►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello,
everybody
and
welcome
to
another,
I
was
gonna,
say,
see,
windows
media,
but
this
is
the
hardware
community
meeting.
So
this
is
so
awesome
like
when
you
come
from
back
to
box.
So
as
always,
it's
a
recorded
meeting.
So
please
adhere
to
the
cncf
code
of
conduct
all
right.
A
couple
of
big
news:
you've
all
seen
the
announcements
harbor
has
graduated
in
cncf
we
have
the
official
announcement
coming
up.
A
That
was
provided
as
a
press
release
by
the
cloud
native
foundation.
You
know
this
is
you
know
huge
huge
for
harbor
there's
a
link
here
on
the
community
meeting
notes,
in
addition
to
that,
if
you
go
to
cncf
landscape
now
we
are
the
11th
project.
So
this
is
you
know
I
always
love
actually
seeing
this
every
now
and
then
I
come
over
here
and
I
click
on
project
and
I
click
on
graduate.
A
I
say
you
know
what
this
is
awesome
right
here
at
the
end
and
more
importantly,
I
have
another
project
coming
up
here
and
incubating
so
me
and
jonas
get
double
fist
pumps
we'll
talk
about
that
in
another
time,
all
right,
so
you
know
this
is
good
for
us.
It's
gonna
only
accelerate
our
community.
Our
engagement,
it's
going
to
make
it
easier
for
us
to
to
basically
portray
hardboard
as
a
stable,
reliable,
open
source
project.
That's
fully
vetted
by
cncf.
It
has
a
stamp
of
approval.
A
It's
graduated
go
ahead
and
put
it
in
production
with
complete
confidence,
and
if
you
want
a
support
agreement,
there
are
certain
commercial
entities
are
providing
that
all
right.
In
the
community
meeting
today,
we
talked
a
little
bit
about
the
systick
image
scanner.
The
demo
gods
were
not
super
friendly.
So
that's
why
I'm
not
going
to
show
it
right
now,
but
essentially
we
have
a
link
here
and
nestor
did
a
great
job
talking
about
that.
But
this
is
the
scanner
basically
works
very
similarly
to
how
the
aqua,
encore
and
dusek
scanner
work.
A
So
it
gives
you
the
ability
to
leverage
this
dig
and
their
full
blown
security
solution
to
be
able
to
assess
the
security
posture
of
your
images
and
define
if
they're,
free
from
vulnerabilities
so
super
great.
They
basically
get
plugged
in
as
a
plugable
scanner
in
harbor
you
can
select
them,
you
can
even
make
them
the
default
for
any
specific
projects
and,
as
your
schedule
dictates
or
as
your
policy
dictates,
systick
scanner
will
be
called.
A
It
will
basically
run
through
the
motions
of
cracking
open
the
image,
doing
the
static
analysis
and
providing
the
vulnerability
feedback
to
hardware.
So
hardball
can
actuate
on
that
and
and
basically
dictate
the
end
user
policy
like,
for
example,
you
say
I
don't
want
to
pull
an
image
that
has
a
high
level
secure
vulnerability.
It
will
not
because
of
data
you
get
from
systick
and
that
you
know
super
great.
We
love
working
with
more
and
more
vendors
and
we
want
to
make
sure
that
every
security
vendor
in
the
cloud
native
space
has
an
adapter
for
hardware.
A
As
a
result
of
that,
if
you
wanted
to
gc,
you
had
basically
put
your
repository
and
suspend
a
lot
of
operations
like
pushing
of
images
that
really
pose
down
time
to
a
lot
of
our
users,
which
is
unacceptable
for
large
environments
or
environments
with
heavy
usage.
So
instead
we
do
the
2.0
we
actually
piecemeal.
This
we
did
in
two
steps
step.
One
was
no
longer
rely
on
docker
to
track
all
the
layers
and
dependencies.
We
can
do
that
in
the
hardware
database
now
so
now
the
hardware
database
becomes
a
source
of
truth
for
your
images.
A
Another
effect
of
that
was
that
now
we
can
actually
show
you
untagged
images.
So,
for
example,
I'm
going
to
pick
someone's
thing
right
now,
so
I
can
go
into
someone's
repository
and
I
can
see
here.
We
have
an
image
that
was
tagged
as
latest,
but
we
can
remove
the
tag
or
add
the
tag
and
that
will
not
remove
the
image
from
hardware.
A
That
image
remains
in
harbor,
because
we've
tracked
all
the
dependencies
and
all
of
the
state
here,
and
we
know
that
you
have
an
artifact
that
you
push
into
hardware,
whether
you
tagged
it
or
not,
is
irrelevant
that
artifact
belongs
in
harbor,
so
that
was
step.
One
use
the
database
to
track
all
of
those
things
step.
Two
was:
let's
go
to
garbage
collection
now
and
with
2.1
that
will
ship
end
of
august.
A
We
will
enable
you
to
run
gc
without
any
downtime,
because
now
harbor
has
accurate
blueprint
of
all
your
images
and
their
dependencies
who
can
just
delete
anything.
That's
no
reference
and,
more
importantly,
if
you
want
a
similar
experience
to
previous
releases
of
hardware,
you
can
say
if
you
have
an
artifact,
that's
untagged
go
ahead
and
garbage
collected
it's
a
choice.
A
A
And
the
last
thing
is,
and
if
you
go
to
youtube
and
view
the
community
meeting
from
today
alvaro
showed
the
demo
idc
to
do
automatic
onboarding
so
and
the
way
I'm
going
to
show
you
guys
here
is
because
I
don't
have
alvaro's
environment.
This
is
also
work
in
progress.
I'm
going
to
actually
go
to
the
documentation,
so
I'm
going
to
go
to
our
docs,
I'm
going
to
search
for
idc,
showcasing
our
super
powerful
documentations
here
and
if
you
were
to
define
ydc.
A
One
of
the
things
that
you
see
here
is
our
configuration
for
idc.
You
see
auth
mode
who's,
the
provider,
your
endpoints,
the
client
id
secret
name
and
scope.
All
of
those
things
are
great.
A
A
It
will
pick
that
email
address
and
it
will
give
you
by
default.
That's
a
username
and
hardware.
You
can
choose
to
change
it,
but
by
default
it
will
show
up
there
that
way.
That
user
knows
hey
I've
logged
into
hardboard,
it
was
my
identity
was
federated,
came
from
github
or
ldap
or
or
or
active
directory,
and
now
it's
gonna
basically
tell
me
that
hey,
we
advise
you
to
use
your
username
as
being
the
email
address
that
you
had
in
ydc.
A
The
second
knob
that
is
provided
to
administrators
is
not
only
to
put
the
email
address
as
the
automatic
onboarding
alias
for
username
and
hardware,
but
also
enforce
it
as
internal
allow,
the
user
to
change
it.
So
at
that
point
it
becomes
an
automatic
onboarding
and
whatever
identity
or
whatever
field
you
put
push
from
ydc,
will
also
become
the
hardware
identity.
A
So
that
work
is
ongoing
should
make
it
in
2.1.
The
pr
is
already
out,
that's
it.
Those
are.
The
new
enhancements
are
happening
in
hardware.
New
work,
that's
going
on
the
team
is
really
heads
down
on
basically
enabling
everything
else
like
p2p
and
operator
and
getting
proxy
caching
capabilities
ready.
So
we
have
a
lot
of
updates
this
week,
but
you
know
what
three
demos
here
that
that
kind
of
move,
the
needle
in
a
variety
of
areas,
tiannon
any
questions,
concerns
anything.
We
can
help
you
with.
B
No,
this
is
all
pretty
cool.
I
had
a
question
around
multiple
scanners
is
that
is
that
something
that's
supported
today.
I
remember
you
talked
about
it
at
kubecon,
but
I
can't
can't
remember
if
it's
currently
supported
or
if
that's
still
a
a
future
road
map
item.
A
So
community
supported
yes,
so
you
can
have
multiple
scanners,
so
I
can
go
here
to
yeah.
This
is
a
big
selling
point
for
harvard.
So
if
you
go
here
to
our
wiki
and
open
up
the
architecture
page
for
harbor,
one
of
the
things
you
notice
is
that
you
know
this
is
a
huge
huge
part
of
our
architecture.
A
Is
the
fact
that
you
have
multiple
scan
providers
so
so
we
started
down
this
this
journey
back
I
mean
I
talked
about
this
concept
of
an
interrogation
service,
probably
january
of
2019,
and
we
kicked
off
the
work
by
agua,
taking
that
kind
of
the
lead
on
that
after
cubicon
eu
in
may
june
of
2019
and
then
in
version
1.10,
which
shipped
in
december
of
2019
will
release
full-blown
support
for
anyone
to
bring
their
own
scanner
into
harbor,
provided
they
had
a
provider
for
it.
B
A
So
nothing
nothing
prevents
us
from
enabling
that,
beyond
like
really
testing
through
this
and
figuring
out,
if
there's
any
edge
cases
we
just
haven't
had
the
the
time
we
haven't
prioritized
that
just
because
it
hasn't
been
asked
enough
compared
to
some
of
the
other
things
we've
been
hearing,
so
we
just
haven't
prioritized.
I
think
you
know
down
the
line.
A
I
think
this
is
definitely
possible
that
we're
gonna
allow
you
to
do
that
today,
since
all
of
our
scanners
are
singular
in
focus,
they're
all
static
analysis
scanners,
it
doesn't
make
a
lot
of
sense
to
it,
but
as
customers
come
and
create
another
scanner,
that's
basically
license
checking
or
library,
cmdb,
updater
or
basically
doing
something
with
service
management
or
something
else.
Then
then,
the
scanners
now
will
have
a
wide
variety
of
distribution.
They're,
not
just
static
analysis.
B
A
I'm
thinking
that's
not
likely
not
going
to
happen
in
2020
being
honest
here,
maybe
2021,
but
in
2020,
because
we
have
a
full-blown
schedule
now
for
2.1
and
2.2,
like
2.1,
we're
concentrating
on
edge
and
this
image,
distribution
and
all
of
those
capabilities
and
to
the
two
we're
actually
going
to
revamp
this
layer.
Identity
providers,
authentication
authorization,
we're
going
to
change
a
lot
of
these
things,
and
you
know
one
like
we
haven't
finalized
the
proposal
yet.
A
But
if
you
see
today,
when
you
go
to
a
project,
one
of
the
things
that
you
see
here
is
membership
right
all
of
them.
I
calls
and
are
back
for
a
project
it's
tied
to
a
project.
That's
not
really
right
with
them.
It
also
means
your
robot
accounts
are
tied
to
a
project.
We
want
to
abstract
all
of
that
and
create
a
logical
abstraction
around
an
identity
and
access
management
and
then
be
able
to
accord
that
into
a
project.
A
So,
for
example,
you
can
create
a
virtual
group
that
includes
tianon
me
and
kenny
and
say
you
guys
are
project
admins
and
your
project
admins
across
these
five
projects
and
boom
immediately
you
have
access
to
all
projects.
That
way
you
don't
have
to
go
to
an
individual
project
and
define
what
your
access
permissions
are.
You
can
do
it
at
a
higher
level
same.
A
A
The
other
thing
is
today
or
as
part
of
that
work
today,
a
lot
of
our
membership
has
static
permissions
project
admin,
master,
developer,
guest,
limited
guest.
This
is
great
right,
but
it's
not
flexible.
If
someone
wanted
to
use
opa
to
define
what
the
raw
memberships
look
like
and
permissions,
you
can't
do
that
today.
So
today
you
go
over
here.
You
type
user
permissions,
for
example,
and
it
gives
you
a
nice
view
of
what
your
user
permissions
are.
A
You
know
why
not
do
them
all
for
2.2,
but
we're
going
to
figure
out
what
are
the
highest
value
things
number
one
priority
is
abstract
the
user
management
from
the
projects
and
be
able
to
do
a
you
know,
tied
in
and
do
like
almost
a
foreign
key
constraint
in
the
database
world
like
be
able
to
associate
them
with
the
project,
but
have
them
independently
managed
and
then
the
second
thing
is
figure
out.
How
do
we
define
what
this
static
user
permissions
look
like,
and
can
you
do
something
better.
A
Yeah
and
one
of
the
things
we
did-
and
you
know-
maybe
I
should
add
it
to
the
I'm
gonna-
go
back
and
share
my
screen
again.
I
don't
know
why
we
didn't
add
it
in
the
community
meeting,
but
we
maybe
we'll
do
it
on
I'll.
Add
the
node
here.
So
can
I
do
next
time,
so
next
one
will
be
on
the
15th.
A
Is
we
have
a
roadmap?
So
I'm
going
to
talk
about
it
now
again,
but
you
know,
but
you
know
we'll
definitely
chat
about
that
next
time
as
well.
So
if
I
come
over
here
and
go
to
our
community
meeting,
sorry,
our
our
harbor
reaper,
not
it's
not
in
the
community
report.
One
of
the
things
we
have
here
is
roadmap.md.
A
The
rumble
has
a
lot
of
things
that
haven't
changed.
You
have
a
project
board.
You
know
here's
how
you
actually
can
file
new
issues
in
the
roadmap
using
a
project
proposal.
A
All
those
things
all
those
things
are
are
laid
out
here
and
you
can
read
about
it,
but
we
added
we
updated
this
in
maybe
about
a
week
and
a
half
ago
to
talk
about
the
high
level
themes
of
where
we're
going
as
a
project
right
security
analysis
system
is
here:
image,
distribution,
the
things
we're
working
on
right
now:
performance,
reliability
with
non-blocking,
gc
and
then
again
more
image,
distribution
things.
And
then
we
talk
about.
A
You
know
what
we're
gonna
do
about
day,
one
and
day
two
operations
to
make
it
better
using
our
operator
ponder
and
then
we're
gonna
make
some
changes
around
oci,
artifacts
and
being
able
to
enable
oc
artifacts
to
also
bring
their
own
metadata
and
then
service
accounts
and
our
back
and
differentiated
access
permissions.
A
That's
the
things
I
talked
about
right
now,
so
that
basically
takes
us
all
the
way
to
the
end
of
the
year
and
then,
after
that,
we
start
talking
about
you,
know
better
observability
or
improving,
that
and
backup
and
restore
and
ipv6
and
more
things.
So
you're
going
to
see
this
list
getting
more
and
more
populated,
as
you
have
more
things
that
are
coming
up
in
harbor
and
I'll
I'll
cover
some
of
those
next
week.
As.