►
From YouTube: OpenSSF TAC Meeting (Oct 20, 2020)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
B
My
audio
to
get
the
right
speakers
and
headset
working
so
would
you
mind
repeating
the
question
and
let
me
see
if
I
can
help
out.
Oh.
A
Yeah,
so
I
was
talking
about
the
last
meeting
I
was
able
to
attend.
I
was
reading
through
the
document
and
saw
the
meeting
notes
of
the
updates
from
the
working
groups,
but
it
did.
We
had
updates
from
all
the
working
groups
was
everyone
there
that
needed
to
be
that
maybe
provided
updates
verbally
that
didn't
make
it
to
the
into
the
notes,
or
do
we
still
have
people
that
we
need
to
follow
up.
C
A
Oh
okay,
okay,
cool
cool,
all
right.
Well
with
that,
then
we
can
jump
into
the
agenda.
Mostly.
This
is
uk
since
now
that
you
have
working
audio,
you
want
to
go.
B
B
Sure
I
can
do
that,
so
just
a
quick
update.
You
know
we
have
the
press
release
coming
out
on
the
on
the
29th
and
that's
on
track.
So
and
then
it
is
going
out.
We
have
a
draft
of
it
and
the
draft
is
going
out
to
all
of
the
member
companies
for
their
review
right
now.
The
kind
of
the
last
remaining
big
piece
is
that
we're
identifying
some
new
numbers.
B
We
have
a
voting
process
going
on
and
this
is
for
members,
corporate
members-
and
you
know,
people
who
have
signed
agreements
and
then
they'll
identify
self-nominate
and
then
we'll
have
a
vote
that
goes
on
and
once
those
three
additional
members
are
identified,
then
we'll
have
all
the
content
pretty
much
wrapped
up
for
the
press
release.
B
There
are
a
couple
of
other
things
related
to
that
one
is
we're
having
a
town
hall
meeting
and
that
I'm
working
on
an
announcement
of
that
and
we're
pretty
close
to
done
ryan
can
I
I
could
either
share
the
screen,
but
I
could
also
I'm
just
happy
to
have
you
click
on
the
click
on
the
link
by
announcement
where
it
says
here
under
townhall
meeting
there
you
go
yeah.
B
Right
so
I
think
that
I
shared
it
out
with
this
group
to
to
review
the
one
thing
that
I
wanted
to
just
check
with
people
on
is
under
working
groups
here
so
well,
let
me
quickly
go
over
the
agenda,
so
the
town
hall
meeting
will
be
on
november
9th
from
10
to
12.
B
our
agenda,
for
that
we'll
start
off
with
a
welcome
and
overview
and
then
we'll
have
what's
happening,
sections
and
that
might
be
what
we're
thinking
is:
that'll,
be
10
minutes
for
each
of
the
committees
and
working
groups,
so
for
the
planning
committee
we'll
do
an
update
from
that
I'd
like
to
have
an
update
from
the
technical
advisory
council
and
then
also
from
each
working
group.
B
When
we
got
putting
together
this
document
and
the
get
involved
document,
we
ended
up
wanting
to
use
something
that
was
even
shorter
still,
and
so
I
I
took
a
pass
at
abbreviating
the
working
groups,
I'd
like
to
spend
just
a
minute.
Looking
letting
people
read
through
those
and
help
help
me
adjust
if,
if
needed
for
for
any
of
those,
so
we're
looking
at
just
the
text
underneath
the
working
groups
and
I'll
give
a
minute
or
so
for
people
to
have
a
quick
scan
of.
B
B
D
B
D
I
I
had
one
minor
comment
on
the
security
tooling.
I
would
just
add
of
oh
I'm
sorry
for
oss.
You
know.
Basically
the
tools
don't
have
to
necessarily
be
open
source,
but
they're
intended
for
analyzing
open
source,
I
think,
is
the
purpose
here.
Is
that
correct.
B
Yeah,
so
that's
in
the
longer
one
I
was
trying
to
keep
it.
I
was
just
trying
to
keep
it
shorter,
so
I
took
out
the
four
open
source.
B
D
Well,
I
I
think
the
notion
is,
is
that
are
the
tools
exclusively
open
source
or
not,
and
I
think
the
my
understanding
is
no,
but
up
to
you,
I,
if
you,
if
you
just
use
oss,
it's
not
that
long,
but
up
to
you
either
way
is
short.
B
B
D
B
A
No,
I
I
think
for
for
a
short
existing
description.
These
are
pretty
accurate,
okay,.
B
All
right
good,
so
we'll
get
that
we'll
get
this
announcement
out
later
today
and
we're
also
going
to
so
I'll.
Send
it
to
the
announce
mailing
list.
B
We're
gonna
put
up
a
blog
post
for
it
and
we'll
also
do
send
a
tweet
out
from
the
from
the
open,
ssf
twitter
account,
and
then
we
also
would
encourage
you
know
anyone
and
we
we
have
a
note
down
at
the
bottom
of
this
announcement
and
we'll
encourage
anyone
here
or
any
of
our
members
to
feel
free
to
share
this
information
as
well,
so
retweet
it
with
others
and
drop
it
on
your.
B
All
right,
so
next
is
our
get
involved
page
and
we
have
already
updated
the
ryan,
if
you
don't
mind
clicking
on
the
link
to
the
website
for,
for
starters,
that
getting
get
involved.
B
So
we've
changed
the
already
the
button
at
the
top
right
of
the
screen,
it
used
to
say,
join
and
now
it
says,
get
involved,
and
then
the
page
also
has
the
title
get
involved
and
the
next
step
that
we'll
do
is
updating
the
content
of
the
page
so
that
it's
richer
and
it'll
still
point
off
to
other
places.
But
we'll
provide
a
little
more
detail
here.
A
Yeah
quick
question
on
this
one:
I
know
we're
still
figuring
this
out,
but
once
we
have
sort
of
funding
and
how
we're
going
to
do
that
and
sponsorship.
Whatever
will
that
go
on
this
page
as
well.
B
Yeah,
it
will
we'll
probably
have
a
link
from
this
page
to
something
that's
more
detailed,
I'm
not
sure.
B
F
Might
we
can
either
build
it
out
to
be
two
separate
pages
we're
in
or
we
can
consolidate
it
and
update
the
content
to
be
a
little
bit
more
robust
as
far
as
like
what
the
membership
levels
are,
the
offerings
for
those
levels,
et
cetera
and
there's
like
other
projects,
with
a
ton
of
different
examples
that
we
can
kind
of
draw
inspiration
from.
So
we
can
take
that
one
of
two
ways,
but
we
can
definitely
update
augment
that
best
suits
us.
B
Okay,
yeah,
that
sounds
good,
okay,
all
right
and
then,
if
you
click
on
the
draft
button,
so
so
down
under
web.
So
the
top
of
this
I
just
have
the
goals
while
we're
updating
it
and
then
under
website
under
that
dashed
line.
It's
a
draft
of
the
text
for
that,
so
the
we'll
be
adding
more
information
about
individuals.
So
membership
is
open
to
everyone,
we're
organized
into
technical,
technical
and
advisory
activities
and
then
under
technical.
B
Committee
and
then
for
organizations
that
we
have
just
a
little
more
information,
not
a
ton
but
we're
saying
organizations
can
join
the
open
sss
as
members
membership
allows
organizations
to
showcase
support
for
open
source
security
and
provide
funding.
I'm
not
sure
if
I'm
saying
this
right
right
now
or
if
we
even
want
to
say
this
so
in
this
intro.
B
If
you're
interested
in
joining,
please
review
the
documents,
and
then
we
have
a
link
to
the
corporate
membership
document.
So
the
thing
I
was
struggling
with
is
I
mean
we
do.
Wan
members
do
provide
funding
even
now
to
some
extent,
because
we
do
ask
that
members
be
members
of
the
linux
foundation
and
we're
heavily
supported
by
the
linux
foundation.
Eventually,
we
will
ask
members
to
provide
funds
as
well,
but
we're
not
doing
that
yet
so
yeah
so
I'll
I'll
just
stop
there.
I
maybe
I
just
maybe,
I
should
just
say,
provide
funding.
B
Maybe
I
leave
that
out.
Maybe
it's
okay,
the
way
it
is,
I'm
open
to
comments.
A
If
you're
concerned
about
funding,
I
can
see
why
you
would
be
especially
with
where
we're
at
right
now,
you
could
easily
just
take
it
out
and
say
showcase
support
for
open
source
security,
like
support,
can
take
a
lot
of
different
methods
right.
It
can
be
in
direct
involvement.
It
could
be
via
funds,
it's
generic
enough
that
I
think
that's
inclusive.
If
you're
worried
about
it
and
then
once
we
have
sort
of
funding
figured
out
and
then
we
can
flush
this
out
a
little
bit
more.
A
G
Yeah,
I
think
it's
important
that
we
make
clear
that
you
can
easily
participate
in
this
group,
even
if
you
are
not
having
an
institutional
sponsor
or
affiliation,
and
that
doing
so
is
free.
B
Right
so-
and
we
covered
that-
I
cover
it
four
times
above
actually.
G
One
one
implication
of
that
might
lead
to
people
kind
of
overreacting
and
having
these
questions
just
it's
something
that
I've
experienced
before
when
doing
something
with
with
a
non-profit
group
and
I've
kind
of
learned.
My
lesson
so
you
might
be
hearing
from
from
my
my
scars
at
this
moment.
Okay,
all
right.
B
All
right:
well,
I
think
we
could.
I
think
we
can
easily
take
that
out.
Since
you
know
we
don't
even
have
we
don't
have
a
clear
funding
plan
currently
other
than
through
the
linux
foundation.
So
so
why
don't
we,
I
think
we
can.
I
don't
have
this
open
ryan.
Can
I
call
on
you
to
do
some
on
the
fly
editing
for
me.
B
G
B
Out
and
provide
funding
and
let's
see
if
we
can
showcase
support
for
the
development
and.
B
B
I
can
massage
that
just
a
little
bit
more,
but
we
don't
have
to
do
that
on
this
call.
So,
okay,
so
that's
the
get
involved
user
experience.
I
think
we're
you
know
we're
close
to
done
on
that
and
we'll
get
the
up.
The
web
page
updated
thanks
to
everyone
for
your
help.
You
know
putting
together
the
readme
doc,
getting
the
readme
documents
updated,
and
you
know
things
are
nice
and
consistent
now,
so
we've
come
come
a
good
ways.
B
Let's
see
so
security
community
governing
board
representative
lindsey.
Do
you
have
any
updates
on
that?
Do
we
have
do
we
know?
Do
we
have
some
nominees
now?
Is
there
more?
We
need
to
do.
F
I
believe
ryan
or
jennifer
has
the
ownership
rights
to
that
form.
I
think
it's.
A
A
Okay.
Hopefully
this
doesn't
take
too
long,
but
there
are
three
nominations.
The
last
time
that
I
saw
this
some
were
individuals
and
some
were
like
self-domination.
B
B
I
A
So
I
can
set
these
out
so
that
people
can
start
looking
at
them
too.
I'll
add
edited
access
to
folks
today
and
then
we
can
start
reviewing
these
things
and
something
as
a
timeline
comes
up.
It's
not
you
know,
start
from
zero.
B
And,
what's
our
what's
the
end
of
our
nomination
period,
does
anyone
remember
that
right
off,
it's.
F
B
F
G
The
23rd
okay,
so
I
think
I
think
we
have
to
arrange
to
send
out
some
kind
of
voting
form.
It
wasn't
clear
in
our
announcement.
I
think
whether
we'd
send
it
out
on
the
23rd
or
the
24th,
but
we
should
arrange
to
be
doing
that.
G
So
we
should
figure
out
what
we're
going
to
use
for
the
voting
and
who's
going
to
do
that
and
like
I'm,
I'm
done
with
doing
it
or
if
anyone
else
wants
to
it
doesn't
matter
to
me,
but
we
should
prepare
for
that
just
because
it
would
be
like
end
of
day
friday.
I
imagine
that
it
would
be
done
and
then
we
give
people
the
weekend
for
voting,
and
I
think
the
voting
goes
until
november
5th.
A
B
G
E
I've
been
involved
with
have
used
condorcet.
E
G
Okay,
great
in
terms
of
the
voting:
do
we
want
to
do
it
ranked
choice,
or
do
we
want
to
do
individual?
Does
it?
Let
us
choose.
D
If
you
I,
I
presume,
you're,
referring
to
the
kind
of
condorcet
internet
voting
service
out
of
cornell.
E
A
G
And
I
guess
my
next
question
would
be:
we
had
set
some
voting
criteria
previously,
so
I
think
you
had
to
be
a
member
of
one
of
the
mailing
lists
or
something
like
that.
How
are
we
going
to
enforce
that
in
this
voting.
E
C
B
No
for
this
for
the
security
community
representative,
it's
it's
members,
voting
on
it.
B
No,
the
way
that
we
I've
discussed
doing
it
is
that
any
it's
anyone
who's
on
the
on
any
on
one
of
our
mailing
lists.
A
E
Yeah,
it
makes
sense,
so
it's
not
so
much
members,
then
as
contributors.
J
G
I
mean
I
have
a
bunch
of
imperfect
propositions.
One
could
be
having
people
disclose
their
associated
email
address,
so
we
can
validate
against
a
list.
The
downside
to
that
one
is
kind
of
obvious
another
one
would
be
an
honor
system
where,
if
possible,
through
this
system-
and
it's
not
clear
to
me
if
this
is
possible,
but
we
could
check
that
voting
involves
like
a
checkbox
saying
that
you
are
a
member
of
openness
of
announce
or
whatever.
G
G
E
That
the
lf
staff
that
organized
that
has
a
very
elaborate
process
for
sort
of
permissioning
the
the
voting
list.
So
I
can
point
you
to
somebody
there.
If
that
would
be
helpful.
F
K
G
Well,
I
guess
that
is
a
pretty
elegant
solution.
I
mean
if,
if
the
requirement,
if,
if
to
vote,
you
have
to
receive
the
link
and
the
only
place
we
send,
the
link
is
the
alias
that
represents
all
of
the
people
that
are
eligible
to
vote.
That
actually
makes
a
lot
of
sense.
K
I
think
it's
a
little
more
subtle,
condorcet
does
the
emailing
for
you,
so
you
give
them
the
list
of
people
and
then
they
send
all
those
people
the
right
link.
G
G
Okay,
yeah,
that
sounds
good,
and
then
I
suppose
that
when
you
are
back,
we
could
just
validate
that.
No
one
joins
a
list
on
friday
that
we
need
to
also
send
it
to.
F
G
D
By
the
way,
I
I've
snuck
into
the
notes
some
information
and
links.
A
It
does
contort
did
they
validate,
so
I
know
that
they're
going
to
send
the
original
emails
out.
Does
that?
Does
everybody
get
a
unique
link?
Is
it
or
is
it
just
one
generic
link
that
everybody
gets
to
the
list?
It's
unique.
D
By
the
way
I
have
not,
I
have
not
done
this
any
a
series
yeah.
I
have
not
done
any
analysis
of
their
security
and
so
on,
but
I
did
notice
they
have
a
page
about
it.
So
I
snuck
that
in
in
there-
and
I
suspect,
for
several
that's
going
to
be
our
bedtime
reading.
G
I've
I've
long
since
learned
my
lesson
that
I
tend
to
make
statements
like
you
know,
submitting
malware
as
a
part
of
your
application
will
result
in
disqualification.
This
is
not
your
exploits,
otherwise.
I'd
be
scared
to
open
my
email
every
day.
A
All
right,
so
thank
you
for
doing
that.
Let's
still
be
able
to
get
that
out.
Okay,
any
other
agenda
topics
before
we
jump
into
issue
review.
I
know
this
can
get
a
little
tedious
here,
I'm
hoping
we
can
just
close
some
of
these
out
quickly,
though.
A
Let's
jump
into
this,
so
I'm
not
sure
who
added
all
these
but
status
like
I
know,
there's
a
few
of
these
around
at
working
group
meetings
to
the
public
calendar
before
we
jump
into
that
one
okay,
I
know
you'd
start
looking
at
another
system
to
start
using
has
there
been
any
updates
on
that.
B
Oh
for
calendaring,
yeah.
A
B
All
right,
so
he
had
a
we've.
We've
looked
into
so
we
looked
at
list.io
and
we
discussed
last
time.
We
met
what
our
requirements
are
for
a
calendar
and
looks
like
lists.I
o
didn't
help
us
with
that,
in
particular.
B
An
issue
with
that
is
that
it
required
the
individual
to
log
in
before
they
could
see
the
calendar,
and
there
were
a
couple
of
other
issues
there
too.
So
we
discounted
that
one.
B
Then
we
lindsey
and
I
met
with
another
company
last
week
and
they
had
a
calendaring
offering
that
also
it
was
pretty
good,
but
still
had
a
couple
of
things
that
weren't
exactly
what
we
wanted
and
there
was
there's
a
small
fee.
I
think
it's
20
a
month
or
something
to
use
their
system.
B
So
then,
in
talking
with
mark
cox,
who's
also
been
kind
of
helping
us
think
about
this.
He's
a
member
on
the
governing
board
from
red
hat.
B
He
was
suggesting
that
maybe
we
want
to
just
create
ics
files
for
each
of
the
working
groups
and
then
have
the
a
link
to
the
ics
file
on
their
readme.com
page,
a
readme
anyway
review
page,
and
we
could
do
that
in
addition
to
wait.
So
we
could
do
just
that
and
have
the
ics
files
and
that
way
people
can
easily,
you
know,
add
a
meeting
to
their
own
calendar.
B
B
So
I'm
interested
in
people's
thoughts.
Is
it
on
the
the
ics
files?
We
could
ask
each
working
group
lead
to
create
an
ics
file
on
their
own
and
then
add
it
to
the
readme.
B
B
A
Files,
I
think
we
can
certainly
start
with
that
and
and
see
if
it
solves
a
lot
of
the
pain
and
I
know
generated
those
ics
files
from
the
existing
calendar
invites
on
the
google
calendar
is.
A
Tedious
but
doable
so
I
think
whoever
has
permissions
to
all
of
them
can
easily
go
in
there
and
you
gotta
go
into
settings
and
then
you
click
a
couple
buttons
and
you
get
a
link.
So
we
can
collect
those
and
share
those
out
and
have
everybody
update
their
readings.
A
So
I
think
yeah,
the
most
difficult
part
is
just
permission.
So
I'm
happy
to
do
it.
If
I
can
get
access
to
everything.
K
A
Yeah,
so
if
we
have
one-off
meeting
changes
and
things
people
aren't
going
to
get
those
updates,
unfortunately,
but
if
you're
already
an
attendee,
hopefully
on
one
of
the
lists
as
well,
so
you
know
something
got
moved
they
could
they
can
email
that
out
as
sort
of
a
workaround,
so
yeah
we
don't
get
the
automatic
syncing.
Unfortunately,.
B
I
don't
know
of
a
way
to
get
the
automatic
syncing
that
that
would
be
ideal.
It
seems
like
there
are
two
options:
there's
you
can
subscribe
to
a
calendar
and
then
you
know
anytime
the
calendar
changes
then
you'll
see
the
changes,
but
but
then
you've
just
subscribed
to
the
calendar.
You
you
haven't
actually
added
the
meeting
to
your
own
calendar.
B
Ics
is
the
only
way,
I
know
to
add
a
meeting
to
your
own
calendar.
I
guess
that's
not
true.
So
the
other
way
it
can
happen
is
if
you're
invited
to
the
meeting
initially,
then
it
will
get
on
your
own
calendar
and
then,
if
the
meeting
is
updated,
why?
B
Because
you're
an
invitee
you'll
get
the
updated
invitations,
but
inviting
so
that's
another
way
we
could
go
is
maybe
when
someone
joins
a
working
group,
then
the
working
group
lead
adds
that
person
to
the
calendar,
but
it's
a
lot
of
a
lot
of
work
for
a
working
group
lead
to
maintain,
and
I
think
it
probably
would
might
fall
out
of
date.
So.
B
A
E
So
it's
linked
in
that
issue,
nine
there
from
their
group
and
then
that
was
dan
other
dan
had
an
action
on
that
one.
So
and
I
don't
know
how
much
you
want
to
go
through
the
issues
ryan.
What
I
did
was
I
just
tried
to
cherry
pick
ones
that
looked
like
we
could
close
them
out
in
this
meeting.
A
No,
that's
fair,
I
mean
we
can
yeah
go
through
the
main
ones.
I
think
is
fine.
So
on
the
security
tooling,
they
have
a
link
to
their
invite,
but
they
don't
have
it
on.
The
calendar
doesn't
seem.
E
So
they
had
asked,
I
think,
for
permissions
from
dan,
and
I
don't
know
if
dan
you
had
a
chance
to
follow
up
with
them
or
if
they
just
don't
know
that
you've
added
them.
K
No,
I
looked
to
see
how
to
add
people
and
couldn't
quite
figure
it
out.
I
need
to
dig
in
a
little
bit
more.
I
think
we
can
probably
just
add
their
meeting
for
now,
though,.
A
E
And
then
sort
of
the
the
meta
meta
issue
on
the
the
bullet
above
this
and
the
agenda
is
whether
you
want
to
assign
owners
or
assignees
might
be
the
right
term.
A
We
could
do
some
of
them,
don't
so,
let's
go
through
these
top
level
ones,
really
quick
and
kind
of
see
where
we're
at
for
time
and
then
okay,
so
the
calendar
ones
this
one,
I'm
pretty
sure
we
can
close
out.
This
is
update
the
readme
without
engage.
Everybody
has
done
this.
A
A
So
on
this
one
or
if
somebody
else
has
to
try
to
close
it
up,
oh
the
cla
pulses.
E
Yeah,
so
this
one
was,
we
said:
well,
we
need
a
default
policy
and
then
somebody
said
well,
it's
already
in
the
charter,
and
then
somebody
else
pointed
out
that
well,
the
overarching
charter
for
open
ssf
doesn't
declare
it.
And
then
I
think
k
clarified
that
well
in
the
template
charter,
it's
set
as
as
apache
2
or
something
so
I
don't
know
if
that's
if
that's
sufficient
for
people
as
a
policy
or
if
people
need
a
top-level
policy
somewhere.
A
That's
a
good
question.
I
know
we've
discussed
this
a
lot
in
the
past
and
various
degrees
saying
that
yeah
we
can
default
to
apache
too
everybody's,
pretty
comfortable
with
that.
If
there
is
some
reason
for
a
working
group
or
a
project
and
need
to
use
something
else,
then
we
can
review
it
at
the
tac
level
when
they're
getting
formed
and
approved
and
just
kind
of
handle
the
one-offs,
but
the
defaults.
Can
you
know
apache?
Do
you
find
for
most
folks?
Other
people
have
thoughts
on
that.
K
Yeah,
I
think
the
issue
here
is
that
we
need
to
document
that
somewhere.
If
we
let
working
groups
pick
their
own
policies
and
their
own
charters,
then
one
of
them
could
just
pick
something
like
you
know,
a
gpl
or
wtf
a
hub
pl,
or
something
like
that
that
we
probably
don't
want.
So
I
think
we
just
need
something
at
the
tack
level
saying
this
is
what
you
should
use
and
if
you
want
to
use
something
else,
come
ask
the
tag.
A
Okay,
that's
fair,
so
what
we
could
do
is
create
a
document
like
document
the
process
and
the
attack
repo.
That
says,
you
know
how
to
form
a
working
group
kind
of
a
quick
checkbox
list
and
mention
it
in
there
and
then
link
to
the
the
charger.md
files
was
that
would
that
be
sufficient.
A
The
template
right,
so
here's
what
you
use
to
to
start
your
working
group.
If
you
want
to
form
a
new
working
group
and
here's
the
process
and
creating
a
repo
and
using
this
charter
md,
it
defaults
to
apache
2.
If
you
want
to
use
something
else,
you
know
specify
in
there
and
that'll
be
part
of
the
review
process
of
going
to
the
dac
for
a
working
group.
B
The
the
charter.md
is
pretty
clear
about
the
process
for
changing
the
licensing.
I
it's
been
a
few
days
since
I
looked
at
it,
but
the
section
that
talks
about
licensing
describes,
apache
and
and
then
it
also
describes
the
process
for
changing
to
something
else.
It's
down
towards
the
bottom.
I
think
ryan.
E
So
I
think
the
the
potential
issue
is
just
that
the
working
groups
are
or
may
feel
free
to
customize
this,
because,
like
a
lot
of
the
governance
language-
and
you
hear
about
having
like
a
technical
steering
committee
and
all
that
is
kind
of
maybe
heavyweight,
so
it's
pretty
heavy-handed
for
a
lot
of
working
groups.
Yes,.
K
K
I
K
B
K
B
B
Because
the
governing
board
deals
with
the
legal
legal
aspects
for
the
community.
B
B
Maybe
the
only
remaining
question
is
you
know
for
any
new
working
group?
Is
it
required
that
they,
you
know,
fill
out
this
charter
md
and
or
does
it
maybe
the
right
way
to
say?
Does
it
automatically
get
pre-populated
into
the
into
the
repository
in
the
past?
It
has
been
dropped
into
the
repository
for
each
new
working
group.
So.
A
Yes,
if
you
use
the
template
to
generate
your
repo,
this
will
automatically
be
part
of
it.
I
think
what
we
may
need
to
do
is
go
through
this
and
indicate
four
new
working
groups,
which
of
these
are
actually
like
required
required
like
the
tsc,
and
you
know
those
types
of
things,
because
that
you
know
like
dancing.
I
think
it's
it's
a
little
heavy-handed
for
a
lot
of
these
groups
that
have
like
full
committees.
A
A
You
know
type
indicators
in
there
just
so
that
folks
know
that,
because
I
think
this
should
be
required,
but
I
think
we
need
to
be
very
clear
about
just
exactly
what
is
necessary,
so
it
doesn't
feel
like.
Oh,
my
god,
I've
got
to
go
through
this
whole
gigantic
process.
Just
to
spin
up
a
working
group.
B
K
I
mean
sort
of,
I
think,
yeah.
I
think
these
kind
of
got
copied
into
some
of
the
repos
and
nobody's
really
looked
at
them
or
touched
them
or
changed
them
yet
so
they
all
have.
These
placeholders,
like
the
mission,
is
to
mission
statement,
so
I
don't
think
any
of
them
are
actually
in
a
decent
adopted
working,
enforced
state
right
now,
and
I
don't
think
that
even
if
we
tried
to
for
most
of
the
working
groups,
they
could
form
at
tsc
with
voting
and
elections
of
itself.
So.
A
I
think
this
is
like
this
information.
There
I
think,
is
useful.
When
a
working
group
reaches
a
particular
size
phase,
you
know
having
that
that
level
of
coordination,
I
think,
makes
sense,
but
for
what
we
have
right
now
of
all
the
current
working
groups.
The
fact
that
we
have
like
a
lead
in
the
co-lead
seems
to
be
pretty
reasonable
for
everybody,
so
I
don't
want
working
groups
as
we
go
through
this
process
of
formalizing
them.
A
So
what
we
should
do
is
just
everybody
go
through
and
review
this.
We
can
make
this
the
topic
of
the
next
meeting
as
well,
because
I
think,
there's
a
lot
to
go
through
here
and
come
up
with
a
couple
of
different
proposals.
A
K
So
I
know
like
I
think,
some
of
the
other
groups
in
the
lf
use
not
quite
a
template.
They
just
have
like
a
set
of
requirements.
They
look
for
in
subproject
governance,
like
the
cncf
just
says
you
have
to
have
defined
governance.
That
is
open.
I
think
that
they've
clarified
it
recently,
but
like
bdfl
was
not
allowed,
you
couldn't
have
a
project
with
one
person
in
charge
of
it
for
life
and
get
into
the
cncf,
so
they
just
kind
of
had
requirements,
but
they
allowed
projects
to
come
up
with
whatever
they
wanted
that
fit.
A
Agreed
yeah-
and
I
think
this
this
document
was
really
meant
to
be
that
starting
point
for
for
groups
to
do
that.
But
looking
at
it
like
it's
pretty
elaborate
right,
I
think
replacing
section
two
and
three
is
probably
the
easy
thing
to
then
just
put
a
section
where
they
can
define
each
one
group
and
define
their
governance
model
like
you're
talking
about
as
they
see
fit.
I
A
A
Yeah
so
I
mean
we
can
make
this
the
topic
for
the
next
meeting.
If
that
makes
sense
here,
but.
E
Sounds
good,
I
can
annotate
the
issue
that
the
default
should
be
interpreted
to
be
apache
too,
but
the
actual
way
that
we
communicate
that
policy
is
still
open.
So
this
particular
issue
would
be
open
and
then
we've
got
a
separate
issue
or
two
for
the
charter
in
its
entirety,
which
sounds
like
what
you
want
to
cover.
A
E
B
A
A
Oh
yes,
okay,
so
this
is
something
I
mentioned
to
lindsay
about
this
a
while
ago.
A
So
this
is
basically
saying
we
have
new
members
that
come
in
right
and
they're
not
automatically
made
members
of
the
ossf
organization
on
github,
so
we
definitely
need
a
process
for
this.
I
don't
think
it
should
be
the
let's
just
ping,
one
of
the
admins
of
the
organization
and
add
them.
I
think,
it'd
be
a
lot
easier
if,
during
that
whole
flow
of
signing
up
new
members,
we
collected
a
list
of
github
ids
that
can
automatically
be
added
to
that
lindsay.
F
So
I
have
been,
as
new
members
have
come
in
I've
had
that
added
that
as
one
of
the
engagement
points
like
in
addition
to
sign
up
for
the
mailing
list,
all
of
that
and
I've
requested
github
ids.
However,
I've
not
received
any
so
that
is
one
step
in
the
process,
but
I
think
folks
don't
realize
initially
that
they
need
to
provide
that
until
they're
trying
to
get
in
so
there
may
be
another
tactic
that
we
need
to
deploy
here.
A
Oh,
that's
right
all
right,
so
what
we
could
do
then,
as
well,
is
have
linkedin
one
of
the
other
repos
for
like
that
or
in
the
getting
started.
Actually,
maybe
okay,
we
could
add
it
there
on
how
to
get
involved
and
and
to
join.
We
can
have
a
link
that
they
can
request
access
to
the
organization
and
one
of
the
admins
can
go
ahead
and
grant
that
form
rather
than
having
to
you
know
ping.
One
offs
like
this
to
get
it
set
up.
A
I
don't
think
there
is,
I
don't
think
github
has
a
way
to
just
say:
hey
I
want
to
be.
You
know,
request
access
to
this.
I
think
there's
going
to
be
a
list
of
admins
or
what
we
could
do
is
set
up.
We
could
set
up
so
that
issues
could
be
created
and
then
assigned
every.
C
Alternatively,
I
would
suggest
that
every
if
we're,
only
onboarding
organizations
that
we're
concerned
about
then
every
time
you
unborn
an
organization
create
a
team
with
the
organization
having
some
giving
somebody
access
to
that
team,
add
the
team
to
our
org
and
then
they
can
add
anybody
from
their
org
to
that
team.
So
that
makes
any
fun.
B
A
A
So
I
can
do
that
as
part
of
this
and
then
once
I
get
that
done
I'll
close
this
out.
So.
B
A
Oh
and
then
dude
added,
so
that's
it
for
the
github
issues
that
we
have
listed
in
here
and
then
david
asks.
Do
we
want
tac
to
review
each
working
group
charter?
Yes,
so
once
you
have
that
the
finalization
of
the
the
process
of
sort
of
approving
all
of
them,
we
should
definitely
go
that'll.
Be
part
of
that
that
we
go
through.
I
know
I
have
the
responsibility
to
do
that.
I've
been
behind.
A
I
was
out
last
week
and
yesterday
so
I'll
be
taking
a
look
at
that
today
and
possibly
tomorrow.
So
hopefully,
with
the
next
few
days,
we'll
have
some
more
clarity
on
that
and
then
we
can
get
that
process
rolling
by
the
next
meeting.
But
yes,
we
definitely
want
to
do
that
and
I
believe
there.
D
A
D
D
How's
this
I
I
know,
I
know
how
to
push
the
buttons
and
and
create
issues.
D
D
A
So
since
we're
okay
enough!
Sorry,
yeah!
Sorry!
Sorry,
that's
all
right!
No
worries!
Okay,
so
we've
got
three
minutes
left
here.
Is
there
any
other
issues
that
somebody
wants
to
discuss?
Real,
quick
or
I'm
happy
to
give
people
three.
K
Minutes
of
their
lives
back
today,
we
still
have
the
pending
thread
about
what
we're
doing
the
best
practices
thing.
I
don't
think
we
need
an
answer
right
now,
but
it
seems
like
there's
still
confusion
about
what
the
next
step
is
and
the
working
groups
are
still
confused.
K
E
So
I
think
what
you
suggested
last
time
dan
was
that
the
they
should
provide
their
charters
and
then
the
attack
would
evaluate
whether
the
best
practices
fit
there
or
whether
the
cia
fit
there
based
on
an
approved
charter,
which
is
a
longer
term
thing,
be
totally
cool
with
me.
If
you
just
voted
on
a
map
too,
but.
A
Yeah,
I
think
from
my
response.
It
seems
like
most
people
know
what
each
of
those
working
groups
currently
do
and
what
their
their
objectives
are.
If
not
then
yeah,
maybe
we
should
have
them,
write
it
down
for
everybody,
but
is
there
any
objection
to
just
going
ahead
and
starting
to
vote
on
it
that
works
for
me.
B
I'm
so
I
have
a.
I
have
a
concern.
My
my
concern
is
that
we're
going
through
an
activity
in
the
right
now
in
the.
B
Which
group
the
identified
security
threats
working
group
where
we're
looking
at
security,
best
practices
plus
the
the
dashboard,
the
security
metrics
dashboard
plus.
This
is
another
security
court
scorecard
effort
that
that
dan
and
kim
from
google
have
been
working
on,
and
I
think,
there's
a
lot
of
overlap
across
all
of
those
and
we're.
You
know
we're
trying
to
figure
out
kind
of
what
our
strategy
is
for
those
short
term
and
long
term,
and
I
I
think
it
would
be
useful
to
finish
that
process
before
we
decide.
B
I
I
guess
my
concern
is
that
we
we
try
to
make
a
decision
based
on
the
text
of
the
charter
for
each
group,
rather
than
you
know
how
it
fits
in
with
the
actual
work
and
deliverables
of
the
working
group.
So,
and
maybe
there
I'm
just
you
know
showing
my
hand
a
little
saying
that
you
know
I
feel,
like
you
know,
when
you
look
at
what's
what
you
know
what
it
is
it
feels
more
like
the
dashboard
is.
B
I
E
B
Them
right
so,
but
then
do
we
move
all
the
you
know.
You
could
make
that
same
case
for
the
the
dashboard
and
the
security
metrics
dashboard,
and
so
you
know
then
do
we
move
all
of
them
to
best
practices.
So.
A
Right
so
I
think
you
know
we're
pretty
much
out
of
time
here,
so
I
just
want
to
say
real
quick.
I
think
this
is
really
a
question
of
how
we
want
to
slice
it
right,
because
there
is,
it
clearly
works
in
both
groups.
It's
a
matter
of
how
we're
going
to
define-
and
I
think
gave
us
to
your
point
as
well
as
to
say
what
are
the
actual
deliverables
of
each
group.
I
have
my
own
opinion
on
this.
Actually
I
actually
think
part
of
this
should
be
split
a
little
bit.
A
So
how
about
we
do
this?
What
if
we
come
up
with
a
proposal?
I'm
happy
to
start,
I
feel
like.
I
know
both
working
groups
pretty
well
and
say
that
it's
either
going
to
be
all
in
one
group
or
the
other,
or
there's
some
coordination
of
effort
between
the
two
and
define
what
those
specifically
are
and
then
that's
how
we
divide
it
up
and
then
we
can
bring
that
up
for
discussion
and
hold
the
vote.
A
Okay,
I
will
work
on
that
this
week
and
and
send
it
out,
and
people
can
comment.
We
can
have
discussion
async
in
the
document
and
then
when
we
feel
like
it's
kind
of
settled
as
far
as
an
accurate
description
of
the
proposals,
and
then
we
can
hold
the
vote
for
it
so
awesome.
Thank
you,
everybody!
Sorry!
I
was
gonna.
A
Give
you
three
minutes
back
and
said
I
stole
two
and
but
look
look
for
more
emails
and
issues
coming
your
way
later
this
week
and
again,
thanks
for
everybody's
time,
see
you
guys
later.
Okay,.