►
From YouTube: Working Group: 2022-03-15
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
All
right
welcome
everyone
to
the
pacquiao
working
group,
weekly
meeting,
we're
glad
that
you're
here,
let
me
see
we
have
new
faces
things
like
not
much
the
base
team
here.
Thank
you
for
joining
all
right.
Here's
my
screen,
real
quick.
A
B
B
A
A
I
don't
see
forest
here
either:
okay,
right
next
up,
rfc
for
securing
time
environment.
B
I
forgot
about
this
comment
when
I
posted
it
like
two
weeks
ago,
and
then
we
had
working
group
last
week
and
I
forgot
to
bring
it
up
then,
in
the
current
implementation
we
outline
that
we
need
to
create,
like
a
whole,
separate
builder
and
some
other
things.
I
guess
my
question
is
like
what
minimally
do
we
have
to
do
and
I
kind
of
outline
what
I
think,
maybe
at
a
minimum.
B
We
would
need
to
do
in
order
to
achieve
this,
which
is
really
just
produce
a
run
image
that
has
a
different
user
id
than
the
build
image
we
produce,
because
then
we
could
actually
run
tests
and
use
the
like
dash,
dash,
run
image
flag
off
of
the
pack
build
command
to
assert
that
the
behavior
we're
expecting
from
the
build
pack
works
correctly.
A
A
Okay,
okay,
thank
you.
Ryan
next
up
will
be
serial
config
web
server
builds.
B
B
Gonna
just
check
the
maintainers
list
and
currently
the
web
server's
maintainers.
Are
you
and
arjun.
B
D
Yeah,
I
don't
think
this
has
moved
a
whole
lot
since
last
week,
but
it's
still
there
if
folks
want
to
comment.
A
B
I
think,
at
the
end
of
the
day,
the
thing
I
cared
about
most
here
was
like
that.
We
don't
talk
about
gcr
at
this
and
all
like
the
whole
thing
and
dan,
it
seems
like
you've
addressed
that
which
then
to
me
felt
like
the
only
like
outstanding
concern
was
like
how
many
years
do
we
say
we're
going
to
retain
images,
for
I
don't
know
that
I
have
a
concern
in
that
space.
D
Okay,
that
that's
where
I
added
to
do
still
that
I
haven't
got
to,
which
is
to
basically
go
back
and
see
like
take
a
couple
different
intervals
and
see
what
that
would
get
us.
You
know
like
how
many
images
would
we
retain
what
sort
of
space
would
that
clear
up?
How
far
back
would
we
go
version
wise
that
sort
of.
E
Yeah
there
were
some
new
comments
on
this
added
in
the
past.
Now
I
need
to
have
a
look
at
those
I
wasn't
aware
of
the
environment
property
source,
so
that
could
be
a
way
to
go.
So,
oh
yeah,
that's
for
me
to
go
and
have
a
look
at
that.
F
And
my
understanding
of
all
the
tomcat
options
is
a
little
bit
loosey-goosey
just
from
glancing
through
the
docks,
so
feel
free
to
look
at
it
and
tell
me
that
I'm
off
base
here,
but
my
other
question
was
sort
of
about
when
we're
copying.
Some
of
these
there's
a
part
where
we're
mentioning
copying
properties
into
the
catalina
properties
file,
and
I
think,
in
an
earlier
version
of
this
rfc.
This
was
explicitly
in
a
tempter.
F
But
I
feel
like
now
that
it's
in
the
catalina
baster,
we
run
the
risk
of
copying
secrets
onto
the
root
file
system,
which
is
not
treated
with
the
same
sensitivity
as
a
secret
volume
and
a
lot
of
common
platforms
like
kubernetes.
So
that
would
be
for
me,
that's
sort
of
the
blocker
for
this,
where
I'd
want
to
ensure
that
we're
we've
set
this
up
so
that
by
default
we're
not
copying
secrets
to
a
less
secret
location,
and
then
everything
else
is
just
different
suggestions
for
how
we
could
approach
that
that
I'm
not
particularly
opinionated
on.
F
D
D
F
That's
the
we
do
that
in
one
place
in
the
ca
certificates
built
back,
all
the
ce
certificates
aren't
really
secret
in
the
same
way,
in
most
situations,
but
just
in
case
we
have
to
copy
those.
So
we
can
rename
the
files
if
we
copy
them
to
attempt
directory.
D
F
The
other
solution
I
was
sort
of
proposing
here-
and
it's
like,
I
think,
it's
more
work
so
wouldn't
want
to
go
that
way
if
there
was
an
easier
way
to
do
it,
but
because
you
can
set
up
like
you,
can
configure
a
property
source,
a
custom
property
source.
As
long
as
it's
an
implementation
of
the
right
interface,
we
could
like
contribute
a
implementation
of
the
property
source
that
then
just
dynamically
loads
from
the
binding
at
runtime.
Without
sort
of
copying
to
a
properties.
File
was
another
option.
E
I'll
take
a
look
at
those
okay,
so
we've
got
this
there's
three
potential
ways
forward:
there
that's
cool.
E
On
the
chat
there,
the
details
of
the
three
options
probably
aren't
called
out
as
three
different
things,
but
I
could
I
can
summarize
in
a
comment
later
on,
for
people
that's
cool.
A
All
right
next
up
build
with
civility.
B
I
don't
think
so
emily
I
wanted
to
know
if
all
of
your
concerns
were
addressed
at
this
point.
F
G
F
B
Where
we
are
being
like
quite
paranoid
about
what
we
are
producing,
and
so
the
tests
are
asserting,
like
a
really
really
strong
assertion
about
what
actually
ends
up
in
the
image
and
what
we're
reverting
to
is
like
a
reasonably
okay
assertion.
I'm
like
we
should
feel
free
to
move
to
that
kind
of
assertion.
Instead
of
keeping
the
like
much
stronger,
one
that
has
this
kind
of
negative
side
effect.
B
There's
been
quite
a
lot
of
conversation
back
and
forth
about
whether
or
not
we
should
allow
this
to
happen.
I
think
dan,
some
of
your
commentary
about
is
their
work,
could
be
doing
upstream
to
kind
of
do
things
like
improve
the
performance
of
some
of
the
s
bomb
generation.
B
B
The
other
thing
was
this
last
bit.
This
comment
here
about
having
some
functionality
allows
say
like
an
enterprise
or
organization,
to
override
a
particular
value
configuration
value
for
all
builds
to
me.
This
sounds
like
a
platform
level
thing
and
I'm
not
really
sure
what
the
api
would
look
like
for
like
a
build
pack
to
enable
such
a
platform-wide
feature
since
bill
packs,
don't
really
have
a
concept
of
like
a
platform
or
or
any
sort
of
real
understanding
of
what
that
might
be.
F
It's
like
the
build
pack
gets
these
environment
variables,
often
they're
provided
on
b
by
the
platform
on
behalf
of
the
user,
but
they
could
be
provided
by
the
platform
on
behalf
of
itself,
and
I
don't
think
it
should
matter
to
the
build
bank.
D
D
That's
definitely
something
I've
seen
happen
before
being
able
to
force
certain
settings
onto
their
developers
is
important,
I'm
a
little
reluctant
to
punt
and
just
say:
let
the
platforms
do
it
since
the
platforms
start
doing
it
now
kind
of
puts
us
in
a
spot
where
there
isn't
a
solution
for
someone
like
that
which
again
could
impact
adoption,
but
yeah
I
mean
I
certainly
get
what
what
the
concern
is.
You
know
having
a
extra
few
seconds
on
your
development
time,
for
an
s-bomb
generation
is
not
pleasant
in
the
slightest.
D
B
B
B
F
I
think
in
node
engine
is
an
interesting
case
right
like
if
you're,
adding
node,
if
you're
defining
what
version
of
node
you're
installing
in
your
build
materials
as
a
build
pack
in
a
lot
of
cases.
You
know
you're,
looking
in
your
metadata
to
figure
out
where
this
version
of
node
came
from
and
installing
it
so
then
you
could
generate
the
s-bom
and
you
already
have
all
that
data.
So
it's
not
really
taking
you
any
time
to
generate
the
s-bomb
right.
F
It's
just
about
copying
that
data
and
I
think
it
raises
a
question
about
what
people
want.
If
they
turned
it
off
like
would
we
want
to
turn
off
all
s-bomb,
even
the
kind
that
are
instantaneous
or
is
it
just
like?
Is
it
just
the
fast
and
dirty
option
like
I
don't
care,
don't
waste
any
time
on
it
like?
Would
it
be
like
right
now?
You
know
if
we
wanted
to
when
we
approve
the
run
image
bomb
rfc
like
they've
got
the
run
image
bomb
in
there.
F
F
F
G
A
couple
of
things,
speaking
from
my
experience
like
dealing
with
them,
the
net
sdk
and
cli,
and
its
documentation,
something
like
a
like
an
environment
variable
that
turns
off
the
software
of
build
materials.
G
I
would
certainly
advocate
for
as
a
simpler
interface
like
something
that,
just
simply
like
does
turn
off
the
s
bomb
and
if
it's
a
concern,
for
example,
that
this
like
weakens
the
build
packs
sort
of
like
compliance
story.
I
guess
from
a
from
an
operator's
perspective,
then
I
think
it'd
be
cool
if
we
at
least
like
filed
an
issue
with
kpac,
to
express
this,
as
I
think
one
example
of
a
broader
thing
like
we
can
request,
features
from
kpac.
G
I
think
kind
of
makes
sense
for
us
to
do
that
and
kind
of
do
other
other
things
to
like
remediate
this
problem,
rather
than
make
the
actual
like
implementation,
complicated.
F
B
I
think
like
for
stuff
like
the
go
build
pack,
their
s-bombs
are
generating
in,
like
you
know,
around
the
one
one-ish
second
kind
of
benchmark,
but
notice
in
the
like
30
to
60
second
territory,
which
is
a
significant
long
time
more
yeah.
B
This
is
kind
of
amplified
by
a
recent
set
of
changes.
We've
made
to
that,
specifically,
the
things
we're
talking
about
are
the
npm
install
and
the
yarn
installed
packs
those
that
install
like
huge
numbers
of
node
modules.
Those
are
tend
to
be
the
ones
that
are
really
really
slow.
This
is
definitely
impacted
by
recent
changes
to
both
those
build
packs
that
were
meant
to
support
other
features
in
the
node
ecosystem.
B
But
imagining
that
there's
like
a
90
overlap
in
those
things,
you're
gonna
end
up.
You
know
instead
of
30
seconds
it's
60
seconds
and
so
on
and
so
forth.
Is
you
know,
you're
just
adding
more
stuff,
your
your
s
bomb
generation,
time
balloons
pretty
significantly
there.
A
D
We
did
have
a
a
about
team
meeting
on
friday.
I
think
we
had
some.
We
had
decent
attendance
there,
I'm
trying
to
remember.
I
don't
know
that
there
was
anything
specifically
covered
for.
D
A
All
right
next
up
project
of
the
well.
I
had
a
couple
first
up
as
we
discussed
last
week.
This
is
a
first
attempt
to
have
a
mailing
list
and
I
say
attempt
because
well,
google
groups
is
a
tool
that
all
the
open
source
projects
on
on
vmware
actually
use
to
have
a
yeah
mailing
place
and
also
a
public
calendar,
but
for
pacquiao
bill
pack.
Specifically,
I
still
need
to
check
with
someone
at
the
cloud
foundry
foundation.
A
A
A
Okay,
I'm
sorry
daniel
is
that
er
to
go
on
the.
A
Okay,
cool
right,
so
yeah.
This
is
the
first
attempt
I
just
invite
most
of
you,
but
I
still
need
to
check
with
you
see
if
how
to
do
it.
Also,
in
terms
of
events,
all
things
open
cfp
is
open.
A
This
is
a
really
cool
event
where
we
could
plan
to
have
a
hands-on
session.
I
mean
one
of
the
things
I
like
the
most
on.
All
things
happen
is
the
the
actual,
hands-on
or
or
yeah
workshops
hackathons,
whatever
you
may
call
it.
So
the
cfp
closes
well
with
a
month
so
yeah.
What
what
has
been
you
know
useful
for
some
other
projects
recently
in
terms
of
content
creation
is,
is
to
have
a
baseline
of
text
already
prepared
for
for
events
or
for
workshops
and
to
be
able
to
distribute
that
to
different
events.
A
Leveraging
the
developer
advocates
team
because
yeah
the
goal
is
not
to
ask
you
the
maintenance
team
to
attend
or
to
present
at
every
event
out
there,
but
but
to
leverage
the
thing
that
they
actually
that
that's
their
duty.
Their
job
is
to
actually
present
at
events.
Developer
advocates
so
and
also
again,
I
need
to.
I
still
have,
pending
a
conversation
with
the
developer,
advocate
at
the
cloud
foundry
foundation
to
see
how
can
we
join
forces
to
lay
out
a
content
generation
plan,
but
yeah?