►
From YouTube: OpenSSF TAC Meeting (July 12, 2022)
B
A
All
right,
I
guess
we'll
go
ahead
and
get
started.
Then
jen
looks
like
you're
up
first
on
the
agenda
for
a
discussion
on
the
town
hall.
B
Sure
hi,
everybody
sorry
apologies
for
my
voice,
a
little
scratchy
getting
over
something.
So
we
are
we
communicated
about
trying
to
put
together
a
town
hall,
the
date
for
that
was
initially
envisioned
as
being
july.
18Th
we're
getting
we're
getting
a
bit
closer
less
than
a
week
away,
I'm
just
about
a
week
away.
We
do
have
some
ideas
for
what
we
wanted
to
share.
B
We
wanted
to
keep
it
more
high
level
for,
for
folks
that
you
know,
haven't
necessarily
been
joining
the
tech
meetings
or
working
group
meetings
or
project
meetings,
but
folks
that
have
heard
about
openssf
and
want
to
get
more
involved.
So
that's
the
angle
that
we
were
wanting
to
to
take
this
time
around.
B
B
The
remainder
of
the
agenda
would
be
you
know,
either
from
myself
or
brian
or
for
from
jennifer
bly
from
a
marketing
perspective
kind
of
giving
an
overview
of
how
to
get
involved.
B
Events
that
are
coming
up-
maybe
a
recap
of
open
ssf
day
and
various
items
like
that,
but
we
really
wanted
to
keep
the
content
not
so
much
focused
on
the
staff
like
providing
an
update
and
having
the
community
more
involved.
So
if
the
question
is,
are
there
at
least
two
or
maybe
three
other
working
groups
of
projects
that
would
be
interested
in
participating
next
monday?
B
If
not,
and
you
need
a
little
bit
more
time,
we
could
push
the
date
out
a
couple
weeks
to
give
you
a
little
bit
more
time,
because
I
know
that's
been.
It's
been
really
busy
and
we've
had,
as
brian
has
mentioned,
there's
been
a
lot
of
big
asks
from
the
community
to
participate
in
events
of
late
so
certainly
understood
there,
but
I
wanted
to
throw
that
out
there
and
see
what
you'll
think.
B
I
think
if
we
don't
have
any
immediate
volunteers
brian,
what
do
you
think
giving
it
giving
it
to
the
end
of
the
day
and
then
making
a
decision
about
pushing
it
out.
C
I
mean
it's
it's
it's
really
important
to
me
that
if
not
the
open,
ssf
staff,
even
though
david
could
talk
for
a
full
hour
and
make
it
like
really
enjoyable
and
all
that
it's
pretty
important
to
me
that
it
not
fundamentally
rest
on
open,
sf
staff
to
to
deliver
the
town
halls.
C
So
I
I
you
know,
I
kind
of
feel
like
unless
there's
a
strong
sentiment
and
and-
and
you
know
here
on,
the
tech
call
is
where
you
know
I
I
assume
most
people
interested
in
doing
this
kind
of
work
would
be
unless
there's
strong
sentiment
on
this
call.
We
should
probably
just
go
ahead
and
defer
to
a
future
date.
I
don't
know
if
that's
a
few
a
few
weeks
out
or
or
further,
but
I
really
want
to
see
this
come
from
this
group,
rather
than
be
something
that
we
impose
on
you.
D
What's
is
the
request
corrupt
you
want
to
go.
Okay
is
the
request
specifically
for
working
group
leads
to
step
up
since
I'm
looking
and
I'm
not
sure
how
many
of
them
are
here
or
did
I
misunderstand.
C
You
know
we
thought
working
group
leads
would
be
the
ones
in
the
best
position,
either
to
summarize
the
work
going
on
in
their
working
groups
or
to
try
to
delegate
that
to
somebody
else
on.
The
working
group
doesn't
have
to
be
them,
but
our
hope
is
that
those
leads
are
the
most.
C
Are
the
leaders
in
the
working
groups,
but
I
you
know
anybody
here
in
the
tech
you
know
I
I'd
say
you
don't
have
to
wait
for
permission
from
a
working
group
lead
to
volunteer
to
talk
about
your
working
group
on
such
a
call
so
yeah,
it's
just.
We
start
we're
trying
to
figure
out
logically,
how
do
we
go
cascade
down
in
a
way
that
doesn't
end
up
with
mass
broadcast
calls
every
time
we
want
something,
but
we
could
adjust
that
that
approach
down
the
road
too.
E
F
I
would
recommend
we
defer
not
only
to
make
sure
that
we
get
can
get
more
participation,
but
also
so
we
can
promote
it.
I
mean
not
just
internally,
but
externally
we
really
haven't
had
the
chance
to
do
that
yet,
and
it
would
be
good
to
ensure
we
have
a
better
chance
of
attendees
agreed
david.
G
Yeah,
I
was
just
gonna
comment
about
the
potential
presenters
you
mentioned.
You
know
I
mean
not
just
the
working
group
leads
and
pac
members,
but
also
the
project
leads.
The
sig
leads.
Yes,
I
think
are
all
real.
Really
anybody
in
the
community,
but
those
I
think
are-
are
particularly
likely
be
plausible
speakers.
Yep.
D
C
More
like
early
to
mid
august
with
enough
lead
time,
you
know
we'll
just
keep
hitting
the
tack
list.
I
guess,
and
the
working
group
leads
who
hopefully
could
cascade
the
ask
out
to
their
working
groups
and
and
and
look
for
for
more
folks,
but
that
would
give
us
I
mean
if
we
really
want
to
take
a
few
weeks
to
promote
we
kind
of
need
the
speakers.
Ideally
we
have
the
speakers
identified
early
in
that
anyway.
C
So
do
we
think,
amongst
the
folks
here
on
the
call
who
are
involved
in
working
groups
and
projects
that
we
could
find
two
three
more
people
to
be
willing
to
talk
in
the
next
week
week
and
a
half
and
then
promote
for
mid-august,
town
hall.
C
Okay,
I'm
seeing
thumbs
up
from
from
crow.
So
so
why
don't
we
do
that?
Let's
say
by
the
at
least
the
next
hack
call
to
have
kind
of
the
folks
committed
and
then
and
then
do
a
talk
like
later.
Then
I
see
jacques
willing
to
volunteer
to
talk.
Okay,
thank
you
so
much.
I
think
that
means
we
should
do
it
at
a
time
that
is
australia
friendly
might
maybe
maybe
six
a.m
in
the
morning.
C
Your
time,
but
at
least
it
wouldn't
be
two
am
your
time
all
right,
we'll
we'll
see.
If
we
can
do
that.
C
We
did
we
emailed
working
group
leads,
but
but
I
know
it's
been
it's
summer
right,
so
we
also
had
a
realistic
expectation
about
about
people's
availability
and
and
and
bandwidth
and
during
the
summer,
so
but
it,
but
it
looks
like
it
looks
like
there's
plus
ones
to
to
doing
this
so
looks
like
we
have
our
answer.
H
I
I
was,
if
I
may,
just
interject,
I
was
going
to
point
out
that
it's
summer
and
in
europe
most
people
are
more
into
vacationing,
so
I
think
it'll
be
okay
to
favor
a
time
zone.
You
know
like
australia,
maybe
where
they
don't
have
that
than
europe,
because
I
don't
know,
there's
be
going
to
be
a
lot
of
attendees
from
europe
mid
or
beginning
of
august.
I
Yeah
very
quickly,
don't
set
an
australian
time
zone
for
my
benefit
if
it's
in
august
I'll
be
back
in
new
york.
If
you
know
other
australians
who
are
charming
and
wonderful,
then
sure.
A
Awesome,
let
the
record
show
that
all
right
moving
on
to
the
next
topic,
I
believe
dan
added
this
feedback
from
the
rollout
of
mandating
2fa
on
pipi
dan.
You
want
to
take
this.
J
Groups
and
one
of
their
big
initial
items
they
wanted
to
tackle
was
enabling
2fa
across
repositories.
They
did
a
ridiculous
amount
of
awesome
work
there
doing
as
carefully
as
they
could
and
started
making
announcements.
And,
unfortunately,
earlier
this
week
the
pi
pi
esf
announcement
a
bunch
of
backlash
from
folks
and
I
think,
given
our
spot
ecosystem,
consider
making
a
statement
of
support
for
those
maintainers
and
for
that
working
group
that
they
did
here.
J
J
A
Awesome
so
I
guess
any
any
comments
or
questions
for
dan's
proposal.
I
think
we
should
do
probe.
K
K
K
It's
something
we
can't
even
comprehend,
and
so
I
think,
like
statements
are
cool
and
I'm
all
for
that.
But
we
should
also,
I
think,
like
the
open.
Ssf
has
opportunities
to
do
even
more
like
how
can
we
provide
resources
or
something
you
know
like
put
our
money
where
our
mouth
is
so
to
speak?
And
so
I
think
this
feels
like
this
is
the
group
that
should
help
drive
all
of
this
forward.
K
I
Expand
on
that
a
little
bit
so
that
that
tweet
thread
about
the
support
burden
being
one
of
the
major
choke
points
for
mfa
requirements
came
from
conversations
in
the
securing
software
repo
groups,
where
we're
all
sort
of
facing
that
problem,
and
we
have
mooted
amongst
ourselves
putting
up
our
hands
for
open
ssf
funding
to
have
some
sort
of
like
a
shared
help
desk.
I
You
know
some
some
personal
persons
who
could
be
you
know,
enabled
to
work
on
multiple
ecosystems
so
that
we
can
pull
our
resources.
We
haven't
got
very
much
further
than
sort
of
a
bit
of
chin
stroking.
I
One
thing
I
will
ask
the
tack
for
since
you're
all
very
connected
and
and
charming
and
influential
people
is
data.
You
know
to
the
degree
that
you
belong
to
large
organizations
with
large
mfa.
Rollouts
data
is
essential
on
the
frequency
of
you.
H
I
I
Yeah,
basically
the
the
problem
is,
people
do
lose
their
keys,
they
do
lose
their
phones
and
you
need
to
have
a
human
in
the
loop
for
that
reset.
Otherwise,
it's
it's
just
the
soft
soft
underbelly,
and
even
then
it's
still
the
soft
underbelly
right,
like
your.
Your
attackers
can
be
pretty
creative,
so
it's
very
labor-intensive
to
vet
those
requests
and
to
to
go
through
as
many
steps
as
possible.
I
Make
sure
that
they're
not
a
thing
so
getting
the
kind
of
information
at
what
kind
of
support
burden
we
might
expect
to
be
looking
at
would
be
very
helpful
in
in
deciding
what
kind
of
support
we
want
to
ask
for.
J
G
So
at
least
I'm
hearing
support
then,
but
I
mean
it's:
the
tax
decision
pack.
C
I
think
I
think
a
statement
from
the
tech
is
going
to
be
pretty
compelling.
I
mean
just
that
like
carries,
carries
a
lot
of
weight
and
I
think
it
could
be
drafted
by
the
working
group
and
and
reflect
the
work
consensus
of
the
working
group
or
or
the
like,
but
it
would
be
great
to
see
this.
C
This
body
just
be
able
to
put
its
stamp
on
it,
and
then
we
publish
in
the
blog
and
and
push
it
in
the
socials
and
and
get
people
to
retweet,
and
all
that
I
did
also
see
in
the
thread
on
the
slack
channel
a
couple
of
people
willing
to
volunteer
ng
byron.
It
looks
like
a
few
others
and
it'd
be
kind
of
great
to
make
it
be
a
post.
I
know
it's
harder
to
write.
C
You
know
to
have
multiple
bylines,
but
I
would
be
interested
in
seeing
that
be
something
written
by
by
a
group
of
people
and
and
getting
new
volunteers.
New
new
energy
into
the
org
is
always
a
a
secondary
priority
for
me,
so
I
yeah.
I
think
this
is
a
good
opportunity
to
do
that
and
third,
if
we
do
have
a
way
to
add
some
new
coupons
or
do
a
refresh,
the
mfa
distribution
could
be
another
chance
to
to
say,
oh
and
by
the
way
we
found
a
stash
of
this
stuff.
C
If
anyone
wants
to
play
with
us,
just
send
us
send
us
a
your
info
and
we'll
send
these
coupons
out
to
you
or
something
like
that,
but
I
wouldn't
hold
up.
I
wouldn't
hold
up
the
announcement
to
line
that
up
it's
just
if
that
opportunistically
is
there
that'd
be
great.
D
Okay,
so
I
saw
my
hand
then
josh
and
then
david.
I
think
the
idea
of
the
attack
putting
public
comment
out
is
good.
Happy
to
have.
You
know,
do
my
part
to
review
that.
The
balance
that
I
would
like
us
to
strike
is
not
to
just
say:
yes,
these
are
good.
Everyone
should
do
it,
but
to
acknowledge
if
they
are
in
fact
an
additional
burden.
They
shift
the
the
location
of
attack
as
long
as
we
are
looking
at
it.
From
that
perspective,
taking
both
sides
into
account
on
this
issue
been
fantastic.
D
C
And
that's
what
the
thread
and
the
tech
channel
on
slack
got
to
is
that
it's
nuanced:
it
can't
just
be
protest
or
drama
and
the
people
the
critics
are
wrong.
It
should
make
a
case
that
it
acknowledges
those,
but
still
the
the
the
case
is
strong
to
do
the
right
thing
here.
D
Sounds
good
josh
and
then
david.
K
All
right,
thank
you.
Sorry,
I
lowered
my
hand
and
then
I
raised
it.
My
only
my
only
thing-
and
this
is
kind
of
pointed
at
you
a
little
bit
brian.
I
I
agree.
We
should
do
a
statement,
I'm
that's
great,
but
my
fear
is
always
we
do
a
statement
and
that's
it
and
then
it
dies
like.
I
want
to
make
sure
someone
owns
this
some
working
group
or
some
group
that
way
it's
not.
Oh,
we
did
a
statement,
good
job,
everyone.
K
G
David
yeah,
so
quick,
quick
statements.
First,
we
actually
do
have.
Oh,
this
is
broader,
not
specific,
about
dan's
comment,
but
we
do
actually
have
some
yubikey
tokens
left
that
we
can
distribute
for
the
great
mfa
project
if
the
tax
look,
if
the
tax
says
hey,
let's
a
statement
at
least
is
a
reasonable
start.
I'm
guessing
dan's
gonna
start
by
drafting
something,
maybe
working
with
the
repos
working
group
and
then
try
to
bring
a
report
back.
You
know
the
draft.
G
G
D
Just
to
comment
that,
let's,
let's
not
spend
too
much
time
trying
to
solve
the
writing
here
once
the
working
group
has
something
then
let's
iterate
over
email
to
discuss
that,
because
I
do
think
it
is
nuanced,
and
each
of
us
have
different
and
good
points
to
bring
to
it.
There's
been
some
lovely
chat
on
the
side
here
as
well
about
about
where
some
of
this
pushback
comes
from
that
I
think
some
folks
may
not
understand.
A
Great
point
all
right,
so
I
guess
just
one
quick.
If
anybody
has
any
dissensions
to
issuing
a
statement,
I
want
to
give
a
chance
for
folks
to
vocalize
that
now
otherwise
it
sounds
like
we
have
consensus
that
everybody's
supportive
of
moving
forward,
so
looking
at
head
nodding,
looks
like
we're
good,
so
awesome.
Well,
thank
you
for
taking
the
action
to
at
least
pull
together
that
draft
and
look
forward
to
helping
review
that
all
right.
Next
on
the
agenda,
david
dco.
G
Enforcement
right,
so
I
I
abused
everyone's
inboxes
earlier,
noting
that,
while
the
open
ssf
charter
says
we're
all
beginning
to
be
using
dcos-
and
that
is
not
a
st
a
thing
that
always
happens,
how's-
that
if
I
I'm
trying
to
be
gentle
here,
some
some
projects
do
enforce
it,
but
a
lot
don't
and
so
it
kind
of
gets
lost.
So
I'm
proposing
that
we
just
turn
on
enforcement
on
the
pull
requests.
G
You
know
if
you're
not
familiar
with
dcos
they're,
not
hard
to
add
yeah,
yet
there's
a
little
startup
pane
if
you've
not
done
them
before.
But
but
the
key
thing
is
that
if
we
just
enforce
it,
it'll
become
just
part
of
the
landscape,
as
opposed
to
the
hopes
and
prayers
of
trying
to
write
in
documentation.
G
A
A
We
find
that
we've
we've
reverted
from
the
desired
state,
whether
it's
you
know
something
our
colleagues
at
github
could
help
us
figure
out
or
if
it's
well
known,
I
I
can't
claim
expertise
in
terms
of
all
the
capabilities
setting
github
worldwide
policies,
but
I
know
there
should
be
some
approaches
with
automation
that
should
be
feasible,
that
we
could
look
to
implement
so
that
yeah
just
turn
it
on
and
be
done
with
it,
because
I
think
it's
it's
not
a
question
of
if
it
is
required
in
the
charter.
A
To
your
point,
it's
just
a
matter
of
implementing
that.
At
this
point
eva,
I
think
you
had
your
hand
up
next
yep.
D
General
thumbs
up
to
having
a
disco
if
we're
going
to
it,
should
be
turned
on
programmatically
to
all
the
places
that
require
it.
I
don't
I'm
not
convinced
that
every
single
repo
must
have
it
is
the
right
position
to
take.
There
could
be
some
where
it
isn't
important.
D
I
don't
know
yet
and
a
note
for
folks
that
if
we
do
that,
there's
been
a
discussion
recently
mike
dolan
weighed
in
that's
the
lfs
lawyer
on
this,
with
a
comment
on
a
different
issue
in
the
cncf
regarding
dcos,
real
names
and
and
that
work,
especially
since
the
openssf
intersects
much
more
with
the
infosec
community,
many
of
whom
don't
use
their
legal
name
in
public
record
in
git.
D
I
want
to
make
sure
that
if
we
do
something
to
adopt
a
dco
as
an
org,
officially
we
are
very
clear
in
what
it
is
requiring
for
the
signature
and
mike
dolan
summarized
the
lf's
position
very
well
that
this
is
a
common
name
by
which
someone
is
known
and
can
be
found
over
time,
not
necessarily
their
legal
name.
What's
on
their
passport
or
something
oh,.
G
Right:
yeah,
okay,
okay,
I
wasn't
sure
we
were
going
now.
I
understand
where
you're
going
agreed.
Can
you
point
me
to
the
I
mean
yeah?
I.
G
D
This
is
about
so
it's
a
discussion.
That's
come
up
in
many
forums,
most
recently
the
cncf,
the
very
contentious
situation
there
over
the
past
couple
weeks.
I'm
glad
mike
weighed
in
the
way
he
did
and
I'm
just
bringing
it
up
here
to
preempt
us
getting
backlash
from
the
security
community,
who
will
say
absolutely
not
all
right.
G
How's
this,
let
me
take
you
somewhere,
I'm
gonna,
wait
for
ava
to
point
me
to
that.
I
will
draft
an
email
for
the
working
group
leads
to
send
to
them.
Hey
we're
planning
on
turning
this
on
a
few
weeks,
please
no
blah
blah
blah
that
doesn't
require
a
legal
name
and
if
the
tax,
okay
with
that,
we
can
send
that
out
to
the
working
group
leads
and
and
ava.
If
it
turns
out
that
shouldn't
be
turned
on
for
some
repo.
G
I'm
not
sure
why,
but
I
guess
if,
if
we
hit
a
backlash,
then
we'll
find
out
about
them
in
the
next
few
weeks
or
when
we
first
try
to
turn
it
on.
We
can
turn
it
back
off.
If
there's
a
serious
problem.
L
So
no
thanks,
so
this
is
like
the
never-ending
black
hole
of
conversation
around
dco
and
identity
and
so
forth.
I,
I
think
that's
a
red
herring
yeah,
but
you
know
you
you.
As
a
maintainer
of
a
repository,
you
should
be
looking
for
people
putting
in
nobody
at
example.com
for
their
email
right
and
making
sure
that
it's
something
reasonable.
L
You
know
good
at
you
know,
github.com
or
whatever,
that
that
github
slams
on,
if
you
don't
put
something
for
your
email,
I
just
think
the
important
piece
here
is
that
we
have
a
clear
understanding
that
when
something
comes
into
especially
code,
but
it
could
also
be
text
that
they
have
the
right
to
contribute
it
right
that
it's
that
it's
theirs,
it's
unique,
that's
what
they're
signing
on
to
with
the
the
dco
and
not
get
all
wrapped
around
the
ankle
around
the
axle
about
whether
or
not
it's
somebody's
real
identity.
L
I
think
that's
just
a
red
herring
and
and
every
project
I've
been
on
has
gone
through
that
red
herring
discussion.
It
just
doesn't
end
well.
A
All
right,
I'm
going
to
briefly
skip
down
to
the
next
topic
with
dr
wheeler
around
word
permissions
for
github
and
then
switch
back
to
the
governance
conversation
since
I
suspect
that'll,
probably
soak
up
the
rest
of
the
time.
G
Okay,
all
right
to
me
again
sorry.
So,
basically,
there
was
a
discussion.
Was
it
yesterday
that
we
we
need
to
double
check
our
github
org
permissions
I
mean,
frankly,
just
making
sure
our
own
knitting
is
clean.
G
So
for
this
request
from
the
planning
working
group
meeting
so
volunteers
desired,
I
mean
this
is
just
primarily
and
in
many
ways
it's
probably
a
follow-up
to
the
governance
discussion
we're
about
to
have,
but
just
trying
to
make
sure
that
we
minimize
privileges
and
we
remove
privileges
when
they're
no
longer
needed
and
that
sort
of
stuff
anybody
wants
to
be
help
with
that.
That's
great,
my
expectation
is
we're.
A
Got
it
yeah?
The
only
thing
I'll
mention
david
is:
we
recently
went
through
in
the
sig
store
organization,
an
overhaul
to
switch
over
to
some
pollumi
based
automation,
so
that
we
can
codify
github
permissions
and
code
themselves,
and
so
that
may
be
another
option
to
look
at
as
a
as
a
choice.
G
Yeah,
if
you
wouldn't
mind
pointing
me
to
that
offline,
I've
heard
it.
I've
heard
that
I
have
not
investigated
further.
I'm
not
sure
we
need
that
level.
I
mean
still
there's
rather
different
scales
involved.
But
if
that's,
if
that's
helpful,
then
that's
great
sure.
D
Okay,
mostly,
I
wanted
to
just
call
folks
attention
to
pr
112..
This
is
the
sum
of
a
lot
of
work
that
tac
members
and
other
volunteers
have
done
over
the
past
few
months.
To
try
and
coalesce
are
different
proposals
around
tac
governance
structure.
This
is
sort
of
how
the
technical
initiatives
within
the
open
ssf
are
structured
to
report
and
relate
to
each
other
the
process
for
joining
the
open
ssf
for
moving
from
sandbox
to
incubated,
to
graduated.
D
All
of
that
wrapped
up,
including
some
changes
to
how
or
I
guess
clarifications,
perhaps
not
changes
clarifications,
but
we
hadn't
had
an
answer
before
to
which
projects
could
ask
for
space
at
a
conference
which
projects
could
ask
for
funding
or
support
in
other
ways
from
foundation
staff
and
a
little
bit
of
guidance
on
how
exactly
to
do
that
instead
of
the
rather
ad
hoc
way,
we've
been
doing
it
to
date.
So
it's
far
too
long
of
an
update
to
talk
through
the
whole
thing
right
here,
but
I
wanted
to
draw
folks
attention
to
that.
D
Please
get
your
comments
in
and
let's
sort
of
iron
out
any
any
concerns
and
brian
you
raised
an
interesting
point,
which
is:
could
we
separate
out
some
of
the
budgetary
discussion
from
that
pr?
I
think
that's
a
reasonable
request.
I
don't
think
it's
necessarily
feasible
as
some
of
the
the
structural
changes.
Also,
how
do
I
say
this
are
predicated
upon
knowing
who
can
make
a
request
for
funding?
D
I
did
try
to
leave
out
any
specifics
of
like
what
how
much
funding
and
there's
definitely
some
areas
there
to
sort
of
sand
off
the
rough
edges
of
that.
But
I
do
think
it's
important
for
us
to
be
able
to
clarify
that
say.
A
sandbox
project
has
less
standing
to
request
support
from
staff
than
a
graduated
project,
but
maybe
that
isn't
what
you
meant.
C
I
think
getting
that
message
across
is
great
that
that
you
know
the
earlier
stage.
A
project
is
the
less
that
you'd
expect
in
terms
of
other
kinds
of
ancillary
benefits.
I
was
just
concerned
to
the
degree
that
I
saw
things
defining
a
process
for
for
asking
for
for
budget
and
like
folks
like
the
budget
committee,
which
is
not
doing
what
was
suggested
in
in
the
pr
today.
It's
not
chartered
to
do
that.
You
know
approving
requests
for
for
funding
and
the
like.
C
C
We
can
have
the
the
parts
that
are
about
requesting
resources
and
and
even
the
marketing
ask
by
those
by
projects
at
different
stages,
far
more
important
to
get
the
the
the
structure
encoded
and
some
of
the
stuff
that
has
gone
unsaid,
about
how
we
work
actually
encoded
into
into
docs.
So
I
was
just
kind
of
pleading
that
we
could
tease
that
apart
from
112.,
it.
D
May
be
I'll,
take
a
look
at
it,
I'm
actually
offline
this
week,
but
next
week
I'll
take
a
look.
Unless
some
of
us
wants
to
volunteer
to
do
this
before
then
to
try,
maybe
separate
these
into
two
commits
because
it's
you
know
80
or
some
commits
so
far
as
we
piece
together.
Maybe
we
can
layer
it
as
just
two
one
that
is
structural
and
one
that
is
procedural
and
that
way
review
those
separately.
I
think
brian
that
would
meet
your
request.
C
I
I
do
have
two
other
high
level
comments,
and
I
did
summarize
these
in
an
email
to
tech
on
sunday.
So
just
repeating
what
I
said
there,
but
I'll
try
to
be
very
brief.
The
first
one
is,
I
think,
the
description.
Look,
I'm
I'm
worried
about
what
I've
seen
happen
on
other
projects.
Arno
and
chris
know
what
I'm
talking
about
where
if
you
make
it
a
little
too
cozy
and
easy
for
folks
to
be
at
the
incubating
or
sandbox
stage.
C
Maybe
people
don't
think
they
need
to
be
moving
on
to
becoming
graduated,
but
you
kind
of
don't
want
to
provide
so
much
value
to
to
folks
that
they
they
don't
bother
trying
to
to
get
to
actual
graduated
or
active
status,
and
so
just
might
want
to
think
about
things
that
that
nudge
them
or
encourage
them
or
might
even
set
like
hey.
C
You
can
be
incubating
for
six
months
or
a
year,
but
if
you
haven't
moved
then
we
might,
we
might
you
know,
move
you
automatically
to
up
or
out
basically
yeah
and
then
the
second
point
is:
let's
see,
what's
the
way,
to
put
it,
oh
right
that
it's
really,
I
want
to
encourage
folks
to
consider
having
the
tax
having
the
attack
primarily
be
about
managing
the
working
groups
and
dealing
with
the
meta
issues
that
come
up
with
that
and
and
tend
to
avoid,
having
cigs
and
and
projects
and
other
kind
of
atomic
groups.
C
That
report
directly
to
the
attack
for
simplicity
for
all
sorts
of
kind
of
social
management
reasons.
That
was
the
two
points
I
made
in
the
email
I
sent
on
sunday
and
I
feel
like
there
are
more
meta
they're,
not
easy
to
make
as
specific
comments
on
the
pull
request
and
may
require
the
attack
as
a
whole
to
talk
about
where,
where
the
the
head,
their
their
heads
lie
in
terms
of
a
position
on
on
on
on
answers
to
that.
D
Thank
you,
justin.
I
see
your
hand.
I
want
to
give
a
quick
response
to
brian's
comments,
I'm
trying
to
capture
them
in
the
notes
as
well.
I've
heard
three
now
the
first
one
we
covered.
Second
one
was
a
concern
about
projects
stagnating
at
the
incubating
stage.
I
think
that
is
a
really
excellent
thing
for
the
attack
as
a
whole
to
discuss.
Do
we
see
the
open
ssf
as
gathering
a
lot
of
potentially
valuable
projects
that
might
sit
at
incubating
for
years?
D
We
want
to
limit
incoming
projects
for
that
only
to
those
that
we
think
should
or
have
a
good
chance
of
becoming
full-fledged
long-lived
projects
or
build
a
sort
of
up
and
out
test
where
they
don't
stay
for
long.
They
go
out.
So
if
they,
if
they
stay
too
long
and
don't
progress,
then
we
kick
them
out.
Those
are
really
good
questions
to
discuss
and
the
second
one
was
the
the
structure
of
too
many
things
to
attack.
I
would
be
happy
to
to
change
that
in
the
pr.
D
Actually,
I
try
to
reflect
the
current
structure
where
some
things
do
report
into
the
attack
that
aren't
just
working
groups
so
justin
before
I
get
to
you.
I
want
to
do
a
quick
straw
poll.
H
So
if
I
may
interject,
I
mean
the
reason
we
have
it.
The
way
it
is
is
because
we
have
the
shifts
and
the
sees
were
meant
to
report
to
the
attack,
and
so
they
so
they
kind
of
when
you
generalize
the
model
we
ended
up
with.
You
know,
working
groups
and
cs
being
possibly
under
and
other
projects
being
under
the
attack.
I
don't
think
we
have
any
today,
and
so,
even
if
the
process
allows
it,
it
doesn't
mean
the
attack.
Would
necessarily
you
know,
use
that
part,
but
we
could
just
leave
it
off.
C
And
I'll
talk
about
the
sif
point
in
the
next
agenda:
item
cool.
D
Okay,
no
other
major
concerns
to
jump
in
with
us
bob
says
not
comfortable
yet
making
that
call.
Okay,
let's
keep
noodling
on
it.
I
think
it
is
good.
In
general,
I
haven't
looked
through
all
the
specifics.
If
there
are
edge
cases,
justin.
M
Is
there
anything
we
need
to
do
to
help
get
that
over
the
over
the
line
like?
Should
there
be
a
you
know,
deep
dive
on
this?
Where
you
you
set
up,
you
know
a
group
of
interested
folks
to
just
go
and
burn
it
to
the
burn
it
down
and
get
all
the
feedback
incorporated
and
then
come
back
and
say:
okay,
we
think
we're
good
or
do
we
feel
like
the
async
model
is
working
because
it
just
feels
like
it's
dragged
on
for
a
long
time.
D
It
absolutely
has
we
have
had
several
sort
of
focus
groups
on
this
over
that
time.
At
this
point,
my
hope
was
to
use
today's
meeting
and
the
planning
meeting
yesterday
to
get
feedback
on
the
overall
proposal
spend
ideally
just
one
two
week
cycle
before
we
have.
D
We
can
polish
it
so
that
the
next
tac
meeting
and
have
it
ready
for
the
upcoming
board
meeting,
because,
with
the
you
know,
to
brian's
earlier
point
about
separating
out
the
financial
stuff
that
would,
as
written
today,
necessitate
changes
in
the
charters
of
board
working
groups
or
right,
like
the
finance
committee,
the
marketing
committee.
The
way
this
proposal
is
currently
written
impacts,
those
board
committees,
and
so
I
wanted
to
have
this
ready
for
board
review
before
the
next
board
meeting.
C
Well,
but
not
only
that,
I
think
there's
there's
more
that
we
can
and
should
do
to
describe
the
process
that
projects
you
would
use
to
apply
for
funding
for
for
for
things
than
than
even
what's
in
this
pr
before
I,
yes
with
that,
as
because
I'm
not
even
sure
that
asking
the
the
budget
committee
as
you
called
it,
is
the
right
vehicle
for
this
kind
of
to
approve
kind
of
project
by
project
request
for
funding
and
the
like.
C
So
so,
let's
that's
why
I'm
kind
of
pleading
to
defer
on
that,
while
still
happy
to
leave.
You
know
that
you
know
projects
and
incubating
and
sandbox
can't
expect
some
support,
but
not
not
as
much
as
graduated
projects.
D
So
so
perhaps
justin
the
the
roundabout
quest
answer
to
your
question
is:
if
we
tease
this
apart
into
apr,
that
the
attack
can
merge,
because
it
is
only
impacting
the
attack,
we
could
do
that
soon.
Some
of
the
larger
changes
that
the
tac
is
now
recommending
require
dialogue
with
the
board
and
others
to
be
able
to
make
them,
and
probably
also
you
know,
further
refinement
or
more
documentation
written
about
how
to
do
them.
That
will
take
longer.
M
Yeah
I
mean
I
definitely
appreciate
that
I
will
say
I
feel
like
getting
the
clarity
with
the
the
board
is
going
to
be
really
important
because
as
long
as
the
attack
doesn't
doesn't
control
a
finite
resource
other
than
the
time
of
this
committee,
there's
not
a
lot
of
incentive
for
anyone
to
say
no
or
or
bring
judgement
to
the
table
when
we
have
lots
of
well-intentioned
projects
from
across
the
community
that
want
to
come
into
the
umbrella
for
us
to
go,
and
you
know
make
good
hard
decisions
on
what.
D
C
I
think
a
subset
of
us
coming
up
with
a
proposal
that
then
could
be
more
widely
considered
is
like
just
the
the
right
thing
to
do
and
that's
you
know
coming
out
of
the
planning
meeting
on
yesterday.
I
I
think
a
group
of
us
thought
I
I
you
know
yeah
ava
bob.
I
forget
who
else
I
couldn't
make
it
yesterday
right
right
right,
but
I
think
you
were
volunteered
for
it,
though.
C
Okay
all
right,
just
draft
something
and
and-
and
I
could
even
get
get
us
started
with
something
like
that,
but
just
to
describe
the
process
by
which
folks
would
apply
for
funding
from
a
pool
controlled
by
the
tech,
and
that's
that's
easy
enough
to
do
and
perhaps
even
could
be
done
in
time
to
merge
into
112.
But
you
know,
I
don't
think
it
has
to
wait
a
long
time
after
112
is
accepted
if
it
was.
C
If
112
was
kind
of
just
not
about
describing
the
process,
you
know,
but
but
the
fact
that
yeah,
you
know
the
the
structure
of
cigs
and
and
and
working
groups-
and
the
like
is
is
the
way
is,
is
you
know
the
rest
of
the
structural
stuff
right.
D
Okay,
then,
I
think
we
have
an
order
of
operations
here
which
is
separate
out
the
tax
structure
and
the
technical
initiative
structure
from
process
and
requests
and
budget.
A
Yeah,
I
put
a
comment
in
the
chat,
but
I
guess
two
quick
things.
One
is
I'm
if
it's
easier
for
understanding
totally
supportive
of
breaking
those
into
two
different
pr's.
I
guess
what
I'm
not
personally
comfortable
with
is
merging
them,
merging
a
structure
pr
and
then
waiting
six
months
to
merge
a
a
procedural
pr.
A
I
think
that
they
can
be
evaluated
independently
if
it
helps
for
understanding,
but
they
need
to
be
voted
on
together,
merged
together
and
reviewed
with
the
gb
together.
I
think
it's
too
confusing,
as
it
is
right
now
further
fragmenting
it.
I
think
only
exacerbates
that
confusion.
The
second
point
I'll
make
is
to
brian's
last
comment.
A
What
I
think
is
is
still
confusing
to
me,
and
I
suspect
this
would
be
confusing
to
many
of
our
working
groups
or
projects
either
already
in
the
foundation
or
looking
to
join
the
foundation.
Is
we
almost
have
this?
This
blessing
of
you
know
different
avenues
to
go:
get
money,
what
what
funds
are
allocated
to
the
tax
for
at
their
discretion,
to
directly
fund
things
versus
what
funds
could
come
through
work
around
the
mobilization
plan
versus
what
funds
come
out
of
sifs.
A
I
don't
think
I
have
a
great,
consistent
answer
to
give
folks
around
when
to
go
down
which
path
to
get
something
done,
and
I
suspect
that,
in
terms
of
you
know,
we
would
want
to
speak
with
one
voice
as
a
foundation
as
to
when
to
take
which
fork
down
the
road
and
in
addition
to
that,
making
sure
that
we
have
the
governing
board's
agreement
to
that
particular
structure
and
that
recommendation
so
that,
as
they
play
their
role
in
the
foundation,
they
understand
where
buckets
of
money
are
being
moved
around.
For
what
purpose?
A
I
don't
get
the
sense,
based
on
ad-hoc
conversations
with
other
gb
members
that
there's
super
deep
understanding
and
clarity
on
that
point.
So
I'm
totally
supportive
of
trying
to
get
to
clarity
to
where
we
can
drive
this
forward
to
justin's
assertion.
I
think
we're
all
dying
to
get
get
this
behind
us
and
move
forward.
A
But
I
think,
without
that
clarity,
just
saying
like
there
are
a
variety
of
different
paths
that
we
could
fund
work
doesn't
really
help
give
the
organizational
clarity
to
the
attack,
in
my
opinion,
around
how
to
make
recommendations
to
the
working
groups
or
to
projects
as
well.
As
you
know,
how
do
we
report
back
to
the
governing
board
around?
What
more
do
we
need,
or
what
structure
have
we
put
in
place
that
might
exacerbate
other
requirements
going
forward?
So
I,
I
think,
there's
still
a
lot
of
confusion
there.
A
D
Yep,
okay,
great,
do
we
have
anyone
else
who
wants
to
volunteer
to
work
on
112
over
the
next
two
weeks.
D
D
And
I
think
with
that
I
will,
I
think,
that
wraps
up
this
discussion.
A
B
A
And
just
as
a
procedural
reminder
when
we
do
get
to
the
point
of
formally
voting
and
merging
on
this
overall
process,
it
will
require
a
seven
days,
advance
notice
to
the
mailing
list
for
folks
to
review
as
well
as
quorum
at
the
meeting.
So
it's
this
is
something
we
have
to
make
sure
to
give
folks
heads
up
to
to
know
that
it's
coming,
and
it
will
follow
the
requirements
of
the
charter
in
that
in
that
process
all
right.
Next
brian,
I
think
sifs.
C
Sure
let
me
go
and
share
this,
and
I
realize
we
only
have
10
minutes
left,
so
I'm
going
to
try
to
go
very
quickly
through
a
deck
that
jory
predominantly
authored.
Though,
though
you
know,
a
couple
of
us
on
staff
have
have
also
worked
on,
and
it
does
talk
quite
a
bit
about
some
internal
details,
but
I'm
just
trying
to
be
full
full
transparency
to
all
of
you.
But
this
is
let
me
just
start
with
an
overview
that
partly
answers.
C
The
questions
bob
was
asking
before:
where
does
project
funding
come
from
across
open
ssf
for
across
linux
foundation,
projects
in
general
membership
dues,
obviously
sponsorship,
which
isn't
something
that
we've
used
a
lot
so
far?
Actually
at
all
yet,
but
but
is
always
there
as
an
option
for
us
just
an
additional
top
up
that
a
member
might
decide
to
throw
in
specific
initiative
funds,
which
is
what
we're
going
to
talk
about
here
and
then
something
else
that
the
linux
foundation
offers
that
some
projects
have
used
again.
C
We
have
not,
which
is
lfx
crowdfunding,
which
is
a
more
distributed
way
to
do
this
not
going
to
work
to
walk
through
this,
because
I
think
this
is
a
kind
of
the
details
on
each
is
something
that
the
folks
might
might
have
already
envisioned
and
but
but
to
focus
here
on
what
what
we
had
envisioned
is
doing
with
special
specific
initiative.
C
Funds
and
and
and
kind
of
the
overall
structure
is
that
they're
used
to
support
discrete
activities
in
a
given
focus
area
using
additional
ad
hoc
funds
similar
to
membership,
with
the
exception
that
the
funds
do
not
go
into
the
open.
Ssf
operating
budget
funds
are
overseen
and
disbursed
by
the
contributing
organizations,
not
the
open,
ssf
governing
board.
It
requires
lf
staff
to
establish
and
oversee
a
separate
charter
and
a
budget,
and
it
does
not
presume
or
require
openssf
membership.
C
So
I
I
and
the
current
examples
of
what
we
have
are
alpha
omega
six
store
and
gnu
tool
chain
initiative,
but
some
of
the
charters
for
those
don't
quite
match
what
what
we'd
like
to
see
it
used,
and
I
can
talk
about
all
of
its
crowdfunding
separately.
The
reason
why
there's
been
a
bit
of
confusion
is
that
the
term
sif
itself
actually
accidentally
developed
two
different
meanings,
one
internally
at
the
lf
for
things
that
are
kind
of
the
next
step.
C
Beyond
something
another
existing
structure,
we
have
called
a
directed
fund
or
an
an
associated
directed
fund,
which
is
that
adf
thing
luke
that
you
might
have
seen
and
then
externally.
The
way
it
was
really
just
meant
to
logically
describe
a
separate,
a
separate
logically
separately,
funded
and
separately
operated
kind
of
thing
that
carries
some
branding
and
technical
oversight
and
and
relationship
to
open
ssf.
But
it's
not
been
entirely
clear.
C
What
that
is
for
us
an
ideal,
open,
ssf,
sif
associated
project,
really
is
that
it
will
have
something
that
requires
some
recurring
membership
dues
and
that's
probably
because
the
sif
is
taking
on
operationally
something
that's
more
than
just
opportunistic
and
which
can
be
dialed
down
if,
in
a
year,
the
membership
kind
of
kind
of
vacates
and
and
people's
attention
moves
elsewhere.
But
it's
instead,
something
that
is
going
to
require
hiring
people
or
setting
up
a
an
ongoing
service
like
in
the
form
of
sig
store.
C
Where
you
know
running
the
the
root
key
server
is
actually
operationally
a
complex
and
expensive
thing
once
we
do
it
at
scale
right
now,
it's
being
done
really
pro
bono
volunteer
by
some
folks
who
are
eager
to
get
out
of
the
line
of
fire
for
that,
and
so
for
that
you
really
do
want
a
structure
where
there's
a
recurring
membership
expectation,
not
just
a
one-time
fund
that
has
been
stood
up
and
where
things
can
be
doled
out
kind
of
piecemeal
and
that's
why
it's
something
that
should
actually
look
more
like
other
projects
at
the
linux
foundation
kind
of
freestanding.
C
So
what
is
that
connection
then
to
the
open
ssf?
We
think
that
there
should
be
the
financial
governance
kind
of
overseen
by
its
own
funders,
but
with
a
quarterly
report
to
the
open
sf
governing
board
on
the
progress
and
it's
its
financial
status.
Just
to
help
attest
to
this
is
an
ongoing
operation.
That's
producing
some
real
things
that
is
competently
managing
itself
and
as
as
something
that's
affiliated
with
the
open
ssf
is
not
likely
to
be
an
embarrassment
any
time
soon.
C
The
technical
governance
of
this
is
also
important
to
to
find
the
right
balancing
act
between
just
enough
that
it's
not
going
to
be
an
embarrassment
to
open
ssf
if
things
go
wrong,
but
but
solid
enough,
but
lightweight
enough
that
the
project
doesn't
feel
constrained
by
you
know
having
to
check
everything
they
do
with
with
an
external
body
and
for
that
as
well.
C
The
idea
of
quarterly
reports
now
that
could
be
direct
to
the
attack
or
it
could
be
to
a
working
group
under
the
attack
on
based
on
our
last
conversation,
but
but
at
some
point,
there's
there's
that
lightweight
reporting
in
when
should
we
consider
making
something
a
sif?
I
kind
of
covered
this.
C
But
it's
when
there's
a
recurring
thing:
it's
when
it's
willing
to
to
follow
all
the
same
policies
as
as
an
open
source,
an
open
ssf
project
would
in
terms
of
the
licensing
and
and
and
how
it's
managed
as
a
project,
its
ability
to
make
quarterly
updates,
and
it's
obviously
related
to
our
mission.
It's
something
that
that
furthers
some
other
work
going
on
under
an
existing
working
group
or
arguably
is
aligned
with
what
we're
doing.
C
Also,
it
should
be
something
that
calls
for
a
budget
greater
than
250
000
a
year
just
as
a
way
to
right
size
this.
So
we
don't
don't
end
up
with
500
small
stiffs
that
are
that
are
just
modestly
active
and
currently
there's
these
three.
They
are
have
been
all
set
up
somewhat
differently,
although
at
six
store
and
getting
tool
chain,
perhaps
most
closely
like
each
other
alpha
mega
is
not
yet
a
recurring
membership
structure.
C
So
there's
a
bit
of
rechartering
that
we
need
to
do
with
each
of
these.
But
let
me
focus
the
remaining
time
on
on
these
last
couple
of
slides.
One
is
what
is
the
benefit
for
a
project
to
become
a
a
sif
under
the
open,
ssf
right
to
be
part
of
the
family?
C
C
You
know,
marketing
being
you
know,
able
to
to
flow
through
our
blog,
our
our
social
channels,
those
kinds
of
things
and
as
it's
bootstrapping
to
step
in
when
there
isn't
necessarily
identified
budget
for
project
management
or
or
those
different
activities,
though,
once
something
grows
large
like
alpha
omega,
has
it
should
have
its
own
budget
for
for
project
management,
and
these
other
kinds
of
meta
kinds
of
things
should
also
be.
C
You
know,
kind
of
heightened
awareness
and
affiliation
with
with
openssf
and
with
solving
the
supply
chain,
security
challenges
so
being
at
our
events
again
publishing
through
through
our
channels
that
that
sort
of
thing
there
should
be
as
well
pr
and
marketing
support
as
kind
of
mentioned,
and
and
then
involvement
in
an
access
on
the
open,
ssf
community,
tooling,
whether
we
require
that
or
not
could
be
something
we
talk
about.
Do
they.
C
You
know
right
now,
six
store
and
salsa,
I
believe,
have
their
own
slacks.
Obviously
they
have
their
own
blogs
with
their
own
processes.
I
think
we
should
work
out
what's
just
enough
kind
of
coordination
between
on
the
marketing
side
that
that
we
feel
like
again,
there's
there's
enough.
I
don't
say
oversight,
but
enough
enough
coordination,
so
things
don't
look
wildly
different
or
have
wildly
different
standards
for
kids
publish,
but
I
really
don't
want
to
introduce
more
bureaucracy
where
it
isn't
needed,
and
I
want
to.
C
I
think
these
should
have
their
own
identity
their
own
website,
their
own
ability
to
to
move
without
feeling
constrained
by
by
having
to
coordinate
with
with
somebody
central
or
in
the
same
way
that
that
projects
directly
under
the
the
openness
of
tech
need
to
do
that.
And
then
what
are
the
benefits
to
us
of
having
sifs?
Well,
they
allow
us
to
grow
the
footprint
more
of
like
a
franchise
kind
of
way.
C
They
allow
us
to
have
a
position
to
encourage,
although
no
way
require
that
I
you
know
the
projects
work
together
on
common
technical
visions
and
and
that
we
find
new
ways
to
support
important
work
beyond
the
reach
of
the
openness
of
core
operating
budget.
C
Finally-
and
I
think
this
is,
this-
is
an
important
part
of
thinking
about
governance,
you
know
it's
easy
to
come
up
with
governance
when
everybody
is
happy
and
copacetic
and
and
moving
in
the
right
direction.
But
what?
C
If
things
go
wrong
and
and
this
structure
in
particular,
you
know-
I
mean
everything
is
open
source
right,
everybody
always
has
the
right
to
fork
and
then
in
particular
here
we
think
it's
important
that
these
projects
feel
like,
if
they're
not
satisfied
with
the
relationship
with
the
open
ssf
that
they
could
vote
with
their
feet
and
without
giving
up
their
assets
without
giving
up
their
budget
without
giving
up
their
trademarks
or
or
the
processes
that
they
use
to
collaborate.
C
They
could
decide
to
be
just
independent
projects
and
not
affiliated
with
openssf
anymore,
if
they
did
vote
for
that,
we'd
hope
for,
like
a
cooling
off
period
of
60
days
to
kind
of
rectify,
whatever
is
needed.
But
you
know
if
the
openness
of
governing
board
agrees,
then
then,
why
not?
C
Let
that
happen
likewise,
the
open
sf
governing
board
could
decide
to
also
allow
these
projects
to
go
their
own
way
without
without
such
a
waiting
period,
and-
and
this
also
applies
for
the
attack-
the
openness
of
tech
can't
directly
tell
the
siftec
what
to
do
what
to
build
and
and
the
like.
C
But
but
certainly
you
know,
I
you
want
to
keep
the
open
sftack
happy
with
what's
going
on
or
again
a
working
group,
if,
if
we
choose
to
push
it
in
that
way,
because
certainly
the
attack
could
raise
to
the
open
sf
governing
board
hey
this
project,
is
you
know
way
off
the
radar
where
you
know
they're
not
doing
things
that
that
the
tech
feels
are
appropriate
and
just
as
the
open
sftack
would
cancel
an
interior,
an
internal
project,
you
know
if
it
felt
it
was
doing
doing
things
that
really
weren't
correct.
C
Likewise,
they
should
be
able
to
say
this.
Other
sif
is
doing
things
that
we
don't
want
to
be
associated
with
and
could
raise
that
to
the
governing
board.
So
that's
that's
the
governance
model
as
a
whole
that
that
I'm
happy
to
share
these
slides
with
the
rest
of
this
tech.
C
I
just
wanted
to
a
chance
to
walk
through
this
first
before
people
read
it
cold,
but
but
basically
it's
about
establishing
kind
of
a
liaison
agreement
between
what
are
otherwise
independent
projects,
and
I
see
a
bunch
of
questions
that
have
popped
up
in
chat.
I
can
try
to
use
a
few
minutes
to
answer
them.
The
two
remaining
minutes.
C
C
You
know
you
don't
want
to
accept
20
new
sifs
without
knowing
what
kind
of
burden
does
that
place
operationally
upon
upon
the
staff
and
core
budget
of
open
ssf,
and
I
would
say
in
any
conversation
that
happens
at
a
governing
board
level,
because
the
openness
of
governing
board
would
have
to
approve
setting
up
a
sif
relationship
as
they
have
for
those
three,
and
at
that
point
I
think
we
as
staff
would
say
well
we're
we're
too
much
too
much
we
have
to.
We
cannot
scale,
we
can't
handle
sif
number
four.
C
C
All
right,
let's
see
bob
asks,
is
this
a
proposal
or
a
readout
of
the
current
sif
definition
operating
model.
The
first
half
of
this
was
more
of
a
readout,
the
second
half.
It
was
a
proposal
to
try
to
at
least
clarify
what,
once
once
you
realize,
this
is
about
a
liaison
agreement
between
two
otherwise
independent
projects.
C
I
think
that
helps
clarify
a
lot
of
the
other
ramifications
for
for
this
and
distinguish
it
from
other
projects
and
technical
initiatives.
Internal
to
attack
questions
are
coming
in
hot
and
heavy.
Clearly
this
we
should
have
more
time
for
this.
The
process
for
approving
edition
of
a
sif.
C
I
I
and
I
forget,
if
I
had
it
in
here,
but
the
idea
is
that
the
the
the
opens
of
tac
would
approve
a
proposal
from
a
project
to
become
a
sif
first
and
so
that
that
evaluation
is
based
on
the
technical
merits
as
well.
C
As
is
this
a
team,
that's
likely
to
be
responsive
when
we
say
you
know
here's
some
feedback
on
on
the
direction
you're
heading
in
and
is
this
aligned
with
the
mission
and
then
once
the
attack
is
approved,
it
would
go
to
the
governing
board
to
approve,
and
the
governing
board
definitely
wants
to
know
that
technically
these
things
are
solid.
Before
it's
even
asked
to
make
such
a
decision,
then
let's
see
I
I
I
think
we're
probably
at
time
and-
and
maybe
I
should-
I
guess.
A
My
my
ask
I
put
in
chat
was
just
if,
if
part
of
the
slides
are
a
proposal,
if
we
can
clearly
mark
that
at
the
top
to
say,
hey
this
isn't
ratified
in
a
document,
that's
been
improved
by
the
requisite
bodies.
If
we
could
do
that,
that
would
be
ideal,
so
people
understand
kind
of
what's
what's
analysis
in
a
readout
versus
what's
what's
under
discussion
that
needs
to
be
taken
forward.
I
think
that
would
be
super
helpful.
C
Okay
yeah,
certainly
this
jack
was
more
meant
as
a
way
to
explore
the
topic.
A
At
time,
I
think,
there's
probably
a
number
of
questions,
so
what
I
would
propose
here
is
we
can
continue
dialogue,
async,
but
well,
why
this
is
another
recurring
item
for
the
next
type
meanings
agenda.
Okay,
so
with
that
thanks
everybody
for
participation
today,
there
is
a
question
at
the
bottom
of
the
meeting
notes
around
the
regular
cadence
of
working
groups
and
projects
to
come
back
to
the
tac
to
give
an
update.