►
From YouTube: Sigstore Community Meeting - July 25, 2023
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
All
righty,
hello,
everyone
welcome
to
today's
community
meeting.
It
is
July
25th,
as
always,
if
you'd
like
to
please
sign
in
we'll,
do
a
quick
project
around
Robin
we'll
spend
a
little
bit
of
time
talking
about
some
of
the
new
events
coming
up
that
are
relevant
to
the
community.
If
you
have
anything
else,
you'd
like
to
discuss,
feel
free
to
throw
it
into
any
other
business
section
and
if
you're
new
to
the
community
we'll
have
an
opportunity
at
the
end
to
say
Hi.
A
Also
so,
diving
right
in
are
there
any
updates
on
the
recore
or
cosign
side
I
believe
no,
we
have
not
had
any
new
releases.
A
So
the
only
thing
to
touch
on
here
would
be:
we
did
have
a
new
cut
of
full
Co
1.4.
This
adds
a
new
CI
extension
for
Source
visibility.
So
this
is
one
of
the
extensions
that
is
set
when
requests
are
made
from
a
CI
platform
like
GitHub
actions
or
gitlab.
A
So
that's
that's
out
in
production.
If
you're
using
fulsio
feel
free
to
update
to
this
new
version,.
A
I,
don't
think
we
have
any
other
updates
there.
So
I
guess
we
can
move
right
along
to
the
the
clients.
A
B
Yeah,
the
only
update
there
is
that
we
had
another
release
kind
of
come
out
this
week
in
prep
for
the
TubeMate
yeah
I
think
we're
in
a
pretty
good
shape
to
get
a
stable
release
2.0
out.
The
only
thing
that
I
might
want
to
get
in,
for
that
is
the
export
for
the
new
plane
formats
that
wholesale
I
think
that's
not
mandatory,
however,
because
the
old
format
is
still
in
place,
then
will
not
be
doing
anywhere
anytime
soon.
So
that's
optional.
A
Awesome
I'm
really
excited
for
that.
Is
there
anything
in
particular
that
that
were
major
changes
between
1.0
2.0,
any
breaking
changes
that
are
worth
calling
out
yeah.
B
Actually
a
whole
bunch,
oh
so
the
the
signing
API
itself
was
was
refactored,
so
now
it
should
be
both
a
little
bit
easier
to
use
and
also
the
we
now
have
a
contest
manager
reports
today,
right
it
more
accurately
reflects
the
lifetime
of
the
keys.
A
Awesome,
well
very
cool.
So
if
you
use
six-star
python,
go
take
a
look
at
this.
A
We
had
some
really
great
conversations
last
week
about
standardizing
the
bundle
format.
If
anybody
has
any
thoughts
feel
free
to
chime
in
here.
I
believe
where
we
kind
of
landed
was
Python
and
JavaScript
are
both
using
a
Json
format,
which
is
the
serialized
Proto
I
believe
there
will
be
some
discussion
in
next
week's
client
meeting.
I
believe
Zach
added
that
to
the
agenda
to
to
formalize
this
I
think
Tom
and
added
one
question
to
make
sure
that
this
was
compatible
with
Json
lines.
A
I
think
that's
a
that's
a
good
question
and
I
think
one
one
thing
I
like
here:
Zach
put
it
very
well,
which
is
we're
not
going
to
be
strongly
opinionated
on
this.
It's
not
the
only
thing
that
clients
should
do,
but
we
should
be
able
to
say
should
in
May,
so
if
there
are
other
formats
that
clients
want
to
support.
Of
course,
that's
that's
fine,
but
as
a
defaults,
this
bundle
of
Json
from
serialized
that
the
serialized
Proto
should
be
the
the
recommendation.
So
I
really
like
that.
A
A
Awesome
moving
right
along
I'll
note
that
I've
restructured
things
a
little
bit,
and
now
we
have
a
section
I'm
going
to
call
infrastructure,
which
will
be
any
updates
that
we
want
to
call
out
for
changes
to
the
public,
good
infrastructure
or
including
the
touch
root.
A
Bob.
Did
you
want
to
talk
about
the
work
for
shifting
over
to
the
new
load
balancer.
C
Yeah
I
can
virtually
so
I
did
put
a
notification
in
the
slack
channel
the
general
channel
for
this,
but
we
did
move
from
nginx
based
load
balancers
over
to
Google
Cloud
load
balancers
last
week,
as
just
part
of
some
overall
infrastructure
improvements
for
scale,
as
well
as
some
added
functionality
from
a
security
point
of
view,
so
should
have
been
a
totally
I
guess:
unnoticeable
change.
C
If,
if
we
had
done
our
job
well,
I
think
we
only
had
one
report
of
somebody
receiving
a
a
rate
limiting
response,
but
in
general
that
was
the
system
working
as
design
more
than
a
than
a
bug.
So
it's
been
live
and
stable
looks
fine
from
the
infrastructure
point
of
view,
but
we
did
if.
C
In
Behavior
or
anything,
that's
been
broken,
please
don't
be
shy
about
reaching
out
and
banging
us
on
slack
or
buying
an
issue
on
a
project.
A
Yeah
great
great
work
on
that
I
think
yeah.
The
only
thing
that's
maybe
worth
noting
is
I
think
there's
a
slight
change
in
in
the
formatting
for
error
messages.
This
is
something
that
we
noticed
for
the
six
door:
python,
clients
that's
been
resolved,
but
I,
don't
believe
any
other
clients
experienced
any
issues.
A
Awesome
great
well
moving
right
ahead,
docs,
Patrick
or
Lisa.
Did
you
have
any
updates.
D
I'll,
just
give
a
really
brief
one,
since
I
just
got
back
from
a
trip,
but
we
are
planning.
There's
been
some
caching
issues
with
the
current
site.
That
seemed
pretty
persistent
and
it's
been
floated
to
do
a
re-platforming
of
the
docs
to
Hugo.
A
Very
very
excited
to
see
that
I
think
we've
all
hit
that
caching
issue
at
one
point
or
another
I
think
at
this
point
my
recommendation,
if,
if
you
viewed
docs
before
probably
just
open
them
and
Incognito
to
get
the
latest
View,
so
yeah
really
really
excited
about
that.
A
Alrighty
moving
right
along
for
outreach
and
events,
I
wanted
to
call
this
out.
I
mentioned
this
on
the
I
believe
the
research
channel
on
Sig
store
for
transparency,
no
pun
intended
I'm,
also
a
part
of
the
committee
planning
this
conference.
So
this
is
a
workshop.
That's
going
to
be
co-located
with
ACM
CCS,
which
is
in
Copenhagen
in.
A
It's
called
cats,
cryptography,
applied
to
transparency
systems
and
the
primary
focus
on
this
is
bringing
together
academics
and
Industry
to
discuss
transparency
systems,
so
anything
from
research
around
how
to
do
monitoring
and
witnessing
on
the
the
production
side
of
things,
thinking
that
that
deployment
of
these
systems,
so
we're
very,
very
excited
about
this.
Beyond
the
binary
transparency,
Community
there's
a
lot
of
interest
in
in
transparency
within
certificate
transparency,
which
is
where
it's
been
deployed
the
longest
something
more
new
is
key
transparency.
A
This
has
been
saying
it's
been
talked
about
in
research
for
a
while,
but
where
we're
starting
to
see
a
more
widespread
deployment
of
this,
the
keynote's
actually
going
to
be
given
by
somebody
from
meta
since
WhatsApp
is
now
using
key
transparency.
A
A
This
is
somewhat
similar
to
score.
They
they
allowed
for
both
research
papers
and
submitted
talks
without
a
paper
attached,
so
I
believe
the
conference
will
be
November
3rd.
Sorry,
30th
it'll
be
the
same
day
as
the
scored
code
like
co-located
event.
A
A
Other
conference
I
wanted
to
call
out
is
packaging
con.
This
is
in
Berlin
in
October
I,
believe
their
cfp
is
due
August
1st
I.
Think
within
this
community,
there's
obviously
been
a
lot
of
work,
integrating
with
package
repositories
and
so
I
think
there's
definitely
some
opportunities
to
discuss
supply
chain
security.
Here,
one
thing
I
was
thinking
about.
I
I
was
looking
at
the
cfp.
A
I
didn't
see
an
option
for
panels,
but
I
think
some
of
the
folks
who
have
been
a
part
of
the
open,
ssf
working
group
for
securing
software
repos
might
find
this
conference
particularly
interesting.
A
So
take
a
look.
They
also
have
a
virtual
portion.
I
think
I'm
gonna
attend
that
yeah.
Were
there
any
other
Outreach
or
events.
Anybody
wanted
to
call
out.
A
Awesome
well,
this
might
be
a
short
call
today.
I'll
wait
for
a
second
to
see
if
there's
any
other
business,
anybody
wants
to
talk
about.
A
Cool
well,
the
last
portion
is
introductions.
If
there's
anybody
new
to
the
community
feel
free
to
say
hi.
If
you'd
like
to
now.
A
Alrighty
well
short
and
sweet
meeting,
as
always
hope
you
have
a
great
week,
see.