►
From YouTube: Sigstore Community Meeting - Dec 13, 2022
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
So
just
a
quick
update,
we'll
start
just
on
meeting
end
We've
canceled,
all
the
calls
the
community
calls
through
the
end
of
December
and
into
early
January,
so
the
next
contributor
facing
meeting
will
be
January
10th.
Just
quick
note.
I
will
be
around
for
that
meeting.
A
So
we're
looking
for
someone
to
kick
that
off,
but
as
we've
seen,
Hayden
now
has
ability
to
start
that
but
yeah.
Likewise
anybody
else
I
think
we
figured
out
how
to
get
somebody
else
kicking
off
the
meeting.
So
we
can
set
up
co-hosts
as
needed.
B
Perfect
happy
happy
to
help
out
if
no
one
else.
A
Is
available
awesome
thanks
a
lot
Hayden,
okay,
so
we'll
be
launching
into
the
project,
ground,
Robin
and
then
Community
update
and
then
at
the
end,
a
section
for
any
newcomers
or
folks
returning
who'd
like
to
say
hello,
a
welcome
or
just
tell
us
what
they're
working
on.
So,
let's
jump
in
with
the
round
robin
and
just
quickly
says
well
just
feel
free
to
add
agenda
items
to
the
relevant
section
or
to
any
other
business
okay
round,
robin
so
Rico
any
updates.
There.
B
We
don't
have
a
whole
lot
of
updates.
I
wanted
to
mention
this
PR
that
should
hopefully
get
merged
soon.
We
just
need
to
test
it
out
but
like
how
we
have
an
integration
with
GitHub
actions
where,
from
a
GitHub
action,
you're
able
to
request
a
code
signing
certificate,
build
kite,
CI
has
expressed
interest
and
authored
this
PR
to
also
support
fetching
code
signing
certificates.
We're
super
super
excited
about
this.
B
We
just
need
to
test
out
this
PR
there's
a
little
bit
of
conversation
feel
free
to
take
a
look
and
chime
in.
If
you
anything
you'd
like
to
add
discussion,
I'll
also
mention
that
there's
another
open
issue
we've
been
discussing
how
to
find
some
uniformity
in
the
identity.
Token
claims
between
CI.
So
it
should
be
even
easier
in
the
future
to
onboard
new
CI
CD
platforms
that
are
interested
in
Fetch
and
code.
Signing
certs.
A
Very
cool
yeah
that
looks
great
and
yeah
look
forward
to
when
this
is
out,
and
maybe
we
can
do
some
posts,
the
tweets
get
it
on
the
landscape
for
sure,
but
yeah
super
cool,
okay,
anything
else
in
full
two.
B
I
can
also
give
that
update
and
I
think
that's
the
exactly
Zach
feel
free
to
chime
in
two.
If
you
want
to
so
cosine
2.0
will
be
the
next
major
release
of
cosine.
The
primary
focus
is
now
that
recore
and
full
Co
are
G8.
We
no
longer
consider
them
experimental,
so
we're
removing
the
cosine
experimental
flag,
we're
also
taking
the
opportunity
to
make
a
number
of
other
changes
that
are
breaking
but
are
necessary
for
a
number
of
reasons.
B
B
B
One
thing
I
will
say
where
we'll
definitely
need
a
little
bit
of
help
if
anyone's
interested
is
the
second
to
last
issue
here
on
documentation,
there's
a
lot
of
places
to
update
in
the
repos
themselves
in
examples
in
readme's
in
our
blog
post
it
would
be
good
to
go
back
and
edit
a
blog
post
to
make
sure
they're
up
to
date
when
people
find
them
our
documentation.
B
So
this
is
not
just
describing
the
new
features,
but
also
describing
primarily
the
the
breaking
changes
where
we're
removing
the
flag,
so
that's
definitely
a
place
where
we'd
appreciate
any
help.
If
you're
interested,
let
me
know,
I
need
to
break
this
down
into
I.
Think
a
little
more
granularity
on
where
we
need
updates.
B
And
we'll
have
a
we'll
have
a
blog
post,
also
that
I've
drafted
for
2.0
that
will
will
send
out.
Let's
do
that
comes
out.
A
B
Yeah
I,
so
the
release
candidate
were
aiming
for
this
week
to
do
it
and
we
wouldn't
cut
2.0
before
the
end
of
the
year.
I
roughly,
let's
say
like
end
of
January,
but
that's
that's
not
a
hard
commitment.
It's
if
one
of
these
issues
takes
longer
it'll
be
a
little
longer
than
that,
but
sooner
the
better.
A
A
Great
okay,
it's
a
good
sign.
A
Allow
that
in
after
the
fact,
let's
move
on
to
time,
stamping.
B
Yes,
you're
gonna
hear
my
voice
okay,
this
is
this:
is
our
latest
release
of
the
time,
stamping
Authority
repo,
so
this
is
super.
Exciting
progress,
Meredith
and
I
have
been
working
on
this
and
Hector
has
also
been
helping
out
with
the
timestamp
repo
and
also
making
some
changes
to
cosine
to
support
time.
Stamping
this
release
we
cut
yesterday
primary
focus
is
not
on
the
server
changes,
but
on
the
verification
Library,
which
is
currently
being
used
by
cosine.
B
Take
a
look,
give
it
a
give
it
a
try.
We're
gonna
update
some
documentation
there,
so
it's
it's
clear
how
to
use
it,
but
super
excited
to
see
the
progress
on
timestamping.
The
next
big
things.
I
guess.
Something
else
to
mention
too,
is
that
we
have.
B
Scaffolding
now
has
a
test
instance
of
the
timestamp
authority
and
we've
also
created
the
terraform
necessary
terraform
changes
so
that
you
can
spin
up
the
time,
stamping
Authority
on
gcp,
and
we
have
the
helm
charts
in
place.
So
the
last
step
will
be
spinning
up
a
timestamping
Authority
for
six
store
in
staging
to
test
it
out.
B
B
But
this
will
be
we'll
have
this
here
for
now
and
then
we're
going
to
move
these
out
at
a
later
time.
I
just
wanted
to
mention
this,
since
we
didn't
have
a
status
update
on
the
status
page
for
this,
which,
if
you're
not
aware
of
status.6
star.dev,
has
metrics
for
the
current
for
the
production
instance
of
Sig
store.
We
had
an
outage
on
the
fourth
due
to
an
out
of
due
to
a
memory
leak
due
to
a
node
pool
running
out
of
memory.
B
It
was
very
interesting
the
we
have
a
prober
that
runs
in
cluster
to
gather
metrics.
It
had
a
memory
leak,
it
was
a
long
running
process
and
after
it
had
consumed
all
the
memory
on
the
machine.
B
Another
process
called
Cloud
SQL
proxy
and
seemed
to
not
know
how
to
respond
to
the
lack
of
memory
and
just
began
to
spin
causing
CPU
usage
to
spike
and
that
caused
other
workloads
on
the
VM,
which
included
full
seal
and
recore
to
degrade,
and
so
you
may
have
seen
early
in
the
morning,
504
errors
from
Full
seal
and
recore.
B
If
you're
not
familiar
with
postmortems.
Roughly
the
structure
is
discussing
impact
and
root
causes
triggers
and
action
items
for
resolution.
We've
got
a
whole
bunch
of
exciting
items
for
resolution.
The
tldr
is,
we
found
the
memory
leak
already.
It's
been
fixed
and
updated
in
production
and
we
have
another
a
number
of
other
tasks,
particularly
around
playbooks
and
and
mitigations,
going
forward
to
make
sure
that
no
one
process
can
consume
all
the
memory
on
a
node
foreign.
A
Yeah
thanks
for
that,
you
had
seen
the
the
reported
failures
that
are
really
nice
to
close
the
loop
and
see
the
behind
the
scenes,
investigation
and
follow-up
any
questions.
Otherwise,
we'll
move
on
foreign.
A
Do
we
have
any
updates
from
the
language,
client
interns
or
anything
Java
python,
rust,
JavaScript,
Ruby.
C
A
Thank
you
Lisa,
okay,
so
moving
on
from
Project
updates
to
just
Outreach
and
events
activity.
First,
one
I
had
on
here
was
a
six
door
at
kcd.
Uk
I
think
this
was
two
or
three
weeks
ago
in
London.
Anyone
here
who
was
at
that
event.
A
Yeah
so
yeah
Luke's
keynote
on
Sixto
saw
some
tweets
and
things
going
around
about
that.
I'll
find
the
link
to
the
talk,
because
I
believe
they've
been
posted
now
and
I
believe
there
was
a
six-store
workshop
as
well
with
the
good
set
of
folks
trying
out
six
door
and
yeah
I.
Think
Eddie.
Eddie
Zane
has
some
feedback,
but
I'll
follow
up
with
him
to
just
communicate
back
anything
there
and
get
the
links.
A
Six
still
at
fosdem,
we
just
the
confirmation
that
we
did
not
get
the
stand
we
applied
for
they
have
now
announced
the
stands
at
first
Dem
and
the
Essex
store
didn't
make
the
list.
I
don't
know
if
we
were
notified,
but
I
guess
for
proxy
yeah.
It's
not
a
lot
on
security
at
fosdem
as
a
matter
of
Interest.
So
maybe
something
we
can
look
to
help
with
over
the
upcoming
years.
But
yeah
myself
and
a
few
others
do
plan
to
be
there
around
I.
A
Think
there's
an
s-bomb
Dev
room
and
a
few
other
rooms
like
the
cicd.
One
call
for
papers
are
still
open
for
those,
so
I
do
encourage
folks
to
send
in
six
door.
Talks
and
I
will
also
go,
find
the
link
and
put
it
in
the
document.
B
Yeah
just
wanted
to
mention
this,
so
the
cfp
has
been
closed
for
a
little
bit,
but
notifications
are
today
if
you
did
submit
this
is
I
think
previously
this
was
a
co-located
conference
and
now
it's
going
to
have
its
own
dedicated
conference
I
believe
it's
two
days,
I
think
in
Seattle,
yet
on
February,
1st
and
2nd
I
I'm
gonna
guess
that
they'll
be
probably
at
least
one
talk
discussing
sigster.
C
A
Other
events,
folks
are
aware
of
or
have
submitted,
toxins
and
stuff
or
or
just
want
any
general
we're
happy
to
promote
the
events
or
plug
your
talk,
or
things
like
that.
Just
let
us
know.
A
Okay,
so
blog
posts-
oh
I,
do
believe.
There's
one
out
this
week
from
Zach
and
Marina
exactly
a
second
Nicole.
D
I
am
this
is
not
a
new
post,
it's
been
circulating
for
like
a
month
now,
but
excited
to
see
it
finally
go
live,
and
it's
basically
on
as
a
response
to
people
who,
who
sort
of
have
been
saying.
Oh
it's
signed
with
six
door.
D
D
A
Yeah,
so
take
a
look,
and
please
share
so
things
around
in
the
pipeline.
The
we've
done
an
end
of
year
update
for
the
open
ssf,
it's
pretty
much
a
collision
of
existing
blog
posts
around
six
tokon
and
the
ga
release,
but
once
they
do
send
out,
their
annual
report
expect
to
see
six
door
featured
in
that
this
work
in
progress
towards
a
end
of
the
December
Roundup.
So
if
folks
have
things
to
highlight
in
that,
please
add
them
to
the
link
in
the
document.
A
Typically,
I'll
go
through
like
the
blog
posts
and
the
notes
from
the
community
meeting
and
the
office
hours
just
to
collate
all
the
activity
we're
seeing,
but
just
in
case
there's
something
specifically
you
want
to
call
out
or
if
you
want
to
just
write
it
up
in
your
own
style.
That's
very
welcome
as
well
too
case
studies,
I
haven't
updated
this,
but
we
do
have
one
from
DB,
Schenker
and
they've
just
gotten
back
to
us
to
with
their
final
edits.
A
So
we
should
be
good
to
stage
that
in
medium
and
get
it
up
either
later
this
week
or
early
next
week,
seeing
how
things
go
and
yeah
I'm,
not
sure
that
we
have
a
lot
in
progress
but
as
ever,
if
folks
are
interested
in
doing
a
case,
study
on
using
and
adopting
six
door
to
submit
interest
on
that
form
there
or
just
message
me
and
I-
can
talk
to
you
through.
What's
involved.
A
And
yeah,
it's
just
the
final
plug
for
the
sexual
landscape.
I,
don't
think,
there's
been
anything
new
in
there,
but
we
do
see
have
a
steady
trickle
of
projects
coming
in
and
once
we
get
things
like
the
build
kite
integration,
we
can
feature
that
on
the
landscape,
any
questions
comments,
other
things,
I've
missed.
A
Anyone
want
to
speak
I
believe
next
week
we
do
have
our
final
office
hours
session,
that's
the
more
user-facing
six-star
meeting
and
then
that
will
be
the
final
one
for
this
year
and
then
we
will
resume
buckets
Community
officers
on
January,
10th,
so
yeah
I
think.
Congratulations,
everybody
on
an
amazing
year
of
six
door
and
I
hope
you're
managing
to
to
get
some
rest
and
we'll
see
you
in
community
meeting
next
year.