►
From YouTube: Ortelius Governing Board May 25, 2023
Description
A discussion around the TOC nominations, new competitive tooling around Evidence Stores, and architecture are the topics of this Ortelius Governing Board Meeting.
A
B
C
C
C
C
C
B
C
C
C
C
C
D
C
C
F
C
Cool
and
I
think
that
is
pretty
much
all
I
had
in
my
notes
that
we
needed
to
take
care
of,
for
this
call
we
did
have
it.
We
did
have
like
really
great
for
those
of
you
who
have
not
been
on
the
call
Sergio,
Anne-Marie
and
Kat.
We
had
a.
We
had
a
really
good
visibility
at
cdcon
this
year.
It's
pretty
cool,
that's
that
both
Sim
and
Steve
got
CDF
level.
Awards
Sasha
got
his
award,
it
was
a
fun
show.
C
I
got
to
do
a
keynote
at
open
source
Summit,
which
is
kind
of
cool
being
on
the
big
stage
where
I
I
promoted
both
I,
promoted
ortilius
talked
about
an
Evidence,
catalog
and
I.
Think
one
of
the
most
interesting
things
that
I
learned
that
that
really
you
know
piqued
my
interest
and
we're
going
to
do
a
follow-up
call
with
Fidelity
Investments.
They
built
their
own
evidence,
store
I
will
I'm
going
to
share
with
you
all
the
link
really
quick
here.
C
C
So,
if
this
is
the
first
time,
I've
seen
a
and
they
talk
about
it
in
here
that
they
wrote.
You
know
this
is
this
is
homegrown
I,
don't
know
if
they're
doing
versioning
of
it
I
would
kind
of
doubt
that
but
you'd
never
know
how
they're
how
they
felt
it
I'm
very
curious
how
they
built
it.
But
the
reason
why
I
bring
it
up
is
because
it
it's.
C
Overall,
we
had
a
really
fun
time
at
cdcon
and,
like
I,
said,
ortelius
got
a
really
some
really
good
exposure
and
there
was
some
a
real
interest
in
this
idea
of
an
Evidence
catalog.
So
the
team
is
in
a
good
place.
Bhati
demagrichi
said
that
in
terms
of
activity,
ortilius
is
their
most
active
project,
so
kudos
to
us
all
for
building
this
and
keeping
it
going.
B
C
Yeah
and
what
Brendan
told
me
was
that
they're
interested
in
possibly
integrating
where
they
would
provide
the
graphs
for
the
dependencies
and
we
would
provide
the
data,
so
we
might
be,
you
know,
we're
starting
to
create
a
power.
You
know
a
power
station
here
with
bringing
in
other
open
source
tools,
because
that's
that
is
the
way.
That's
the
way
to
win.
No
doubt
if
you
get
we
had.
We
have
red
hat
now
and
already
now
committed
and
if
we
add
some
teams
from
Google
doing
some
work
to
help
us
too
it'd
be
great.
E
I
I
have
something
around
it.
Let
me
share
something.
Another
thing
is
gonna
pull
off
what
we
were
talking
about
here,
so
news
from
Redcat.
We
have
now
at
some
it
launches
something
that
is
called
throughout
the
software
supply
chain
it.
It
sounds
something
for
you
like
having
pipelines
and
doing
in
a
secure
way
like
checking
s-bombs
and
images
and
other
stuff.
So
this
is
like
a
well.
This
was
presented
by
burn.
Sutter
is
like
the
director
of
product
management,
Global
and
I,
already
told,
like
hey
I
love
the
presentation.
E
We
are
already
doing
some
stuff
like
that
in
the
open
source,
even
we
are
already
working
with
empowers.
That
is
already
something
Italian
from
Red
Hat,
so
like
make
a
little
sense
that
maybe
we
can
like
I,
don't
know
just
check
like
at
what
point.
Maybe
we
can
do
stuff
together?
Maybe
utilize
improve
I,
don't
know,
but
it's
just
opening
the
conversation.
D
D
E
A
D
E
C
Yeah,
that's
interesting
that
they're
taught
that
we're
talking
now
about
a
store
right.
How
do
you
store
this
information
and
start
using
it
consuming
it?
You
know
acting
on
it,
enabling
it
leveraging
it
using
Opa
for
policies
around
it
and
ultimately
AI
That's,
where
that's
going
to
come
from,
so
that
that's
super,
exciting
and
I'm.
So
happy
Ann
Marie
that
you're
from
that
project.
E
It's
public
yeah,
I,
I,
I,
didn't
it
was
yeah
well
I
I
think
we
were
in
the
similar
situation
manually
like
well
you're
wearing
the
project,
but
I
mean
I
was
looking
at,
but
I
couldn't
say
anything
I
was
just
like
waiting
for
this
public
because
the
internal
presentation
was
a
few
weeks
ago
releases.
But
now
we
can
talk
about
this.
So
it's
going
to
be
interesting.
It's
super
extensive
I
mean
this
is
not
one
thing.
It's
like
a
lot
of
a
lot
of
things
going
on.
E
It's
like
a
lot
of
different
open
source
projects
and
different
stuff
like
just
glue
in
one
Maybe
like
a
pre-fabricate
process,
something
like
that.
But
yeah.
There
is
a
lot
of
opportunity
to
to
to
participate
because
there
is
a
lot
of
moving
Parts
here.
So
I
think
it's
going
to
be
a
great
conversation.
I.
C
B
D
D
It
called
Anne-Marie
record
r
e
k,
o
r
I'm,
not
sure,
like
we
should
map
functionality
to
see
where
it
overlaps
with
the
retalias
and
where
it
doesn't.
But
basically
it's
it's
storing
evidence
of
when
you
do
certain
checks
in
your
pipeline,
like
have
you
done
a
static
application
security
test?
Are
your
images
signed
things
like
that?
B
E
E
C
We
I
know-
and
we've
been
we've
been
working
on
this
now,
for
you
know
as
an
open
source
project
for
two
years
and
as
a
project
that
we
were
trying
to
get
to
an
open
source
level
for
one
year.
So
I'd
say
we
had
some
Vision
on
that.
That's
where
people
would
finally
figure
out,
and
then
you
know
the
thing
about
it
is
in
Microsoft
microservices.
It
just
makes
it
harder,
because
when
you
have
an
application,
you
have
all
of
the
components
together
that
you
can
do
a
check
at
the
application
organizational
level
with
microservices.
D
It's
would
right
now
just
treat
each
microservices
as
a
standalone
application,
I
think
right
and
if
you
had
onboarded
several
into
one
workspace,
you
would
see
the
you
know.
The
same
team
was
working
on
them,
but
it
doesn't
it's
not
really
designed
for
any
kind
of
global
enterprise-wide
view
right
so
kind
of
kind
of
not
what
it's
trying
to
do.
C
So
I'm,
looking
forward
to
having
a
discussion
with
those
that
team
I
think
comparing
notes
will
be
great
because
we
are
now
in
we
have
now
I.
We
have
we're
now
at
a
new,
a
new
market
laughs
and
we're
the
open
source
tool
in
that
market.
So
it's
pretty
exciting
and
you
might
feel
like
having
these.
Other
tools
are
competitive,
but
I
can
tell
you,
as
a
company
open
make
software,
we
struggled
being
the
I
used
to
call
us
the
lonely
furniture
store
at
the
end
of
a
road
that
had
no
street
lights
laughs.
C
Nobody
wanted
to
go
down
there
because
nobody
else
was
doing
it
and
people
would
say
well.
If
this
is
so
important,
why
isn't
anybody
else
doing
it
and
I'd
be
like
I?
Don't
know
I
wish
they
were
I
wish
they
were
doing
it
so
I'm
glad
that
artillius
is
gonna.
It's
been
down
a
lonely
road
with
no
street
lights,
and
now
we've
put
street
lights
in
and
there's
another
furniture
store
next
to
us,
which
creates
a
Marketplace,
and
that
is
what
we've
been
missing
as
a
Marketplace.
C
D
C
Yeah
so
like
so
backstage
what
backstage
is
really
really
good
at
it's
also,
it's
a
problem
backstage
is
really
really
good
at
generating
a
pipeline
for
the
microservice.
So
you
as
a
developer,
you've
got
a
python
module.
You
need
to,
you
know,
start
working
on,
you
can
go
in
and
you
can
say
these
are
the
tools
I
want
and
it's
going
to
generate
for
you
a
pipeline
for
like
a
Jenkins
pipeline.
C
The
problem
with
backstage
is
it
generates
a
Jenkins
pipeline
and
the
industry
needs
to
start
again
I'm.
Looking
the
future,
the
industry
needs
to
start
getting
away
from
Pipelines.
So,
for
example,
in
Steve's
chat
at
open
source
Summit.
He
pointed
out
that
Jenkins
alone
has
20
million
known
Pipelines.
C
If
we
want
to
add
s-bomb
generation
to
it,
we
have
to
go
and
manually
edit
those
pipelines
backstage
just
creates
more
pipelines.
If
you
once
you
create
your
pipeline,
if
you
want
to
update
it,
you
have
to
go
update
your
pipeline,
but
it
does
create
a
catalog
of
microservices
and
their
tools
that
they're
using
but.
E
E
Today,
yes
right
at
the
list
in
the
in
the
developer,
Hub
is
like
an
Enterprise
version.
It's
more
about
like
one
page
integration
and
encapsulating
complexity
is
not
necessarily
like
doing
pipeline
is
more
like
hey
I'm,
just
like
putting
in
a
view
like
capturing
all
that
data
I
need,
like
inputs
and
stuff
like
that
and
after
that
probably
is
going
to
be
other
thing.
But
it's
more
like
a
one
page
to
say:
hey
I
can
check
the
dependency
I
can
check
the
status.
E
I
can
check
it,
it's
more
about
like
having
in
one
place
all
the
information
needed,
the
personal
responsibility
and
stuff
like
that.
So
at
least
in
the
pipeline
side
we
are
at
least
a
lot
of
the
folks
are
like
not
trying
to
relate
that
much
backstage
with
pipeline
itself
is
more
about
encapsulating,
encapsulating
any
complexes
and
be
like
a
self-service
more
and
more
than
that.
E
So
and
that
way
now
there
is
a
lot
of
people
doing
plugins
the
the
concept
of
pipeline
is
less
because
they
spear
the
the
the
the
range
of
plugins
are
what
you
can
do
so
it's
at
the
beginning.
Maybe
it
works
like
five
plugins,
and
maybe
that
was
like
top
of
one
day.
You
use
it,
but
right
right
now,
it's
like
a
small
part,
and
you
have
like
a
more
white
a
picture
about
what
to
do
with
with
with
active.
So
it's
going
to
evolve
a
little
bit
and
I.
C
E
Even
we
can
do
our
own
plugins
from
just
taking
the
best
of
our
deals.
I
put
it
in
just
inside
of
that's
that's
the
thing
at
the
end
for
black
stage,
it's
like
what
you
want
to
you
need
this.
We
have
it.
We
have
a
days
on
octelius
and
you
get
just
rid
of
a
plugin
and
bring
this
information
that
is
valuable
on
our
daily
into
vaccine
and
that's
all.
C
C
E
C
F
So
crazy
on
the
AI
print
that
you're
talking
about
right,
so
I've
shared
a
document
and
like
the
Cisco
already
has
this,
you
know
pipeline
security
thing.
They
call
it
like
a
Corona
scan
or
something
and
they're
like
also
working
on
the
eie
fund.
So
like
there
was
one
idea:
I
don't
like.
If
that
is
being
worked
upon
or
not
so
like
once,
you
fix
some,
you
know
CVS
or
something.
F
C
F
C
E
F
Yeah
so
when,
like
Sergio
started
talking
about
this
pipeline
right,
I
I
I,
like
like
part
of
searching
this-
if
that
is
some
things
like,
if
that
is
online
public
or
somewhere
so
I
found
like
this
document,
but
they
haven't
mentioned
some
anything
there.
So
it's
like
very
sophisticated
tool
they
have
created,
they
are
using
like
in
the
back
end,
they
are
using
black
bug,
saved
TV
they're
using
a
lot
many
other.
You
know
open
source
to
to
generate
all
these
reports.
C
B
F
D
B
D
Would
say
in
our
red
hat,
offering
we
have
something
called
I,
think
it's
the
snapshot
environment,
binding.
That
essentially
gives
you
a
version
and
what
it
is
is
it's
like
essentially
storing,
like
all
the
git
hashes,
of
all
the
components
that
you've
deployed
together
and
what
environments
they're
on
and
when.
B
F
B
B
A
B
Artifact,
Repository
and
now,
with
the
way
emporis,
is
adding
on
the
search
capabilities
and
all
the
all
the
fun
stuff
into
the
oci
registry.
It
would
be
make
make
sense
if
that
could
be
applied
on
top
of
an
ipfs.
So
you
have
the
distributed
network
of
the
artifacts,
the
impora
search
capabilities
and
then
the
ortelius
on
top
of
that
Gathering
and
all
together.
B
A
A
B
B
F
B
B
So
the
state
is
persisted,
so
you
don't
have
to
go
through
and
rebuild
from
the
very
beginning
of
time
to
come
up
with
the
right
state.
So
that's
one
of
the
things
in
the
xrpl
that
makes
it
very
efficient,
especially
for
like
what
we're
doing
being
able
to
get
that
proof
of
consensus,
something
like
Bitcoin.