►
From YouTube: CNCF Harbor's Community Zoom Meeting - 17 Nov, 2021
Description
CNCF Harbor's Community Zoom Meeting
A
This
is
official
cncf
meeting.
So
please
follow
the
code
of
conduct
and
behave
all
right
with
that
said.
Anyone
with
urgent
topics
or
we
can
go
through
the
agenda.
A
The
agenda
today,
my
my
stuff,
are
missing,
but
we
have
guests,
I
suppose,
from
arcsec
that
want
to
demonstrate
something
for
security
scanner
adapter
for
for
the
registry.
C
A
Hi,
hey
welcome,
so
okay,
then
I'll
stop
sharing.
Maybe
you
have
to
share
something
and
then
show
us
some
demo
or
yeah.
D
D
D
We
also
have
the
cloud
native
network
protection,
as
well
as
the
cloud
native
application
protections,
and
on
top
of
that,
we
also
extend
the
cloud
workload
protection
to
the
mobile
service
edge.
This
is
due
to
the
popularity
and
the
fast
adoption
of
5g
in
china
and
in
addition
to
that,
the
supply
chain
security
is
part
of
our
product
portfolios,
and
that
is
the
reason
why
we
added
the
scan
adapter
support
for
hardware
registry
and
by
the
way
we
got
android
financing
support.
So
we
are
expanding
our
business
across
china,
regions.
D
D
Actually,
we
will
receive
the
api
call
from
harbor
and
do
the
proper
translation
and
make
the
proper
api
call
to
the
backend
scanner
engines
and
set
up
the
credential
and
so
on
and
so
forth,
and
then,
finally,
we
instruct
the
scanner
engine
to
pull
images
from
harbor
and
do
the
analysis
and
got
the
results
and
return.
The
reports
back
to
the
hardware
registry
does
the
scan
engine
support
the
vulnerability
scan
for
both
the
os
packages
and
the
application
packages.
D
D
These
are
bunch
of
the
environmental
available
for
you
to
set
up
the
the
scan
adapter
and
finally,
we
do
the
hem
install
to
finish
the
setup,
and
basically
this
is
the
the
github
link
is
with
the
manual.
But
for
now
the
menu
is
written
in
chinese,
but
we
will
translate
it
into
english
as
soon
as
we
ga
the
version.
E
D
Okay,
thank
you
for
the
correction,
yeah,
okay,
this
is
the
second
part
again.
I
guess
so
yeah
we'll
take
over
from
here
right.
So
you
will
elaborate
the
features
and
maybe
we'll
walk
you
through
the
demo.
E
Yes,
we
have,
can
you
play
the
video
harry?
I
send
you
so
that
we
checked
yeah.
E
We
currently
are
a
commercial
products,
but
we
are
going
through
like
the
open
source
procedures.
We
were
starting,
publish
some
like
open
source
projects.
We
are
currently
working
on
that,
including
some
network
monitoring
projects
and
all
these
all
these,
like
projects
that
we
publish
on
our
github
page,
we'll
be
using
the
apache
open
source
license
yeah.
D
Can
I
play
the
video
yeah.
E
This
is
just
a
standard
way
that
how
we
add
on
our
adapters
onto
the
current
hardware
registry.
Basically,
you
need
to
have
a
name
and
put
on
address
that
can
directly
connect
to
our
image
scanner
servers.
So
this
deployment
is
in
our
local
servers.
So
that's
why
we
only
have
a
ip
address
set
up
over
here
and
yes,
it's
a
and
then
you
you
click
and
add
into
the
your
scanner
pages.
E
And
after
that
you
will
just
go
through
the
scan
standard,
the
like
procedure
of
a
scanning
image
through
the
hardware
dashboards
and
after
a
while,
you
will
probably
get
the
result.
E
Yeah,
you
can
see
that
we
have
gathered
the
result
of
each
in
the
the
page.
The
image
was
scanned
and
multiple
vulnerabilities
has
been
listed
over
there.
E
Okay,
yeah,
that's
a
just
a
quick
demo
say
how
we
get
this
adapter
work
and
how
we
integrate
with
the
current
hardware
registry.
So
harry.
Probably,
let's
go
back
to
the
powerpoint
and
I
can
introduce
some
like
some
features
that,
in
the
back
in
the
in
the
back
like
how
we
actually
support
our
image
scanner
and
how
we
different
differentiate
ourselves
from
the
current
mainstream
scanner.
D
E
Yeah,
you
probably
just
four
four
make
it
full
view.
Yeah.
E
Yeah
and
yeah
next
page,
so
the
the
current
we
we
consider
about
the
image
scanner
is
how
we
get
the
vulnerabilities
and
then
the
key
parts
is
actually
how
we
make
the
scores
for
each
individual
vulnerabilities.
So
the
current
like
mainstream
for
the
when
the
for
the
vulnerability
is
the
cbss
scores.
So
the
phone
name
is
like
a
common
vulnerability
scrolling
system
and
they
currently
have
two
versions,
like
version
2.0
and
version
3.0.
E
They
have
a
little
bit
the
difference
about
the
different
severities
of
vulnerabilities,
and
if-
and
you
can
refer
at
the
like
the
the
right
right
corners,
you
can
see
how
they
define
different
similarities
of
their
vulnerabilities.
But
when
we
consider
at
a
container
image
scanning,
a
lot
of
image
is
using
compressed
waves.
So
we
need
to
extract
this
package
in
and
extract
the
package
installation
list
from
the
container
arctic
files,
and
then
we
use
the
software
name
and
with
the
version
to
get
what
kind
of
vulnerabilities
that
exist
in
the
container
image.
E
That's
this
basic
mechanisms
that
how
we
get
the
vulnerabilities
of
image,
even
how
how
we
get
to
the
video
of
image
you
have
here.
Next
page,
so
the
problems
here
is
when
we
put
this
kind
of
scanners.
In
practice,
we
encounter
like
too
many
vulnerabilities
that
we
can
find
for
each
individual
image.
So
we
we
talked
to
a
lot
of
customers
both
in
china
and
americans.
They
all
complained
said
like.
E
If
we
install
like
open
source
vulnerability
scanners,
we
get
so
many
vulnerabilities,
and
that
makes
our
lives
horrible,
because
there's
no
way
that
we
can
actually
can
fix
this
kind
of
vulnerabilities.
So
so
the
reason
why
there
are
too
many
visibilities
we
we
summarize
is
that
the
four
points.
The
first
is
that
we
find
a
lot
of
base
image
into
in
introduce
a
lot
of
vulnerabilities
and
a
good
way
that
you
change
your
base.
E
Image
can
solve
a
lot
of
problems
about
these
vulnerabilities
and
also
we
find
that
most
of
the
detected
availability
is
not
relating
to
the
running
software.
Basically,
it's
some
software
already
in
the
base
image
or
maybe
install
it
through
other
ways
that
actually
not
not
directly
relating
to
the
running
softwares.
We
don't
want
this
kind
of
an
ability
to
display
to
the
customers,
because
they
think
this
kind
of
vulnerability
may
may
not
be
very
useful
to
them,
and
the
next
is
when
they
build
his
score.
E
It's
actually
another
reflecting
to
specific
network
the
native
environments,
which
basically
means
that
a
lot
of
vulnerabilities,
even
though
it's
for
example,
it's
like
a
very
high
risk
when
the
bit
hits,
but
it
cannot
be
directly
export,
for
example
like
if
some
port
never
connected
to
the
network.
E
It's
just
isolated
running
and
you
probably
don't
need
to
worry
so
much
about
responsibilities,
because
the
hackers
or
maybe
hackers
have
no
ways
actually
directly
exploiting
those
vulnerabilities
and
the
last
one
is,
we
think,
actually
lack
of
a
state-of-the-art
standard
to
define
what
the
vulnerabilities
is
actually
meaningful
for
the
customer.
So
so
that's
why
we
think
we
want
to
find
a
better
solution
to
define
the
vulnerability
score
and
actually
make
our
scanning
result
a
little
bit
different
for
others.
So
yeah
next
page,
please.
E
E
So
the
second
key
inside
this
thing,
like
some
base
image,
we
should
put
a
lot
of
efforts
to
keep
monetary
them.
So
so
that's
why
we
can
give
a
customer
another
kind
of
alert,
saying
like
your
a
base,
image
that
you're
currently
using
may
expose
some
like
reasons
vulnerabilities,
and
you
need
to
take
care
about
that
this.
The
third
key
insight
is,
we
want
to
take.
Consider
the
the
cloud
native
environment
is
actually
running
and
make
that
actually
be
meaningful.
E
E
The
first
is:
we
have
a
led
monitor
that
this
monitor
is
not
only
monitoring
the
led,
but
also
monitoring,
most
like
a
mainstream
like
vulnerability
bulletins
to
get
the
most
together
information
about
the
most
recent
vulnerabilities
and
then
using
these
vulnerabilities
to
compare
with
the
docker
image
a
docker-based
image
that
we
use.
You
know
in
the
customer's
environments,
and
then
we
can
tell
the
customers
like
what
is
the
like.
What's
their
vulnerability,
you
need
to
take
care
of.
E
Maybe
you
need
to
upgrade
your
current
base
image
to
fix
some
visibilities,
the
second,
the
second
type
of
monitor.
We
call
the
system
library
monitor,
so
how
we
achieve
that
we're
using
three
kind
of
techniques
to
to
detect
like
whether
there
are
some
new
libraries
or
new
packages
has
been
loaded
into
the
system.
So
our
I
will
explain
more
details
in
the
following
pages
about
how
we
actually
capture
the
the
loading
and
unloading
of
the
system.
Libraries.
E
E
You
are
currently
running
so
this
kind
of
environment
will
monitor
these
kind
of
things
and
writes
the
severities
about
the
certain
vulnerabilities
based
on
the
usage
about
about
your
vulnerable
images
and
also,
we
also
monitor
the
image
and
the
usage
of
this
image
to
see
whether
they
will
be
different
to
adjusting
the
data
scoring
and
that
that's
all
this
kind
of
monitoring
system
to
help
you
to
decide
the
the
adaptive
score.
And
then
this
kind
of
identity
score
will
directly
publish
into
our
dashboards.
E
And
then
the
hardware
can
directly
call
call
our
adapter
to
retrieve
the
most
relevant
scores
that
we
provide
to
adjust
to
to
sorry
to
state
the
severity
of
the
the
vulnerabilities.
So
in
in
our
proposal,
we
hope
that
we
can
give
customers
like
accept
the
cv
access
scores.
We
can
give
them
another
kind
of
called
adaptive
score
to
help
them
to
better
understand
the
the
severity
of
the
reliability.
The
risk
of
this
image.
We
are
using
yeah.
E
So
this
is
our
scoring
framework
yeah
next
page,
so
we
have
some
details
put
it
here.
I
don't
want
to
because
of
time
limits.
We
don't
like
explain
every
details
about
that,
so
I
just
want
to
say
we
have
multiple
monitoring.
So,
for
example,
we
will
predict
periodically
to
monitor
other
availability
trends
through
different
kinds
of
vulnerability
feeds
and
get
the
most
up-to-date
information
about
the
abilities
and
also
we
were
periodically
to
monitor
the
basic
base
image.
E
So
when
the
base
image
has
been
involving
any
kind
of
new
abilities,
we
were
right
search
to
help
the
to
get
help
the
customer
together,
alert
and
experience,
please
so
for
the
library,
loading
and
unloading
we're
currently
using
two
ways
to
to
detect
this
kind
of
thing.
The
first
is
a
static
library
monitoring,
so
basically,
from
the
container
image,
we
will
find
the
other
files
that
have
been
have
been
loaded
into
the
image,
and
then
we
were
using
ldd
tools
to
get
their
dependency
to
to
verify.
E
Actually,
this
kind
of
software
that
the
customer
is
building
that
has
some
specific
dependency
on
the
libraries,
and
this
is
static
way
that
we
determine
whether
some
some
binary
has
using
some
dependency
dependency,
library
and
package.
Also,
we
we
have
another
system
called
hooking
ways,
because
our
our
product
actually
using
system
hooking
to
fi,
to
capture
all
the
system-
cars
that
have
been
running
in
the
customer
environments,
so
we
will
hope,
like
open,
close
idea,
open
this
kind
of
system
and
the
library
course
whenever
they
have
been
called.
E
We
consider
that
this
software
actually
loading
some
specific
library
and
package
so
through
that
we
can
also
tell
the
customer
that
the
certain
library
and
the
package,
a
certain
vulnerable
library
or
package,
has
been
loading
so
help
them
to
make
a
better
better
understanding
about
their
risk.
Yep.
E
Next,
please
so
for
the
environment
of
that
factors
we
want
to
tell
the
customers
like
this
image
has
been
used
in
your
environment
may
be
easier
to
be
exploited.
So,
for
example,
like
we
were,
whenever
some
vulnerable
package
vulnerable
image
has
been
using
in
some
container,
has
some
network
exposures.
For
example,
it
has
been
using
behind
ingress
controllers
that
provide
like
a
service
to
the
to
the
outside
world.
E
We
will
raise
the
availability
scores
for
certain
vulnerabilities
and
when
some
like
container
have
the
system
privilege,
we
will
authorize
the
the
score
for
them
and
also
some
network.
Some,
like
port
or
containers,
has
network
capabilities.
For
example,
network
admins
will
authorize
the
severity
scores
and
also
we
will
count
the
number
of
usage
in
the
general
environments
and
also
the
number
of
usage
in
the
production
environment.
All
these
kind
of
numbers
will
help
us
to
adjust
the
adaptive
scores
for
our
when
they
build
his
scoring
system.
E
So
that's
a
brief
introduction
about
how
we
actually
produce
this
kind
of
adaptive
scores
and
we
think
that
can
help
help
customers
to
actually
determine
the
risk
about
each
individual
vulnerabilities,
and
we
have
some
customers
actually
started
study
using
that
and
hopefully
hopefully
we
we
will
hopefully
want
to
contribute
these
parts
of
the
scoring
system
as
open
source
projects
in
the
near
futures
and
making
this
publicly
available.
That
will
probably
help
a
customer
to
better
understand
their
risk
in
their
customized
environments.
That's
all
the
sharing
I
want
to
have.
H
Yeah
I
have,
I
have
a
question.
Thank
you
for
the
presentation,
so
you
you
said
that
you
know
you
know
just
doing
the
vulnerability
scanner,
but
you
also
gather
the
metrics
from
from
the
running
systems
and
also
if,
if
this
loading
is
there
a
way
how
you
fit
this
information
back
into
the
harbor
or
is
the
harbor
adapter
just
doing
the
vulnerabilities
scanning
and
how?
How
do
you
adjust
the
score
of
a
previously
scanned
image,
so
is?
Is
it
synchronized
or
is
it
static.
E
Yeah,
currently
it's
like
we
build
a
server
that
actually,
when
they're,
like
the
buildup
server
and
behind
the
servers,
we
have
a
database
to
record
the
the
this
kind
of
score
and
also
record
the
change
of
this
kind
of
scores
based
on
the
customer's
usage
about
each
individual
of
each
individual
container
image.
So
so
currently,
I
think
the
hardware
don't
support
like
periodically
synchronizing
mechanisms
to
sync
these
kind
of
adaptive
scores.
E
So
so
that's
why
we
want
to
propose
this
is
like
if,
when
we
provide
this
product
to
the
customer,
we
have
our
own
dashboards
and
the
customer
can
easily
to
get
this
trends
about.
The
score
also
gather
the
most
up-to-date
adaptive
scores
from
our
dashboard,
but
we
hope,
like
in
the
future,
maybe
harvard
can
support
this
kind
of
periodically
synchronizing
mechanisms.
E
H
But
can
you
not
calculate
the
score
dynamically
based
on
the
data
that
you
already
have,
because
you
know
when
you
get
when
you
get
the
image
already
from
when,
when
you
get
the
order
from
from
harbor
to
scan
this
image?
You
know
where
this
comes
from
so
which
is
the
source
and
what's
the
image
name,
and
then
you
can
based
on
the
same
image
which
is
running
in
maybe
in
on
an
environment.
H
You
already
have
the
data
about
the
the
the
live
data
and
you
could
already
re
kind
of
get
give
another
score
yeah
and
you
don't
have
to
adapt
harbor.
For
that
you
know,
so
you
can.
E
B
E
Right
right,
yes,
we
currently
it's
a
deploying-
is
in
the
way
that
you
just
described
so
every
time
when
you're,
using
our
scanner
to
scan
the
same
image,
you
will
maybe
get
different
scores,
because
we
are
calculating
based
on
the
accumulated
data
that
we
get
from
the
cust
from
the
environments.
Yes,.
E
H
Okay
and
you're
accessing
the
same
databases,
or
same
cvs
for
for
for
images
that,
for
example
like
like
trividas
or
claire.
So
you.
E
Yes,
we
actually
because
we
have
some
customers
in
china,
so
we
not
only
supported
the
the
meds
and
and
the
the
reliability
database
that,
like
the
3v,
supports
we,
but
also
we
support
some
chinese
availability
database,
which
is
called
cnvd.
So
we
also
support
that
yeah.
E
E
Yes,
so
just
as
a
previous
I
just
described,
we
hope,
like
a
harbor
may
gather,
may
have
like
a
periodically
refreshed
mechanism
so
like
to
periodically
refresh
the
score
or
also
the
information
about
availabilities
so
because
most
of
the
valuability
have
like
it's
changing,
even
though,
without
our,
like
this
kind
of
adaptive,
score
a
lot
of
vulnerability,
changing
its
scores
in
the
long
term.
So
that's
why
we
hope
harvard
also
have
some
mechanics
and
actually
can
support
this
kind
of
adaptive
like
apis.
H
But
you
can
already
do
periodic
scanning.
E
Yes,
yeah,
I
mean
like
like
in
the
dashboards
we
hope
like.
We
don't
need
to
do
the
scanning.
We
just
need
to
refresh
the
score
yeah.
Oh
okay,.
E
A
I'll
try
to
rephrase
my
question
to
get
that
officially
supported
by
harvard.
Do
you
expect
any
effort
from
the
people
in
on
this
call
to
get
involved
with
your
doctor?
Somehow.
E
A
E
Yeah,
I
I
hope,
like
we
can
have
some,
maybe
maybe
we
were
starting
an
open
source
part
of
our
algorithm,
and
maybe
maybe
the
community
can
refer
our
open
source
project
to
see
how
that
part
can
possibly,
I
will
not
say
integrate,
but
how
we
actually
changing
the
interactions
between
the
scanners
and
the
hardware.
So,
for
example,
the
scoring
display
may
have
could
be
a
independent
component
that
actually
can
support
like
a
periodically
refreshing.
A
E
I
A
Okay,
anyone
else
nope,
you're
gonna,
put
proposal
into
the
community
repository
right,
so
we
can
sure
we
can
vote
on
this
one
all
right.
Yes,
yeah.
E
C
Is
there
there's
a
question
in
the
chat
box
about
the
the
license
that
you're
using?
Are
you
confirmed
with
the
hardware's
license
for
your
adapter.
E
A
Yeah
thanks,
I'm
gonna
open
the,
which
I
added
few
topics.
A
Okay,
next
on
agenda,
vadim
is
officially
promoted
to
maintainer.
Congratulations.
A
All
right
next
one
we
had
a
like
what
was
that,
beginning
of
previous
month
or
end
of
previous
month,
we
had
the
demo
from
paris
the
assistant
channel,
bought
for
questions,
not
sure.
If
all
voted
on
this
one,
have
you
guys
seen
this
one?
What
do
you
think?
A
A
A
See
yeah
it's
a.
There
is
a
demo
on
that
community
meeting
on
the
10th.
G
H
Well,
it's
basically
in
summary:
it's
it's
a
q,
a
bot,
so
it
will
scrape,
I
think
it
scrapes
github
github
discussions,
github
issues
and
also
the
slack
history,
and
if
someone
asking
questions
will
propose
similar
questions
or
similar
answers
to
the
same
similar
questions,
and
it
will
also-
maybe
you
know
hint
people
who
might
be
knowledgeable
in
this
in
this
topic
you
know
so
it
will
scan
the
codes.
Can
the
issues
can
the
the
his
like
history
and
I
think
what
else
does
it
do?
I,
I
think,
also
documentation.
H
Exactly
and
even
I
think,
even
stack
overflow,
so
it
you
know
it,
it
does
scan
a
few
sources
and
then
it
will
provide.
You
hints
about
your
questions
of
you
know
from
different
channels
and
for
for
the
haber
project.
There
is
no
effort
in
integrating
or
kind
of
a
maintaining
it.
You
know
and
it's
an
optional,
it's
a
kind
of
a
opt-in.
So
this
means
like,
if
we're
not
happy,
we
can
just
disable
it.
There's.
B
H
Limits
you
know
kind
of
yeah
limited,
because
you
need
to
actively
ask
ask
the
the
the
bot
for
help
or
the
bot
it's
kind
of
integrated
in
the
way
that
you
can
say
it.
It's
active
where
the
bots
reacts
to
a
question
after
trigger
time,
or
you
can
say
you
need
to
explicitly
ask
the
bot
for
help.
Then
it
will
try
to
search
so
there
are
different
ways
how
we
could.
B
G
A
B
A
A
It's
it's
already
available
on
the
cncf
slack
space,
so
practically
they
just
have
to
plug
it
in
to
our
channel.
That's
it
not.
B
Yeah,
let's
give
it
a
try
and
cool
yeah.
A
So
please
everyone
drop
a
line
and
I'll
contact
the
the
right
person,
so
we
can
drive
this
one
and
to
get
it
into
our
channel
and
we
can
give
a
try
cool
next.
One
upcoming
conferences
I
want
to
discuss.
Qcon
china,
eu
and
fosdem
are
like
the
the
next
big
things
in
my
in
my
rather
the
china
one.
We
missed
the
time
period
to
submit
the
maintainers
track
application
I'm
currently
waiting
for
cncf
if
they
can
open
that
only
for
us,
so
we
can
get
a
slot.
A
A
So
as
a
follow-up
question,
this
one
anyone
thinking
about
submitting
talk
to
any
of
these
conferences-
and
can
I
help
somehow-
because
I'm
I'm
pretty
sure
I'll
submit
for
eu
and
for
them
for
china
is
already
over,
but
for
fosdem
and
kubcon
eu
kept
on
eu
is
currently
open
until
december
17th,
all
of
them.
A
If,
for
those
who
don't
know,
is
the
biggest
open
source
developer
conference
in
europe
happens
in
the
beginning
of
february,
first
week
weekend
of
february
in
brussels
this
year,
okay,
2021
at
2022,
will
be
virtual,
so
end
of
the
month,
they'll
announce
all
the
developer
tracks,
so
I
think
we
can
fit
in
with
something
about
harbor
on
the
container.
H
Yeah,
so
my
idea
was
to
to
to
make
some
to
you
know,
propose
a
talk
about
to
the
kubecon
eu.
I
think
for
the
first
time
we're
already
too
late.
So
the
first
time
deadline
is
15th
of
november.
H
Okay
yeah,
so
my
idea
was
to
to
maybe
do
something
regarding
harbor
on
on
cube
coney.
U
I
was
planning
to
go
there.
I
was,
I
was
living
in
valencia,
so
I
I'm
really
looking
forward
to
go
there
again
and
I
was
thinking
about
proposing,
especially
like
harbor
and
kubernetes,
how
how
they
may
work
together.
So
maybe
yeah
some
some
talk
about
this,
this
in
this
area,
so
so
mainly
like
synchronizing
between
harbor
and
kubernetes.
H
Like
this
automated,
there
is
like
an
open
source
project
which
synchronizes
harbor
with
kubernetes,
so
that
namespace
and
and
the
secret
synchronizing,
so
we
have
a
kind
of
a
seamless
integration
of
of
harbor
into
into
kubernetes,
and
I
would
like
to
make
a
talk.
I
was
thinking
about
making
a
talk
about
this
and
share
a
few
use
cases
how
to
have
a
seamless,
kubernetes
integration
with
harbor.
H
A
Yeah,
are
you
looking
for
someone
to
team
up
or
you
want
to
do
that?
Solo.
H
I'm
I'm
open
for
for
collaboration.
I
was
actually
I
wanted
to
ask
the
the
the
maintainer
of
this
the
the
tool
that
which
is
called,
I
think
it's
called
harbor
sync
harbor
sync
and
it's
a
tool
which
synchronizes
and
opens
a
kubernetes
operator
that
synchronizes
the
sync
accounts.
H
H
If
you,
if
you
scroll
down
a
bit,
then
you'll
see
there's
a
diagram,
how
how
is
working.
So
this
is
basically
quite
a
simple
operator
for
kubernetes,
which
is
working
nicely
with
with
harbor,
and
it
makes
the
developer
lives
a
bit
easier,
and
I
would
like
maybe
to
talk
with
with
the
author
of
this
two.
I
know
him
and
if,
if
he
wants
to
join
on
the
presentation
about
that,
I'm
open
to
that
and
yeah.
H
A
I
was
thinking
about
keep
con
eu
and
fosdem
I'll
try
to
submit
like
a
harbor
101
talk,
so
I
want
to
combine
something
from
community
to
the
technical
part
in
in
between
a
little
demo
of
harbor,
what
it's
doing
and
how
people
can
join
our
community
and
how
can
start
contributing
so
I'm
open
for
collabs.
If
someone
wants
to
join
me
in
this
one
yeah
on
the.
G
Chat:
okay,
cool.
B
A
C
I
don't
mind
default
in
the
maintain
the
track.
Team
probably
will
have
the
the
the
intro
intro
session
or
the
deep
dive
session.
I'm
not
sure
for
the
eu
that
we
have
two
session
or
one.
C
A
C
A
C
C
A
That's
yeah
yeah,
that's
my
point:
if
I'm
part
of
the
maintainer
team,
which
it
should,
I
think
it
should
be,
I
can
take
over
this
one
and
I
can
monitor
all
this
stuff
and
take
care
of
that
yeah.
C
I
think
maybe
alex
or
jan
or
someone
just
forward
the
email
to
to
to
the
to
sorry.
What's
your
name.
C
Yeah,
so
that
you
can,
you
can
know
all
in
yeah.
Sorry,
although
you
can
know
what
to
how
to
how
to
submit
the
cfp
for
the
maintainer
tracked
yeah.
I
just
posted
in
the
cfp
page
about
what
the
deadline
and
how
to
submit
and
so
on
all
the
information
there.
A
Yeah,
and
also
by
the
way,
I'm
I've
applied
again
to
be
part
of
the
program
committee
and
I'll,
be
most
probably
I'll,
be
elected
to
be
one
of
the
reviewers
for
our
track
and
also
co-chair
of
the
track
so
I'll
be
differently.
There.
C
The
csf
people
told
me
that
it
would
be
hybrid
yeah,
something
for
now
yeah.
A
Yeah,
of
course,
if
someone
doesn't
want
to
travel
or
something
they'll
be,
I
think
they
will
not
stop
the
virtual
option.
A
Okay,
so
next
one
it's
it
was
for
alex
about
my
maintainership
alex.
Do
you
know,
do
we
have
any
progress
on
this
one,
I'm
not
sure.
What's
the
status
of
this
one,
are
we
writing
cncf
or
something.
C
A
Yeah,
okay,
because
it
would
be
awkward
to
raise
pr
for
myself.
I
can
do
that,
but
I
don't
know:
maybe
it's
not
yeah,
okay
and
the
last
topic
from
my
site,
I'm
working
with
cncf
right
now
to
get
some
swag
recognition
for
all
the
maintainer
for
all
the
members
of
the
maintainer
team.
A
So
keep
you
posted
with
this
one.
I
hope
we
can
figure
out
a
proper
deal
with
them.
A
So
as
a
part
of
the
the
whole
program
and
recognition
for
your
efforts,
I
wanna
you
guys
to
receive
something
in
the
end
of
the
year
gifts
so.
H
B
I
just
want
to
mention
the
the
2.5
is
being
is
being
groomed
right
now.
So
if
you,
if
you
want
to
go
to
the
project
page
or
I
can
share,
if
you
want,
it
doesn't
matter.
A
Yeah
I'll
stop
and
I'll
update
that
you've
raised
that
topic,
which
is
great.
B
Everyone
see
it
my
screen
yep,
so
the
right
again,
the
way
from
the
home
page
or
from
the
the
main
page
on
github
and
go
to
projects,
and
this
is
a
new
feature,
they're
rolling
out,
but
click
on
projects,
the
non-beta1
harbor
project
board
you'll,
see
that
we
had
the
2.5
right.
B
So
we
finished
2.4
where
we
we
went
through
this
internally,
and
so
these
are
just
some
of
the
things
that
we're
looking
at
for
2.5,
and
I
think
these
have
a
pretty
strong
probability
of
making
it
in
you
know
we'll
try
to
get
as
much
out
as
possible.
B
Some
of
them
may
be.
You
know,
it'll,
just
we'll
just
get
a
design
in
for
2.5,
but
I
think
you
know
the
ones
like
supporting
six
story
cosine.
This
is
pretty
well
discussed.
Already.
We've
had
a
lot
of
discussions,
there's
a
bunch
of
pr's
going
on.
This
is
one
like
the
core
anchor
features
for
2.5
that
we
want
to
support.
C
B
And
see
if
you
have
any
comments
on
these
and
then
I
think
over
you
know
the
course,
the
next
few
community
meetings
we
can
deep
dive
a
few
of
these.
The
define,
live,
backstory,
backup,
restore
this
is
a
story
centered
around
using
valero
for
for
backup
and
restore,
and
you
know
we
already
decided
on
valero
as
a
as
a
backup
solution
and
then
we're
adding.
B
G
B
Gotten
complaints
that
you
know
it's
too
much,
some
customer
or
some
users,
you
know
their
projects
are
fairly
big
with
lots
of
repositories.
They
only
want
those
web
book
notifications
enabled
for
specific
repos.
B
This
is
a
performance
enhancement.
That's
pretty
important
around
the
pgc
goal
within
harbor.
I
think
I'm
going
to
take
this
one
out,
there's
not
much
to
do
so.
This
is
this
is
not
part
of
2.5
yeah
and
then
we're
adding
you
know
enhancements
to
to
capture
audit
logs
right.
So
who
did
what,
when
these
are
things
that
are
not
being
captured
in
harvard
today?
B
This
is
more
of
a
design.
I
think,
there's
quite
a
bit
of
you
know
touches
on
a
lot
of
things
in
in
the
in
the
back
end,
but
this
important
feature
to
have,
I
think,
yeah
and
the
vulnerabilities
export,
as
well
as
supported,
unsupported
os
and
scan
results.
These
are
things
that
that
you
know
we
started
in
2.4
and
didn't
quite
finish
and
we're
trying
to
get
those
into
2.5
as
well.
So
please
take
a
look.
You
know
this.
B
This
will
be
the
time
to
to
raise
things
that
you
feel
are
important,
because
2.4
is
out
2.5.
You
know,
we've
started
already
gotten
started
on
some
of
these
things
and
we're
just
consolidating
this
list,
and
you
know
finalizing
the
2.5
I'm
going
to
change
this
to
you
know
from
suggestions
to
commitments
at
some
point,
probably
within
the
next
week
or
two
so.
H
There
is
also
discussion
on
the
on
the
discussion
board
regarding
2.5
features.
If
you
on
the
harbor
on
the
project,
however,
discussions
there's
also
this.
H
F
F
I
think
I
think
we
have
look
at
look
at
the
discussion,
just
some
items
related
to
the
tc
right,
tc
issues.
The
team
have
also.
B
Yeah,
I
know
we
we
discussed
these
recently.
I
think
it's
looking
at
this
to
see
exactly
which
ones
can
make
it
into
2.5.
J
Yeah,
this
is
what
I
just
went
through
all
the
gc
issues,
so
I
I
have
already
created
a
apex
for
2.5.
So
me
we
probably
can
do
some
enhancements
about
the
competition
like
improve
some
performance
and
introduce
the
feeder
tolerance,
and
things
like
that.
So
I
I
just
put
all
the
things
that
about
the
cabbage
cushion
in
that
app
you
can.
You
can
refer
to
that
for
more
details.
J
B
H
B
G
C
B
F
Yeah,
I
think
every
four
months
is
a
pretty
scandal.
B
C
B
Has
gotten
to
the
point
where
it's
not
about
you
know:
people
are
not
expecting
us
to
have
x
number
releases
per
year.
They're
expecting
quality
releases
with
incrementally
better
features,
because
you
know
harvard
is,
is
really
strong
in
the
community
and
now
we're
you
know
we're
delivering
on
things
that
would
really
make
an
impact
right
things
like
import
performance
enhancements
that
you
see
performance
enhancements
to
the
you
know
the
database
query
in
the
background
and
then
yeah,
you
know
it's
not
it's
not
about
rolling
out
features
that
we
can
demo
anymore.
It's
about.
B
You
know
making
really
making
true
improvements
to
to
the
project.
So.
B
Yeah
and
we
have
more,
we
have
more
people
right,
we
have
tienen
joining
us,
we
have
vadim
and
we
have
you
know
other
contributors,
so
I
think
over
time
you
know
it's
gonna,
it's
gonna
get
better
only,
but
it's
gonna
get
better
organically
and
so
three
releases
a
year.
That's
that's
what
we
promise.
B
All
right
thanks
everyone,
that's
it
for
me,.
A
Thank
you
anyone
else.
If
not,
I
have
last
request
from
you
for
you.
Can
you
go
over
all
the
proposals
at
the
community
repository?
There
are
some
old
proposals
or
issues
I'd
try
to
attack
some
of
you.
There
are
two
three
years
old
discussions
that
are
definitely
definitely
out
of
date
needs
either
closing
or
yeah
closing
so
yeah.
B
A
A
Prs
and
issues
old
ones
yeah,
which
are
like
asked-
and
maybe
someone
discussed
them
something
but
like
two
years
ago
or
someone
was
asking
for
some
functionality
that
is
already
implemented,
so
that
doesn't
make
sense
to
stay
there
and
just
yeah.
A
B
I
think
so
definitely
we'll
do.
Thank
you.