►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
C
B
Stockholm
right,
yeah
yeah,
no.
D
I'm,
the.
B
Rest
of
the
tour
begins,
so
my
trip
to
Italy
is
in
October
and
then
I
fly
to
Japan
from
Italy.
C
A
C
A
B
A
B
Slight
variations
because
slight
variations
because
of
you
know
different
different
talks
have
different
lengths
but
yeah
in.
B
B
B
B
C
A
A
Yeah,
once
our
fearless
leader
is
done,
rebooting
according
to
slack
he's
what
he
gets
the
chance
to
do
lucky
boy.
He
can
tell
us
how,
because
it
was
announced
at
in
Dublin-
and
maybe
he
heard
all
sorts
of
lovely
things
from
people
showering
us
with
praise.
Okay,.
A
I'm
not
traveling
yet
so
I
did
not
go.
Here's
our
fearless
leader,
hey
buckaroo,.
D
House
had
to
figure
that
out
now
my
PC
locks
up
every
time,
I
open
up
the
second
or
third
Zoom
call
it's
pretty
cool.
It's
a.
C
A
Everyone
else,
who's
on
the
call
I
just
dropped
a
link
to
our
agenda
into
the
chat,
if
you
haven't
done
so
yet,
please
swing
on
by
there
and
Mark
your
attendance.
So
we
know
that
you
were
here
and
that
you
have
contributed
to
our
fine
fine
organization.
C
C
A
Whose
companies
can't
afford
Linux
Foundation
fees,
their
contributions
are
most
definitely
welcome.
Okay,.
C
D
C
C
Speak
from
smaller
xilinx
and
then
merging
into
a
fairly
large
AMD
I'm,
not
gonna
kind
of
fight
worth
fighting
I
understand
so
so
I'm
back
so
cool.
It's
good
to
be
back.
B
Past
two
versions
that
I've
been
giving
this
talk,
announcing
the
open
source
security
Foundation
to
The
Wider
world
and
yeah,
encouraging
people
who
are
interested
in
almost
our
security
to
participate.
So
I
don't
know
if
anybody
has
picked
me
up
on
that
offer.
But
that
has
been
my
advertising
push
as
part
of
my
talk,
excellent.
D
All
right
can
I
have
some
volunteers
to
assist
scribing
notes
today.
That
would
be
super
nice.
D
Yeah
except
Jonathan
many
hands,
make
light,
work
and
so
anyone's
able
to
help.
Take
notes.
I
would
be
amazing
if
anyone
has
any
opens
they'd
like
to
talk
about.
Please
enter
them
into
our
agenda,
got
a
couple
little
announcements
here
and
then
we'll
do
deal
with
any
opens
and
then
we'll
do
some
administrivia.
D
A
D
Those
of
you
that
may
not
have
been
on
the
internet
last
week
was
the
open
source
Summit
in
Europe
and,
as
part
of
the
second
day
on
Tuesday
was
open
ssf
day
and
there
was
a
flurry
of
announcements
about
different
activities
within
the
foundation.
One
of
those
announcements
dealt
with
the
output
of
this
group.
D
We've
publicly
announced
the
cvd
guide
for
finders,
which
many
many
of
you
here
on
this
call
assisted
Us
in
shaping,
and
so
that
was
publicly
announced
and
I
deeply
appreciate
the
efforts
of
this
group
and
thank
you,
I,
think
it's
a
good
artifact
for
the
community
and
I
look
forward
to
seeing
where
that
document,
how
that
evolves
in
the
future.
D
Any
questions
about
the
document
or
about
what
went
on
and
open
this
F
day
or
the
conference
Vicky.
A
A
Oh,
my
gosh,
okay,
so
yeah
I
was
wondering
whether
anybody
gave
you
any
feedback.
They
may
not
have
had
time
to
read
it,
but
they
might
have
had
just
a
gut
reaction
of
oh
thank
goodness.
This
exists
now
any
feedback
like
that
or
is
it?
Do
you
think
it's
too
early.
D
From
the
guide
at
the
conference,
no
again
I
think
it's
a
little
too
early
in
general
about
all
of
the
open
ssf
efforts
and
the
announcements
in
general,
a
ton
of
feedback
from
the
participants
there
at
the
conference
and
again
this
was
that
there
were
a
handful
of
us
from
the
states
there,
but
this
is
predominantly
folks
from
the
EU
and
the
UK
there
and
so
I
I
have
the
suspicion,
especially
some
of
our
calls
that
have
earlier
morning
time
frames
I
get
the
suspicion
that
we're
going
to
be
getting
some
potential
new
collaborators
with
our
friends
from
Europe.
D
It
was
also
announced
that
they
created
a
whole
Linux
Foundation
focused
on
Europe
and
with
made
up
of
European
constituents.
So
again,
I
think
there's
going
to
be
an
influx
of
a
participation
from
that
part
of
the
world
very
excited
about
that.
But
specific
feedback
from
the
guide,
I
I
haven't
gotten
anything,
but
in
general
everybody
was
super
appreciative
and
very
excited
to
discover.
Openssf
was
a
thing
and
interested
in
our
further
efforts.
D
E
D
Oh
you're,
stealing
my
thunder
what
we
will
be
doing
with
this
beating
going
forward
is
at
a
Cadence.
The
group
decides
we
will
be
reviewing
issues
and
PR's
both
from
the
working
group
backlog,
but
in
addition
to
also
the
guides,
if
there's
any
PRS
there,
so
we'll
talk
about
anything
that
needs
public
debate.
Or
can
you
know
if
it's
a
typo
or
something
we'll
just
push
that
through?
D
But
if
there's
new
sections
that
are
requested
to
be
added
or
changes,
we'll
talk
about
that
in
this
group,
and
we
just
need
to
decide
upon
a
Cadence
so
before
I
get
to
Jonathan,
would
the
group
be
open
to
like
a
a
what
a
monthly
backlog
scrub
be
too
much?
Do
we
want
to
do
more
frequent,
less
frequent?
What
does
the
group
think
about
like
a
monthly
review
of
all
the
issues
of
PR's
from
our
assorted
artifacts.
D
C
C
A
The
call
is
already
bi-weekly
right,
so
monthly
makes
sense.
Then
every.
D
A
B
Reaching
around
to
get
the
phone
because
I'm
working
on
wiring
my
apartment
up
with
ethernet
cables,
so
I
have
been
generating
pull
requests
to
fix,
open
source
security,
vulnerabilities
at
scale
and
the
one
of
the
like
standing
sort
of
things
that
I've
put
in
my
slide.
B
Deck
and
I
actually
haven't
spoken
to
anybody
about
that
in
this
group,
but
the
question
that
I
get
and
the
concern
that
I
get
and
that
you
know
validly,
is
that
when
I'm
automating
the
process
of
generating
pull
requests
at
scale
I,
this
is
more
an
open,
but
I
didn't
have
the
time
to
write.
I,
don't
have
my
computer
to
write
it
down
in
this
in
the
list.
B
That's
yeah,
so
I
automate
the
process
of
generating
pull
requests
and
I
am
basically
odang
projects
with
vulnerability
disclosures
as
a
part
of
this,
which
is,
you
know
not
in
line
with
the
guide
when
I'm
dealing
with
vulnerabilities
at
the
start
of
scale
I.
B
You
know
that
it's
kind
of
Impractical
for
me
to
go
report
and
track
down
all
the
reporting,
emails
and
stuff
like
that
and
I
am
in
conversations
with
GitHub
about
trying
to
get
get
up
security
advisories
well,
first
off
it's
important
for
opening
it
up
security
advisories
from
a
security
researcher
perspective,
instead
of
from
a
maintain
instead.
B
Top
of
that
also
getting
an
API
to
allow
me
to
create
private
ghsas
and
then
also
generate
plural
quests
with
an
API,
but
because
that
doesn't
exist,
there's
no
great
way
to
automate
School
request
generation
in
a
way,
that's
private
and
not
get
automatically
publicly
disclosed
I.
Guess
it's
not
really
a
question
it's
more
just
this
is
the
state
of
the
world
that
I'm
currently
right
working
in
in
the
world,
but
I'm
trying
because
I'm
trying
to
fix
vulnerability
at
scale.
B
So
it's
the
unfortunate
world
that
we
currently
live
in,
and
anybody
at
GitHub
who
can
apply
some
pressure
and
weight
in
directions
or
and
or
other
people
that
can
apply
pressure
and
weight
in
directions
to
make
my
life
easier
so
that
I'm,
not
odang
people.
When
I'm
doing
this
sort
of
work,
greatly
appreciated
so
yeah.
A
C
B
It
up
for
you
yeah
the
original.
The
original
design
of
what
you're
talking
about
that
I've
heard
about
does
not
come
with
an
API.
It
just
comes
with
the
internet
user
interface
and
if
you
try
to
automate
that
with
like
Phantom,
JS
or
selenium
or
whatever
you'll
get
your
account
banned,
pretty
quickly,
I
think
I've
heard
I
haven't
tried
it
myself,
but
I've
heard
that
you
get
your
account
band.
C
Yeah
I
know
API
work
is
definitely
on
everybody's
minds,
but
yeah
I
suspect
it's
probably
not
going
to
be
part
of
what
we're
going
to
talk
about
in
November.
D
I
would
highlight
for
everyone
not
currently
participating
in
the
conversation.
There's
been
a
a
vigorous
chat
about
from
the
maintainer
perspective
in
the
foundation
Slack
around,
not
necessarily
Jonathan's
efforts,
but
in
general
the
Upstream
some
maintainers
view
Upstream
about
additional
security
requests.
So
I
would
highlight
that
to
everyone
to
go.
Look
at
the
I
think
it's
the
general
openssf
slack
and
if
you're
interested
or
curious
to
read
about
that
there's,
some
people
have
some
feels.
D
All
right
anything
else,
Jonathan
about
you,
put
it
as
an
open
opening,
PRS
anything
any
other
thoughts
or
conversation.
You
want
to
have
about
that.
With
this
group.
B
No,
but
if
anybody
else
has
any
concerns
issues,
I'm
actually
I
just
filed
at
my
job
for
running
the
pool
or
running
gift
generation
is
finished.
I'm
actually
going
to
go
regenerate
the
pull
request.
I've
already
done
right
now
and
then
go
back
to
work.
But
if
anybody
has.
D
B
Thoughts
concerns
ways
that
I
could
do
things
differently,
especially
after
walk
through
my
talk
feel
free
to
reach
out
to
me.
The
talk
is
in
the
general
slack
Channel
from
Sac
T
in
Stockholm,
so
I
invite
more
conversations
around
this
topic.
I
may,
but,
depending
on
what
the
long-term
plan
is
for
this,
but
I'm
I'm
still
trying
to
figure
out,
I
would
like
to
do
more
of
this,
and
I
may
end
up
discussing
with
the
open
SF
writ
large
about.
B
You
know,
figuring
out
a
working
group
around
automated
security
fixes
as
like
an
independent
working
group,
potentially
because
it
seems
like
there
is
now
two
of
us
doing
this
between
the
open,
refactory
and
myself,
and
that
may
be
irrelevant
like
at
that
point.
If
it's
something
that's
becoming
bigger
than
just
me,
it
might
be
something
worth
exploring
in
that
direction.
D
Yeah
definitely
something
for
further
conversation.
Thank
you.
Another
update
before
we
get
to
the
exciting
initial
backlog
scrub.
One
of
the
efforts
that
this
group
participates
in
is
a
new
Sig
called
the
open
source
security
security
incident,
Response
Team,
the
OSS
cert,
and
just
to
give
everyone
a
brief
update
on
those
activities.
D
We
have
initially
reviewed
the
mobilization
plan
that
was
provided
by
a
bunch
of
participants
in
May
in
response
to
some
of
the
things
going
on
here
in
the
United
States
around
the
executive
orders
around
cyber
security
and
supply
chain.
So
we
have
assembled
a
team
of
people.
That's
focused
on
trying
to
think
through
ideas
of
how
we
could
Implement
a
security
incident.
Response
Team
within
the
open
source
ecosystem.
D
We've
split
up
that
group
into
three
Focus
areas.
We
are
focusing
in
on
as
I
stall
for
time,
while
it
loads.
We
are.
We
have
a
group
of
people
trying
to
understand
the
problem
space.
You
know
how
is
coordinated
volume
disclosure
currently
done
within
open
source,
and
you
know
what
are
some
of
the
gaps?
What
works?
D
Well,
we
have
another
group
that
is
working
on
identifying
core
services
and
processes
for
how
this
team
could
function,
and
then
we
have
another
group
that
will
be
focused
on
actually
execution
of
the
plan,
which
will
be
things
like
selecting,
tooling,
or
hiring
developers
to
write
new,
tooling
hiring,
potentially
people
to
participate
as
part
of
this
plan
and
then
figuring
out
how
we
can
coordinate
volunteers
to
participate
in
this
effort,
so
things
are
going
along
pretty
well,
there
are
a
is
a
full
Sig
meeting
every
two
weeks
and
then
there
are
the
each
of
those
streams
meets
either
at
a
weekly
or
bi-weekly
Cadence,
and
we
will
continue
to
report
back
to
this
larger
group.
D
Since
the
working
group
here
houses
those
efforts,
does
anyone
have
any
questions
about
the
OSS
cert.
B
I
would
be
more
than
happy
to
I've
had
a
couple
of
conversations
with
a
couple
of
different
organizations
like
I
want
to
kind
of
chat
with
somebody
at
schmukon
and
I
ran
the
idea
by
them,
and
they
said
oh
I
had
volunteer
time
for
that
as
an
instant
response.
He
runs
an
instant
response
company,
so
it
you
know.
If
you
run
the
idea
by
people,
they
seem
to
react
positively
in
a
lot
of
cases.
B
So
I
don't
remember
who
I
spoke
to,
but
I'm
I
can
dig
through
my
contacts
and
previous
conversations
to
find
that
out.
If
that
would
help,
and
if
you
have
more
direct
conversations
about
this
in
the
future
with
smaller
group
people
feel
free
to
ping
me
and
invite
me
to
that
chat.
Yeah.
D
It's
an
open
group.
Everybody's
welcome,
participate
or
look
at
our
notes.
Just
like
this
call.
The
meetings
are
recorded,
so
you
can
review
them
on
the
foundation
GitHub
or
the
YouTube
channel
and
then,
like
one
of
our
first
steps,
is
going
to
be
reaching
out
to
existing
Upstream
security
teams
like
kubernetes
or
openstack.
D
We're
going
to
reach
out
to
the
different
distros
I
just
started
a
dialogue
today
with
solar
designer
to
talk
about
the
OSF
SEC
list,
and
so
we're
going
to
go
around
and
try
to
learn
what
is
working
today
and
what
might
not
work
and
we're
also
going
to
reach
out
to
some
Upstream
maintainers
to
kind
of
hear
what
services
or
capabilities
they
might
benefit
from.
Oh
random,.
D
All
right
I
wanted
to
start
to
percolate
in
people's
brains.
Ideas
for
next
projects
for
this
group
we'll
go
through
the
issue
backlog
here
in
a
moment
there
might
be
something
that
rises
to
the
top
there
that
we
want
to
focus
in
on.
But
one
item
that
we've
talked
about
a
couple
times
is
now
that
we
have
two
cvd
guides,
one
focused
on
maintainers
and
projects
and
then
another
focused
on
security
researchers.
D
A
future
piece
of
work
this
group
might
want
to
take
on
is
a
coordinated,
vulnerable
disclosure
guide
for
consumers
of
Open
Source.
It
might
be
beneficial
to
explain
how
open
source
Works,
how
you'll
have
different
projects
function
differently
and
just
maybe
try
to
help
explain
to
Downstream
how
this
ecosystem
works
and
where
they
might
best
be
able
to
observe
or
listen
to
to
try
to
capture
information
about
disclosures.
D
A
A
Interesting
it'll
be
tricky,
because
this
is
a
a
group
of
people
who
are
not
really.
They
have
absolutely
no
exposure
to
this
side
of
of
the
process
right,
be.
A
The
reader,
the
the
end
user
reader,
the
consumers
they
they
won't
even
know.
Oh,
is
this
a
security
bug,
let
alone
how
do
you
report
it
so,
but
finding
a
way
to
teach
them
that
I
think
will
be
really
really
valuable.
If
we
can
pull
that
off,
and
it
sounds
like
a
great
kind
of
collaboration
that
could
be
set
up
between
this
and
the
new
and
user
working
group.
Yay
teamwork.
E
D
I
think
that
would
be
a
very
worthwhile
work
now
I
would
what
may
be
a
hindrance
to
that
as
I?
Don't
know
how
many
folks
have
development
background
or
inclination,
but
I
think
we
definitely
could
start
to
cultivate
some
of
those
folks
if
we
don't
have
those
skills
inside
but
I,
think
that's
a
an
excellent
idea.
Francis.
D
All
right
folks,
do
we
have
any
suggestions
on
how
we
might
proceed.
Would
we
like
to
assign
homework
today
that
everybody
should
read
through
the
issues
and
then
come
back
next
time
with
opinions,
or
do
we
want
to
start
to
open
each
one
of
these
up
working
from
the
oldest
to
the
newest
and
start
reviewing
them
today?
So
what
would?
How
would
the
group
like
to
proceed
there.
C
A
So
in
spdx
legal,
when
we
do
this
sort
of
thing,
they
are
highly
issue
driven
and
apologies
in
advance.
I'm,
not
saying
you
should
do
this
probe,
but.
A
What
I'm
about
to
say,
the
leader
of
the
group,
one
of
the
leaders
of
the
group
I,
know
see
why
I
apologize
in
advance
frequently
goes
through
all
of
the
issues
in
advance
and
ads
comments
and
or
closes
or
whatever,
depending
upon
the
various
criteria
that
they
have
documented
and
then
brings
everything
to
the
everything
that
remains
open
brings
to
the
team
on
the
calls
and
saying
hey.
A
This
is
what
I
think
what
do
you
think
sometimes
they're
able
to
get
others
to
chime
in
in
an
asynchronous
manner
as
well
to
make
that
process
a
lot
smoother,
but
essentially
they
start
at
start
at
the
oldest
and
just
work
their
way
through.
They
also,
however,
make
a
liberal
use
of
tags
in
GitHub,
so
they
only
review
the
things
that
are
tagged
for
the
next
release
and
they
do
a
really
good
job
of
tag,
maintenance
and
and
triage
and
the
like.
A
So
that's
how
that
group
does
it,
which
is
not
necessarily
how
we
need
to
do
it,
but
it
does
work
relatively
well.
They've
been
able
to
make
a
lot
of
progress
in
the
past
few
years
and
whittled
down
a
huge,
just
impressive
backlog
in
that
way,.
D
That
is
an
interesting
proposal.
Francis.
E
Yeah
I
mean
I
was
going
to
suggest
something
similar,
but
how
about
we
have
a
rotation
of
sheriffs
like
an
issue
sheriff
for
the
month,
someone
among
this
call
gets
elected.
We
do
a
rotation
so
that
we
share
the
pain
between
crowbar
and
everyone.
B
D
So
what
is
everyone's
thoughts
on
the
two
proposals
here,
or
is
there
any
additional
alternate
ideas
or
refinement
on
the
first
two
suggestions.
D
All
right
sorry
I
was
on
a
call.
I
have
my
apologies.
D
C
A
And
we
love
you
for
that.
Thank
you.
I
really
liked
francis's
idea
now
that
I'm
back,
but
thanks
to
the
magic
of
Bluetooth
I,
was
able
to
hear
it.
Yeah
Francis,
I
I,
like
the
idea
of
having
the
sheriff
or
you
know,
ring
leader
or
whatever.
It
is
right,
I
think
that's
great
kind
of
bounce
that
around
Nick
can
be
issue
DJ
heck.
And
yes,
let's
do
that,
but
I
think
it
can
be
a
really
good
way
to
get
new
people
involved
as
well.
A
You
know,
especially
if
we
do
what
spdx
has
done
and
really
done
a
and
improving,
but
good
job.
So
far
of
documenting
here
are
the
principles
we
use
in
these
situations.
You
want
a
new
license
added
to
the
list.
Here's
what
you
have
to
do.
You
want
this
okay,
because
a
lot
of
the
work
in
these
issues
ends
up
being
just
chasing
after
people
and
saying
hey,
you
forgot
some
information
and
that's
something
that
frankly,
anyone
can
do
if
you
give
them
the
checklist
more
or
less
so
yeah
huge,
plus
one
yay
Francis.
E
Certainly,
just
to
be
a
little
Shifty
about
it
Vicky
would
you
agree
to
do
the
first
rotation
so
that
you
can
get
us
a
little
skeleton
Playbook
to
you
know
build
upon
for
the
next
Sheriff's
DJs,
whatever.
A
D
So
I'm
glad
to
sit
down
and
do
the
first
review.
I
won't
have
time
to
document
a
process.
So
if
I
can
get
a
volunteer,
maybe
we
could
get
a
half
hour
call
together
and
somebody
could
help
document
process
while
we
go
through
the
initial
triage.
Well,
I'm
glad
that
to
donate
that
time
and
then
to
get
something
codified
here
in
our
repository
kind
of
a
ideal
process.
E
A
Yeah
totally
and
within
enough
advance
notice,
I
might
even
be
able
to
get
you
know,
jelaine
or
Steve
from
spdx.
The
leaders
of
that
group
to
join
us.
E
All
right,
I'll
ping,
open
YouTube,
then
maybe
get.
D
Great,
so
we
will
look
forward
to
getting
that
set
up
and
on
our
next
call
we
will
present
the
group
with
some
issues
that
we
feel
need
to
be
debated
or
decided
upon
amongst
the
collective
and
also
hopefully,
next
time.
Just
so
everyone's
aware,
the
technical
advisory
committee
of
the
foundation
has
been
working
very
diligently
on
documenting
process
and
procedure,
for
how
working
groups
should
be
how
they
should
be
managed
and
conducted.
D
So
there's
going
to
be
some
changes
to
our
group
Charter,
so
once
I'm
able
to
lock
in
some
operations
help
from
the
foundation
folks
to
help
me
make
those
changes.
We
I
would
like
to
review
that
with
the
team
so
that
we
can
formally
vote
on.
You
know
we
accept
this
Charter
or
make
any
alterations
for
our
particular
goals
and
desires,
but
that'll
be
coming
in
the
next
few
weeks
pending.
D
D
A
Not
a
topic
but
I
really
like
your
idea
of
homework,
so
everyone
in
the
next
two
weeks
should
go
through
all
these
issues
add
comments
and
just
kind
of
work,
asynchronously
fit
it
in
the
cracks
between
various
calls.
I
think
that
would
be
really
great
and,
as
we
do
so
just
sort
of
consider
what
are
the
tags
we
might
use?
What
might
be
useful
for
this
group?
A
Not
tagging
for
tagging's
sake,
although
I
am
team,
metadata
yay
bring
it
on,
but
I
I
don't
want
to
add
process
that
doesn't
deliver
value
right.
So
what
would
we
use?
The
tags
for
spdx
uses
it
for
releases
and
the
like,
but
we
don't
do
that
as
such.
However,
it
could
be
really
helpful,
but
reviewing
them
all
will
give
us
that
overview
that
we
can
start
to
come
up
with
these
ideas.
D
D
A
B
C
Right
there.
B
Are
also
sorry,
my
brain
was
thinking
about
templates,
so
one
of
the
things
you
might
want
to
also
set
up
is
that
there's
issue
templates
that
when
people
are
creating
the
issues
they
can
say,
this
is
a
feature
request.
It's
a
change.
This
is
a
bug
you
know
like
whatever
like
stuff
like
that,
so
there
may
be
some
I
presume.
This
repository
will
be
relatively
low
traffic,
but
it
may
be
worthwhile
to,
as
you
start
seeing
evolving
Trends
in
the
issues
created
that
you
might
want
to.
B
You
know
let
the
people
Auto
self-sort
into
different
issue
types
prior
to
their
creation
and
then
also
like
have
like
a
form
that
they
fill
out
the
like
you
know
this
is
the
information
we'd
like
to
see.
A
Yeah
totally
and
that's
what
I
think
reviewing
all
the
existing
issues
will
give
us
that
picture
as
well
tags,
or
do
we
have
Trends?
If
we
have
a
friend,
does
it
make
sense
to
make
a
a
template
so
we're
able
to
gather
the
information
that
will
make
it
easier
for
us
to
resolve
the
issues
and
just
sort
of
start
to
evolve
that
process
now?
But
it's
definitely
going
to
be
an
iterative
thing
and.
D
The
reason
I
ask
is
we
don't
have
code
yet
that
may
be
a
future
thing,
especially
based
off
of
the
suggestion
of
creating
tooling
around
some
of
our
practices
around
CBD,
but
I
would
like
to.
We
do
have
the
documents
which
I
think
from
a
PR
perspective.
We
want
to
figure
out
some
way
of
versioning
or
whatever,
however,
so
I
think
the
tag
would
be
having
those
kind
of
software-centric
tags.
I
think
add
value,
even
though
we
don't
have
code
yet.
A
Yeah
and
spdx
legal
has
no
code
whatsoever,
but
it
has
releases,
it
has
Milestones,
it
has
tags
and
it
really
helps
to
keep
the
project
on
track.
Well,
that
and
and
some
very
skilled
oversight
and
very
nice
people,
which
we
have
look
at,
that
we.
D
Have
a
whole
great
big
family
of
folks
here,
I'm
excited
all
right,
so
any
additional
thoughts
again
your
homework.
Please
review
the
existing
issues.
If
you
have
thoughts
or
feelings,
please
make
those
comments,
and
then
there
are
certain
things
that
are
a
little
more
technical
like
we
have
a
request
to
embed
CPE
names
into
binary.
D
So
if
you
have
a
particular
skill
or
interest
or
know
people
try
to
Loop
those
people
in
on
talking
about
and
commenting
on
that
particular
item
and
we
will
meet
again
in
two
weeks
if
there
are
no
other
opens
for
the
group.
D
All
right,
thank
you
all
we'll
get
together
and
do
a
Scrub,
but
I
all
comments
are
welcome.
I,
look
forward
to
it
and
we'll
see
you
in
a
few
weeks.