►
From YouTube: OpenSSF TAC (May 30, 2023)
Description
Meeting minutes: https://docs.google.com/document/d/18BJlokTeG5e5ARD1VFDl5bIP75OFPCtzf77lfadQ4f0/edit#heading=h.9m0zi4b0wnne
A
B
E
D
D
C
D
D
Let
us
quickly
we're
gonna
spend
two
minutes
if
there
are
any
updates
for
any
of
the
issues
listed
in
the
agenda.
Let's
talk
about
tech
issue
163,
which
was
comments
about
the
CRA
and
pld.
There
was
a
bunch
of
activity
on
this.
How
do
we
feel
about
this?
Are
you
ready
to
turn
this
over
to
the
public
policy
committee.
I
D
C
I
D
D
Let's
move
on
to
issue
151
the
project
formally
known
as
the
Sterling
tool
chain,
the
doodle
poll
closed,
and
we
determined
that
in
54
minutes
we
will
be
meeting
weekly
Tuesdays
at
noon
eastern
time.
So
there
will
be
a
group
of
folks
that
will
continue
to
work
on
and
refine
the
Sterling
tool
chain
idea.
D
And
it
also
conflicts
I
think
with
a
salsa
call
and
another
internal
working
group
call
that's
what
you
get
with
a
group
vote
I'm.
Sorry,
we
will
do
our
best
to
take
excellent
notes
and
there
will
be
it
will
be
recorded
and
we
were
always
open
for
additional
conversations
and
we'll
try
to
keep
everybody
up
to
date.
D
E
Sure
so
Jordan
ran
a
scrape
or
ran
a
scraper
to
see
anyone
that
was
an
individual
contributor
to
any
of
our
repos,
and
he
gave
me
an
audit
of
that
list.
I
went
through
and
moved
people
that
were
individual
contributors
to
a
team
and
invited
them
to
the
team
and
removed
their
individual
access,
and
so
there
might
be
some
breakage
with
their
collaboration
if
they
don't
accept
the
team
invite,
but
I
wanted
to
make
the
switch
sooner
rather
than
having
it
over
our
heads
for
months
to
come.
D
E
K
K
J
J
H
H
F
G
L
I
added
this
is
a
bullet
point
on
the
end
of
the
list
of
items,
but
I
figure
I
should
introduce
this
now
because
it's
relevant
to
the
permissions
model
thing
a
few
months
ago.
I
don't
remember
exactly
I
was
rooting
around
through
this
plug-in
GitHub
app
settings
that
was
applied
to
the
open,
ssf
organization
and
so
you'll
notice
that
a
lot
of
our
attack,
you
know
a
lot
of
our
working
groups,
have
the
settings.yaml
file.
L
The
downside
is
that
collaborators
can
set
their
own
permissions,
and
so,
if
you
look
down
here
security
implications,
this
app
makes
it
so
that
anybody
who
is
push
permission
to
the
repository
has
can
give
themselves
admin
permissions
on
the
repository.
So
as
a
result
of
this,
all
of
the
all
of
the
open,
ssf
org
repositories
that
have
actually
any
repository
across
the
open
SF,
because
you
could
add
this
file
and
then
give
yourself
permissions,
even
if
the
file
didn't
exist
previously.
L
C
L
Yeah
I
actually
meant
to
talk
to
Jory
about
it,
because
she
was
one
of
the
people
that
helped
set
it
up.
It's
no
longer
part
of
the
opennessf
actively,
but
this
is
part
of
I
mean
Jordan's
doing
some
work
in
this
area
around
reorgan.
You
know
stuff
and
Amanda's
kind
of
a
part
of
this
too
I
just
I,
just
I
think
that
we
did
this
and
it
was
part
of
the
operations
conversation,
but
the
tack
never
got
notified
of
this
decision
and
that
this
happened.
L
J
Yeah
I
think
John
I
think
that's
good.
The
one
question
I
have
just
as
I'm
I'm
reading
issue
155
as
I'm
skimming
quickly.
Maybe
it's
called
out
someone
I'm
just
overlooking
it,
but
the
discussion
point
about
the
org
itself.
Having
open
membership
was
raised
in
two
weeks,
ago's
meeting
on
the
GitHub
issue.
Is
it
how?
How
is
how
did
that
decision
land
and
where
is
that
decision
captured.
H
L
Amanda
I'm,
seeing
that
as
omsf
staff,
I
am
unable
to
create
repositories
under
the
openssf
org.
Is
that
something
that
what
what
is
the
current?
Creating
a
repository
process?
Should
staff
be
able
to
create
repositories?
Should
tack
members
be
able
to
create
repositories?
Who
should
be
able
to
create
repositories
and
who
shouldn't.
E
L
K
L
So
the
question
that
I
have
here
is
there's
just
an
it's.
It's
a
standing
question
of.
Where
should
this
document
live?
There
was
a
an
opinion
there's
a
couple
of
opinions.
One
is
that
the
policy
should
live
with
the
vulnerabilities
closure
working
group
open
repository,
because
it's
something
it's
a
it's
an
item
delivered
by
them.
L
There's
a
couple
of
different
opinions
here.
One
of
them
I
mean
one
of
the
things
that
I
post
is.
Maybe
foundationism
is
mirrored2.github,
because
then
Foundation
is
the
top
level
one,
but
then
all
the
stuff
there
gets
reflected
into
the
dot
GitHub,
even
though
we
don't
have
it
like
just
so
that
the
name
can
be
Foundation
which
Maybe
symbolic
in
some
way
to
some
people.
I,
don't
know,
there's
it's
a
it's
a
rather
long
thread,
it's
most.
So
this
the
thing
has
been
voted
upon.
It's
been
ratified
by
the
attack.
D
L
D
L
D
D
Great
I
will
not
take
my
allotted
time.
I
only
have
a
few
short
things
to
discuss
just
to
give
everyone
an
update.
We
have
two
current
best
practices
guides
that
the
group
is
working
on
source
code
management,
best
practices
guide
and
a
C
and
C
plus
plus
compiler
option
hardening
best
practices
guide.
Both
of
those
are
progressing
very
well.
A
lots
of
multi-organization
multi-contributor
feedback
I
feel
we
are
close
to
having
the
beta
for
the
source
code
management
guide,
ready,
probably
within
the
next
month,
that's
pretty
well
baked.
D
We
have
a
great
review
of
good
settings
that
should
be
in
place
for
both
GitHub
and
gitlab,
and
then
there's
been
some
conversation
about.
Could
people
put
in
suggestions
for
alternate
repositories
like
a
subversion
or
other
types
of
things?
And
yes,
we
absolutely
will
take
those
patches
if
someone
must
put
the
effort
in
so
you
should
see
those
guides
finishing
up
the
summer
and
we
will
definitely
share
with
the
tack
once
they
are
ready
to
go
and
we'll
work
with
Jennifer
and
everyone
for
a
Blog
and
whatnot.
D
So
I
would
anticipate
sometime
later
this
summer.
Those
will
be
ready.
We
have
a
new
Sig,
the
memory
safety
Sig,
which
I
will
jump
to
very
quickly.
This
is
picking
up
mobilization
plan
stream.
Four
there's
been
a
group
of
folks
working
on
rewriting
that
that
text
and
we
are
close
to
moving
it
into
a
GitHub
repository.
That's
our
pr4
I
anticipate
we'll
probably
make
that
decision
this
week,
so
that
the
plan
will
be
available
in
an
open
source
way
that
anyone
that
has
additional
feedback
or
suggestions
can
contribute.
D
D
If
there
was
good
guidance
from
the
compiler
hardening
space,
we
wanted
to
ingest
that
as
part
of
the
advocacy
that'll
be
part
of
the
memory
safety
rewrite
and
those
were
the
two
big
things
that
the
group
is
working
on
and
the
working
group
would
ask
this
presentation
is
available
for
everybody.
It
should
be
in
the
link.
I
will
get
it
posted
up
to
the
the
working
groups
repository,
but
is
this
a
type
of
information?
Do
we
like
this
format
and
template,
and
is
there
any
specific
information
someone
was
curious
about
like?
D
D
F
So,
okay,
let's
give
you
a
quick
update
on
the
end
user.
Working
group
I
think
it's
going
to
be
fairly
quick
as
well,
but
just
in
general
at
the
moment
the
main
focus
of
the
group
is
on
threat,
modeling
and
trying
to
build
out
an
Enterprise
architecture,
a
sample,
Enterprise
architecture
and
then
looking
at
how
the
supply
chain
threats
would
apply
to
that
and
building
out
a
formal
threat,
modeling
architecture.
F
We
have
recently
spun
up
a
dedicated
series
of
meetings
on
Tuesdays
at
9.
00
a.m,
East
to
go
through
in
more
detail
on
that
and
it
is
hosted
by
Enrique
plate
who
is
leading
out
that
work
and
that's
progressing
really
well.
Additional
chunk
of
work,
we're
doing
is,
is
trying
to
recruit
additional
end
users
to
actively
participate
in
the
group.
F
Now,
there's
something
that
we
have
Andrew
Aitkin
focusing
on
and
we
are
talking
to
a
lot
of
different
end
users,
a
lot
of
different
people
reaching
in
to
get
additional
Insight,
but
we
are
not
getting
people
directly
into
the
meeting
as
yet,
as
we
can
see
on
here,
we've
got
about
10,
regular
attendees,
which
is
a
fairly
healthy
number
and
about
10
people
intermittently
come
through.
In
addition
to
that,
there
are
tens
of
end
users
that
reach
out
and
read
through
the
material,
look
at
the
videos
and
reach
out
to
different
people.
F
So
there's
quite
a
few
people
in
the
wing
serve
as
well
in
terms
of
recent
work,
I'll
get
into
more
detail
on
the
threat
model
and
taxonomy
piece,
but
just
a
couple
of
additional
pieces.
We
have
written
effectively
a
software
ingestion
Manifesto
as
a
group
that
we're
reviewing,
which
just
highlights
some
of
the
areas
we
need
to
look
at
if
we're
consuming
open
source
software
and
some
of
the
focus
areas
there.
Additional
recruitment
plan
have
been
putting
together
to
bring
in
additional
users
and
we
as
a
group,
contributed
to
the
CRA
talking
points
in
vanakuba.
K
Nothing
sort
of
particularly
comes
to
mind.
Definitely
recruiting
more
folks
is
a
big
Focus.
Those
of
you
who
are
at
the
open
ssf
day
may
recall
the
incredibly
Awkward
Moment,
where
Andrew
and
I
said,
raise
your
hand
if
you're
an
end
user
and
I
think
two
people
raise
their
hands,
so
we
we
need
some
more
representation
in
that
department.
I
think.
C
So
you
find
me
answer
the
question
now:
it's
actually
regarding
I
mean
who
are
the
people
who
actually
participates?
You
know,
can
you
give
me
like
the
categories
of
people
because
I
mean
we
have
an
issue
later
we'll
talk
about
this?
You
know
the
maintainers,
for
instance,
who
feel
like
okay.
This
is
not.
They
are
not
end
users
and
so
I'm
I'm
wondering
who
the
people
are.
F
Well,
it's
fairly
varied
in
terms
of
industry
but
they're,
large
Industries,
so
large
consultancy
firms,
large
Bank,
large
telecommunications,
those
sort
of
things.
What
we
were
trying
to
do
as
well
was
look
at
the
medium
and
small
companies,
but
those
are
tend
to
be
the
the
people
that
are
suddenly
attending
a
lot
of
the
smaller
companies
are
talking
to
us,
but
on
unnecessarily
joining
that
main
group.
K
I,
don't
know
what
to
remember
is
that
you
know
for
a
large
company,
something
like
the
open
ssf
as
a
participant
has
high
Leverage
and
they
can
afford
to
dedicate
some
time
to
it,
which
is
small
and
medium
firm,
won't
be
able
to
that's
that's
just
in
the
nature
of
the
Beast.
In
terms
of
like
abstractly
answering
a
question.
K
I
know,
I
I
would
say
that
it's
a
fuzzy
function
as
to
who
is
an
end
User,
it's
not
a
crisp
set,
but,
generally
speaking,
the
further
away
you
get
from
writing
open
source
and
contributing
open
source
back
to
the
Upstream,
the
more
of
an
end
user.
You
are
the
more
you're
taking
the
world
as
it
is,
rather
than
changing
the
world.
J
F
K
J
J
K
F
People
orientate
where
they,
where
the
open
ssf
offerings,
are
so
Grobe,
obviously
working
with
crude
in
the
diagram
Society
to
put
a
fantastic
diagram
behind
that
as
well,
which
gives
us
a
bit
of
insight
into
where
to
map
those
different
OSF
programs.
Current
status.
We
do
have
a
draft
architecture
which
is
I'd,
say
in
good
shape.
We
also
have
the
initial
threat
models
that
are
starting
to
come
through
now,
really
a
lot
of
great
work,
getting
spearheaded
from
Henrik,
Abdullah,
Garcia
and
ourselves,
so
I
think.
Really.
F
The
next
step
is
to
continue
that
until
we
get
to
completion
for
that
initial
view,
at
which
point
it'd
be
great,
to
bring
it
back
to
the
tech
to
get
your
sort
of
review
of
that
we're
open,
obviously,
at
any
time
at
that
separate
meeting
for
input
as
well.
So
please
do
come
and
join
us
on
that,
one.
That
is
really
the
main
focus
of
where
we're
at
for
the
end
User
Group.
Oh
no
good
question.
F
That's
really
a
great
point,
so
we
were
part
of
the
studying
tool
chain
lunch.
What
was
the
dinner
at
Vancouver
and
a
couple
of
the
other
conversations
as
well
and
that's
kind
of
where
we're
looking
as
well?
Oh,
no
is
that
look.
This
is
how
consumers
are
set
up.
This
is
the
different
threats.
Now,
if
we
to
look
at
a
still
until
Jane,
how
would
that
be
based
on
that
to
mitigate
those
threats?
It's
almost
looking
at
effectively
the
threats
and
the
requirements
for
that
still
until
change,
so
that
that
is
really
our
view.
F
F
So
the
next
one
is
is
another
piece
of
work
we're
working
on.
We
did
present
it
back
to
the
tech
some
time
ago
and
it's
effectively
a
taxonomy
for
supply
chain
attacks
just
so
it
would
allow
us
to
reason
and
discuss
this
amongst
smes
and
end
users.
We
did
have
some
initial
work
from
henrique
and
Pierre
Giorgio,
and
the
feedback
from
the
attack
at
that
point
was
to
reach
out
to
the
cncf
and
additional
smes
for
feedback.
We
did
do
that.
F
We
did
get
additional
feedback
and
that
was
added
to
the
taxonomy.
We
still
do
have
some
additional
work
that
I
think
to
really
reconvene
and
look
at
how
we
push
that
forward.
I
think
one
of
the
big
bits
of
feedback
was
there
may
be
different
views
of
the
taxonomy
in
the
middle
stages
of
that
taxonomy.
If
you've
seen
it,
it's
actually
broken
down
into
what
sort
of
a
tech
tree
and
whilst
the
nodes
are
appropriate,
people
have
different
views
on
the
the
middle
notes,
so
more
work
required
there.
F
That's
going
to
be
some
time
before
we
bring
that
back
and
finally,
really
I
think
if
you
were
highlighting
there's
an
offline
conversation,
I'd
love
to
have
that
about
recruiting
additional
end
users.
We
are
having
lots
of
conversations
as
I
said,
but
we
need
to
translate
that
into
active
participation.
That's
where
we're
heading
and
really
the
other
part
is
contributing
to
the
threat
model.
When
we
get
that
done
so
any
further
questions.
D
Excellent,
thank
you,
gentlemen,
appreciate
the
update
and
if
anyone
has
questions
the
end
user
working
group
has
a
slack
Channel,
a
mailing
list
feel
free
to
reach
out
directly
to
them
reach
out
to
the
best
working
group.
If
you
have
a
feedback
or
questions
for
that
team,
let
us
talk
about
any
foundation
or
staff
updates.
I
see
we
have
securing
software
repos
little
note
here
who
would
like
to
talk
to
that.
L
L
It's
a
collaboration
that
I'm
doing
with
Amir
from
ostiff.
The
idea
is
predicated
on
the
concept
of
I
believe
that
most
artifact
servers
in
the
industry
have
never
had
a
security
audit
performed
against
them
right,
like
Maven,
Central
Gradle
plug-in
portal
actually
made
it
central
has
an
audit
but,
like
you
know,
Pi
Pi.
L
You
know
all
these
different
services
and
the
proposal
here
is
to
actually
fund
through
Alpha
Omega
and
other
avenues
actually
paying
for
pen
test
and
Red
Team
engagements
against
this
critical
infrastructure
that
supplies
the
entire
open
source
industry
and
actually
paying
you
know,
trying
to
get
resources
allocated
and
actually
having
these
audits
occur.
So,
if
you're
interested
in
in
getting
involved
in
this
conversation
about
this
work,
this
work
leave
a
comment
on
the
on
the
proposal
or
come
join.
The
weekly
Sig
meetings
that
are
on
Thursdays
now
so.
E
L
L
L
L
D
All
right
I
would
invite
everyone
interested
to
please
participate
on
either
the
slack
the
mailing
list
or
come
to
the
meetings
and
help
us
get
those
two
efforts
rolling
for
the
balance
of
our
time.
Together.
I
would
like
to
talk
about
tech
issue,
129
the
technical
Vision.
We
had
some
conversations.
L
M
D
M
Awesome
and
then
I'll
just
throw
in
there
one
other
thing
in
terms
of
blogs.
We
have
a
Blog
coming
out
tomorrow
on
the
supply
chain,
Integrity
working
group
and
then
our
feature
for
next
month
is
going
to
be
the
security
tooling
working
group.
So
we're
also
opening
the
floor
for
guest
blog
submissions
on
s-bombs
and
fuzzings.
So
if
you
or
someone
you
know
might
want
to
contribute
a
post
on
that,
please
feel
free
to
do
so
and
then
one
more
thing.
We
have
a
survey
open
at
the
moment.
M
Our
open
ssf
software
security
awareness
survey
and
it's
held
in
conjunction
with
LF
research
on
how
the
open
ssf
is
perceived
and
initiatives
like
Sig
store,
Alpha,
Mega,
best
practices,
badge
scorecard
salsa,
so
any
help
you
could
throw
in
to
help
share.
That
survey
would
be
great,
there's
a
link
to
it
on
the
home
page
at
the
top.
When
you
go
to
the
site.
Thank
you.
D
Great,
thank
you
any
questions
or
comments.
Please
route,
that
to
Jennifer
and
we'll
be
glad
to
get
both
those
efforts
were
rolling.
So
let's
talk
about
issue
129
around
our
technical
Vision.
We
did.
We
get
all
of
the
outstanding
comments
addressed
and
are
we
to
a
point,
we're
happy
and
would
like
to
merge
this
Tac
go.
A
A
I
D
D
Then
let
us
spend
some
time
talking
about
a
new
issue
that
arose
over
the
weekend.
We
had
a
new
contributor
put
forth
a
issue
169
around
a
maintainer
experience
through
the
openssf
we
had
talked
about
the
end
user
perspective,
Jonathan
and
Jacques
just
gave
us
a
recap,
and
this
is
a
another
set,
another
Persona
that
we
actively
work
with,
and
there
was
interest
in
trying
to
see
what
was
available
and
how
we're
addressing
that
set
of
collaborators.
So
any
conversation
we
want
to
have
around
the
maintainer
experience
today.
C
A
So
I
have
I
have
a
proposal
and
krobe
you
can
and
others
you
can
shoot
it
down.
If
you
like,
I,
think
the
closest
working
group
to
this
is
the
best
practices
working
group
and,
in
particular,
I
mean
there's
all
sorts
of
awesome
ideas
in
here.
I
might
I
immediately
went
and
looked.
Oh
man
yeah.
We
do
need
at
least
a
page
that
points
people
you
know
existing
maintainers
and
it's
totally
understandable
when
we
first
started.
We
didn't
have
anything
to
point
to
hooray.
We
have
things
to
point
to
now.
A
We
need
to
point
to
them,
so
so
I
would
propose
that
the
best
practices
working
group
picked
this
up.
As
a
a
you
know,
let's
start
looking
at
it
at
the
very
least,
I
would
suggest
to
them
that
they
create
like
a
little
page
for
the
main
openssf
website
that
points
hey
you're,
a
maintainer.
Where
do
you
go
craft
that
and
then
discuss
the
other
things
and
if
it
eventually
it
turns
out
to
be
there's
another
working
group
that
needs
to
be
created
or
so
on?
D
G
Hi
folks
I
wanted
to
raise
I,
don't
know
if
everyone's
aware
of
this,
but
there
is
a
like
a
mini
committee
effort
right
now
around
the
open,
SSS
devrel
approach.
This
is
sort
of
maybe
more
like
evangelism
Focus,
but
I
think
a
lot
of
the
points
that
we're
trying
to
address
with
that
overlap
with
the
maintainer
experience
approach
here,
mostly
about
advocating
for
the
maintainer
and
things
like
that,
so
I
dropped
a
link
to
the
doc.
Amanda
has
mostly
been
leading
this
with
some
input
from
other
folks.
C
Yeah
I
mean
in
your
introduction.
You
say
this
is
a
type.
This
is
a
Persona
that
we
are
addressing
and
I
would
say
that,
based
on
this
issue,
we
are
failing
to
address.
At
least
you
know
adequately
and
I,
but
I
agree
that
this
is
the
person
that
we
want
to
address,
and
so
you
know
I
think
we
all
agree.
This
is
great
feedback
and
we
definitely
should
act
on
it.
C
You
know
they
don't
care
whether
it's
a
project,
a
working
group,
why
you
call
it
where
it's
structured
in
the
you
know
higher
or
governance
tree,
but
so
I
mean,
if
you
again,
if
you
can
get
direct
access
to
the
information,
that's
relevant
to
you,
then
I
think
you're,
all
better
off
so
I
think
and
to
to
follow
up
on
on
David's
proposal.
I'm
fine,
with
starting
with
the
test
working.
It's
looking
into
this
I
I
was
a
bit
concerned
that
you
know.
C
C
Because
to
date
it
has
been
mostly
focusing
on
delivering
material
that
could
be
used
for
the
maintain
by
the
maintainers,
but
it's
not
exactly
the
same,
so
I
I
have
the
feeling
that
eventually,
you
might
want
to
create
a
new
working
group
for
this.
It
does
that's
also
why
I
was
asking
the
question
earlier
about
the
the
the
end
users,
who
are
the
end
users
and
I,
don't
know
how
many
of
those
we
want
to
create,
but
I
don't
want
to
have
too
many
working
groups,
but
you
know
I
think
if
that's
what
it
takes.
D
Before
I
move
to
Jonathan,
it
might
be
a
great
collaboration
between
elements
of
the
best
working
group
kind
of
participating
with
this
new
devrel
committee,
because
again
and
I
agree
with
Dustin.
That
was
an
effort
we
had
recently
been
talking
about
of
trying
to
get
better
evangelism
within
that
community.
So
maybe
we
find
a
way
to
blend
those
efforts.
L
Thought
crosses
my
mind.
Most
of
most
of
the
participants
in
the
open,
SF
and
including
the
people
that
you
know
for
the
attack
and
the
people
who
can
allocate
their
time
and
money
and
effort
right
are
are
funded
by
their
company
to
spend
time
on
this,
because
the
and
and
as
of
as
such
kind
of
have
corporate
interest
backing
there
right
at.
L
Are
we
lacking
somewhere
within
the
sphere
within
the
attack
within
the
maybe
even
within
the
the
governing
board,
from
individuals
that
are
not
given
the
ability
to
be
financed
by
their
companies
to
spend
the
time
focused
on
this
that
we
should
consider
trying
to
pull
in
those
voices.
Potentially
I
know
that
we
all
are
passionate
about
open
source
right
yeah,
but
anyway
you
got
a
pan.
That's
relevant
to
this
exact
yeah.
J
There
are
large
amounts
of
Open
Source
that
are
critical,
that
are
maintained
by
people
who
do
so
on
a
volunteer
basis
and
that
we
have
struggled
as
an
organization
to
reach.
I
think
this
is
a
incredibly
Salient
point
and
as
I'm
reading,
the
the
issue
well
articulated
I
would
love
to
see
the
value
to
individual
maintainers,
clearly
expressed
and
captured
as
sort
of
the
front
landing
page,
which
also
echoes
that
the
audience
is
a
bit
different.
The
same
challenge
that
the
end
user
working
group
was
just
presenting
as
well.
J
J
J
Could
that
be
positioned,
more
forward-facing
on
the
website
in
our
conferences?
Could
members
of
this
body
who
are
paid
by
our
employers
to
do
this?
Go
talk
about
this?
At
other
events,
I'm
thinking
like
b-sides,
we
get
a
lot
of
end
users
and
a
lot
of
individual
maintainers
at
the
smaller
Regional
conferences.
That's
to
me
also
aligned
with
the
whole
devrel
question
going
out
meeting
developers
where
they
are
to
talk
about
the
value
we
give
them
not
just
what
we
want
from
them.
Oh.
N
You
got
me
right
as
I
was
putting
food
in
my
mouth.
Sorry
I
turned
my
camera
off
to
spare
everybody
the
image
the
point
I
wanted
to
make
other
than
just
plus
wanting
the
the
general
notion
of
the
Persona
of
being
maybe
having
a
lack
of
focus
in
terms
of
external
Outreach.
Is
that
I
think
there's
there's
a
dynamic
of
this?
That
is
one
to
one
in
terms
of
reaching
individual
project,
maintainers
or
Developers.
N
There's
a
dimension
of
this,
which
I
see
is
kind
of
one
to
m,
in
which
I
think
in
the
both
the
vision,
doc
that
was
just
merged
as
well
as
in
some
of
the
conversations
over
the
past
several
months,
we've
kind
of
called
out
the
notion
of
needing
to
have
full-time
staff
dedicated
on
ecosystem,
specific
relationships
and
thinking
of
those
as
ways.
It's
one
thing
for
the
open
ssf
to
say
something:
it's
a
different
thing
for
the
Drupal
Foundation
or
the
psf
to
say
something
to
their
constituent
groups
as
well.
K
Jacques
I
just
wanted
to
amplify
something:
Ava
said
which
was
I
guess
in
a
sense
going
even
further
than
having
a
page
for
maintainers
that
the
first
page
you
get
to
on
the
open,
ssf
should
say
if
you're
a
maintainer
here
are
things
we
do
if
you're
an
end
user.
Here
are
things
we
do
and
if
you're
a
vendor.
This
is
where
you
should
participate.
If.
K
Because
those
those
seem
like
sort
of
major
constituencies-
and
at
the
moment
the
open
ssf
pages
is
generic
and
because
it's
the
one
thing
that
we
all
agree
on,
you
know
we
talk
about
the
governance
structure,
which
doesn't
necessarily
get
you
to
where
you're
trying
to
get
to
so
I.
Think
having
the
page
built
around
that
information
architecture
might
be,
might
be
a
useful
reorganization,
I
think
valuable
and
a
sub
note
to
that
which
is
I,
think
there's,
there's
kind
of
like
two
sub
persona
in
maintainers.
K
H
K
D
B
Completely
agree
with
the
interest
to
improve
the
communication
and
to
provide
a
better
landing
page
portal
for
all
these
different
roles.
To
understand
about
the
openssf.
A
couple
of
points
I
wanted
to
make
is
one
to
be
very
careful
that
this
isn't
a
you
know:
hi
we're
from
the
government,
sorry
open,
ssf
and
we're
here
to
help
yeah
another
is
that
I
mean
there?
Is
this
balance
between?
B
I
mean
I,
completely
agree
that
for
people
who
want
information
who
want
help
and
exactly
is
the
way
the
jock
mentions
these
two
different
roles,
but
there's
also
just
you
know
not
not
against,
but
just
this
awareness
of
that
people
with
skin
in
the
game
to
corporations.
People
participating
here,
you
know,
have
a
reason
to
participate
and
contribute
both
at
the
governing
board.
B
Tech,
all
these
various
you
know
sigs
and
working
groups
because
of
a
you
know,
a
certain
value
to
them,
and
yes,
we
definitely
should
try
to
open
this
up
and
have
all
the
different
voices
participate.
But
when
trying
to
get
us
to
make
sure
that
there's
a
difference
between
people
who
are
motivated
versus
a
a
forum
for
activists
who
I
mean
the
people
who
are
interested
to
participate,
we
need
to
think
about
what
their
motivations
are.
B
I
mean
some
of
the
people
who
may
not
have
who
may
not
have
so
much
skin
in
the
game,
but
just
want
to
okay.
You
know
here,
I
can
start,
you
know
creating
regulations.
I
can
start
creating.
You
know
different.
You
know
requirements
here.
I
can
just
start.
You
know,
you
know
telling
a
bunch
of
you
know
the
these
awful
capitalist
corporations.
What
to
do
and
I
mean
so
there's
just
you
know
like
careful
of
the
voice
that
we're
participating,
not
that
they
shouldn't
participate.
I
mean
you
know.
B
Clearly,
this
should
be
open
to
everyone,
but
just
to
ensure
that
this
you
know,
has
the
the
right
voice
that
we
understand
the
balance
of
presentation
for
the
people
who
are
going
to
be
impacted
with
some
of
these
different
policy
which
open
SF
is
doing
a
great
job
advocating,
but
but
just
making
sure
that
it's
we
understand
what
the
implications
are
and
that
the
people
are
participating
are
the
ones
who
are
actually
going
to
be
affected
and
have
a
lot
of
the
requirements
and
regulations
placed
upon
them.
Thanks
excellent.
D
Thank
you
and
I
for
one
will
commit
my
time
and
I
will
encourage
my
friends
in
the
best
working
group
and
the
diagram
of
society
to
participate
with
the
devrel
team
as
that
moves
forward.
I
think
this
is
an
important
piece
of
work
to
help
us
have
that
better
Outreach
to
our
different
communities,
so
I
will
commit
myself
and
my
friends
to
help
make
this
successful
and
I
encourage
everyone
else
to
do
the
same
any
last
minute
thoughts
in
our
final
three
minutes.
Together,
we
have
gone
through
our
agenda.