►
From YouTube: Sigstore Community Meeting August 9, 2022
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Okay,
welcome
everybody.
I
have
kicked
off
the
recording,
so
welcome
to
this
week's
community
call.
We
just
seem
to
have
a
a
lot
on
the
agenda,
so
let's
just
get
started,
but
just
as
folks
keep
rolling
in
I'm
gonna
jump
ahead
just
before
we
get
into
the
project
round.
Robin
and
yeah
just
give
a
big
shout
out
to
the
big
news
yesterday
from
github
about
npm
adopting
sigsto
that
so
that
was
super
to
read
about
in
here
and
if
folks
haven't
checked
out
the
rfc.
A
I
highly
encourage
you
to
do
so.
It's
really
nice
to
see
kind
of
the
thought
process.
The
decisions
there,
as
well
as
the
risks
being
covered
and
yeah
happy
to
welcome
some
folks
here.
Anyone
from
github
here
wants
to
maybe
talk.
How
did
that
all
go
was
it?
Was
it
well
received.
B
Yeah
this
is
brian
behamer
from
github
yeah
there's.
If
anybody
goes
and
looks
at
the
rfc,
that's
posted
there's
a
ton
of
conversation
happening
right
now,
so
there
was
a
lot
that
sort
of
went
up
to
getting
it
released.
Yesterday,
a
lot
of
like
internal
debate
and
conversation,
and
now
it's
sort
of
out
there
for
the
community
and
we're
gonna
probably
spend
the
next
few
weeks
just
sort
of
like
sorting
through
the
conversation
addressing
concerns.
If
anybody's
interested.
B
C
I
have
another
question:
I've
sort
of
popped
up
in
the
comments
with,
like
my
opinion,
man
about
why
it's
important
to
do
this,
but
it
also
might
be
that
I'm
stirring
up
the
hornet's
nest.
Would
you
rather,
I
backed
off.
B
A
But
you
know
saying
if
folks
haven't
checked
it
out
yeah.
I
know
it's
great
to
read
just
kind
of
some
features
as
well
as
the
risks,
and
you
know
how
that
ties
into
ga
but
yeah
overall,
I
think
just
a
nice
point
to
to
stop
and
celebrate
all
the
work
everyone
here
has
put
into
to
it
and
just
the
incredible
velocity
around
the
project
in
the
community.
It's
just
nice
to
have
that
validation.
D
I
have
a
small
update
actually,
so
I
put
in
a
fix
I
dressed
yesterday
and
I'm
hoping
it'll
get
merged
on
a
server
flake
that
we
were
experiencing.
Maybe
like
one,
every
100-ish
runs
and
it
is
now
fixed.
I
think
it's.
It
was
a
weird
find
it's
a
racy
condition.
Yay
and
I'll
put
in
there
feel
free
to
read
the
description.
I
tried
to
put
as
much
information
as
possible.
There,
I'll
link
it
in.
A
E
No
other
than
just
to
say
that
I
think
the
spirit
of
the
work
here
was
just
trying
to
formalize
exactly
what
we
needed
to
mandate
or
what
was
included
in
certificates
from
the
public
instance
as
well
as
just
kind
of
our
our
read
on
best
practices
that
we
were
trying
to
adopt.
So
just
trying
to
codify
that
in
the
repo
just
for
greater
awareness.
So
folks
have
questions,
certainly
feel
free.
B
A
Oh
awesome,
yeah
now
that'll
be
great
to
have
that
I'll.
Add
you
in
okay,
so
any
of
the
language
specific
implementations,
a
root.
We've
got
something
from
the
java
side.
Patrick,
are
you
here.
F
Yeah
I'm
here
I
just
want
to
let
people
know
that
we
have
a
we've,
opened
a
github
issue
and
have
a
proposal
to
sort
of
came
up
as
a
result
of
looking
into
the
java
client.
Basically,
the
suggestion
is
to
change
the
way
that
sign
bob
works,
and
it
should
eventually
apply
to
all
clients
so
that
we
produce
one
signing
artifact
a
bit
more
like
how
we
do
with
the
oci
images.
F
So
please,
if
you're
interested
in
this
space,
take
a
look
and
let
us
know
what
you
think,
and
hopefully
we
can
get.
This
ended
soon.
A
Okay,
thank
you
patrick
anything
else.
From
the
other
projects,
python
rust,
root.
B
I
guess
I
can
talk
a
little
bit
about
the
javascript
stuff.
This
obviously
is
very
closely
related
to
the
npm
rfc,
but
we
recently
like
added
a
new
repo
to
the
sig
store
organization
for
the
six
door,
js
project,
which
is
implementation
of
the
six
store
stuff
in
native
javascript.
B
It's
in
a
very
rough
state
at
the
moment,
so
I
don't
want
anyone
to
think
that
this
is
like
ready
for
production
use
but
work
in
progress,
and
this
will
be
sort
of
the
basis
for
us
doing
the
like
npm
implementation
of
of
six
doors.
So,
ultimately,
hopefully
this
will
library
will
get
integrated
into
the
npm
cli
itself,
but
yeah.
If
anyone
is
interested
in
like
making
contributions,
all
welcome.
C
A
Yeah,
a
nice
call
for
contributors
and.
A
A
kind
of
regular
space
where
folks
meet
around
that
that
work.
A
C
A
Great
yeah
glad
to
have
you
here
and
welcome.
A
C
Ga
yeah,
I
think
I
put
that
that
one
thing
and
oh
yeah,
just
a
quick
update.
We
started
our
dry
run
on
call
rotation
thanks
to
bob
hayden,
bailey
and
anthony
and
ugly.
C
Who
are
working
on
the
driver
on
call?
It's
just
fast
effort,
business
hours
right
now,
but
hopefully
we'll
you
know,
start
getting
things
in
place
like
run
books
and
work
on
some
of
our
noisy
alerts
and
yeah.
I
think
this
week
we're
going
to
be
kind
of
estimating
how
much
longer
all
the
remaining
tasks
we're
going
to
take
and
sort
of
get
a
plan
for
getting
everything
ready
by
the
target
date.
C
A
Okay,
so
from
project
updates
so
onto
sigstocon,
which
I've
added
is
a
new
line
item
just
a
reminder
to
folks.
We
do
have
the
call
for
papers
open
now
until
august
19th
so
check
that
out.
It's
got
details
of
all
the
key
dates
as
well
as
kind
of
what
we're
looking
for
in
terms
of
types
of
talks
and
and
what
sort
of
topics
so
case,
studies
how
to's
integrations
with
specific
languages
or
anything
related
to
best
practices
or
contributing
to
six
door
building
community
will
be
very
welcome.
A
We
have
a
program
committee
which
consists
of
priya
lilly
developer
guy
jacques
and
appu,
who
will
be
ranking
the
talks
and
making
the
tough
decisions
on
what
we
get.
A
What
the
final
program
will
look
like
and
just
a
call
out
that
there
are
sponsorship
options
available,
but
they
close
this
week
and
it's
part
of
this
main
cncf
cubecon
prospectus.
So
you
have
to
hunt
for
it
on
page
24
if
anyone's
interested
any
questions
around
six.com.
A
Great
okay
next
thing,
just
a
quick
shout
out
that
the
logo
refresh
has
been
completed
and
we
have
new.
A
The
new
set
of
logos
is
now
in
the
repo
and
there's
a
brand
guide
as
well,
which
talks
about
usage
guidelines
and
you're
starting
to
propagate
those
you'll
start
seeing
it
pop
up
on
medium
website,
eventually
on
github
and
yeah,
thanks
to
lisa
and
luke
and
other
folks
who
are
starting
to
to
just
get
it
out.
There.
A
Great
question:
I
think
people
ask
the
events.
Folks
are
working
with.
A
D
Yeah
so
a
couple
of
us
met
last
week
and
to
discuss
creating
a
six
star
architecture,
doc
suite-
I
guess-
and
so
we
are
just
starting-
that
kind
of
laying
out
the
scope
and
project
of
that.
I
can
link
in
some
notes
over
here
we're
doing
like
sort
of
a
weekly
meeting.
So
I
think
there's
a
hashtag
architecture,
docs
slack
channel.
D
So
if
you're
interested
in
contributing
there
feel
free
I'll
send
out,
like,
I
guess
another
update
in
the
next
community
meeting
when
we
have
our
landing
page
and
starter
docs,
that
people
can
start
contributing.
D
A
Okay,
so
there's
no
existing
location,
but
that
will
be
new
nice,
great
and
anything
else
on
docs.
I
don't
know
if
lisa's
here
I
know
she
followed
up
on
the
proposal
to
spin
out
the
docs
repo
and
I
believe
that's
existing
and
there
might
just
be
a
few
more
things
to
tidy
up
there.
Lisa
is
the
one.
A
I'll
drop
the
link
to
the
issue,
okay,
outreach
and
events,
so
it's
just
about
a
month
to
open
source
europe
and
I
believe,
a
bunch
of
folks
here
are
going.
I
know
this
you
get
signed,
talk
on
the
agenda
yeah
shout
out
to
that.
If
you're
interested
in
going
lots
of
folks
on
this
call
will
will
be
around
anything
else
from
anyone
going,
they
want
to
add
on
that
point.
A
Right:
okay
and
then
another
shout
out
yeah.
We
discussed
this
earlier,
but
yeah
there's
an
announcement
from
github
about
npm,
adopting
six
store
and
it's
been
great
to
see.
There's
also
been
some
follow-up
press
related
to
that
announcement,
so
link
there
to
the
wired
article
writing
about
that
news.
A
And
on
the
blog
side,
I
should
have
had
a
link
to
the
august
monthly
update,
but
that's
staged
in
medium
and
I'm
hoping
to
get
that
posted
out
today
and
it's
it's
been
crazy
because
every
couple
of
days
there's
some
new
information
in
the
community.
So
the
longer
we
wait
to
get
it
out,
the
more
it's
like.
Oh
and
this
happened,
and
that
happened
so
yeah.
I
think
we're
gonna
just
get
that
out
this
week
and
then
start
the
dock,
which
collects
the
updates
for
next
month
for
september
updates.
A
There's
also
a
case
study.
Folks
may
recall
I
did
a
call
a
while
back
to
try
and
get
folks
who
are
using
sigsto
in
production
at
the
organizations
or
with
their
tools.
So
we
could
write
about
that
just
to
raise
awareness
and
share
the
different
ways.
People
are
approaching
it
and
yeah.
Just
happy
to
report.
Fabian
took
us
up
on
that.
A
You
may
have
seen
his
presentation
at
office
hours,
but
he
also
did
a
really
nice
interview,
article
on
how
he
discovered
six
store
and
how
they're,
using
it
at
eclipse
systems
for
confidential
computing.
A
So
folks
can
check
that
out.
But
we're
aiming
to
go
live
with
that
on
thursday,
on
the
sixth
or
blog
and
finally,
oh,
maybe
not.
Finally,
but
last
week,
hayden
had
a
great
post
on
adopting,
sixth
or
incrementally,
unless
that's
being
picked
up
in
a
few
places.
Lots
of
folks
tweeting
it
out
and
the
linux
foundation
also
reached
out
to
ask
if
they
could
republish
that
on
on
their
blog.
A
So
that's
yeah,
that's
another
nice
win
and
on
the
blog
site,
to
check
out
the
monthly
update
doc,
where
we're
trying
to
just
incrementally
track
all
the
key
things
that
happen
in
the
community,
so
that
at
the
end
of
the
month,
we
can
put
out
a
post
just
because
there's
so
much
going
on
it's
nice
to
just
summarize
it
and
have
a
place
for
people
to
just
go
and
see
see
what
they
may
have
missed
or
just
know
what
the
latest
with
the
community
is
so
anybody's
welcome
to
just
drop
something
there,
whether
it's
a
subproject
update
or
outreach
or
a
talk,
or
even
some
stats
from
the
community
great
to
have
all
sorts
of
things
in
there.
A
Okay
and
yeah
just
call
for
office
hours
next
week
will
be
our
office
hour
session
and
yeah
happy
to
say:
brian
will
be
joining
us
to
get
into
six
door
js.
We
can
have
a
in-depth
like
demo,
discussion
and
yeah.
Any
questions
have
answered
and
it
sounds
like
billiard
had
you
volunteering
to
do
us
a
git
sign
demo,
so
that's
great
I'll,
add
it
in,
and
I
think
we
have
space
for
a
couple
more
demos
and,
of
course,
anybody
using
to
looking
to
integrate
it.
Please
come
along
with
your
questions.
E
Yeah,
so
just
wanted
to
give
a
a
quick
congrats
note.
I
know
some
of
it's
already
gone
out
on
the
slack
and
twitter,
but
the
tse
appointed
two
additional
members
last
week,
trevor
rosen
from
github
as
well
as
santiago
torres
who's,
a
professor
at
purdue
university.
I'm
super
excited
about
both
of
them
joining
us.
I
think,
as
we
continue
to
grow
this
community
and
grow
into
new
languages
and
new
spaces,
I
think
it's
important
to
make
sure
that
we've
got.
E
You
know
robust
representation,
and
I
think
you
know
that
I
think
both
of
those
individuals
are.
You
know
well.
A
E
For
their
contributions
to
the
broader,
you
know
supply
chain
space
across
open
source,
so
super
happy
to
have
both
of
them
with
us
on
the
second.
G
E
Which
is
the
open,
ssf
tac
update?
Certainly,
a
thanks
are
due
to
both
santiago
and
priya,
who
gave
an
update
to
the
open,
ssf
technical
advisory
council
earlier
today,
just
to
highlight
a
lot
of
the
great
work
that
we've
already
covered
in
this
agenda.
E
The
openssf
tac
has
asked
all
of
the
projects
and
working
groups
associated
with
with
it
to
just
come
and
give
an
update
on
the
cadence
of
maybe
three
three
times
a
year,
just
to
make
sure
that
the
tac
is
aware
of
what's
going
on
and
that
there's
an
effective
dialogue
for
the
project
to
ultimately
raise
concerns
or
requests
for
help
or
additional
funding,
or
you
know
just
make
sure
the
folks
are
aware
of
the
great
work
that's
going
on
within
the
constituent
organizations.
E
So
priya
and
santiago
did
a
great
job
giving
that
update
today.
So
thanks
for
both
of
you
spending
the
time
to
do
that,
but
I
just
wanted
to
make
sure
that
folks
were
aware
that,
as
part
of
the
open
ssf
that
there.
E
A
Okay,
let's
go
into
introductions;
this
is
a
section
for
those
who
are
new
or
have
been
kind
of
looking
and
but
would
like
to
say
hello
just
to
introduce
yourself
tell
us
what
your
interests
are
in
the
community,
what
you'd
like
to
see
and
or
what
you're
working
on
so
do
we
have
anybody
who
would
like
to
go
ahead
and
do
that
today.
G
Hello,
hello,
hello,
I'm
michael,
I
just
joined
the
meeting.
I
I
just
followed
the
calendar
of
things
too
and
excited
for
including
in
the
community,
getting
doing
contributions
and
I'm
just
trying
to
do
follow
the
java
part.
So
I'm
trying
to
do
contributions.
So
I'm
here
right
now.
G
A
Okay,
anybody
else
and
yeah
patrick
points
out.
We
have
a
java
channel
on
six
door,
slack
yeah
and
there's
a
regular
call,
which
is
on
wednesdays,
so
you'll
be
very
welcome
to
to
join
in
at
those
and
this
one
as
well.
A
Okay,
that
brings
us
to
the
end
of
the
agenda
topics
unless
folks,
any
discussion,
topics
or
anything
else.
I
will
leave
it
at
that
today
and
I
will
see
you
all
next
week
for
demos
and
discussions
at
six
to
office
hours.