►
From YouTube: Sigstore Community Meeting - September 19, 2023
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Welcome
everybody
today
is
the
19th
of
September.
Welcome
to
today's
six
door.
Community
meeting
I'm
really
excited
to
see
some
new
faces
in
the
call
today,
that's
very
exciting.
The
way
this
meeting
will
work,
we'll
do
a
project
around
Robin
go
through
each
of
the
major
projects
under
six
store.
A
Then
we'll
talk
a
little
bit
about
some
Outreach
and
events.
If
anybody
has
any
updates
to
add,
please
do
add
them,
and
then
we
have
a
chance
to
talk
about
any
other
business
or
office
hours.
If
you
have
any
questions
about
how
to
use
Sig
store
or
its
clients
or
tools,
and
then
we'll
have
a
little
bit
of
time
at
the
end
for
introductions,
if
you're
new
to
the
community
feel
free
to
say
hi,
we
look
like
we
don't
have
too
many
project
updates.
A
I
know
recore
folsio
Coastline.
We
don't
have
any
recent
cuts
and
I
can't
think
of
any
major
features
for
any
of
them.
Anybody
from
the
client
side
have
any
updates.
A
Alrighty
on
the
infrastructure,
one
thing
to
touch
on
is
we
have
a
new
root
signing
event
happening,
I
believe
two
weeks
from
now.
A
So,
if
you're
not
familiar
with
this,
our
roots
of
trust,
which
includes
the
full
Co
route,
CA
certificates,
recourse
public
key
are
shipped
via
a
tough
repository
which
gives
us
a
way
to
do
secure
updates
every
six
months
the
metadata
expires.
So
we
need
to
do
with
signing
events
where
we
have
five
offline
root.
Key
holders
from
Academia
and
from
the
industry
sign
the
metadata.
So
we're
doing
a
test
of
that
run.
Right
now
and
then
in
I
think
it's
two
weeks
we'll
have
the
signing
event
occur.
A
It
should
go
seamlessly
hopefully,
and
clients
will
go
pick
up.
The
latest
updates
when
they
go
online.
A
For
docs
one
thing:
I
want
to
touch
on
I
didn't
know
the
best
place.
To
put
this
so
I.
Added
to
this
section
is
the
community
roadmap.
A
We
just
merged
this
in
I'll,
mention
that
this
is
very
much
a
living
document.
It's
meant
to
be
updated.
We
will
change
our
priorities
over
time.
New
items
will
be
added.
Things
will
drop
off
this.
If
you
haven't
already
seen
this,
please
do
take
a
look.
I
think
this
is
a
really
great
document
that
describes
the
vision
of
Sig
store.
We
talk
a
little
bit
about
some
of
the
history
behind
Sig
store.
A
The
current
landscape
talk
a
little
bit
about
adoption
of
Sig
store,
which
is
one
of
the
big
directions
that
we
want
to
go
and
talk
a
bit
about
kind
of
the
strategy
of
how
we're
going
to
accomplish
this
I'm
scrolling
through
this
quickly.
You
know,
please
do
take
a
look
at
this
if
you'd
like
to,
and
then
we
have
a
road
map
touching
on
each
of
the
major
areas
around
clients
around
recore,
around
monitoring
recore
around
deployments
around
folsio,
around
Docs
and
then
Community
growth.
A
Also
so
please
take
a
look
if
you
have
any
comments,
feel
free
to
submit
a
PR
or
create
an
issue
touching
on
them.
B
Sorry
I
have
to
do
it
on
the
phone
and
the
computer
yeah,
so
I
just
linked
to
an
issue
where
we're
discussing
some
of
some
new
content
initiatives,
among
them
an
accessibility
audit,
some
new
with
surfacing
the
Project
Specific
docs
and
a
glossary.
So
those
are
things
that
should
be
coming
down
the
pike
and
if
you
want
to
kind
of
weigh
in
on
that
initiative,
you
can
you
can
discuss
in
that
issue.
That's
Linked
In.
The
agenda.
A
Awesome
thanks
for
that
update
so
folks
are
interested.
Please
do
take
a
look
and
leave
some
comments.
Did
we
have
any
bug
fixes
in
the
pipeline
around
the
docs
or
if
things
kind
of
settle
down.
B
I've
some
I
think
that
the
major
ones
I
mean
if
there
are
ones
that
I
have
not
addressed
yet
you
know
bring
them
to
my
attention
and
I'll
do
another
pass
through
to
make
sure
that
no
issue
is
related
to
the
doc,
but
I
think
the
major
ones
have
been
have
been
addressed.
You
know
we
had
someone
early
on
about
the
you
know:
the
hierarchy
and
the
land
of
the
site
to
preserve,
preserve
older
links.
B
You
know,
and
we
have
to
add
a
few
new
redirect
do
some
changes
to
prove.
There
are
some
of
the
old
link
structure,
but
that's
pretty
much
done
now
and
they've
also
did
a
path
through
where
I
automatically
used
you
like,
wget
or
whatever,
to
check
for
four
or
four.
So
in
theory,
as
of
you
know
like
a
week
or
two
ago,
there
should
be
no
broken
links
on
the
site,
I
mean
if
you,
if
you're
finding
things
if
you're
seeing
things
you
know,
please
always
open
an
issue.
A
Awesome
thanks
for
the
update
and
yeah
folks
haven't
seen,
do
check
out
the
new
docs
website.
It
looks
fantastic,
very
Snappy,
hopefully
no
more
caching
issues.
So
it
looks
great.
A
A
Alrighty
then
we'll
move
on
to
outreach
and
events.
This
might
be
a
little
early,
a
touch
on
this
because
I
believe
I
think
open
ssf
day
is
done,
but
the
OSS
Summits
in
Spain
is
still
ongoing.
So
we
might
have
to
wait
till
the
next
meeting
to
hear
some
updates
from
folks
there.
A
A
Were
there
any
other
updates?
Anybody
wanted
to
touch
on.
C
Yeah
yeah
I
I
had
something
I
posted
about
this
on
slack,
but
I
wasn't
totally
sure
of
the
right
Channel
or
the
right
people
to
talk
to
so
I
just
wanted
to
chat
with
someone
about
automated
workflows
in
keyless
signing
so
that
could
be
here
could
be
offline,
I,
just
don't
know
like
who
I
should
talk
to,
because
I'm
kind
of
having
trouble,
selling
or
explaining
this
as
a
concept
for
some
technical
reasons
and
I
think
this
is
kind
of
a
critical
piece
of
what
we're
doing
here.
A
That
is
perfect
timing
that
you
brought
that
up,
because
we
were
also
having
a
conversation.
Apparently,
this
came
up
at
I
was
at
the
Seesaw
events,
but
recently
in
DC,
some
folks
from
the
supply
chain,
security,
space
chatted
with
others
and
big
store
came
up,
and
there
was
a
lot
of
discussion
around
automated
workflows
and
if
you
notice
in
our
docs
the
docs
are
all
very
dev-centric.
We
actually
I
think
have
an
issue,
that's
kind
of
tracking
the
one
of
the
cujs
we'd
like
to
Target.
A
He
was
talking
a
bit
more
about
automated
workflows.
One
thing
we
were
talking
about
is
writing
blog
posts
on
this
yeah.
A
If
you're
interested
I
can
send
you
that
Draft,
when
we
have
that,
we
were
chatting
with
a
few
community
members
about
getting
that
effort
going,
because
that
that
seems
to
be
a
big
gap,
and
that
is,
in
my
opinion,
one
of
the
big
wins
with
Sig
store
that
we
have
this
seamless
way
of
signing
with
open,
IDC
or
open
ID
connect
on
automated
platforms,
and
we
don't
really
touch
on
this
very
much.
C
Yeah
I
thought
a
blog
post
would
be
very
handy.
I
was
looking
for
that
so
I'd
love
to
look
at
that
like
ASAP
or
chat
about
it
or
you
know
Hayden
so
you're,
one
of
the
people
kind
of
leading
that
effort
like
are
there
others
or
like
who
should
I
ping.
A
C
A
I'm
I'm
I'm
really
happy
that
you
brought
this
up
because
we'd
like
to
ideally
publish
something
either
on
Sixth
or
on
the
open,
ssf
blog,
because
I
think
a
wider
audience
would
be
very
interested
in
this
topic.
Yeah.
C
A
All
righty,
this
might
be
a
short
meeting
today,
so
I
see
we
have
two
new
names
for
introduction,
so
I
guess
Tom.
If
you'd
like
to
say
hi
feel
free
to.
D
Sure
hi
mic
test.
First,
can
you
guys
hear
me
works
well
yeah.
My
name
is
Tom
Albrecht
I'm,
a
Lockheed
Martin
I
work
with
Ian
I
am
on
our
internal
software,
Factory
team,
Milwaukee
Martin,
cyber
security,
fellow
so
even
Lily's
question
there
was
kind
of
where
I
am
I'm
more
on
the
policy
side
of
it
and
especially
have
the
kind
of
overarching
job
as
we're
incorporating
these
capabilities
into
our
internal
development
processes
to
communicate
that
out
to
our
programs
and
our
customers.
D
You
know
what
sometimes
why
this
is
a
good
thing
and
then
you
know
so.
Yeah
I
would
also
be
interested
in
that
blog
post,
because
that's
really
I'm
that
audience
or
at
least
I'm,
the
one
passing
on
to
the
actual
audience
that
is
really
more
concerned
about
how
this
the
capability
helps
secure
the
supply
chain.
D
At
that
point,
I
guess
I'll
pass
in
a
chat.
Chad's
done
a
lot
of
our
implementing,
so
I'll
I'll.
Let
him
introduce
himself.
E
Wasn't
just
muted
I
was
double
muted,
hi,
Chad,
Coleman
I
work
with
Lockheed
Martin,
also
with
Tom,
as
you
mentioned
in
and
Ian
we've
been
implementing
the
six
door
ecosystem
locally
in
within
our
internet.
E
Have
it
up
and
running
and
have
started
as
Tom
was
mentioning
implementing
its
use
on
our
various
products
still
kind
of
early
in
that
phase,
but
coming
along
pretty
good.
A
Well,
welcome
to
both
of
y'all.
We
very
excited
to
hear
there's
some
interest
in
policy.
I
think
take
a
look
at
the
road
map.
This
is
one
area
that
probably
needs
the
most
love
within
six
store.
I
think
it's
it's
a
very
critical
area,
right,
I
think
we
have
signing
down
and
verification
is
something
that
we've
very
much
wanted
to
expand
on.
A
We
have
something
like
policy
controller,
which
is
a
a
project
under
Sig
store
around
verifying
signatures
within
kubernetes
clusters,
we'd
love
to
expand
that
the
capabilities
of
that
project
far
beyond
just
kubernetes
too,
so
we're
we're
hopeful.
There's,
there's
some
work
in
the
pipeline
there
if
you're
interested,
let's
chat
more
and
as
always,
feel
free
to
stop
by
on
slack.
If
you
have
any
questions,
if
you
haven't
seen
already,
there's
a
channel
called
private
six
door
users
to
discuss
more
about
internal
deployments
of
Sig
store.
A
So
if
you
run
into
any
issues
there,
that
group
is
happy
to
chat
about
that.
A
Awesome
well
to
our
new
members.
Welcome
to
the
community
we'll
chat
again
in
two
weeks.