►
From YouTube: Working Group: 2020-05-26
Description
* RelEng PR permissions
* buildpack.yml replacement: https://github.com/paketo-buildpacks/rfcs/pull/9
* Run image mirrors
* Paketo Registry Proxy
* Standardize release notes
* Go language RFCs: https://github.com/paketo-buildpacks/go
A
A
A
A
B
D
C
B
No,
the
long-term
plan
is
those
don't
exist
for
anything
but
development.
Realistically,
especially
once
the
registry
kicks
into
place,
the
images
are,
the
only
real
deliverable
will
ad
will
always
support
the
other
kind,
because
there
are
times
when
you'll
need
to
get
those
things,
but
build
packages
as
images
I.
E
F
E
G
C
B
B
F
H
I,
don't
think
we're
we're
triggering
on
any
of
the
new
build
packages
that
feature
in
just
shipping
it
because
we
haven't
oh
yeah
right
I,
don't
think
we've
configured
our
pipelines
to
consuming
those
yet
but
I
mean
we
can
we
can
do
that
as
they
go
or
we
could
just
wait
till
they're
done
just
do
them.
All
once
seems
easier
to
do
that,
whatever
you.
E
C
C
E
H
E
F
C
C
I
wrote
a
pill
pack
that
would
allow
you
to
inject
requires
directly
into
the
build
plan
through
a
configuration
file.
It
was
sort
of
a
debugging
bill
bill
pack
that
I
wrote,
but
a
little
while
ago,
Ryan
went
in
and
fleshed
it
out,
some
more
to
basically
accept
a
file
that
looks
very
similar
to
the
bill
play
a
Tamil
file.
C
If
you
all
wanted
to
adopt
this
that'd
be
great.
If
you
don't
more
power
to
you,
I
guess,
but
this
sort
of
is
a
way
for
us
to
offload
a
bunch
of
repetitive
unique,
but
not
really
unique
logic
that
we
have
been
putting
in
all
of
our
build
packs
onto
the
lifecycle
and
leverage
the
fact
that
it's
parsing
the
build
plan
for
us
all
the
time
and
use
those.
Instead,
this
is
a
little
long-winded
motivation.
C
We
did
some
back-and-forth
and
I
tried
to
capture
as
much
of
the
back-and-forth
on
the
PR
as
I.
Possibly
could
I
just
added
this
section
to
more
this
morning
about
addressing
some
concerns
around
people
being
able
to
access
build
packs
that
they
shouldn't,
which
is
not
really
that
big
concern
but
yeah.
This
is
this.
Is
it's
pretty
simple?
In
the
end,
we
add
a
build,
build,
packed
at
the
end
of
our
build
build
pack
groups.
It
accepts
a
some
type
of
format
right
now
it
accepts
something
called
plan
Tamil.
C
There
is
some
potential
discussion
about
maybe
trying
to
merge
that
into
something:
that's
more
Universal
like
project
Tamil
or
coming
up
with
a
better
interface,
something
that
I
have
not
fully
addressed
yet,
but
I
think
could
be
iterated
on
and
then
I
have
sort
of
the
conversion
that
you
would
do
the
one-to-one
conversion.
You
would
do
to
make
this
look
like
plan,
Tamil
and
I
think
the
reason
I
was
really
excited
about.
C
This
is
because
it
makes
our
build
pack,
so
it
makes
us
be
able
to
be
a
lot
more
stingy
about
when
we
hand
out,
build
and
launch
flags.
We
can
only
be
very,
very
guarded
about
the
permissions
we
hand
out,
meaning
that
we
don't
end
up
with
containers
that
just
have
stuff
flying
around
in
it,
because
we
thought
that
maybe
the
user
would
potentially
want
it
there.
C
E
Really,
like
the
kind
of
power
and
transparency,
so
it's
like,
instead
of
a
build
pack
having
to
parse
the
special
thing
in
the
app
directory.
That's
basically
the
same
thing
in
a
different
format.
As
you
know,
Bill
Peck
has
exactly
one
interface
for
getting
requirements
and
that
can
come
from
the
app
or
come
from
another
build
pack,
and
it
looks
exactly
the
same
in
both
cases
that
that
seems
like
you
know,
if
there's
a
criticism
of
our
API,
it's
that
we
create
too
much
complexity
right.
This
keeps
it
simple
keeps
the
interface.
E
The
same
gives
the
app
developer
a
lot
of
power,
and
it
opens
up
things
flat,
more
flexible
things
like
you
know,
if
someone
wanted
to
use
just
the
open,
JDK
build
pack,
do
everything
else
themselves.
The
opportunity
build
pick
doesn't
do
anything
special.
They
can
just
say:
I
need
this
from
open
JDK.
They
don't
have
to
write
a
build
pack
and
get
it
installed
in
the
platform
and
all
that,
if
the
operator
chooses
to
support
build
plan
build
pack
which
is
like
the
operator
choosing
to
support
app
developers
having
more
flexibility
right.
B
Concur,
this
is
a
perfect
level
of
layering
on
top
of
something
that
already
exists,
translating
the
same
way
we
do
with
something
like
proc
file,
for
example,
into
the
primitives
for
the
spec
itself.
The
only
concern
I
would
have-
and
it's
very
light
concern
is
whether
we
actually
want
to
call
it
plan
about
Tamil
I,
don't
have
a
better
main,
but
that's
gonna
have
some
collisions
with
this
pack
itself,
and
this
isn't
technically
part
of
the
CNB
spec
I
am.
E
A
I
think
it's
very
clever,
and
it
also
gave
me
a
slightly
crazier
idea
that
maybe
we
can
move
mix-ins
into
the
build
plan
as
well
like,
instead
of
doing
all
that
validation
up
front.
If
build
packs
then
are
like
requiring
mixings
as
like
a
special
shield
and
the
merge
tamil,
then
you
could
have
the
stack
provide
things,
but
also
like
a
route.
Build
pack
in
droves
proposal
could
also
provide
things.
You
said
having
two
ways
to
do
that.
A
D
Initial
concern
with
adding
nixon's
at
that
level
would
be
that
it
might
be
to
like
open
at
that
point
or,
if,
like
we,
don't
because
we
don't
want
people
necessarily
configuring
the
mix-ins
here
right
like
we
want
that
to
happen
at
a
lower
level.
We
don't
want
to
give
the
user
that
much
access
to
this
is
that
right
or
no,
it.
E
A
A
A
E
E
E
B
C
Dan's,
not
here
and
I,
don't
think
Ryan
is
here
either,
which
is
unfortunate
because
I
believe
they're.
The
two
authors
on
that
rnc
I
have
we
I
have
talked
to
them
both
about
the
and
they're
both
willing
to
go
forward
with
this
plant.
But
we
should
definitely
probably
close
one
of
these
before
we
accept
the
other
one
sure.
B
E
C
B
No,
this
definitely
affects
s
like
the
the
reason
I
would
never
have
supported,
or
we
never
would
have
gone
to
support
bill,
yeah,
Moe
or
bill
packed
out
yeah
moe,
but
this
the
key
thing
about
this
is:
it
doesn't
require
me
to
support
it
right.
This
is,
if
anybody
adds
this
to
an
order,
all
build
packs
implicitly
support
this
behavior,
and
that's
actually.
What
makes
it
so
attractive
to
me
is
that
it
requires
nothing.
So
I
am
very
much
in
support
of
this.
E
E
It
because
I
don't
want
people
signing
in
as
a
bot
right,
because
the
security
model
there
is
pretty
bad.
If
we're
saying
the
bot
acts
on
behalf
of
rel
edge,
is
that
right?
Because
I
come
in
the
model
right
now
yeah,
then,
if
repos
can
we
make
the
bot
part
of
a
team?
And
if
of
you
know
supposed
to
open
and
close
these
PRS?
If
that
makes
sense,
I
guess
you
can't?
If
a
bot
opens
a
PR,
you
can't
have
other
people
close
the
PR
right
without
being
maintained
in
there
I.
Don't.
D
B
G
That's
all
I
was
gonna
say
just
like
take
the
token
and
then
write
a
script
on
your
workstation.
That
only
knows
how
to
close
PRS,
because
that's
essentially
the
same
thing.
It's
about
opening
them
right,
I
mean
it's
just
automation,
you
have
it
all
in
it,
I
mean
it'll
limit
the
interaction
you
have.
That's
the
ball
right,
like
you're,
not
gonna,
do
anything.
It's
just
like
closed
PR
PR
number
X
in
this
repo,
then
the
bot
just.
E
B
I'm
not
fundamentally
opposed
to
the
the
idea
of
adding
a
triage
user
or
adding
a
team
to
the
triage
group
for
this
I'd
prefer
not
to
have
to
simply
because
it's
not
a
super
common
use
case.
You
see
and
open-source
projects
I
like
the
idea
of
the
script,
but
I
don't
think
it
matters
particularly
then.
E
B
Yeah,
this
is
totally
I
was
looking
at
it
from
a
governance
perspective.
You
know,
you'll,
never
find
another
open
source
project.
That
sort
of
randomly
allows
triage
permissions
to
some
other
group
of
people
that
aren't
you
know,
maintainer
Zoar
contributors
and
so
from
that
perspective,
to
maintain
consistency.
I
like
the
idea
of
just
having
the
script,
but
in
practice
I,
don't
think
it
matters
at
all
makes
I
think.
E
We
want
the
relevant
team
to
be
contributors
to
all
their
repos,
in
that
they
are
acting
in
the
open
source,
contributing
to
those
projects
they're
just
not
maintainer-
of
the
particular
language
sub
team,
and
so
that
should
fit
in
as
long
as
we're
comfortable
with
I
just
had
no
company's
rules.
If
we
need
to
to
say
that
yeah.
B
The
issue
is
I,
don't
think
what
I
think
we're
confusing
two
different
things
here,
or
certainly
I
am
as
I
think
about
it
contributor
to
the
project.
It's
not
necessarily
made
github
contributor
permissions
which
alright
sufficient
yeah
but
yeah
if
they
want
to
be
contributors
and
weak,
grant
contributors
triage
sure,
let's
go
for
it.
If.
H
We
did
do
that,
though.
I
wouldn't
want
us
to
be
necessarily
contributors
to
the
medicine
B's,
because
we
don't
create
the
picado
bot
does
create
PRS
and
the
meta
cm
B's
that
the
feature
in
Jesus
but
team
uses
the
the
relic
stream.
Isn't
the
one
doing
that
so
it'd
be
better.
If
we
didn't
have
access
to
close
those
PRS,
because
we
didn't
open
them.
If
that's
possible.
E
We'll
figure
that
in
the
end,
I
think
it
ends
up
looking
like
the
biology,
makes
builders
and
the
rel,
and
he
makes
tools
and
then
the
governance
stuff,
all
sorts
out
normally,
but
we're
shifting
stuff
around
right
now,
I
think
it's
like
a
very
high
level
way
of
describing
him
I
think
it.
The
intermediary
state
makes
the
problem
seemed
like
the
governance
is
more
tricky
than
it
really
is.
The
end.
E
E
A
This
one
was
me:
I
think
we
should
publish
run
image
mirrors
on
all
the
major
registries.
I,
definitely
notice.
Once
we
moved
to
GCR
now,
when
I
can
do
run,
it
comes
out,
it
slows
down
exporting
to
docker
hub
me.
Do
you
have
this
convenient
mechanism,
so
we
can
help
people
find
the
closest
mirror
to
get
the
best
performance.
A
H
A
H
E
E
B
E
H
B
A
B
H
B
Every
change
to
the
stack
should
be
document
or,
like
should
document
and
trigger
out
of
that
right.
I.
Imagine
we
didn't
do
it
in
concourse.
We
did
it
in
github
actions.
Instead,
that's
where
it
would
live
right.
That's
then
vice
versa.
The
consumption
right,
changing
and
and
setting
up
the
mirrors
themselves
as
a
piece
of
documentation
and
a
builder
tamil
would
go
in
the
Builder
yeah.
F
I
put
this
one
down:
someone
on
the
VMware
slack
just
brought
this
to
my
attention
and
like
I,
was
wondering
what
you
all
think
about
it
around
setting
this
up
and
I
think
this
would
redirect
something
like
potato
io,
/
I,
don't
know
Java
to
the
actual
registry
location,
so
I
felt
like
this
would
be
like
pretty
cool.
Well,
you
XY
is
I
wish
GCR
had
something
like
this
to
just
allow
us
to
have
like
Vandy,
URLs.
E
I've
seen
this
before
it
routes
all
traffic
through
your
like,
if
to
set
up
a
proxy
that
either
gets
traffic
routed
through
it
or
it's
responsible
for
reader
like
relaying
a
whole
bunch
of
redirect
URLs,
it's
like
a
little
bit
of
a
hack.
If
that
makes
sense,
also
the
the
images
will
get
written
to
the
registry
with
potato
I/o
tagging
them
instead
of
the
GCR
IO
tag
like
in
their
image
config.
E
B
Yeah
I'm
not
super
interested
in
it
today,
because
I
think
the
vanity
redirect
URLs
are
going
to
be
handled
by
the
build
pack
registry
itself.
We're
gonna
eventually
have
a
registry.
Build
pack
saw
IO,
slash,
potato,
build
packs,
slash,
Java,
right
and
I.
Think
that's
gonna,
be
the
centralized
good-looking
URL
that
everybody's
going
to
use
and
like
where
we're
gonna
stop
talking
about
the
GC
arnis
of
it
pretty
quickly.
B
F
B
The
specification
PR
is
now
open
in
those
two
repos,
but
fundamentally
they're
going
to
do
a
rest.
Like
sorry,
the
rest
of
rust,
like
registry,
which
is
basically
a
git
repo
with
a
bunch
of
files
that
are
indirect
pointers
and
so
you'll
reference
registry,
build
packs
that
IO
namespace
name
so
basically
the
the
two
parts
of
the
ID
of
a
build
pack,
and
then
that
will
resolve
locally
for
you
to
a
pointer
to
an
image
registry
somewhere
in
the
universe.
And
so
yes,
the
download
will
happen
from
GCR.
B
B
B
Certainly
the
Java
stuff
may,
after
the
Heroku
people,
finished
testing
it
and
make
it
slightly
works,
but
as
the
job
of
stuff
what's
gonna,
be
on
it
instantly
to
start
paving
that
way
getting
away
from
us
ever
downloading
Torvalds
hiding
the
fact
that
we've
chosen
GTR
is
our
download
site.
All
of
that
stuff,
I
think,
is
a
good
long-term.
F
This
was
me
as
well
I
think,
with
the
a
lot
of
the
stuff,
the
what
we
call
them
feature
engineering
team
is
doing
to
like
publish
implementation,
build
packs
and
meta
build
packs.
They
now
have
like
a
standardized
release.
Note
format
around
like
where
we're
listing
the
full
list
of
dependencies
in
your
build
pack.
Tamil
dependency
depredation
dates
to
false
things
like
that.
So
I
wanted
to
see
if
we
could
like
standardize
on
some
of
that
across
some
of
the
Java
team
maintained
repos
as
well.
F
Like
a
standardized
on
everything,
this
would
help
us
quite
a
bit
when
we
do
have
eventually
meta
C&D
release,
notes
which
I'd
imagine
just
being
like
a
rolled
up
level
of
all
of
the
different
implementations
yeah.
What's
the
what
is
an
example,
I'm
working
on
right
now,
that's
a
good
question.
I
can
share
my
screen
right
now.
We
could
find
one
I
think,
maybe
telnet
core
awesome.
F
B
B
C
B
F
Assume
that's
what
we
would
do
like
this
is
again
just
stuff
that
I
was
just
thinking
about
last
week
with
a
lot
of
thee.
So
we
have
the
implementation,
C
and
B
release
notes.
Language,
family
level.
Stuff
would
come
next,
so
I'd
assume
that
all
of
our
teams
maintain
stuff
we'd
be
able
to
do
this.
But
if
you
could
like
have
a
very
similar
output
or
like
reused,
tooling,
that's
existing
there's.
B
B
So
very
similar
isn't
good
enough
for
me.
I
want
to
it
matches
exactly
so
I'm
trying
to
trying
to
get
an
idea
of
what
actually
was
important
in
that.
So,
if
you
can
have
somebody
on
the
team
reach
out
to
me,
so
I
can
understand
exactly
what
the
magic
words
are
and
or
if
ordering
matters
things
like
that.
What
the
table
structure
is
exactly
supposed
to
look
like
make
sure
that
we
start
doing
that
cool.
C
C
And
we
decided
that
the
best
I
guess
middle
step
until
we
figured
out
either
a
permanent
solution
or
decided
that
our
middle
step
was.
The
permanent
solution
was
to
put
in
RFC's
folder
inside
of
our
meta
buildtak
language,
and
we
make
any
large
proposals
for
the
language
family
in
particular
the
one
that
we
were
just
inspired.
This
was
we
want
to.
C
We
went
to
reconfigure
the
structure
of
the
go,
build
pack
and
build
out
new,
build
packs
and
simplify
other
ones
that
we
already
have
that
exist.
So
if
you
are
deeply
invested
in
the
go,
build
pack
language
ecosystem-
and
you
have
lots
of
opinions
about
it
by
all
means
you
can
go
there,
put
an
RFC's
read
the
RFC's
we
have
and
demon.
We
disagree
with
them
because
they
haven't
been
implemented.
E
Think
it
makes
sense
that
you
wouldn't
want
to
open
a
proposal
about
a
big
change
in
the
go
bill
pic
to
the
general
project
by
Darcy's
repo
I.
Imagine
Ben
will
be
similar
things
for
Java,
where
someone
wants
to
propose
a
big
structural
change,
but
you
don't
want
to
like
you're,
not
itching
to
present
it
to
all
the
other
language,
maintainer
x'
I
think
the
structure
makes
a
lot
of
sense
to
reduce
duplication.
I
proposed
it
seems
like
a
reasonable
place
to
put
it
as
long
as
you're.
E
C
C
C
Could
have
a
process
where
we
could
approve
these
changes
without
going
into
an
issue
and,
basically
writing.
This
is
an
issue
that
be
you
know
approved.
We
also
thought
that
it
was
a
better
paper
trail,
so
you
could
go
into
these
RFC.
Is
things
and
read?
Our
engineering
decision
tree
basically
was.
E
A
very
practical
thing
about
issues
we
used
to
have
like
you
could
do
an
issue
instead
of
a
PR
for
RFC's
in
the
CNB
project
very
early
on
years
ago,
and
you
can't
comment
on
lines
and
issues,
and
so
it
makes
it
really
hard
to
have
a
whole
bunch
of
people
review
something
and
say
what
about
this
part.
This
doesn't
seem
right
or
whatever.
If
all
the
conversation
is
a
linear
thread
and
lots
of
people
trying
to
quote
different
sections
of
it,
it
becomes
kind
of
intractable,
fray
piercing.