would
be
a
compelling
enough
reason,
I
would
Advocate
to
make
a
switch,
otherwise
I
personally
I,
like
Discord
I,
think
it's
terrible
for
work
and
so
I,
don't
think.
There's
a
benefit
to
us
which
an
off
of
slack
I,
think
it
really
is
a
discussion
of.
B
Do
we
value
the
archival
nature
of
slacks
messages
over
the
the
sort
of
real-time
ephemerality
of
it,
with
the
recognition
that
it's
never
actually
ephemeral
right.
If,
if
ephemerality
is
a
core
value
that
folks
want
to
place
in
the
chat
system,
then
we
should
provide
a
stronger
guarantee
of
that
ephemerality
and
slack
does
not
do
that.
N
Yeah,
that
was
that
was
it
and
and
also,
if
any
of
any
of
us
can
back
this
up
too,
if
you
just
go
into
slack
and
then
you
go
into
it
and
you
say,
like
hey:
I
want
to
pay
for
pro.
The
estimate
that
it
comes
up
with
is
I,
think
22
000
for
the
year
is
that
accurate,
I
think
I
think.
G
Around
20
I'm
sorry
240
220
people
in
a
given
week.
Right-
and
you
know
it
scales
up
linearly
with
numbers
of
users.
So
if
we
accidentally
start
doing
something
really
important
and
have
10
times
the
number
of
users,
then
we
kind
of
are
trapped
into
paying.
You
know
a
much
larger
fee
without
because
switching
costs
are
so
high
and.
B
Yep,
so
I
I,
don't
think
paying
for
slack
is
an
easy,
easily
answered
question.
B
If
a
community
values
that
you
know,
we
should
say
so
and
then
sort
that
out.
David.
O
I
just
wanted
to
raise
the
possibility.
I
mean
there
seems
to
be
like
an
artificial
dichotomy
that
we
asked
slack
for
some,
given
the
purpose
of
open
ssf
that
this
sort
of
an
in-kind
contribution,
or
at
least
partial
discount
I,
mean
I,
mean
I,
understand
what
the
commercial
price
is.
But
has
anybody
actually
asked
them
if
they
would
be
willing
to
discount
it
for
this
purpose,.
G
An
initial
email
to
the
same
person
who
offers
this
for
cncf
without
an
answer
so
I
did
not
pursue
it
further.
Neither
Salesforce
nor
slack
not
for
lack
of
asking
are
members
of
openssf.
B
B
Thank
you
all
see.
You
same
bat
Time
same
bat
channel
in
two
weeks.