►
From YouTube: OpenSSF TAC Meeting (December 1, 2020)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
Beautiful
we
can
figure
out
this
technology
all
right,
so
today's
agenda
first
one
is
licensing.
I
know
there's
some
comments
here
about.
Is
there
anything
for
tac
to
do
here
and
no
there's
not,
except
that
it
does
affect
the
working
groups
quite
a
bit
and
not
everyone
has
been
involved
in
this
discussion.
A
lot
of
this
conversation
has
been
happening
over
in
the
governing
board
planning
committee.
B
Do
we
have
sort
of
exceptions
to
what
licensing
or
permissions
for
various
licenses
that
we
want
to
allow
working
groups
to
use
without
having
to
go
through
this,
like
review
process
right,
I'm
trying
to
make
this
a
little
bit
easier
for
folks,
so
I
just
want
to
bring
that
up.
But
yes,
it
is
being
moved
to
the
governing
board
for
them
to
figure
out
legalese
and
decide
on,
and
all
that.
B
A
C
B
Perfect,
thank
you
and,
for
those
that
don't
know,
apache
and
mit
are
almost
identical.
I
think
there's
like
one
difference
with
patents
being
granted
automatically
or
something
like
that,
but
that's
about
it
all
right.
So
the
next
thing
is
the
charter
template
update,
slash
removal
so
dan.
I
know
you
sent
an
email
regarding
this
about
just
go
ahead
and
moving
charter
md
from
the
templates
and
from
the
working
groups
that
are
using
it,
which
I
think
is
actually
a
great
idea.
B
We've
discussed
this
a
little
bit
before
this
is
basically
boilerplate
that
was
intended
to
be
customized.
We
haven't
customized
it,
and
now
it's
creating
more
confusion
for
people.
B
So
we
did
do
some
work
around
the
readmes
to
sort
of
simplify
the
working
groups,
definitions
and
what
their
charters
are
and
that
sort
of
thing,
but
as
far
as
the
actual
charter
itself,
we
haven't
done
any
work
on
that
and
right
now
it's
extremely
heavy-handed.
It
talks
about
like
technical
steering
committees
and
it
defines
which
excuse
me
which
license
you're
supposed
to
use.
D
Correct,
I
did
a
quick
look
and
didn't
see
anybody
any
changes
anybody
had
made
to
them
in
their
own
working
group
repos.
So
I
think
it's
just
sitting
there
as
an
artifact
from
when
they
got
created.
F
Related
to
the
licensing
is
even
though
that
template
does
it.
You
know
it
specifies
that
they
should
be
released
using
apache,
2
kind
of
the.
The
formal
thing
that
needs
to
be
done
is
that
the
repositories
need,
I
think,
they're
fpdx
files.
F
I
forget
what
the
exact
format
for
that
file
is,
and
that
should
list
the
licensing,
so
so
I'd
say
from
a
licensing
perspective,
it's
fine
to
remove
the
charter
template,
but
we
should
make
sure
that
the
for
those
groups
that
that
are
planning
that
are
intending
to
use
apache,
2
well
for
all
groups.
We
make
sure
that
we
have
the
spdx
file
in
there
indicating
the
license.
F
F
So
we
can
see
that
and
if
you
scroll
down
to
the
place
where
I
pasted
in
the
language
from
the
charter
template
further
down
still
here
now
at
the
very
bottom,
so
6d
it
says,
contributed
file
should
contain
license.
Information
such
as
spdx
short
form,
identifiers,
indicating
the
open
source
license
or
licenses.
G
A
F
B
So
then
the
next
question
becomes:
does
somebody
want
to
volunteer
to
do
this
for
each
one
of
the
working
groups,
or
should
we
just
send
mail
to
each
working
to
have
them
do
it,
and
I
think
I
know
the
likelihood
of
it
getting
done
if
we
send
mail,
so
any
volunteers.
B
All
right
making
good
progress
today,
all
right,
so
the
next
thing
I
want
to
talk
about
is
the
technical
vision.
So
I
know
we've
discussed
this
a
little
bit
in
past
meetings,
so
to
kind
of
formalize
the
conversation
a
little
bit
here.
We've
created
a
an
issue
to
start
tracking
this,
so
this
got
brought
up
a
little
bit
in
yesterday's
planning
committee,
and
so
we're
really
kind
of
thinking
around
what
this
technical
vision
needs
to
be
is
a
three
to
five
year,
like
really
high
level
type
vision.
B
So
this
isn't
the
the
list
of
items
that
we're
going
to
do
for
the
year
or
anything
like
that.
That's
going
to
be
a
separate
roadmap
that
will
get
created,
but
this
should
be
this
sort
of
inspirational
type
thing
that
we
can
leverage
to
sort
of
define
what
it
is
that
open,
ssf
is
contributing
and
sort
of
the
purpose
of
that.
B
So
k
had
mentioned
that
someone
else
had
given
her.
This
idea
around
you
know
a
guideline
to
define
us
is
what
has
changed
in
the
next
three
to
five
years,
because
openssf
exists
right.
B
So
if
we
put
it
kind
of
within
those
parameters
like
do
we
say
you
know,
ninety
percent
of
you
know
repos
created
now
have
security
process
and
whatever
that
is,
I'm
like
really
high
level
thing,
but
we
need
to
take
into
account
what
our
current
working
groups
do
and
then
also
what
we
could
be
doing
right
and
so
sort
of
lump
all
of
that
together.
B
So
this
issue
here
is
sort
of
trying
to
pull
all
that
together
and
then
it
as
an
attempt
to
create
sort
of
a
mechanism
for
us
to
have
these
conversations
instead
of
waiting
every
two
weeks.
We
can
start
discussing
this
here,
so
I
took
from
the
mail
that
I
had
sent
previously
a
couple
weeks
ago,
around
the
categorization
of
working
groups
for
educate
and
foreign
protect.
Put
that
in
here
I
have
the
timeline
for
when
we
need
to
have
this
done,
which
is
for
the
press
release
that's
going
out
in
january.
B
So
we
need
to
have
a
review,
ideally
in
two
weeks,
for
that
first
draft,
and
then
we
can
have
comments
on
it
over
the
over
a
month.
Basically,
because
I
realize
that
it's
winter
holidays
and
people
are
going
to
be
in
and
out
so
we
need
to
take
probably
good
four
weeks
to
to
actually
iterate
on
that,
and
then
we
can
get
that
approved
for
the
final
press
release.
So
first
one
questions
comments
around
define
this
vision.
What
it
is,
what
the
purpose
is
anything
like
that.
B
Krabby,
the
only
one
I
could
see
and
you're
shaking
your
head.
No,
so
I'm
gonna
go
out,
there's
no
questions
perfect
and
then,
as
far
as
timeline
goes,
is
there
any
concerns
around
being
able
to
get
a
draft
put
together
within
the
next
two
weeks
and
remember
this
is
not
meant
to
be
a
like
three
page
thing.
This
should
be
like.
Maybe
a
couple
sentences.
F
I
I
think
it's
more
than
a
couple
sentences.
I
would
say
it's
one
to
two
pages,
so
I
you
know,
I
think
it
looks
like
you
know,
there's
a
little
there's
a
paragraph
of
preamble
and
then
there
are,
you
know,
maybe
five
to
six
statements
of
here's,
how
the
world
has
changed
because
of
what
we've
done.
So
you
know,
developers
have,
you
know,
start
projects
using
secure.
F
What's
the
word,
I'm
looking
for
sort
of
secure,
defaults
companies
or
developers
can
control
there,
I'm
just
giving
some
examples,
but
developers
can
control
the
dependencies
they
use
based
on
security
parameters.
You
know
a
few
things
like
that
sort
of
you
know
the
high
level
principles
and
then
another
paragraph
summary.
A
Are
you
envisioning
just
text
or
like
a
like
a
two
or
three
page
slide
deck,
which
is
how
I
originally
thought
this
would
be,
but
I
mean
that's
fine
too.
F
Okay,
then,
I
would
say
text
okay,
so
you
know
something
that
we
can
put
up
on
the
website
and
people
can
click
through
and
it's
a
document.
F
B
Similarly,
in
that
text
or
slidex
fine,
it
doesn't
matter
to
me,
but
the
actual
vision
itself
I
didn't
think
would
be
two
to
three
pages
now
I
could
see
the
explanation
leading
up
to
it
and
and
our
thought
process
around
almost
like
a
blog
post
could
be
longer,
but
I
would
be
a
little
concerned
about
two
to
three
pages
of
vision
that
someone
has
to
read
to
get
an
idea
of
what
it
is
that
open
ssf
is
aspiring
to
do
just
to
be
clear
when
I
said.
G
B
That
is
how
I
pictured
it,
but
I
certainly
see
like
your
point
of
there's
some
thought
process
around
how
we
arrived
at
that
and
sort
of
the
landscape,
and
you
know
that
kind
of
thing
is,
but
the
actual
vision
itself
is
that,
like
you
know,
like
you,
said
just
sort
of
this
couple,
one
paragraph
sentence:
multiple
sentence
thing:
that's
like
here's
our
organizational
statement.
This
is
why
we
exist.
This
is
what
we're
aspiring
to
do,
but
it
should
be
sustained.
F
So
I
think
we
already
have
the
you
know
one
to
two
sentence:
what
we're
aspiring
to
do?
That's
you
know
that's
in
our
that's
in
our
charter
and
and
then
we've
got
our
tagline
around
that
too.
So
so
I'm
thinking
to
go
one
level
deeper
than
that
which
is
what's
the
you
know.
F
What's
the
again,
maybe
in
you
know
five
to
six
ways:
what's
changed
what's
different,
how
are
developers
lives
different
because
of
the
work
we've
done,
our
developers
lives
or
our
companies
lives,
or
you
know
either
the
producers
of
the
consumer
software
what's
different
because
of
of
what
we've
done.
F
So
I
I
really
see
it
as
more
like
one
to
two
pages.
You
know
a
statement
of
you
know:
here's
here's,
how
we're
changing
the
world-
and
you
know,
here's
how
the
technology
that
comes
out
of
this
group
is,
you
know
it's
changing
the
world.
E
So
I
like
the
concept
of
kind
of
mapping
of
where
we
want
to
get
to
in
that
in
that
slightly
longer
form.
I
don't
know
that
it's
that
long
I
mean
we
can
write
it
and
see
how
it
goes
right,
that's
kind
of
more
that
than
anything
else,
but,
like
I
don't
think
we
necessarily
have
preamble.
I
don't
think
this
is
the
strategy.
I
think
ryan
in
that
issue.
Have
another
issue
links
to
actually
develop
a
broader
strategy.
E
A
E
F
Yeah,
so
it's
worth
doing
that
it's
let's
see!
Do
we
want
to
do
that
right
now,
or
maybe
just
link
it
into
this
issue.
B
F
F
And
then
so,
let's
see
the
funding
charter.
D
B
H
F
B
Yeah,
so
this
I
I
think,
like
mission,
is
great
for
the
overall
organization.
I
I
don't
think
what
we're
trying
to
do
is
in
competition
with
this.
I
think
it's
more
like
okay,
take
this
and
give
it
some
more
like
technical,
concrete,
it's
still
aspirational
right,
but
give
it
more
of
the
the
specifics
of
the
technical
like
what
is
it
we're
aspiring
to
do
like
this
is
great,
but
it's
it's
really
high
level
right,
yeah.
F
Okay,
I
think
we're
on
the
same
page
ryan.
I
just
when
you
were
saying
one
to
two
sentences.
I
was
thinking
you
know
all
you
can
get
through
in
one
to
two
sentences.
This
is
something
like
this.
So
as
long
as
we're
you
know,
sort
of
somewhere
in
the
range
of
you
know
a
paragraph
with.
Maybe
some
bullet
points
to
up
to
three
pages.
Why
we're
totally
on
the
same
page.
B
B
But
yeah
it
sounds
like
maybe
we're
on
the
same
page
as
just
we
were
describing
it
slightly
differently:
okay,
so
everyone's
okay.
With
with
that
approach,
oh
to
answer
your
question
dan,
I
think
I
admitted
everybody
that
was
in
the
lobby.
Okay,
cool.
B
Okay,
so
if
we
get
back
to
this
issue,
so
what
I'd
like
to
do
is,
let's
open
up
all
new
pages
hold
on
oh
come
on.
B
So
if
we
go
back
to
this
issue,
what
I'd
like
to
start
doing
is
filling
out
what
we
think
belongs
in
here
in
order
to
get
to
a
draft.
So
if
people
have
strong
opinions
about
it,
otherwise
you
know
put
them
in
here.
Otherwise
what
I
think
we
could
do
is
just
take
the
the
ideas
that
are
here
start
a
draft
drop
it
in
here
I
don't
know
if,
okay,
you
want
to
help
with
that.
I
could
do
it.
If
anybody
else
is
passionate
about
writing.
B
You
know
that
we
can
just
start
a
draft
here
and
start
iterating
and
commenting.
I
personally
prefer
that
we
do
it
here
in
the
issue,
because
I'm
noticing
there's
less
conversation.
That
happens
when
we
do
it
in
documents,
but
if
people
feel
strongly
about
one
or
the
other,
you
know
please
speak.
B
J
B
So
the
goal
of
the
tag
is
to
define
the
vision
for
openness
at
large
awesome.
Thank
you
so
yeah
yeah.
So
the
idea
here,
I
think,
is
that
whatever
this
vision
becomes
or
gets
defined,
as
will
one
be
inspirational,
creating
new
work
groups
can
help
us
decide
how
work
groups
should
coordinate
together
and
achieve
you
know
working
towards
an
overarching
goal
right.
It
should
be
sort
of
that
framework
that
kind
of
pulls
everything
together.
B
B
A
B
Yeah,
so
basically,
I
was
noticing
that
in
some
of
the
other
issues
like
around
licensing
and
around
the
life
cycle,
things
like
there's
some
really
great
conversations
happening
there,
where
people
were
just
putting
in
exactly
what
they
thought
it
should
be,
and
then
iterating-
and
I
thought
that
was
great
because
it
was
almost
like
you
could
see
the
versions
and
the
evolution
of
it
happening
versus
the
document
where
things
kind
of
just
disappear.
F
F
B
Is
that
just
to
memorialize
it
or
like
what?
What's
the
intention
of
having
it
in
a
document
like
to
share
it
out
or.
F
Well,
eventually,
we
want
it
as
a
document,
so
I
mean
we'll
probably
make
it
be
documented
inside
of
a
web
page
or
text
on
a
web
page,
but.
B
Because
I
always
really
think
that
ultimately
like,
depending
on
how
large
this
ends
up
being,
this
would
either
be
a
chunk
of
text
right
on
the
attack,
repos
readme
file
or
a
link
to
another.
You
know
md
file.
That
is
the
vision
that
can
be.
You
know
incorporated
in
numerous
places.
So
that's
that's
the
reason
I'm
pushing
back
on
the
document
is
because
I
see
it
existing
elsewhere,
but
if
there's
other
reasons
for
having
the
document
totally
open,.
E
I
think
this
is
an
interesting
point,
because
this
keeps
coming
up
not
just
in
this
context.
We
just
need
to
be
clear
where
final
versions
of
things
live.
In
my
opinion,
we
iterate
in
things
in
issues
and
in
google
docs
and
the
final
versions
of
things
are
published
to
a
file
on
and
then
I
think,
we've
already
decided
that
the
official
communications
come
from
the
email
list
so
like.
B
So
I
think,
I'm
actually
in
agreement
with
you
around
saying
that,
ultimately,
this
stuff
is
being
published
as
a
file
on
you
know,
github.
I
guess
I'm
leaving
the
iteration
up
to
personal
preference.
If
people
want
to
use
a
document
to
do
that
versus
you,
I
just
like
the
issue
for
it
because
I'm
noticing
them
work.
I
see
better
conversations
happening
there.
B
G
I
think,
if
you're
going
to
go
into
multiple
pages,
you
need
to
use
a
document
because
that's
just
too
much
for
everybody
like
here's,
here's
my
version,
cut
and
pasted
with
some
delta
that's
hard
to
see
going
issue
to
issue.
But
if
you're
really
talking
about
just
a
few
sentences,
it's
fine
to
use
an
issue.
B
I
think
that's
a
good
point
too,
so
I
think
maybe
the
right
approach
here
then,
is:
let's
start
in
the
issue,
defining
what
the
things
are
willing
to
talk
about
and
then,
if
it
grows
into
a
document
we
can
move
it.
But
if
it
ends
up
just
being
two
paragraphs,
maybe
you
can
see
an
issue.
A
B
I
think
what
I
want
to
try
to
avoid-
and
I
think
you
know
maya's
kind
of
mentioning
this
as
well-
is
that
we
don't
want
to
have
a
google
doc
being
the
final
thing
that
we
then
link
to
right.
It's
like
just
md
file
and
github
done,
and
there
it
is.
Everybody
can
read
it
very
easily.
So.
B
All
right
next
issue
is
the
working
group
life
cycles.
So
there's
been
a
lot
of
conversation
in
here
and
I'm
going
to
actually
default
to
the
people
that
are
having
the
conversation,
but
let
me
pull
it
up
real
quick,
I
think
we're
pretty
close.
In
fact,
I
saw
a
comment
I
think
from
dan
lawrence
this
morning
around.
B
B
All
right
so
yeah
so
dan's
comment
is
what
I
saw
come
across
in
mail
is
so
maya's
got
a
pretty
good
summary
here.
Let's
see,
let's
find
it.
Oh
yeah,
okay
at.
B
Okay,
all
right,
so,
basically,
it
looks
like
we've
got
a
couple
of
different
phases
here,
so
first
off,
there's
incubating.
So
in
order
for
a
working
group
to
become
incubating,
it
needs
to
have
one
tax
sponsor.
It
goes
to
the
tax
for
vote
for
inclusion,
so
the
attack
basically
decides
that,
yes,
we'll
have
a
incubating
working
group.
B
B
They
need
to
propose
a
scope,
that's
reviewed
by
the
attack,
so
I
think
that
falls
into
the
updates
that
we
put
in
the
readme.md
files
and
that
kind
of
helps
us
ensure
that
we're
not
having
duplication
of
effort
they
need
to
meet
or
have
met
at
least
five
times
and
then
for
those
meeting.
Notes
or
recordings
are
all
public
same.
You
know
modus
operandi,
we've
got
existing
working
groups
and
then
have
at
least
five
interested
individuals
from
at
least
three
different
organizations
attending
regularly.
B
D
B
Is
there
a
phase
before
this
one?
So
I
think
there
is
the
yeah.
People
are
getting
together
and
they're
experimenting
right
and
then
at
some
point
then
it
becomes
proposed.
So
once
they've
met
they've
they've
set
these
things
up
right,
because
anybody
can
set
up
a
zoom
meeting.
Anybody
can
start
creating
documents
right
so
do
we
need
to
really
define
what
that
is
up
front,
or
do
we
just
say
these
people
have
been
meeting
and
getting
together,
and
then
this
is
where
openssf
officially
becomes
interested.
G
That
seems
fine
to
me,
because
I
can
imagine
people
using
the
tac
mail
list
to
say:
hey
I'd
like
to
get
a
few
people
together
to
start
talking
about
something
and
either
it
comes
together
or
it
doesn't
or
likewise
in
a
working
group.
You
can
just
imagine
people
splintering
out
to
take
on
some
topic.
D
K
I
think
that,
having
listed
meetings,
for
example,
that
are
regularly
announced
and
kept
on
our
calendar
and
whatever
is
part
of
how
we
draw
participation,
so
I
like
the
idea
of
them
having
met
enough
to
realize
the
scope
of
the
problem,
but
I
wonder
if,
like
meeting
five
times
or
something
like
that,
may
be
heavy-handed
just
in
the
sense
that
a
lot
of
the
things
that
happen
by
us,
making
it
official,
maybe
extends
people's
reach,
and
I
wonder
if
having
them
have
to
meet
so
many
times
like
if
they're
meeting
twice
a
month.
K
K
B
So
maybe
yeah,
I
agree
with
the
costing
absolutely
perhaps
instead
of
saying
at
met
at
least
five
times.
We
have
them
have
a
regularly
scheduled
cadence
that
they're.
B
D
For
me,
it's
just
the
logistics
of
like
having
somebody
set
up
something
outside
of
this,
and
I
think
maybe
that's
the
same
thing.
Jennifer
was
saying
and
then
like
it's
kind
of
hard
like
we
have
the
shared
calendar.
We
have
these
repos,
where
we
can
advertise
stuff,
it's
kind
of
prohibitive
in
some
cases,
for
people
to
figure
out
a
way
to
you
know,
set
up
this
recurring
calendar,
invite
and
advertise
a
way
to
get
people
in.
D
I
think
it's
a
chicken
and
egg
problem,
because
if
you
just
have
one
person
who's
interested
in
a
topic
and
they
create
a
working
group
and
it
turns
out,
nobody
else-
is
interested
and
then
that's
kind
of
a
waste.
So
maybe
we
can
solve
it
just
by
helping
people
set
up
these
meetings
without
calling
it
a
formal
working
group
or
anything
like
that.
G
Something
we
have
in
another
organization
is
a
labs
area.
That's
set
up
to
lower
the
bar
for
creating
projects,
but
you
could
do
something
similar
for
working
groups
or,
if
you
just
had
some
sort
of
standing
allocated,
I
don't
know
pre-incubator
anybody
could
use
that
time
and
all
the
facilities
are
set
up
for
zoom
or
whatever
they
need.
G
C
B
Yeah,
so
that's
an
interesting
idea,
so
basically,
you've
got
like
a
regularly
scheduled
lab
meeting.
If
you
will
and
that's
for
new
ideas
to
come
together
and
then
what
would
happen
is
if
you
had
multiples-
and
I
doubt
that
probably
happens
too
frequently,
but
that
would
be
the
only
challenge.
Right
of
you
have
two
competing
groups
trying
to
meet
at
the
same
time,
but
then
they
could
splinter
off
if
it
really
became
something
interesting,
yeah.
C
Just
just
some
ideas
is
my
audio.
Okay.
I've
got
a
new
laptop
yep.
It's
angry
all
right.
Thank
you
just
needed
to
check
that.
So
it's
luca,
I
was
just
thinking,
there's
nothing
to
stop
them,
creating
their
own
repo
somewhere
outside
and
then
using
that
to
talk,
raise
issues
and
then
when
they
feel
they
are
of
the
right
level
that
they
want
to
go
forward
with
a
proposal
to
become
a
working
group,
then
we
can
have
a
look
at
their
repo.
C
We
can
see
you
know
what
activities
there
you
know
do
they
have
a
diverse
set
of
collaborators
that
are
working
on
the
proposal
and
there'll
be
a
little
bit
of
a
history
there.
You
know
they
can
create
requests
and
check
files
in
and
do
various
things
and
then
that
repo
could
then
be
just
migrated
into
ossf.
D
D
B
Yeah,
I
think
that
that's
perfect,
so
if
I
totally
agree
with
luke
as
well
like
having
that
repo
set
up
will
definitely
help.
So
if
people
want
to
go
which
they're
probably
going
to
want
to
do
anyway
right,
but
so,
if
they're
doing
actual
work,
we
can
have
that
we
can
make
that
as
part
of
the
review
process,
to
look
and
see
what
what
they've
been
doing.
B
We
can
help
you
know
and
like
dan
lorenzo
saying
that
let
people
know
yes
feel
free
to
use
our
channels
to
advertise
that
you've
got
this
other
working
you're
working
towards
becoming
a
working
group
and
open
ssf.
If
folks
are
interested
in
joining,
you
know,
we
can
help
get
it
scheduled
if
necessary.
You
know
that
kind
of
thing,
and
then
that
way
people
are
encouraged
to
explore
new
ideas
and
then,
when
they're
ready,
they
can
propose
them
to
the
tech,
and
we
can
help
start
formulating
or
formalizing
them.
E
If
I
can
propose
something
from
the
kind
of
what
I'm
hearing
a
summaries
here,
we
could
have
a
allow
to
the
airport,
allow
projects
to
or
sorry
working
groups
to
communicate
on
our
slack
and
on
our
mailing
lists.
E
It
sounds
like
we're
not
leaning
towards
the
open
video
option,
but
maybe
we
are
and
then
we
should
still
discuss
what
the
minimum
number
of
meetings,
if
any,
is
as
part
of
this
charter,
and
we
should
also
discuss
if
there
needs
to
be
a
repo,
for
example
like
if
somebody
meets
a
couple
times,
but
they
don't
have
a
repo,
but
they
have
you
know
a
google
doc.
It's
probably
good
enough,
but
like
that's,
you
know
for
us
to
decide
as
well
to
the
earlier
point.
E
B
Yeah,
I
think
that
makes
makes
a
lot
of
sense.
I
like
having
the
issue
template
for
folks
to
easily
fill
out.
I
agree.
Repo
is
not
required,
it's
like
if
they
have
one
it'd,
be
super
useful
and
they're
encouraged
to
go,
create
them,
and
then
we
can
migrate
them
in,
but
absolutely
depending
on
the
nature
of
the
work.
A
document
might
be
enough.
That
could
be
what's
getting
produced
right.
It
doesn't
it's
not
always
going
to
be
code
or
the
document
could
just
be
the
start.
B
B
So
I
think
that's
what
maya's
got
here
to
find
in
that
once
incubating
first
she's
got
you
know,
part
of
quarterly
tech
reviews
right
read
me
is
complete.
Okay
meets
on
a
regular
cadence
me
up,
so
here's
here
you
operate
as
part
of
open.
Ssf
has
access
to
community
resources
like
the
zoom
youtube
channels
and
can
request
funding
and
other
resources
subject
to
approval.
So
that's,
I
think,
that's
the
the
what
and
the
why.
D
B
I
was
going
to
ask
about
that
too.
That
was
the
question
that
I
had
was
so
yeah
that
all
sounds
great
for
incubating
then
once
you're
graduated
or
how
to
become
graduated.
I
have
no
issue
with
that,
but
once
graduated
same
plus
you
have
annual
goals
and
metrics
for
success.
E
B
B
Because
I
always
actually
kind
of
had
the
the
wording
of
both
of
these
sort
of
threw
me
off
from
from
since
we
started
this
conversation
incubating
to
me
always
felt
more
like
lab,
like
exploratory
thing
and
graduated,
was
like
okay,
we're
working
like
what
we
have
today
working
groups,
just
by
naming
only
right
happy
to
go
with
this,
but
that
was
just
sort
of
my
initial
instinct
was
oh
incubating
sounds
like
something
that's
sort
of
getting
started,
but
it's
not
real,
yet
working
groups
that
we
have
right
now
feel
very
real,
and
I
terminology
wise.
B
I
would
say
I
agree.
I
would
call
that
graduated
so
then,
is
it
a
question
of
another
phase
after
like
the
working
groups
that
we
have
now
do
they
hit
some
other
phase
at
some
point?
Are
there,
besides
being
done.
A
Yeah
yeah.
I
should
quickly
note
that
I
think
some
of
the
a
number
of
these
things
are
getting
borrowed
from
the
cncf,
which
has
an
incubating
and
graduating
level,
and
I
I
think
in
some
sense
it's
a
it's
an
intentional
name
calling
to
get
people
to
do
things
that
they
weren't
doing.
Originally,
I
mean
for
quite
some
time
kubernetes
and
prometheus.
At
least
I
know
at
least
prometheus
was
incubating.
You
know
millions
of
users,
probably
hundreds
of
millions
of
computers,
and
it
was
officially
incubating.
A
So
you
know
the
incubating
doesn't
mean
unused.
It
just
means
that
we
have
criteria
for
that.
We
would
love
to
see
projects
to
have
and
giving
them.
You
know
the
name
incubating
versus
something
else
gives
them
a
reason
to
try
to
do
the
other
things.
E
D
B
Yeah
because
it
kind
of
seems
like
using
current
terminology,
graduated
has
no
meaning
really
other
than
like
dance
extra
homework.
I
think,
then,
the
only
other
phase
is
the
like
retired
completed.
Whatever
definition
you
know
where
we
can
say
yeah,
we
put
this
one
out
to
field.
It's
done.
E
I
could
imagine
the
first
level,
which
is
access
to
resources
in
terms
of
like
what
we've
just
talked
through
and
the
second
level
being
like.
Okay,
you've
put
together
a
readme,
you
put
together
a
clear,
like
definition
of
what
the
project
you
know,
the
working
group's
proposal
is,
and
all
that
kind
of
stuff
you're
good
good
to
go
right.
Most
of
our
working
groups
together
already
today
have
done
that.
E
B
B
D
B
B
I
would
see
the
two
levels
of
just
being:
you've
got
the
exploratory
lab
and
then
you've
got
officially
approved,
you
know
operating
ones,
and
so,
when
I
look
at
it
that
way,
then
the
name
seems
weird
but
yeah
to
me.
Those
are
the
those
are
the
two
real
ones.
The
after
that
yeah
it's
just
like.
Okay,
with
the
check
box.
G
Well,
I
guess
there's
not
a
lot
of
homework
there
if
we
did
leave
it
that
way.
It's
just
once
they've
been
up
and
running
for
a
while.
You've
got
a
checkpoint
to
say
that
the
attack
is
going
to
say
all
right.
This
working
group
is
operating
under
community
norms
and
it
seems
to
have
not
fizzled
after
it
started.
B
B
D
B
Okay,
okay,
so
I
think
we're
all
in
agreement
in
spirit,
at
least
with
naming
so
about
the
next
steps.
Are
we
take
this
and
then
we
put
this
into
a
formal
md
file
and
then
codify
it,
like
dan
suggested
working
group
lifecycle?
Indeed
whatever
I
call
it
with
these
names
in
there
and
then,
if
everybody's
happy,
we
can
say
yes.
Otherwise,
if
there
are
changes,
we
can
submit
pull
requests
into
that.
B
Everybody
cool
with
that
plan
to
go
forward,
yeah
cool,
all
right,
any
volunteers
to
make
this
into
an
md
file.
Otherwise
I
will
do
this
as
well.
B
B
B
But
there's
a
lot
of
conversations
that
get
brought
up
around
one
working
group
has
an
idea
and
they
start
kind
of
exploring,
and
then
that
gets
another
idea
and
the
next
thing
you
know
they're
in
another
working
groups,
territory
which
is
great
because
that
means
hey
we're
all
kind
of
working
on
the
same
focused
areas
and
that's
awesome.
But
then
I'm
worried
that
then
things
will
start
getting
duplicated
so
kind
of
to
the
point
of
figuring
out
how
we're
going
to
put
people
on
attack.
B
B
The
working
group
leads-
I
wasn't
thinking
they're
just
some
representative
from
a
working
group
so
that
way,
they're
aware
of
what
the
other
groups
are
doing
and
I
think
once
we
move
past
all
these
sort
of
you
know
overhead
type
issues
that
we're
working
through
eventually
we'll
get
to
where
I
think
the
tac
meetings
will
end
up
being
mostly
talking
about
what
are
the
working
groups
doing?
B
How
are
they,
you
know,
coordinating
together
and
all
that
and
that's
really
what
the
tax
should
be
doing,
we're
just
kind
of
dealing
with
all
this
administrative
stuff
right
now,
so
that
was
kind
of
my
thoughts
on
it.
We
don't
have
to
discuss
right
now
from
the
unless
folks
want
to
take
the
time,
but
that's
kind
of
where
I'm
thinking
we
should
move
with.
With
that
conversation,
but
yeah,
we
do
have
a
deadline
coming
up
in
in
february
to
decide
all
that.
D
So
there
are
pros
and
cons
to
that
model
of
using
working
group
leads
to
form
the
tech
the
we
discussed
this
earlier
on
and
decided
to
punt
on
it,
but
some
of
the
problems
with
that
are.
If
we
get
more
working
groups
than
tax
seats,
you
have
to
come
up
with
a
way
to
pick
the
tech
can't
just
grow
forever.
If
new
working
groups
come
in.
H
D
B
Yeah,
my
thought
was
that
the
attack
wasn't
only
the
working
group
representatives
and
again
not
the
leads
specifically,
but
there
would
be
at
least
a
representative
from
each
working
group
and
then
additionally
other
folks
that
either
are
part
of
working
groups
or
multiple
working
groups,
or
you
know,
whatever
the
reps
are
kind
of
like
what
we
have
right
now
kind
of
overseeing
everything
yeah,
because
I
agree.
If
it's
only
working
group
leads
the
issues
you
described,
100,
definitely
a
problem.
The
growing
problem
is
definitely
still
a
concern.
J
The
benefit
of
collecting
the
leads
or
representatives
is,
it
would
avoid
the
situation
you
described
where
you're,
having
kind
of
this
stepping
on
each
other's
toes
or
kind
of
encroaching
on
each
other's
territory,
at
least,
if
you
had
a
forum
to
collaborate
and
talk
about
what
you're
looking
at
you
can
help
route
some
of
those
things
a
little
better,
exactly
yeah.
That
was
kind
of
my
thoughts
on
it
too.
B
Okay,
maybe
we
make
this
a
topic
of
discussion
for
the
next
tech
meeting
as
well.
We
kind
of
drive
down
through
some
of
these
models
as
we
work
towards
making
a
decision,
so
any
other
topics
that
folks
want
to
discuss
in
the
next
five
minutes
or
I'm
always
happy
to
give
people
time
back.
K
K
We've
had
some
interest
in
promoting
open
ssf
through
speaking
at
conferences
and
we've
had
the
opportunity
we,
someone
had
reached
out
to
mark
cox,
about
presenting
it
foss
backstage
a
german
conference
in
february,
around
kind
of
the
community
around
open
source,
and
we
were
interested
in
perhaps
presenting
something
about
securing
the
open
source
ecosystem
and
talking
about
openssf.
K
So
we
spoke
with
the
organizers
of
that
conference
and
they
were
keen
for
us
to
do
such
a
thing.
I
put
this
out
there
if
anyone
is
interested
in
being
a
panelist
to
talk
about
security,
open
source,
open
ssf,
those
types
of
topics,
please
let
me
know,
and
I'll
just
collect
folks
from
across
openssf,
to
submit
some.
J
J
K
Oh,
that's!
Wonderful,
great
I'll,
put
your
name
on
the
list.
Is
there
anyone
else
at
this
time?
That
would
be
interested.