►
From YouTube: OpenSSF Vulnerability Disclosures WG (October 5, 2022)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
I
will
be
kind
of
in
and
out
today.
A
A
B
A
C
Can
help
with
that
I
could
I
could
definitely
use
more
work.
I'm
not
gonna
lie
I'm
done
with
Waylon
I
I
this
weekend,
I
had
to
do
a
bunch
of
gnome
in
Wayland
implementation,
stuff
on
gen
2..
So
now
I'm
available.
B
C
A
A
B
A
Ability
and
interest
you
could
just
type
A
scribble
down
a
couple
notes.
It'll
be
awesome,
do
does
anyone
have
any
opens
that
they
would
like
to
discuss
with
the
group
before
we
move
on
to
read
out
of
the
Sig
and
play
the
fpr.
A
All
right,
if
I,
could
ask
Mr
Randall,
let's
talk
about
the
Sig,
can
you
give
us
a
brief
rundown
of
what
the
team
one
has
been
working
on?
Please.
C
A
While
you
wait,
I'm
gonna
put
an
aggressive
potential
deadline
in
front
of
the
cert
Sig
that
we'll
talk
about
in
our
next
call.
There
I'd
like
to
try
to
get
the
plans
all
wrapped
up
by
December
1st.
That
way,
we
can
submit
that
back
to
the
governing
board
for
review
and
hopeful
funding.
So
we
can
move
forward
with
that
effort.
C
Yes,
you
did
thank
you
so
just
to
make
sure
we're
talking
about
cert
right,
we're.
C
Right
so
I
talked
to
Mike
McQuade
from
Homebrew
about
it
was
kind
of
an
impromptu
meeting.
We
talked
about
things
that
Homebrew
issues.
Homebrew
has
on
my
meeting
notes:
I
will
crab,
could
you
do
me
a
favor
and
I?
Don't
know
if
you
could
pull
those
I
could
send
the
link
on
slack.
The
Weyland
thing
has
me
all
discombobulated,
because
I
can't
do
screen
sharing
on
my
computer.
C
C
But
I
do
have
a
I
recorded
all
of
the
problems
we
talked
about
in
a
in
a
document
in
a
Google
doc.
I
could
share
that
on
slack
of
anything.
But
yes,
that's
basically
where
we're
at
in
identifying
problems
where
I
have
a
meeting
with
the
Gen
2
security
team
for
later
this
week
to
talk
to
them
about
problems
which
is
going
to
be
fun,
I'm
still
waiting
for
confirmation
on
that
and
yeah.
That's
pretty
much
where
I'm
at
with
identifying
problems.
B
How
is
it,
how
are
what
is
attendance
at
this
problem?
Space
meeting
how's
that
going
because
I'm
just
kind
of
concerned
about
making
sure
we've
got
enough
different
perspectives
from
different
points
of
view
to
to
get
good
coverage
there.
C
A
The
stream
call
or
for
the
interview
with
phone
brew
and
gent.
Yes,
that's
a
good
question.
Mickey!
Oh.
B
I
guess
I
mean
the
the
stream
call
in
general
the
interview
with
Homebrew,
that's
kind
of
one
off.
You
think.
B
A
And
then
that's
that's
a
good
point.
Vicky
we
potentially
should
send
out
a
call
for
Action
to
both
our
mailing
list
and
then
maybe
the
foundation
analyst
to
notify
hey.
We
have
these
activities,
we're
looking
for
contributions
and
contributors
and
everyone's
welcome
to
come
share
their
thoughts
as
we
work
on
the
plan,
work
on
and
then
event,
we're
writing
the
plan
now
and
we
eventually
will
be
executed
on
that.
So
we'll
definitely
need
some
additional
contributors
there
to
help
actually
do
some
stuff.
A
For
stream,
two
I,
don't
art
is
not
here,
but
we
had
a
meeting
where
we
kind
of
refocused
a
bit.
Got
him
set
straight
about
what
the
task
ahead
of
all
of
the
streams
are.
A
Our
first
primary
task
is
to
validate
that
the
plan
we've
written
is
what
we
want
it
to
be,
and
then
to
start
to
fill
out,
milestones
and
objectives
for
how
we
can
achieve
that
and
then
have
a
resource
proposal,
whether
that
is
hiring
people,
cultivating
volunteers,
getting
infrastructure
or
equipment
or
software
or
just
volunteer
time,
so
we're
looking
to
kind
of
collect
those
items
in
each
of
the
plans.
A
So
if
I
expect
we'll
have
a
little
bit
more
progress
from
stream
too
shortly-
and
you
will
see
here
for
stream,
three
Francis
was
not
able
to
join
us
today,
but
he
updated
his
plan
with
clear
goals.
He
has
blockers
and
dependencies.
So
if
you're
interested
in
participating
in
that
conversation,
he's
got
pr5
there.
I
welcome
everybody's
comments.
A
There
we
started
a
discussion
about
what's
out
there
for
tooling
and
I
would
love
especially
Apollo
and
Randall,
and
anyone
that
actually
does
open
source
cert
work
today,
if
you
are
interested
in
kind
of
just
contributing
ideas
or
suggestions
around
tooling,
he
started
Issue
Number
Nine
in
our
repo
on
that.
So
if
you
have
any
feedback,
that
would
be
amazing
and
from
a
a
broad
picture
we
he
and
I
are
talking
about
how
we
start
to
track
all
this
section,
progress
kind
of
like
a
burn
down
chart.
A
On
the
plan,
so
how
do
we
collect
updates
in
a
way,
that's
simple
and
we
can
share
up
with
our
overlords
our
interested
Observers?
So
that's
issue
114.
If
you're
curious,
if
you
have
thoughts
about
how
we
might
be
able
to
do
that
and
as
once
as
Francis
is
demonstrating,
if
we
do
more
work
in
git
through
issues
and
PR's
and
discussions
that
we
have
ability
to
automate
the
collection
of
some
of
that
a
little
more
easily,
do
you
have
a
statement
or
question
Randall.
A
A
All
right
any
feedback
for
the
Sig
updates
before
we
move
on
to
a
possible
next
topic
of
work.
A
We
actually
had
two
proposals.
First
off
last
week,
Francis
had
suggested:
are
there
ways
we
can
find
tooling
or
automation
to
enable
the
two
the
cvd
guides
we
have
today?
So
we
have
a
maintainer
CBD
guide
and
then
we
have
a
security
researchers
guide,
so
a
suggestion,
one
which
is
not
in
this.
A
It's
our
meeting,
notes
below
and
I'll
actually
I'll
make
that
an
issue
here
later
this
week,
but
are
there
ways
we
can
provide
tooling
or
automation
to
help
enable
the
CBD
process,
as
described
in
those
guides,
and
then
Francis
is
suggesting
here
that
search
goals
are
indeed
to
help
with
incidents
and
vulnerability,
coordination,
documentation,
documentation
and
training
of
it
should
not
be
handled
by
this
cert.
So
he
is
asking
as
part
of
the
cert
Sig.
Could
this
working
group
contribute
to
helping
write
a
guide
for
how
incidents
can
be
handled
within
open
source?
A
That's
a
little
different
than
the
cvd
guide.
This
is
more
if
you're,
a
security
person
responding
to
an
incident
kind
of
what
steps
or
what
things
do
you
need
to
think
about,
so
I
would
kind
of
open
that
up
to
the
group.
Do
we
think
that
would
be
an
interesting
piece
of
work
that
we'd
like
to
pick
up
in
the
future
Vicky.
B
I
think
this
is
an
interesting
idea.
I
have
to
wonder
what,
though,
does
anything
like
this
already
exists?
B
I
haven't
seen
it,
but
I
flit
around
so
much
that
I'm,
not
sure
you
know
I'm
not
deeply,
embedded
in
the
security
space
so
much
as
skimming
the
top.
So
if
it
doesn't
exist,
then
I
do
think
it
should
to
have
a
resource
for
this.
So
that
could
be
very
useful
and
I'll
seed
to
Randle.
C
I
think
that
GitHub
advisories
is
not
a
universe,
is
not
a
open
source
tool,
but
I
think
that
is
how
GitHub
would
like
maintainers.
At
least
it
says
that
in
their
documentation
that
they
would
like
containers
to
do
everything
through
GitHub
advisors,
but.
A
Just
saying-
and
that
is
something
we
do
note
in
the
CBD
guide
as
an
option
and
we
want
to
wherever
possible,
avoid
endorsing
any.
You
know
one
method,
especially
non-open
source,
and
we
would
like
we
could
use
that
as
a
for
example.
So,
for
example,
GitHub
advisors
is
a
way
for
a
project
to
communicate
something,
but
we
wouldn't
want
to
directly
be
seen
as
endorsing
one
methodology.
A
A
Barring
that
do
we
have
any
additional
topics
or
questions
that
the
group
wants
to
talk
about
today.
Otherwise
we
may
adjourn
a
little
early.
A
Remember,
oh
yeah,
yeah
yeah
I
need
to
send
that
out.
Yes,.
A
I
will
send
that
out
to
the
Sig
and
the
working
group
now
that
I
might
have
a
little
bit
of
free
time.
Maybe
I'll
do
that
right
now,
any
other
topics
you
want
to
talk
about
today.
A
All
right,
thank
you,
lady
and
gentlemen.
I
appreciate
you
showing
up
today.
We
will
adjourn
early.
If
you
have
any
feedback,
please,
you
know
take
a
look
at
those
PR's
and
issues.
We
would
love
to
get
your
thoughts
on
that
and
we
will
meet
again
in
two
weeks
and
maybe
we'll
I'll
get
I'll
get
the
other
items
put
as
issues
and
they
can
maybe
more
formally
vote
as
a
group
on
what
our
next
project
might
be.