►
From YouTube: OpenSSF Vulnerability Disclosures WG (April 20, 2022)
B
D
D
I
mean
we
all
know
it's
a
lie.
We
know
he
starts
every
working
group
with
that
yeah.
C
Yeah
yep.
I
think
this
is
my
favorite
working
group,
mostly
because
of
the
topic,
because
this
is
something
that
I'm
really
passionate
about,
but
you
know
it's.
I
mean
this
one,
but
then
also
the
the
this
the
package
packaging
ecosystem
supply
chain
meeting
that
one's
also
you
know
that
was
like
I
was
like
I've
been
hoping
for
that
to
like
that
meeting
to
have
come
into
existence
in
some
format
in
somewhere
in
the
industry
for
a
long
time.
C
D
For
because
I
know
we
changed
the
time,
so
I
see
a
lot
of
new
names
which
is
fantastic.
That
was
the
point
of
changing
the
time.
What
we
normally
do
is
there's
a
list
of
names
and
attendees.
You
can
add
yourself
and
then
change
the
color
to
something
darker
to
show
that
you
are
here
and
we
will
get
started
in
just
a
second.
I
think
we'll
give
folks
one
more
minute.
F
A
F
D
There
you
go,
I
will
put
the
agenda
in
the
chat
one
more
time,
because
I
know
zoom
chat
is
not
historical
for
folks
who
haven't
so
feel,
please
feel
free
to
add
yourself
to
the
agenda.
So
we
know
you're
here
and
I
think
we
have
a
ton
of
first
timers.
So
while
we
go
around
folks
want
to,
if
you
feel
comfortable
introducing
yourself
where
you
from
what
you
want
to
get
out
of
this
group-
and
we
will
go
from
there.
G
I
guess
I'll
jump
in
my
name
is
eric
smalling.
I
am
a
developer
advocate
at
sneak
on
the
container
and
cloud
native
side
of
the
house,
and
I've
just
started
attending
open
ssf
meetings
after
being
in
the
cncf
and
kubernetes
sigs
for
a
while,
mainly
here,
to
keep
my
finger
on
the
pulse
of
things.
So
I
know
how
to
advocate
to
the
team.
H
I
will
go
next
on
hello,
my
name
is
marta
and
I'm
the
security
lead
for
eclipse
neural
distribution.
D
I
Hi
hi,
I'm
megazone,
I've
just
called
me
mz.
That
is
my
name
magazine,
I'm
with
f5
inc,
I'm
the
principal
security
engineer
for
the
f5
incident,
security
and
response
team,
I'm
also
our
cna
guy.
So
I
handle
all
the
cve
disclosure
things
five
and
here
that
someone
said
basically
to
kind
of
learn,
what's
going
on
and
keep
my
finger
on
things.
J
D
Okay,
that's
all
right,
so
I
think,
like
krop
said
he
can't
come
today.
I
am
unfortunately
only
available
for
about
until
25
minutes
in
I
think
the
zoom
should
stay
up.
So
if
somebody
wants
to
be
taking
notes-
and
you
all
can
continue
the
discussion
after
25
minutes
in
we
think
that'll
be
okay.
D
So
I
think
the
the
big
item
I
know
for
today
is
the
charter
review
or
continued
edits.
There
was,
you
know,
requests
from
the
attack
that
all
the
working
groups
have
a
charter.
I
think
this
a
lot
of
the
working
groups
that
started
early
in
the
creation
of
the
open,
ssf
have
kind
of
just
been
working
along
and
didn't
do
some
of
this
paperwork
and
we
were
probably
one
of
them
and
there's
also
the
cvd
guidance
for
security
researchers
to
discuss
and
any
opens.
E
K
I
I'm
not
sure
if
we're
supposed
to
do
hands,
but
I'll
just
jump
in
so
go
for
it
yeah.
I
have
a
question,
so
this
charter
is
very
similar
to
a
lot
of
the
working
group.
Charters
in
the
ossf
is
kind
of
like
the
the
skelet.
I
don't
know
template
skeleton
whatever
you
want
to
call
it.
So
one
of
the
questions
I
had
with
a
lot
of
these
is
there's.
You
know,
there's
a
lot
around
the
tsc
right
and
you
know
the
tscs.
K
According
to
this
charter
tsc,
the
technical
steering
committee
of
this
group
is
responsible
for
a
whole
slew
of
things.
It's
kind
of
unclear,
though,
who
the
tsc
is
and
how
you
become
on
the
tsc.
Is
it
like
voted
that
that
that
to
me
is
my
main
question
and
feedback
is
like
who
is
the
tse
of
this
group?
I'm
not
sure
where
it's
written
down
and
I
how?
How
do
you
join
the
tsc?
K
Presumably
it's
a
meritocracy
but
like
how
what's
the
process,
I
don't
don't
know
I
feel
like
that's.
The
big
gap
is
like
there's
all
this
stuff
about.
The
tsc
doesn't
actually
explain
who
the
tse
is
or
how,
how
it
gets
formed
and
how
you
join
it,
and
et
cetera,
et
cetera
the
governance
around
it.
That
that's
my
main
question
and
I
kind
of
like
ask:
do
we
want
all
these
things
you
know
are
all
of
the
things
in
this
charter
things
we
want
to
keep
with
the
tsc.
K
Should
some
of
them
be,
you
know,
maybe
more
simple,
just
consensus
based,
I
I
don't
know
but
anyway,
that
that
is
my
main
question.
I
guess
comment
about
the
current
trader.
L
So
I
do
a
great
deal
of
work
with
governance
for
a
lot
of
projects
over
the
past,
30
or
so
years,
and
tscs
are
not
something
that
typically
is
in
a
working
group.
This
is
obviously,
and
in
every
single
one
of
the
working
groups
that
I'm
in,
which
is,
I
think,
all
of
them
at
the
moment
they
are
all
dealing
with
this
omg.
What
is
going
on
with
this
tsc
stuff?
L
Well,
obviously,
somebody
cut
and
paste
just
to
give
us
a
template
to
get
started
great,
but
tscs
don't
make
sense
in
a
working
group.
They
do
in
a
project
right
and
a
technical
project
specifically.
So
I
think
that
this
is
something
that,
as
a
working
group,
it
makes
sense
to
get
rid
of
and
instead
do
some
other
form
of
governance
such
as
we
have
somebody
who
leads
the
meetings.
L
They
lead
the
working
group
and
then
explain
what
that
looks
like
and
how
that
person
gets
chosen
or
nominated
or
otherwise,
and
I
think
that
makes
a
lot
more
sense
then,
and
just
drop
pretty
much
all
of
this
tsc
stuff,
which
is
a
great
there,
might
be
some
stuff
to
keep
there.
But
just
I
will
hand
wave
that
at
the
moment
just
say
drop
it.
D
D
K
Yeah,
I
I
agree,
and
I
second
everything
vicki
said
you
know
the
one
thing
that
I
would
suggest
that
we
so
I
I
think
that
it'd
be
good
to
just
talk
about.
You
know
that
we
do
things
based
on
consensus,
it's
consensus-based
governance
and
just
to
make
everything
simpler.
K
The
one
thing
that
I
would
suggest
we
need
to
figure
out
how
we
want
to
do
a
little
bit
more
strict
governance
around
is
if,
when
this
working
group
produces
artifacts
or
endorsements
of
artifacts,
like
on
behalf
of
the
ossf
right,
so
when
we
produce
something
like
the
document,
we
just
produced
right.
How
do
we?
How
do
we
ensure
that
we
have
that
working
consensus
right?
Because
I
I
think
you
know
one
of
the
things
that
to
me
has
been
I'll
be
completely
honest.
K
A
little
bit
challenging
with
some
of
the
stuff
in
the
ossf
is
like
there's
stuff
that
you
know
everything's
kind
of
moving
a
5
000
miles
an
hour
and
there's
there's
some
things
that
kind
of
proceed,
and
it's
like.
Oh,
we
think
we
have
consensus
so
we're
doing
it,
but
it's
like
you
know,
was
there
consensus.
How
many
people
were
in
the
meeting
where
that
proceeded
like
that?
That,
to
me,
is
one
of
the
things
that
I
think
is
important
to
codify
in
these
charters
like
how
are
we,
how
are
we
validating
for
consensus?
K
K
For
some
of
these
things
before
we
publish
a
document
before
we
put
up
the
big
blog
post
before
we
say:
hey
project
xyz
is
an
official
project
of
the
vulnerability
disclosures
group
right
so
that
those
are
the
kinds
of
things
to
me,
and
I
know
I'm
just
kind
of
rambling
here
without
actual
work
in
the
charter,
but
that
that's
one
of
the
things
I'd
probably
you
know
if
people
are
interested,
I
could
go
and
volunteer
some
time
to
draft
up
some
pros
around
that
type
of
thing.
L
I
think
it
makes
sense
to
you
know,
take
a
stab
at
that.
Oh,
that's,
a
violent
image.
Sorry
to
to
attempt
that
and
see
you
know
just
throw
a
pull
request
in
for
the
charter,
and
then
we
can
have
a
look
at
the
pr
and
add
comments
and
iterate.
L
D
G
L
D
And
vicky,
I
think
you
probably
have
good
visibility
into.
I
know
some
of
the
other
conversations
going
on
in
the
open.
Ssf
right
now
are:
how
are
projects
accepted?
What
is
the
process
for
like
when
we
did
the
cvd
guide?
I
think
we
also
were
kind
of
bouncing
around
at
the
board
like
how
does
this
get
a
stamp?
How
does
it
not
so
I
know
a
lot
of
these
answers
are
probably
happening
in
parallel.
L
Because
of
the
sort
of
deliverables
that
a
working
group
has,
it's
typically
doesn't
need
to
get
up
to
that
level,
but,
as
far
as
I
know,
nobody's
really
discussed
that
type
of
acceptance
whether
it
meet
these
deliverables
need
to
go
up
to
say
board
level
for
approval.
So
I
suspect
they
don't,
but
it's
a
good
question,
so
whoever
is
very,
very
kindly
taking
notes.
L
First
of
all,
thank
you
and
second
of
all,
could
you
make
sure
that's
represented,
so
we
don't
forget
to
to
think
about
that
as
we
work
through
the
process.
D
D
Season
odds:
okay,
let's
do
it.
I
actually
missed
the
last
meeting
where
moses
was
brought
up.
Has
someone
been
more
involved
with
this?
Who
could
maybe
give
us
an
update
about
where
this
is
and
where
it
needs
to
go
next.
D
D
C
I
sent
crowba,
I
wrote
up
a
long
thing
about
vulnerability
disclosure
and
my
experience
with
one
of
real
exposure
it
was
directed
specifically
to
I
was
chatting
with
some
people
in
the
open.
I
was
chatting
with
people
in
the
github
security
lab
and
this
the
github
security
lab
people
are
like
it's.
A
combination
of
both
people
that
work
at
github
and
also
the
people
that,
like
are
security,
researchers
participating
in
getting
bug
bounties
out
of
the
github
security
lab
and
there's
a
long
discussion
around.
C
You
know,
bug
money,
payment
or
not
about
about
bug,
bounties
and
and
how
bug
bounties
and
vulnerabilities
closure
kind
of
collide
with
each
other,
and
I
had
a
a
bit
of
a
so.
I
said
this
to
craw
like
crow
wow.
Sorry,
I
don't
know
if
this
is.
C
Yeah
because
it
was
very
specific,
but
I
could
I
could
I
could
edit
this
down
and
send
this
somewhere,
but
just
some
of
the
stuff
that
I've
I
like.
I
try
to
encode,
like
my
experience
and
knowledge
and
and
like
stuff
that
I've
learned
doing
vulnerability,
exposure
in
open
source
for
the
past
three
years
and
like
the
pitfalls
you
quickly
fall
into
in
that
area.
So,
like
you,
know,
I've
done
this
this.
L
I
think
you're
going
to
be
absolutely
invaluable
to
this
document.
Jonathan
frankly,
because
of
all
of
us
in
the
group,
I
think
you've
probably
done
this
sort
of
stuff.
The.
C
Most
was,
I
was
expecting
there
to
be
more
people.
Is
it
just?
It's
is.
Are
there
more
people
doing
this
sort
of
open
source
vulnerability?
Disclosure
like
it
seems
like
like
I
I
I'm
surprised.
I
am
surprised
that
I'm
the
only
one
here
with
experience
right
like
well.
You
know
like
why.
What
is
what
is
up
the
rest
of
the
industry
is
there's
nobody
else.
That's
doing
this
sort
of
thing,
or
am
I
just
in
the
right
place
at
the
right
time
like
I
also
like
my
experiences
have
been
like.
C
K
Or
what
I
mean
I
I
expect
that
part
of
it
jonathan
is
because,
like
you
know,
researchers
probably
more
concentrate
on
places.
They
can
get
bounties,
which
are
probably
less
often
open,
source
projects
right-
and
you
know
I
that's
kind
of
why
google
started
project
zero
back
in
the
day,
was
to
fill
this
gap
right,
but
I
that's
got
I
I
mean
the
economics
is
gonna
lot
to
do
with
it.
If
I,
if
I'm
gonna,
spend
five
hour,
you
know
five
days
working
on
a
problem.
D
Yes,
yeah
jonathan,
I
think
you
have
a
lot
of
people
here
who
are
on
the
other
side.
On
the
you
know
the
response
side
receiving
your
reports,
your
fine
rewards,
but
I
think
that's
a
great
question
and
jason
made
me
point
to
there's
kind
of
an
incentive.
We
need
to
hear
these
voices
more
to
understand.
C
C
You
know
I'd
also
love
to
meet
some
people
from
product
zero
because
you
know
I've
always
I've
watched.
You
know
I've
seen
their
vulnerabilities
closures
for
years
and
followed
that
whole
thing.
It's
like.
Oh,
you
know
you
know,
they've
been
doing
cool
stuff.
I'd
love
to
meet
some
of
those
people.
Are
there
any
any
other
big
research
groups
like
this
white
source,
but
are
there
any
other?
There's
the
githubs
there's
people
from
the
github
security
lab
that
are
doing.
C
Research
too,
and
they've
got
some
people
there
that
have
been
doing
this
for
a
long
time
as
well.
So
maybe
doing
some
outreach
in
that
area
around
like
hey
like
we
know
you
have
a
lab
like,
let's,
let's
like
we
would
love
to
have
your
team
come
participate
here.
L
Well,
we
do
have
some
people
here:
we've
got,
madison
is
here
from
github
security
lab
and
eric
is
here
from
sneak.
So
maybe
they
can
kind
of
give
us
some
suggestions
on
how
best
to
approach
getting
more
researchers
involved
and
is
your
hand
still
up
or
is.
D
That
a
new
hand,
because
I
think,
maybe
to
madison's
point
about-
I
don't
think
it's
a
reasonable
expectation
for
researchers
to
be
continuous,
active
participants
in
the
open
ssf.
So
we
have
to
think
about
maybe
going
to
them
where
they
are
but
figuring
out.
D
What
are
we
asking
of
them
and
how
do
we
make
it
kind
of
scoped
and
limited,
because
no,
I
wouldn't
expect
that
they
would
show
up,
but
and
also,
if
that
includes
reaching
out
to
project
zero,
I'm
happy
to
to
facilitate
that
and
see
if
we
can
get
some
of
their
time
cool.
N
I
was
just
gonna
say
that
also
you
know
we
had
with
hunter.
We,
I
think
our
security
research
and
open
source
maintain
a
community
is
about
6,
000
people
right
now
so
happy
to
connect
or
like
act
as
a
bridge
between
our
community
and
the
workings
of
the
group
to
relay
you
know
comments
from
our
community
back
and
see.
You
know
what
constructive
feedback
we
can
find.
O
L
I
suspect
that
in
the
short
term,
helping
give
input
on
the
document
we're
creating
and
then
perhaps
we
can
seduce
them
into
staying,
but
for
the
longer
term,
because
we're
just
such
nice
people.
B
M
Yeah
github
sex
lab
has
a
lot
of
a
lot
of
connections
both
internally.
We,
our
security
team,
often
finds
a
lot
of
vulnerabilities
and
is
the
one
disclosing
and
because
of
our
position,
people
also
disclose
to
us
all
the
time.
M
So
we
have
a
lot
of
a
lot
of
people
from
both
sides,
both
internal
to
github
and
a
lot
of
external
reporters
and
users
that
we
work
with,
like
very
often
we
have
really
great
working
relationships
with
jonathan
is
one
of
them,
so
we
definitely
have
have
already
existing
connections
that
we
can
leverage
for
this
that
I'm
happy
to
start
making.
M
M
So
it's
I
think
what
we
want
to
do
in
this
working
group
is
probably
a
lot
more
in
depth
than
that
one.
But
I
plan
on
taking
those
same
concepts
and
adding
them
to
this
and
incorporating
them
basically
as
soon
as
I
can
find
the
time
to.
M
L
Excellent,
it
looks
like
our
anne
had
to
drop
off
so
do
we
have
some
more.
C
Yeah
katie
masseris
too,
would
be
a
really
good
resource.
If
anybody
you
know,
I
know
I'm
good
friends
with
her,
but
if
somebody
from
the
linux
foundation
wanted
to
reach
out
to
her
in
a
more
official
capacity,
that
might
be
a
good.
C
She
runs
her
own
company
she's,
the
loot
of
security
she's,
the
person
that,
if
you
shout
bug
bounty
program
three
times
she'll
appear
out
of
the
mirror.
L
Okay,
I
need
a
name
for
the,
for
I
don't
know
katie.
So,
okay,.
C
Katie
masuris,
if
you
google,
you'll,
find
a
wikipedia
page
but
guys
she's
at
luda
security.
C
L
C
L
C
L
C
L
All
right,
I
can't
type
this
morning,
apparently
all
right.
Look
at
all
these
great
suggestions.
L
L
O
O
Kayla's
not
here,
but
she
would
also
like
to
work
on
that.
We
talked
about
that
last
week.
C
And
can
we
be
specific
about
companies
and
company
names
and
the
pitfalls
of
using
verse,
cert?
Okay,
let
me
provide
an
example
right
if
you
disclose
a
vulnerability
by
github,
the
information
that
you
encode
in
the
disclosure
has
like
a
structured
format
and
then
that
structured
format,
especially
if
you
do
disclosure
fully
like
it,
gets
published
in
a
way
that
that
data
is
parcel
by
machines.
C
But
if
you
do
disclosures
by
a
snick
and
you
get
a
cv
via
snick,
if
you
don't
publish
that
with
another
way,
then
snake
publishes
it
they
get
to
give
a
cd
for
it,
but
their
database
is
closed,
source
and
closed,
and
so,
if
you
want
to
use
it
for
structured
data
like,
for
example,
if
you're
building
a
dependable
or
you're
building,
you
know
some
open
source
tool
to
audit
for
security
vulnerabilities.
You
have
to
curate
all
that
data
again
and
that's
why.
C
Personally,
I
use
github
security
advisories
to
publish
my
disclosures
because
at
least
I'm
publishing
it
in
a
curated
formatted
way
that
those
tools
can
automatically
scrape
and
because
github's
database
is
creative.
Commons,
like
I
prefer
to
do
that,
but
I
also
prefer
to
use
git
snick
as
a
cna,
so
like
you're,
including
these,
like
concerns
and
issues
about
specific
companies
and
why
you
might
want
to
use
specific
company
versus
another
one.
Is
that
like
okay,
in
the
context
of
like
this
article,
or
is
that
do
we
want
to
avoid
like
well?
C
O
C
When
you're
doing
cna
cve
issuance,
though
like
the
vendor,
has
like,
if
you
want
to
get
a
cv,
there
are
different
pitfalls
of
using
different
ones
right
that
you
may
not
know
without
experience
of
having
done
this,
which
I
do
have
the
experience
of,
because
I've
done
this
long
enough.
But
I
know
like
that's:
why
that's
why
I've
used?
That's
why
I
use
the
vendors
that
I
do
in
this
context,
because
if
you
disclose
in
a
specific
way
your
information,
the
information
disclosed,
doesn't
go
out
in
a
way
that
is
easily
consumable
by
other
tools.
O
L
If
nothing
else,
I
because
I
do
think
it
might
be
a
slippery
slope
to
for
the
organization
to
start
having
these
vendor
vendor-related
conversations.
If
nothing
else,
I
would
love
to
have
jonathan
write
his
own
independent
on
the
side
blog
post.
C
On
man,
I
mean
writing
for
me.
It's
not
that
it's
not
that
I
don't
mind
writing
instead.
Writing,
for
me,
is
a
really
difficult
process.
It's
like
it
takes
a
lot
of
time,
so
you
know
I,
you
know
I'd
be
happy
to
write
it
with
somebody
collaboratively,
but
me
sitting
down
and
writing
a
blog
post
is
actually
a
lot
of
work.
L
Yeah
trust
me
in
the
middle
of
my
second
book.
I
understand
adhd
over
here,
but
it's
it
is
the
sort
of
thing
that
you
know
where
you
publish
and
the
ramifications
of
that.
If
there
is
some
way
to
discuss
that
in
the
document
in
a
somewhat
vendor-neutral
way,
such
as
there
are
differences
in
where
you
publish
your
cve,
and
here
are
some
of
the
things
you
might
expect
just
in
general,
without
naming
names,
maybe
there's
a
way
to
do
that
in
the
document.
L
Depending
upon
I,
I
fully
admit,
I
have
not
read
the
doc
right,
but
maybe
there's
a
way
to
fit
it
in
there
and,
if
not,
maybe
that's
a
conversation
that
we
can
have
in
a
for
a
different
doc
or
a
blog
post,
or
something
like
that,
but
it
does
seem
like
making
it
easier
and
setting
up
appropriate
expectations
for
researchers.
L
I
Yeah,
I
I
I
would
agree
on
for
an
official
type
document.
I
would
not
name
names
that
that
gets
political
and
and
can
somebody
might
refuse
to
use
the
document
or
say
it's
biased
or
whatever,
but
as
a
separate
like
an
informal
community
document,
a
separate
document
of
reviews
of
things
or
you
know
like
a
pros
and
cons
document-
that's
separate.
That's
not
part
of
like
a
standards,
type
thing,
it's
probably
more
useful,
but
also
to
say
in
the
end.
I
C
I
think
one
of
the
issues,
too,
is
like
you
can't
avoid
company
names
right,
like
you,
smiter
is
a
company
right.
Like
you
know,
every
single
cna
is
not
a
non-profit
right.
Every
single
cna
is
under
a
corporate
entity.
G
C
The
choice
to
pick
a
cna
is
going
to
be
itself
a
vendor
decision
kind
of
I
mean
it's,
not
it's
not
account
vendor
that
the
vendor
actually
sells
the
product
right.
Vendors,
like
you
know,
white
source
and
snick
are
not
selling
where
cna
they're
selling
their
data
right,
but
there's
a
decision
that
you're
making
around
picking
which
one
of
these
cnas
you
want
to
work
with
and
why
you
might
want
to
pick
one
over
another
one
and
those
are
companies.
N
Yeah,
I
was
just
more
kind
of
leaning
on
from
what
jonathan
was
saying.
I
wonder
if
this,
if
the
working
group
has
ever
discussed
vulnerability
reports
made
to
the
various
you
know:
vendors
databases
whatever
that
don't
receive
cvs,
because
I
think
there's
a
there's
a
vested
interest
in
some
vendors
to
keep
vulnerability,
information,
proprietary,
and
so
they
don't
necessarily
or
like
for
whatever
reason.
Maybe
they
haven't
received
a
request
for
a
cv
or
whatever
it
might
be.
N
They
don't
necessarily
issue
one
and
then
so
you
you
don't
have
those
vulnerability
records
kind
of
spreading
through
to
the
various
ecosystems.
N
Because
of
this,
which
also
creates
difficulties-
and
I
think
I
think
every
vendor
is
at
fault
of
this
right-
I
don't
think
any
vendor
consistently.
A
hundred
percent
of
the
time
will
issue
a
cv
for
every
single
vulnerability.
That
record
of
value,
you
know,
will
issue
a
cve,
but
but
I'm
not
sure
how
you
also
solve
that
problem.
But
maybe
this
is
kind
of
like
a
tangential
topic.
L
Thank
you
yeah.
It
does
seem
like
it
will
be
tricky
with
that.
It
might
be
something
that
has
to
be
decided,
as
the
document
is
built
to
figure
out
what
the
I
think
we're
we're
talking,
all
theoretically,
without
actually
seeing
what's
in
the
document
right
now,
most
of
us,
and
so
it's
great
to
have
the
information
out
here.
L
So
we
know
that,
as
we
are
looking
at
the
document
because
we're
all
going
to
look
at
the
document
right
that
these
are
things
we
should
be
keeping
in
mind
as
we
do
it
and
we
do
have
a
bunch
of
people
who
have
volunteered
to
look
at
the
document,
which
is
wonderful.
Thank
you
all.
Can
you
commit
to
having
some
progress
on
that
by
next
meeting
in
two
weeks.
L
O
Yes,
are
there?
Are
there
other
people
who
would
like
to
claim
some
of
these
sections,
because
I
think
it
would
be
great
if
we
could
get
some
ownership
for
additional
sections
here.
L
L
And
it
might
be
difficult
to
have
a
look
at
that
and
listen
to
a
meeting.
So
I
understand
that
will
be.
You
might
not
be
able
to
do
that
right
now.
But
if
you
look
at
this
and
see
something
that
you
would
like
to
participate
in,
please
leave
a
comment
and
or
put
your
name
on
that
and
then
we
can
start
making
progress
because
we
do
have
a
deadline
on
this,
since
we
would
like
to
believe
it
was
august.
P
C
L
Okay,
how
about
I
shoot
a
mail
to
the
list
and
see
whether
somebody
has
already
done
something
on
this
and
if
not,
whether
they
have
ideas
and
how
we're
just
going
to
slide
through
the
back
door.
Somehow,
and
I
yeah.
C
Maybe
get
it
into
a,
I
guess
that
could.
C
K
L
Yeah
exactly
so,
somebody
could
have
done
this
work
already
and
we
just
don't
know
so.
That's
something
that
we
will
need
to
capture
so
I'll
shoot.
I
will.
I
will
send
off
a
message
to
the
mailing
list.
L
I've
been
having
trouble
with
my
mailing
list
for
some
reason,
so
hopefully
it'll
work.
L
Okay,
oh,
I
should
capture
that
in
the
notes,
all
right
anything
else
on
this
document,
or
are
we
all
just
going
to
pile
in
and
make
some
progress
by
next
meeting.