►
From YouTube: Sigstore Community Meeting - Oct 18, 2022
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
So
anyone
hear
from
the
RICO
side
see
we
have
some
big
news
this
week,
who
wants
to
go
foreign.
B
Well,
I,
don't
see
Priya
here,
ideally
she
would
say
it.
I
can
also
chime
in
so
I'll
do
I
guess
for
recording
and
policy
at
the
same
time
too.
So
this
has
been
a
big
push.
Last
week
we
released
release
candidates
of
1.0.0
for
record
and
for
folsio
they've
been
out
in
production
for
about
a
week
no
issues,
and
so
we've
cut
the
1.0
release
due
to
some
unrelated
things.
B
We've
cut
them
a
little
bit
past
the
release
candidate,
but
just
picked
up
some
dependency
upgrades.
This
was,
as
of
yesterday,
super
excited.
Pretty
did
you
want
to
chime
in
any
more
about
our
one
better
releases.
D
A
A
Okay,
cosine.
C
I
did
a
release
yesterday,
nothing
no
like
big
news
or
features
or
anything
though,
but
there's
a
new
release
that
people
want
to
update.
Oh
I
can
write
in
the
actual.
A
E
Yeah,
sorry,
that
was
I
think
a
lot
of
people
who
are
using
the
latest
release,
like
maybe
a
few
12
and
12.1
notice,
a
lot
of
like
top
logging
screaming
at
you,
so
that
should
be
gone.
Okay,
let's
go.
A
B
Yeah
I
just
want
to
chime
in
so
two
weeks
ago,
I
mentioned
that
we
were
working
on
a
time
stamp
Authority.
B
So
as
a
reminder
for
this
context,
right
now,
recore
includes
an
integrated
time
that
specifies
when
the
entry
was
uploaded
and
we
use
that
to
check
the
validity
of
the
certificate,
or
are
we
a
very
short-lived
certificates
and
to
verify
that
they're
still
valid
past
their
expiration?
We
need
effectively
a
counter
signature,
some
other
entity
signing
off
on
the
current
time
when
the
certificate
was
valid
in
order
to
let
people
provide
their
own
timestamps.
B
A
timestamp
Authority
is
is
one
of
the
ways
to
do
this.
So
if
you
don't
want
to
trust
a
recourse
clock,
you
can
provide
your
own
timestamp,
which
is
assigned
timestamp
to
record
now.
This
work
is
ongoing,
but
as
one
component
of
this,
we
needed
to
have
a
timestamp
Authority
service,
that's
Sig,
store
or
in
any
other
interested
communities,
can
run
so
I've
been
working
on
this
Meredith's
been
working
on
this
too
I
think
about
a
week
ago.
B
We
moved
it
out
of
my
own
repo
into
the
six
door
org,
that's
where
it
is
right
now,
there's
a
bunch
of
issues
of
features
that
we're
currently
working
on
I
think
it's
nearing
a
0.0.1
release,
at
which
point
you
can
then
start
testing
out.
Thank
you,
Carlos
very
much
for
helping
out
with
getting
everything
set
up
for
that.
B
A
E
Yeah,
thank
you.
So
I
started
the
V5
migration.
As
maybe
two
weeks
ago,
I
said
I
was
doing
that
we
had
a
small
error
that
would
have
made
old,
cosign
clients
incompatible.
So
this
refresh
for
the
actual
root
signing
V5
won't
break
cosine
clients.
E
So
if
you
could
I
would
love
reviews
on
all
the
offline
key
holders
signing
PRS.
Those
look
like
you
know,
signed
for
the
Lauren
or
sign
for
B
Callaway.
All
those
PR's.
The
instructions
to
verify
are
also
linked
over
there.
E
A
Okay,
any
other
updates
from
The
Wider
ecosystems
or
client
projects.
B
B
It
all
right
all
right
the
trying
to
think
of
the
best
update,
so
there's
been
a
lot
of
good
conversation
on
the
cosign
PR
for
bundle
Zach.
B
If
you
happen
to
have
a
link,
if
you
want
to
drop
it
in
the
most
recent
conversation,
is
we've
mostly
reached
consensus
on
the
Proto
format,
there's
still
a
little
bit
of
conversation,
but
in
order
to
continue
the
conversation,
we're
going
to
create
a
separate
repo
for
protobufs,
so
that
we
can
continue
iterating
from
there
and
I
think
the
next
step
for
the
bundle
format
will
also
be
starting
to
work
on
the
verification
side
of
things
right
now.
B
It's
it's
just
I
believe
it's
basically
pseudo
code
for
verification.
Oh
sorry,
Dad.
E
I'm
just
curious
is
the
separate
repo
for
Proto
formats.
Did
it
also
like?
Is
it
sensible
for
not
just
funnels
but
like
maybe
for
other
six-store
formats,.
B
Yes,
I
think
somebody
tagged
the
wrong
name
for
you
in
it,
so
you
were
texting
it
too.
The
the
issue,
so,
yes,
I,
think
the
plan
is
we'll
put
the
full
Co
in
there
and
then
at
some
point.
When
we
start
working
on
grpc
for
recore,
we
can
also
put
it
in
there.
So
I
think
the
idea
is
well
like
at
least
one
maintainer
from
each
of
the
the
repos
to
also
be
a
maintainer
in
the
protobus
spec
repo.
E
A
G
Not
really
I
mean
I,
think
we've
been
head
down
focused
on
run
up
the
ga
making
sure
we're
you
know
set
up
for
Success
at
six
doorcon
next
week.
So
nothing,
nothing.
We
need
to
call
out.
I
mean
Korea
Trevor.
Let's.
C
Yeah,
so
we
are
closing
out
the
last
couple:
issues:
recore
1.0,
full
Studio,
1.0
that
it
should
be
improv
today.
So
we
should
be
good
on
that.
The
big
remaining
item
is
a
CTO
log
sharding,
which
vla
is
working
on
and
we've
pretty
much
gotten
through
everything
else.
I
think
there's
one
small
item:
I
need
for
our
24
7
on
call
one
more
thing
that
I
need
to
do
before.
I
can
close
that
issue,
but
we're
pretty
much
good
with
that
too.
A
G
Yeah
just
so
two
things,
one
is
a
shout
out
to
the
entire
team.
That's
been
helping
on
this
I
know
we're
really
close
to
the
Finish
Line,
but
it's
been
a
there's,
been
a
massive
amount
of
work
going
on
behind
the
scenes.
So
it's
just
a
sincere
thank
you
to
everyone.
That's
been
supporting
all
that.
G
The
second
thing
is:
there's
tons
of
work
left
to
be
done
so
I
think
we
deferred
a
lot
of
topics
and
and
good
ideas
to
after
GA,
and
so
we've
been
having
an
active
dialogue
amongst
the
TSC
and
the
ga
kind
of
a
Sig
or
working
group
or
whatever
you
want
to
call
the
structure
to
make
sure
that
we're
striking
the
right
balance
of
speed
and
quality
and
reliability
and
there's
no
shortage
of
ideas
in
terms
of
how
we
can
make
things
better.
G
So
there
is
a
fairly
substantial
backlog
of
things
that
we
would
like
to
to
continue
to
iterate
on
the
infrastructure
and
improve
as
things
go
on.
So
it's
an
area
for,
if
folks
out
there
that
are
interested
in
getting
engaged
and
want
to
pick
up
a
task
here
or
there.
G
I
would
encourage
you
to
reach
out
to
the
the
six
word
ga
channel
on
Slack's,
probably
the
best
place
to
go,
do
and
we're
happy
to
help
get
more
folks
engaged
to
continue
to
make
more
more
progress
on
that,
but
you
know
kudos
to
everybody
who's
gotten
us
to
this
point.
A
Yeah
very
well
said
thanks,
Bob
and
yeah,
and
then
anticipation
of
that
next
week
is
the
planned
announcement.
So
open
ssf
will
be
issuing
a
six
dollar
ga
press
release,
so
that
will
go
over
the
wire
the
announcement
you
can
see
it's
linked.
This
is
we're
keeping
that
pretty
high
level
and
that
will
go
hand
in
hand
with
a
technical
blog
post
coming
from
the
TSC.
A
So
one
call
out
I
do
want
to
make
sure
folks
have
a
look
at
yeah
if
we
are
taking
quotes
from
the
various
organizations
involved
with
six
stores
it
has
come
together.
You
know
just
quite
quickly
ahead
of
sixstocon,
so
we
do
have
a
deadline
by
tomorrow
for
any
quotes
to
get
in
there,
but
yeah.
Please
take
a
look
at
the
doc
and
feel
free
to
reach
out
to
me.
If
you
have
any
questions.
A
But
yeah
that's
actually
pretty
exciting
to
announce
at
six.com
and
yeah
test
them
into
all
the
work
everyone's
putting
in,
but
looking
forward
to
that
anything
else.
On
60
ga.
A
Okay,
moving
on
to
docs,
this
is
a
quick
one.
I
wanted
to
highlight.
We've
had
a
couple
of
reports.
Maybe
this
is
just
my
perception,
but
there
seem
to
be
a
few
things
like
flaky
behavior
in
the
darks
and
yeah
chatting
with
Lisa
and
saying
it
might
be
some
browser-specific
Behavior
to
do
with
some
issues
seen
around
relative
parts
and
like
cases
where
an
extra
slash
is
being
appended
I.
A
I
just
wanted
to
make
a
specific
call
out
to
see
if
other
folks
have
been
experiencing
this,
so
like
intermittent
failures
or
failures
on
specific
browsers,
because
I
think
we'd
like
to
start
tracking
whether
these
are
real
or
just
some
a
couple
of
folks
having
localized
issues.
A
E
Yeah
I've
been
having
an
issue
with
the
search
bar,
so
if
I
search
something
and
it's
not
found
the
the
search
results
are
there
even
if
I
click
the
X
it
never
closes
so
I
have
to
reload
the
entire
page,
so
it
disappears.
E
Call
no
because
I
was
like
working
well
late,
I
guess
Friday
when
I
saw
it
and
it
was
too
late
and
it
said:
okay
I'll
do
it
next
week,
okay,.
A
A
And
any
other
feedback
on
docs,
yeah
I
think
a
couple
of
us
will
have
a
play
around
and
dig
a
bit
deeper,
but
not
too
sure.
What's
going
on
just
yet.
A
Anyone's
interested
in
helping
out,
let
us
know
and
see
you
on
the
docs
Channel.
Otherwise,
for
then
okay
moving
on
from
docs
onto
Outreach
and
events
this
month
is
hacktoberfest
I,
don't
know!
If
do
you
have
any
folks
involved
with
that?
Any
updates.
F
Oh
I
was
just
gonna
say:
yeah
I
haven't
seen
any
Oktoberfest
participants,
it
has
anyone
else.
F
A
Yeah
I
think
just
with
the
the
build
up
to
GA
and
six.com
have
kind
of
been
a
little
distracted.
But
maybe
we
can
put
out
a
tweet
or
two.
A
Okay,
six.com
yeah
one
day
event
in
Detroit
is
happening
next
week.
A
A
B
B
So
we've
worked
with
Dex
to
fix
this.
This
post
gets
into
the
technical
details
around
what
the
vulnerability
was
and
also
how
we
were
able
to
fix
it
very
quickly.
We
maintain
a
private
Fork
of
decks,
and
so
we
can
apply
patches
to
mitigate
things.
So,
even
though
it
took
a
couple
months
for
the
fix
to
get
out,
we
fixed
it
I
believe
it
was
the
day
after
it
was
reported.
B
I
haven't
tweeted
this
or
anything
mostly
just
because
I'm
not
really
active
on
Twitter,
so
feel
free
to
tweet.
This
out.
A
Yeah
no
I,
don't
think
I'd
seen
that
good
on
the
sigster
handle
so
yeah.
Maybe
I
don't
know
if
Luke's
on
the
call
but
I
think
we
have
a
Twitter
Channel
I
can
ping
him
and
ask
for
that
to
go
out.
A
And
yeah
the
second
one
just
opened
for
feedback.
We
have
a
set
of
case
studies
like
I've,
been
working
with
various
end
users,
edgeless
and
Fabian
Carmel
did
the
first
one.
This
is
the
second
one.
That's
come
through
so
yeah.
Please
take
a
look
now.
A
They
are
done
in
a
slightly
different
style
kind
of
first
person
accounts
of
what
people
are
seeing
in
software
security
and
how
they
adopted
it's
a
little
bit
more
high
level,
but
then
do
tie
in
why
people
chose
six
door
and
how
it
kind
of
fits
into
their
their
wider
thinking
around
software
supply
chain
security.
A
A
Foreign,
let's
move
on
to
aob
and
we
have
an
entry
in
here
from
Felix
yeah.
Do
you
want
to
go
ahead
and
yeah
pose
pose
the
question
you've
added
to
the
agenda.
H
H
Officially,
I
work
at
a
company
called
solonas
as
a
senior
security
engineer
and
we
try
to
adopt
six
door
in
a
private
setting
so
having
a
private
deployment,
and
that
brings
me
to
my
question
and
I-
know:
I'm
sort
of
pushing
the
boundaries
here
and
I
want
to
contribute
to
the
project
in
that
sense,
coming
up
with
some
best
practices
for
Key
Management
for
the
private
deployments,
so
I've
seen
the
tough
ceremony
and
yeah
I
think
it's
fairly
elaborate
and
really
appropriate
for
a
project
of
that
scale,
but
not
really
sure
whether
it
makes
sense
to
adopt
it
in
a
private
setting.
H
F
Foreign
yeah
I
think
it's
a
really
interesting
question.
I
am
glad
that
you've
shown
up
and
would
love
to
talk
about
it.
I
will
give
a
warning
that
we
could
probably
burn
through
the
rest
of
the
time
allotted
for
this
meeting
on
the
topic.
So
I.
E
E
F
F
There's
a
bunch
of
options
right,
one
is
to
sort
of
try
to
replicate
the
setup
that
we
have
in
Sig
store,
which
is
which
is
pretty
elaborate
but
as
as
I
was
pointing
out
in
the
in
the
chat
comments,
we
do
have
some
tooling
that
we
think
is
helpful,
and
so
you
know
it
kind
of
is:
is
contingent
on
you
using
the
same
infrastructure
management
tools
as
as
we
have
and
and
so
on,
but
at
least
we'll
be
will
be
a
good
inspiration.
F
So
that's
kind
of
the
like
full-blown
thing.
Is
you
manage
your
own
tough
route?
Ideally
you
do
that
by
having
very
secure
route
of
trust.
F
F
I
I
think
we've
we've
been
through
this
at
a
very
high
level,
but
because
you
get
built
in
basically
revocation
and
rotation
and
and
so
on,
the
sort
of
Other
Extreme
end
is
you:
can
you
can
distribute
cosine
within
your
organization
with
like
a
hard-coded
public
key
for
each
of
a
full
seal
and
recore
and
that's
technically
possible
very
discouraged?
F
H
H
The
experience
sort
of
I'm
still
asking
myself
is
okay,
so
record
and
fast
Fuel
and
the
City
log
they
they
they
have
these.
They
Public
public,
private
keys
and,
like
they
form
the
trust
through.
If
I
understand
it
correctly,
and
if
one
of
those
should
get
compromised,
you
want
to
rotate
them
up
and
I'm
I'm,
not
sure
how
to
handle
that
process
of
rotation
correctly
so
do
I.
Does
it
make
sense
for
an
Enterprise
to
have
all
those
keys?
F
A
great
question
I
think
Tracy
you're
still
taking
notes.
Can
you
give
me
an
action
item
and
I'll
CC
you
in
Felix
on
your
GitHub
to
basically
it
will
be
great
for
us
to
sort
of
publish
a
playbook
for,
for
you
know
what
how
do
you
handle
replication?
This
is
sort
of
the.
F
F
B
One
yeah
one
thing
I'll
just
chime
in
here,
so
we've
thought
a
little
bit
about
revocation
of
key
material
in
the
past.
The
interesting
thing
about
tough
is
that
it
doesn't
explicitly
provide
a
revocation
mechanism,
so
the
way
that
we
Sig
store
has
the
way
we're
currently
doing
replication
is
simply
saying:
well
the
thing's
not
in.
If,
if
the
root
material
is
not
in
the
Target
set,
then
we
just
don't
consider
it
trusted.
B
Okay,
one
thing
that
we've
wanted
to
add
is
a
tough
delegation
for
a
revocation
list,
where
we
can
explicitly
say
these
sets
of
targets
were
once
trusted
and
are
now
revoked.
Okay.
The
this
is
something
I
think
we
flesh
out
a
little
while
ago,
but
we've
chosen
to
remove
delegations
from
our
our
own
tough
route
for
right
now,
due
to
a
number
of
reasons
and
I'll
start
feel
free
to
chime
in
here.
B
If
you
want
I
I
think
this
solution
would
work
for
the
future,
but
you
know
you
can
simply
say
if
something
becomes
untrusted
just
remove
it
from
the
target
set.
That
is
probably
sufficient
for
most
use
cases,
yeah
and
I.
Think.
F
We're
super
appreciative
that
you're
you're
coming
here,
because
this
is
the
sort
of
stuff
that's
like
in
you
know,
Hayden's
head
in
my
head
and
and
some
other
folks
I've
been
thinking
about
it,
but
not
not
written
down
anywhere
clearly,
and
so
we
appreciate
you
spurring
us
to
you
know,
articulate
this
a
little
bit
better,
but
yeah
I
think
I
think
Hayden's
totally
right
that,
basically,
you
know
just
RM
the
file
from
the
tough
repo
and
sign
everything,
and
you
should
that
that
will
effectively
perform
revocation,
because
the
tough
clients
will
connect
they
will
download
the
set
of
trusted
targets
that
old.
F
H
I
think
I
think
I
just
need
to
try
it
out.
I
mean
we're
just
demoing
it
internally
anyways.
So
like
yeah,
probably
a
good
good
thing
to
try
out
and
yeah
I
really
appreciate
the
the
thorough
response
and
I'm
super
happy
to
to
get
involved
like
sort
of
as
an
early
adopter
or
whatever
try
out
guy
yeah
I
mean.
B
H
B
We're
very
happy
to
hear
that,
by
the
way
we
do
try
to
be
a
very
inclusive
community.
For
folks
who
want
to
get
started
and
haven't.
You
know,
worked
in
this
space
before
I'll
say
on
the
tough
thing.
B
B
This
is
something
that
we
haven't
dug
into
as
much,
but
I've
thought
a
little
bit
about
so
do
Let
us
know
your
experience
feel
free
to
what's
the
best
place,
to
put
this
cosign
or
the
root
signing
repo.
If
you
have
any
issues,
but.
H
F
E
F
And
yeah,
and
so
whatever
we
can
learn
from
that
I
think,
will
make
the
path
of
the
next
person
to
go
through
this
process.
Hopefully
a
little
bit
smoother
yep
yep.
D
Umra
also
mentioned
in
the
in
the
sidebar
about
the
scaffolding,
so
some
of
the
work
that
we've
been
doing
there
as
part
of
the
public
good
instance
is
also
doing
the
key
rotations
and
putting
the
playbooks
together
and
everything
else,
and
for
some
of
those
we
have
tried
to
also
put
tests
in
this
Gap
folding,
which
stands
up
some
of
the
pieces
there.
So
I
would
be
super
happy
to
tried
to
go
ahead
and
codified
those
in
there
as
well.
D
So
we
can
go
ahead
and
make
sure
that
we
can
test
these
things,
because
sometimes
it's
easy
to
see
code
that
runs
and
works.
H
Yeah
yeah
I've
seen
the
scaffolding
I
actually
I'm,
actually
using
the
tough
server
from
inside
the
scaffolding.
Oh
okay
cool,
but
yeah
yeah.
Thanks
for
finding
it
pointing
me
again,
I
I
didn't
spend
too
much
time
yeah
proposing
that
what
we
do
so
yeah
now
that
I'm
here
could
cut
out
some
separate
question.
A
second
question:
is
there
still
time.
H
Cool
so
right
now
or
like
my
understanding,
is
to
avoid
leaking
data
from
inside
the
company
like
so
we
want
to
store
provenance
and
we
don't
want
that
to
be
on
the
public
Ledger.
We
do
have
a
private
recore
and
a
private
Foster
deployment,
I'm
I'm,
unsure
about
whether
we
do
need
the
private
fosterone,
because
I
mean
yes,
there's
the
certificate
transparency
log.
But
is
it
a
problem
I,
don't
think
I,
don't
think
so.
I'm,
not
really
sure.
H
F
Yeah,
so
you
should
definitely
be
able
to
configure
your
private
recorded
respect
certificates
from
from
the
public
schools
yeah
as
to
whether
that's
okay
for
you
from
a
privacy
standpoint
is
your
decision.
So,
for
instance,
the
the
certificates
probably
aren't
gonna
have
a
whole
lot
of.
You
know
primary
data
in
them
right.
F
It's
not
going
to
say,
like
you
know
my
artifact
name.exe
in
there
it's
just
going
to
have
someone's
username,
but
you
could
imagine
you
know,
even
if
it's
just
within
your
organization,
if
user
X
is
committing
every
day
and
then
stops
committing
for
a
month.
Maybe
that
means
that
they've
been
let
go
or
like
you.
You
know
so
so
metadata
like
that
I
think
does
contain
information,
and-
and
it's
your
call
as
to
whether
that
metadata
is
a
meaningful,
yeah,
yeah.
H
F
B
I
want
to
throw
one
more
comment:
it
might
be
a
little
controversial,
but
when
you
talk
about
private
record,
it's
an
interesting
point
right,
because
one
of
the
benefits
I
would
argue
the
primary
benefit
of
transparency.
Logs
is
public
auditability
right
and
publicly
and
having
the
log
be
publicly
cryptographically
verifiable
So
when
you
say
private
recore,
that's
kind
of
the
first
thing
that
comes
to
mind
that
if
there
isn't
any
auditing
of
the
transparency
log
for
its
cryptographic
properties,
what's
the
purpose
is
that
much
different
than
a
database
with
tackles
this?
B
This
is
the
controversial
comment,
so
this
is
where
I
think
you
know
don't
think
through
this.
If,
if
like
you,
if,
for
example,
this
is
going
to
be
a
private
instance
of
record
that
you
make
public
at
some
point,
yeah
that
that
makes
sense.
F
Yeah,
that's
that
said
in
the
six
door
ecosystem
today.
The
alternative
to
that
that
you'd
want
is
probably
like
the
time
standing,
Authority,
which
I
know
you're
working
a
lot
on
Hayden
and
that
is
hopefully
pretty
close
to
ready
but
hasn't
really
been
been
rolled
out
into
the
tooling
and
certainly
not
testing
yeah
yeah.
B
So
if,
if
you're
interested
in
learning
more
about
this
model
right,
the
time,
stamping
so
Microsoft
has
something
called
authenticate,
I
call
this
out,
because
I
think
it's
their
documentation
is
very
good
around.
Why
you
might
want
time.
Stamping,
along
with
code
signing
certificates
and
I,
can
I
can
grab
a
link
in
a
minute
to
the
documentation
I
like
for
that
the
benefit
of
adding
something
like
a
transparency
log.
On
top
of
it
is
now.
You
also
get
that
audit
ability
so
for
private
organizations.
B
It
may
be
sufficient
to
Simply
use
code
signing
certificates
with
timestamps
to
provide
effectively
the
longer
validity
for
the
certificate.
B
Like
Zach
said
this.
This
is
something
that
we're
we're
working
on.
We
timestamping
used
to
be
a
part
of
record.
We've
pulled
out
the
the
time,
stamping
Authority
in
particular
and
we're
putting
in
its
own
repo,
we'll
have
a
lot
more
blog
posts
about
this,
as
it
starts
rolling
out
about
how
you
might
use
this
for
private
deployments.
B
H
Then,
just
listening,
because
it's
very
nice
to
hear
a
different
perspective
on
this,
so
the
primary,
so
why?
Why
do
we
think
there's
a
private
recall
make
sense.
So
one
is
that
we
want
to
store
provenance
information
and
we
do
not
want
to
expose
sort
of
microservice
architecture
that
you
can
sort
of
deduce
from
the
from
the
repo
structure.
That's
one.
We
also
recall
also
gives
us
a
nice
place
to
store
response
and,
like
sort
of
all
link
these
to
back
to
the
container
image.
H
Those
are
the
three
main
reasons
why
we
think
it
makes
sense
to
to
go
with
that,
because
it's
sort
of
an
immutable
place
to
store
it.
Yes,
we
sort
of
treat
it
like
a
database,
but
there's
also
quite
some
monitoring
on
top
of
it.
H
So
we
do
have
some
insight
into
whether
something
is
getting
misused
or
abused.
F
F
You
know,
maybe
they
can
be
paying
attention
to
it
or
something,
or
even
internally,
as
long
as
you're
you're
convinced
that
the
like
the
primary
purposes
or
the
primary
point
is
whatever's
doing.
The
monitoring
should
be
like
in
a
separate
trust.
Zone.
Basically
from
you
know
the
log
itself
right,
because
otherwise
the
compromise
of
one
means
a
compromise
of
both.
D
F
Yeah
I
think
I
think
yeah
hearing
hearing
more
about
the
more
we
can
hear
about
your
use
case
and
obviously
share
with
us
what
you
can
and
don't
share
what
you
can't,
but
the
more
we
can
hear
about
your
use
case
I
think
the
better.
H
I'm
very
happy
to
share
because
I
I
love,
sex,
store
and
really
sort
of
it's
grown
on
me
and
I
want
to
help
where
I
can
and
yeah
probably
will
also
write
some
more
posts
from
some
other
side
as
well.
Okay,
thank
you
for
the
for
the
all
the
answers.
Some
of
the
questions
now
from
my
side.
H
A
Yeah
no
I
think
everybody's
very
grateful
and
thanks
for
doing
doing
your
learning
in
public
and
here
in
the
Forum
and
yeah,
keep
keep
those
questions
coming.
Yeah.
A
All
right
onto
any
other
topics
or
introductions,
if
there's
anybody
else
on
the
call
who
would
like
to
ask
something
or
just
say
hello
and
introduce
yourself
to
the
community
and
has
a
great
time
so
yeah,
please
feel
free.
A
Okay
sounds
like
that's
all
for
this
week:
yeah
so
no
meeting
next
week
as
I
will
resume
with
a
community
call
in
two
weeks,
but
yeah
all
the
best
to
everybody
doing
the
final
touches
to
the
ga
release
and
yet
really
looking
forward
to
that
announcement
next
week
thanks,
everybody
have
a
good
week.