►
From YouTube: OpenSSF Vulnerability Disclosures WG (May 18, 2022)
A
B
B
C
C
B
A
A
D
Not
quite
new,
but
I'm
a
second
timer.
It's
been
about
a
month
month
and
a
half
since
I've
joined,
but
I
I'm
I'm
hoping
to
be
back
and
listening
in
and
gleaning
some
good
information
excellent
and
I'm
in
denver
it's
supposed
to
snow
this
weekend.
So
for
those
of
you
who
are
rainy
and
sunny
I'm
jealous.
A
C
I
can
try
yeah,
so
I
will
try
to
give
a
great
quick
recap
and
krobe
will
explain.
I
was
completely
wrong
and
start
over,
so
all
right,
so
I
I
honestly
don't
know
how
many
people
know
the
context.
So
let
me
start
from
the
top
a
number.
Well,
not
the
true
top
from
jane.
In
january,
the
white
house,
u.s
white
house,
had
a
meeting
where,
basically
hey
we're
concerned
about
open
source
offer
security
is,
doesn't
it
you
know?
Who
else
cares?
C
They
contacted
a
bunch
of
companies
and
almost
all
of
them
said.
Oh
yeah,
I
mean
it's
it's
an
important
topic,
I
mean
you,
you
know
open
source
is
widely
used.
We
don't
want
to
kill
it.
We
just
you
know,
want
to
make
sure
it's
secure
for
all
the
uses
it
has
now
and
they
contacted
all
these
companies
and
all
these
companies
said.
Yes,
we
totally
agree
and
there's
this
group
called
openssf
that
we're
all
working
together
on.
C
So
the
white
house
said
great
there's,
there
was
a
readout
of
three
goals
from
the
overall
me,
which
I
I
thought
was
actually
an
impressive
summary.
How
do
you
summarize
a
long
meeting
with
three
bullets?
I
thought
that
was
pretty
good,
actually
so,
of
course,
everyone's
busy,
but
more
recently
hey.
We
need
to
have
a
follow-up,
otherwise
things
will
languish.
So
a
number
of
folks
basically
tried
to
make
a
first
crack
a
first
cut
at
turning
those
very
high
level,
three
goals
into
more
specific
actions.
C
C
I
mean
we
had
a
lot
of
folks
involved
in
this
and
brian,
and
I
just
just
to
give
you
time
to
inside
baseball
here
brian
and
I
had
a
10
hour,
zoom
call
trying
to
take
each
of
the
of
those
individual
10
pieces
and
trying
to
make
it
look
like.
It
was
one
whole
thing
without
removing
the
important
information
but
make
it
look
like
it
was
written
by
a
single
group
which
you
know
making
consistency
is
hard,
but
especially
without
while
trying
to
not
remove
the
good
stuff.
C
I
think
it's
been
well
accepted.
We've
been
pitching
this
as
a
0.9.1,
I
mean
it
hasn't
gotten.
You
know
the
the
meeting
was
basically
an
opportunity,
for
this
is
a
draft
created
by
some
people.
You
know
not,
everybody
has
seen
it
reviewed
it,
but
that's,
okay.
This
is
a
starting
point.
This
is
a
draft.
What
do
you
think,
and
so
the
meeting
was
basically
a
number
of
folks,
some
of
them
involved
in
some
a
number
weren't,
basically
commenting
on
it.
Does
this
make
sense?
Does
it
not?
Where
is
it
missing?
C
C
A
A
So
my
intention
today
is
we've
kind
of
I
sent
an
email
out
to
the
list
in
hopes.
Folks
would
have
a
chance
to
review
the
document,
so
I
wanted
to
start
talking
about
a
mobilization
plan.
If
anyone
had
any
thoughts-
and
I
would
like
to
zero
in
on
the
streams,
five
and
six
if
possible,
because
those
seem
most
related
to
this
particular
working
group
and
kind
of
see
what
interest
this
group
has
to
participate
in
further
refinement
of
those
those
two
areas
in
particular.
B
It
was
a
hell
of
a
good
consolidation
of
the
working
documents,
which
were
many
many
many
pages
long,
and
so
I
was
really
impressed
by
how
well
they
were
able
to.
You
know
really
shrink
that
down,
but
I
haven't
gotten
into
any
more
detail
than
that
because
it's
you
know
been
quite
occupied
but
yeah.
B
A
A
I
believe
the
intention
is
that,
as
member
organizations
find
projects
that
they're
interested
in
they
potentially
once
the
plans
are
more
solid,
that
they
potentially
could
pledge
money
to
help
out
the
scanning
the
vulnerability
scanning
project,
for
example,
it
might
donate
some
engineers
time
or
some
tools
to
help
out,
but
that's
we
we
need
to
bet
the
idea.
Are
these
ideas
valid
and
are
we
interested
and
able
to
participate
or
try
to
encourage
some
other
people
to
take
up
those
banners.
F
A
My
intention
is
being
that
I'm
involved
in
a
few
working
groups
there.
I
feel
there
are
direct
correlations
between
several
of
the
streams
and
those
working
groups,
so
my
suggestion
is
going
to
be,
and
for
this
group
in
particular,
I
would
like
this
group
to
review
stream
five
and
six,
and
do
we
feel
that
those
are
efforts
appropriate
and
within
our
wheelhouse
to
participate
in,
and
if
so,
we
potentially
could
adopt
those
streams,
as
up
at
the
tac,
were
juggling
around
with
some
of
the
names,
but
they
would
become
a
special
interest
group.
A
You
know
a
a
body
of
work
that
this
group
and
other
people
could
participate
in,
but
it
would
be
kind
of.
We
would
be.
This
group
potentially
could
be
the
mothership
or
parts
of
those
streams
or
just
we
would
potentially
participate
in.
We
don't
necessarily
need
to
own
it,
but
you
know,
for
example,
if
the
stream
six,
which
is
predominantly
scanning
and
fuzzing,
that's
probably
going
to
be
a
lot
of
alpha
and
omega.
F
You
did
yes
come
back
to
more
questions,
but
you
did
you
know
just
for
for
what
it's
worth.
I
I
feel
like
this
group
should
be
heavily
involved
in
five,
if
not
the
owner,
only
because
it
would
be
very
at
odds
to
have
an
open,
ssf
incident
response
team
that
was
not
in
lockstep
with
the
vulnerability
disclosure
working
group.
I
don't
want
to
take
us
too
far
off
the
rails,
but
david
is
what
krobe
described
the
working
model
for
the
other
work
streams
as
well.
Is
that
the
intention
across
the
board.
C
Okay
goal
two
is
to
figure
out
how
that
gets
done
and
to
be
that
and
to
be
fair,
we
were
intentional
little
coy
about
the
how,
because
we
were
trying
to
not
completely
kill
an
a
this
should
be
done
just
because
we
weren't
sure
necessarily
how
now,
of
course,
the
reality
is
that
I
think
everybody
who
worked
on
it
was-
or
I
think
every
worker
is
open-
was
part
of
open,
ssf
and
so
on.
So
we
we
we're,
not
unaware.
C
So
I
think
the
expectation
is
the
vast
majority
of
these
will
end
up.
Allows
us
I'll
speak
for
me.
I
can't
speak
for
brian,
but
because,
but
because
we
were
focused
yeah
I'll,
be
honest.
We
were
much
more
focused
on
get
this
document
go
in
good
shape
and
out
the
door
for
what
it
was
supposed
to
do,
but
the
I
think
at
least
for
me,
the
intended
next
step
is
where
there's
an
obvious
working
group
make
it
part
of
the
working
groups
process.
Now.
C
That
said,
I
expect
that
there'll
be
changes
both
in
terms
of
when
people
look
at
it'll
say:
oh
wait,
yes,
but
it
needs
some
change.
It's
great.
I
mean
it's
a
draft.
That's
that's
fine,
of
course.
It
may
very
well
be
the
wow
we're
not
doing
that
at
all.
Maybe
we
need
to
spin
up
something
else.
I
think
for
at
least
one
of
those.
It's
not
you
know.
C
C
In
particular,
there
are
some
actions
that
make
more
sense
for
public
organizations,
and
by
that
I
mean
governments,
and
although
this
was
a
meeting
with
the
white
house,
this
is
not
a
u.s
only
thing.
We
very
much
want
this
to
be
international.
So
if
the
usa,
some
of
these
things
really
governments
are
the
obvious
actor
there
and
so
for
them
I
mean
the
open
ssf
can
pitch,
but
in
the
end,
it's
governments
who
have
to
make
that
decision.
C
Yeah
and
just
to
point
down
that
particular
point,
because
unfortunately
I
am
familiar
with
this.
If
you're
dealing
with
colleges
and
they're
talking
about
accreditation,
you're
talking
primarily
about
acm
and
ieee,
I
have
beat
my
forehead
bloody
trying
to
get
them.
I
mean
some.
Some
of
you
may
be
feeling
with
the
story
already.
My
apologies
for
the
repeat,
but
you
know
after
10
years,
working
with
some
of
those,
I
managed
to
get
them
to
add
the
word
security
as
something
that
might
be
important.
C
Not
any
content,
mind
you
just
that
security
might
be
important,
and
that
was
the
extent
of
their
willingness
to
consider
security
as
relevant
to
computing
curricula.
So
I
kind
of
got
tired,
but
you
know
that's.
You
know
the
the
I'm
I'd
like
to
think.
However,
today
is
a
different
day
and
that
there'll
be
more
of
an
appetite
to
actually
address
the
problem,
as
opposed
to
ignore
it.
G
C
Not
only
can
I
imagine,
I
actually
have
an
engineering
degree.
This
is
my
that
my
undergraduates
in
engineering
and
the
complete
and
utter
disconnect
from
the
engineering
world
from
the
software
world,
which
is
doing
engineering,
because,
if
you're
solving
human
problems
with
limited
resources,
that's
engineering
and
the
fact
that
they
don't
understand
that
they're
engineering
is
a
real
problem.
C
B
A
A
Five
and
six,
you
know
do
we
feel
these
are
things
this
group
has
some
affinity
for
or
some
ownership
potentially,
and
is
this
something
we
are
passionate
about
working
and
if
so,
what
will
most
likely
happen
is
if
we
have
enough
people
in
that
are
part
of
our
regular
working
group.
They
feel
that
this
is
valuable
and
it
belongs
here.
A
We'll
probably
set
up
a
separate
series
of
calls
and
a
special
interest
group
dedicated
towards
those
things,
and
I
think
at
least
initially,
because
we're
going
to
need
to
there's
a
lot
of
work
to
actually
trim
and
refine,
because
there
were
a
lot
of
ideas
thrown
out,
we'll
probably
be
meeting
at
least
weekly
for
some
period
of
time.
This
potentially
smaller
group
and
then
reporting
back
into
the
full
working
group
periodically.
A
All
right,
thank
you.
I
appreciate
everybody.
I
think
it's
it's
a
big
opportunity.
I
think
there's
a
lot
of
big
things
and
if
you
note
other
areas
within
the
document,
so
something
like
in
stream,
two
or
ten,
that
you
feel
we
need
to
at
least
keep
tabs
on
or
participate
in.
Let
me
know,
but
this
will
probably
require
a
little
more
investment
in
time
than
our
bi-weekly
calls.
As
we
want
to
move
this
forward
david,
you
had
your
hand.
C
Yeah,
if
I
can
just
it's
not
long,
it's
a
couple
pages,
it
won't
take
you
long
to
read
it's
and
a
lot
of
this
is
you'll,
look
and
say:
oh
yeah,
but
hopefully
it'll
be.
You
know.
Hopefully
I
think
there's
some
additional
refinements
and
some
ideas
and
I'm
looking
forward
to
more
refinements
as
we
go
along
and
the
link
is
in
our
notes.
A
All
right,
thank
you,
everybody
for
your
time
and
attention
to
that
matter,
and
before
we
move
on
to
our
cbd
guide,
I
just
wanted
to
put
a
shout
out
to
the
austin
conferences
that
are
going
on
for
the
linux
security
conference
and
the
open
source
summit
north
america
held
in
austin
the
week
of
june
20th.
If
you
haven't
already
signed
up
to
go,
I
would
encourage
you
to
consider
it.
I
believe
they
are
offering
hybrid
options
any
of
us
here
in
the
brady
bunch
little
display
will
be
there
and
presenting
and
doing
stuff.
A
G
H
A
H
H
B
C
A
A
C
Okay,
just
real
quick,
there's
a
bullet
note
about
significant
argument:
discussions
going
on
on
oss
security,
mailing
list
about
vulnerability
disclosures
in
general.
I'm
not
sure
I
can
easily
summarize
that,
but
it's,
but
it
is
absolutely
relevant
to
this
working
group.
It's
basically
a
very
spirited
disagreement
on
what
is
appropriate
roles
for
vulnerability
disclosures.
C
The
very
quick,
overly
simplistic
summary
is
the
linux
kernel
developers
really
can't
do
things
in
private,
very
long,
and
if
and
since
different,
they
use
it's
supposed
to
run
on
a
vast
number
of
different
hardware.
They
really
have
to
get
fixes
out,
so
their
process
has
been
general.
You
know
fix
the
vulnerability.
A
bug
is
a
bug.
Is
a
bug
and
just
not
note,
that's
a
security
problem.
C
C
So
I
mean
there
are.
There
are
reasonable
points.
I
don't
have
a
simple
summary,
but
I
would
suggest
taking
a
look
at
some
of
the
arguments
there,
because
I
think
this
is
a
broader.
This
is
a
microcosm
of
a
broader
issue
of
of
you
know.
As
soon
as
you
release
the
patch
whether
or
not
you
revealed
it,
attackers
really
do
read
commit
lines
and
some
of
them
will
create
attacks
from
it.
C
On
the
other
hand,
it
doesn't
you
know,
there's
a
lot
of
folks
who
just
they
their
way
of
attack
as
they
download
metasploit,
which
they
might
be
able
to
spell
and
and
for
that
crew,
not
revealing
the
details
is
helpful.
So
it's
it's
a
complicated.
There
are
points
on
both
on
all
sides,
but
I
think
it's
relevant
very
much
for
this
group.
E
Just
maybe
give
a
counter
point
to
that
david.
I
think
that
I
believe
this
working
group,
though,
is
more
about
the
smaller
projects
and
trying
to
give
them
good
advice,
rather
than
maybe
very
large,
well
established
projects,
and
we
can
disagree
with
the
colonel
and
we
often
do,
but
we
also
work
within
their
rules.
G
C
A
C
C
B
So
a
lot
of
us
don't
have
the
time
or
cycles
to
follow
various
linux
and
lkml
type
lists.
So
would
it
be
possible
david
or
anyone
else,
who's
on
the
list
after
things
kind
of
simmer
down
a
bit
to
get
someone
from
the
linux
kernel
dev
community
to
come
and
summarize
that
and
kind
of
coordinate
with
us,
or
is
that
a
bridge
too
far?
At
this
point.
C
I
mean
it'd
be
possible,
but
I
I
do
want
to
clarify
this
is
not
a
summary
of
the
linux
kernel.
This
is
the
linux
kernel
developers
disagreeing
with
the
linux
distro
mailing
list.
Those
are
two
different
groups
with
very
little
overlap.
Okay,
linux
just
grows.
Great
kh
is
one
of
the
few
kernel
developers
who's
also
on
that
list,
but
in
general
these
are
not
the
same
groups
at
all.
Linux
distros
is
primarily
for
well.
Okay,
we
got
three
groups,
oss
security,
linux
disk
grows
and
the
linux
kernel
developers.
B
C
It
has
some,
but
it's
mostly
the
developers
of
distributions
of
linux,
ker
operating
system,
I.e,
ubuntu,
red
hat
and
so
on.
Okay,
yes,
they
absolutely
do
have
kernel
developers
on
there.
But
the
interest
of
this
is
one
of
the
challenges.
The
interests
of
the
lin
of
linux.
Distros
see.
There's
there
are
different
houses,
there
are
different
interests
and
incentives.
There
we
go.
There
are
different
incentives
for
the
linux
kernel
developers
and
linux
distros,
and
this
leads
to
complications
there.
We
go.
F
Yeah
I
was
just
going
to
ask:
I
was
super
quickly,
trying
to
jump
around
and
get
the
gist
of.
What's
going
on.
Here
is
a
good
summary
to
say
you
know,
abstract
things
away
from
the
kernel,
because
special
community
special
things
policies
is
this
really
about
a
distribute,
a
group
of
distributors,
of
an
open
source
project
as
part
of
their
managed
services
or
districts
that
they're
doing
are
having
a
hard
time
with
the
upstream's
embargo
policies
or
their
disclosure
policies.
Is
that
the
tension
here.
F
Yeah,
I
was
oh,
as
I
was
thinking
about
you
know,
is
the
value
here
that
I
don't
think
we're
going
to
change
the
kernel,
but
you
know
so
is
the
value
baby
we
think
about?
Are
there
other
open
source
projects?
I
know
when
we
were
going
through
the
embargo
section
in
the
cbd
guide,
for
example,
that
that
was
a
really
tough
area
about
you
know.
On
one
hand,
it's
not
if
the
maintainers
are
doing
something
that
doesn't
work
for
the
the
distress.
F
F
G
Well,
I
guess
the
other
question
that
I
have
is
like
what
was
the
process
beforehand,
so
the
process
before
is
the
kernel.
Vulnerability
comes
up,
and
then
it
gets
handed
to
the
the
distro
developers
privately,
or
does
it
just
go
public
immediately
as
soon
as
the
linux
found
as
soon
as
the
the
kernel
developers
fix
it.
C
It
depends
yeah.
This
is
way
more
complicated.
Very
much
depends
on
where
who
is
it
reported
to
if
the
vulnerability
is
reported
to
the
linux
kernel
developers,
which
is
pretty
actually
fairly
common,
their
general
process-
and
I
don't-
I
think
this
has
evolved
over
time,
but
their
general
process
today
is
they
do
their
best
to
fix
it.
The
fix
is
public,
the
fact
that
it's
a
vulnerability
is
not
disclosed
ever
but
linux,
the
linux,
the
colonel
team,
never
they
don't
even
get
a
cd
assigned
for
the
general.
C
They
have
a
policy
in
general.
We
do
not
re
produce,
evees
and
miter.
Basically,
at
this
point,
as
for
the
most
part,
decided
not
to
have
cves
for
the
colonel,
and
there
is
no
no
this
no.
This
is.
This
is
not
new.
This
is
a
long
term
and
there
are
actual
reasons
for
this.
We
can
go
into
this
later,
but
no
in
general,
kernel
vulnerabilities
are
never
given
to
cves.
A
I
have
had
some
involvement
in
something
like
about
this,
and
I
know
that
there's
a
subject
matter
expert
on
the
phone
call
right
now,
please,
potentially
we
could
ask
the
subject
matter
expert
to
if
they
could.
Maybe
our
next
call
come
in
and
just
do
a
real,
quick
explanation
of
how
a
very
large,
very
mature,
very
publicly
visible
community
kind
of
handles
this,
and
I
think
we're
not
going
to
be
able
to
change
the
kernel
security
team's
behavior,
but
we
can
learn
from
it
and
be
able
to
share
that
as
part
of
our
good
practices.
A
C
I
I
think
it
would
be.
This
is
worth
a
whole,
separate
discussion,
but
jonathan,
let
me
to
grant
greatly
and
ridiculously
oversimplify.
Part
of
the
challenge
is
that
installing
a
new
kernel
is
a
big
challenge
for
a
lot
of
cell
phones.
It
never
happens
if
it
happens,
we're
talking,
maybe
three
they're
hoping
to
reduce
it
from
three
months,
but
usually
six,
but
six
months
or
a
year
or
two
years
or
never
are
not
at
all
unusual.
C
If
you
think
that's
a
problem,
there's
a
large
number
of
people
who
agree
with
you
and
greg
kh
has
been
busting
his
tail
trying
to
get
the
time
between
a
kernel,
release
and
deployment
down.
I
I
think
he's
gotten
it
down
on
samsung
to
I
think
three
months,
which
is
an
incredible
accomplishment
because
it
used
to
be
measured
in
years.
C
A
B
I
I
really
appreciate
and
respect
how
you
did
not
out
the
subject
matter
expert
and
allow
them
to
stand
up
for
themselves
and
raise
their
own
hand.
So
thank
you
very
much
for
doing
that.
Yay.
This
is
one
of
the
reasons
why,
apparently,
this
is
the
best
working
group,
so
I
do
want
to
give
them
the
chance
to
raise
their
hand
and
pipe
up,
though
either
in
chat
or
or
otherwise.
B
E
Before
and
I
still
work
in
red,
hat's
pset,
I
mean
it's.
What
I've
been
doing
for
the
past
six
and
a
half
seven
years
is
I
coordinate
our
disclosures
and
work
with
our
peers
and
across
open
source
projects
and
cert
and
vince
and
everything
else,
and
it's
a
big
bore
of
mess
for
all
the
distros
to
have
to
monitor
so
many
places
and
sources
of
data.
B
A
So,
potentially
we
could
ask
cliff,
if
maybe
somebody
in
that
capacity
or
clifford
himself
might
be
willing
to
kind
of
give
us
a
little
just
a
high
level
explanation
of
how
the
the
flow
of
things
and
then
we
can
maybe
learn
from
that
and
figure
out
a
way
how
we
can
provide
some
advice,
because
kernel
is
one
very
large,
mature
security
group.
You
have
the
apache
security
team,
you
have
kubernetes
and
openstack.
A
You
have
these
very
big
kind
of
monolithic
security
teams
that
all
have
their
own
little
nuances
and
they
don't.
They
don't
operate
exactly
the
same
and
that's
very
different.
When
you
have
professional
security,
people
on
staff,
like
those
orgs
versus
a
small
mom-and-pop
student
project
or
whatever.
B
A
B
A
E
It's
something
that
we
are
looking
to
maybe
also
share.
I
don't
know
if
this
is
the
right
community,
but
like
something
that
we're
looking
at
in
conjunction,
and
so
this
aligns
quite
well
with
other
things.
I
have
lots
of
experience,
but
there's
also
a
larger
team
of
experts.
Potentially
I
can
take
the
the
desired
crow,
but
probably
like
ask
around
internally
see
what
makes
sense.
A
If
you
could,
that
would
be
great.
You
know
somebody
like
peter
or
anyone
else
kind
of
in
that
role.
If
they
were
interested
in
just
kind
of
talking
about
this,
I
will
have
to
see
about
recording
again
because
there
are
certain
sensitivities
around
these
groups
processes
and
I'm
gonna.
I
don't
wanna
speak
on
their
behalf,
because
I'm
not
a
member
of
that
community.
E
A
G
D
A
A
C
Lob
a
bomb
but
thought
I
thought
it
would
be
wise
for
this
group
to
be
aware.
I
don't
think
we
can
change
other
people's
policies
necessarily,
but
I
think
at
least
being
aware
of
them.
I
also
john
jonathan
for
your
amusement.
I
posted
the
linux
kernel's
cve
policy
for
you,
you
should
click
on
and
thank.
G
G
Thank
you,
yeah
I'll,
take
a
look
at
that.
I'm
noticing
a
certain
amount
of
delicateness
by
which
both
of
you
or
anybody
who's
been
involved
in
the
linux
community
community
seems
to
articulate
themselves
around
this
particular
topic.
Is
there
I
presume
that
there's
a
it's
a
charge
topic
with
a
lot
of
like
egos
and
personalities
and
issues
that
like
have
caused
explosions
in
the
past
that
are
prompting
that
or.
C
E
C
C
A
And
just
different
perspectives
and
missions.
You
know
the
girl
developers
are
developing
software,
that's
their
job,
their
job.
Isn't
tech
support
so
to
speak.
They
are
less
sensitive
to
those
concerns.
They're
focused
on
making
sure
the
software
works
works
correctly,
adding
new
features
and
capabilities.
C
A
A
I
I
G
I
G
D
I
G
I
H
A
I
A
All
right,
thank
you,
so
I
would
also
so
as
another
bit
of
homework.
I
would
encourage
this
group
to
go.
Take
a
look
at
bits
out
on
github
and
you
share
your
thoughts,
and
I
think
this
is
potentially
a
platform
that
we
may
be
able
to
endorse
as
a
a
good
practice,
encourage
oss
communities
and
projects
to
maybe
leverage.
I
Yeah,
that
seems
totally
feasible.
I
can't
speak
for
her,
but
I
don't
see
why
she
would
say
no,
so
I
can
easily
ask
her
and
try
to
convey
back
to
you
guys,
or
I
guess
maybe,
if
you
could
let
me
know
I
mean
you
had
mentioned
potentially
next
time
talking
about
other
stuff
with
clifford
and
stuff
like
that.
So
if
you
want
to,
let
me
know
when
a
target
would
be.
I
can
easily
convey
that
to
her
and
it
should
be
amenable
but
again
her
schedule
pending,
of
course,.
I
Yeah.
Okay,
let
me
let
me
ask
her
and
I
can
report
back
next
time
that
probably
that's
fine,
if,
if
not
I'll,
let
you
know
what
the
adjustment
would
be
then
and
we
can
move
from
there.
Thank
you
really
appreciate
that.
I
think
this
is
it's
going
to
be
very
helpful.
Okay,
great!
I
will
ping
her
now
and
then
get
back
to
you
once
again
awesome
and
so
any
final
thoughts
in
our
last
few
minutes.
G
I
have
a
question
krobe.
Can
you
do
me
a
favor?
Please,
can
you
please
invite
me
explicitly
to
these
meetings
so
that
I
get
it
added
as
a
thing
that
I
get
notified
against?
Is
that
possible?
Can
I
get
out
of
the
in
my
list?
I
can
talk
to
jory.
Are
you
part
of
the
mate?
I
think
it
goes
up
to
the
part.