►
From YouTube: Sigstore Community Meeting - September 5, 2023
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
I
am
not
aware
of
any
new
ones
that
we
haven't
talked
about,
but
if
there's
anything
you'd
like
to
mention
or
any
chats
you'd
like
or
talk
to,
you
like
this
shout
out
feel
free
to
add
those
there
and,
as
I
discussed
two
weeks
ago,
we've
merged
the
office
hours
meeting
into
this
meeting
so
that'll
be
a
part
of
the
any
other
business
section.
A
So
if
there's
anything
that
you'd
like
to
discuss
regarding
questions
for
Sig
store
use
cases
for
six
or
Integrations
that
you'd
like
to
chat
about,
feel
free
to
add
those
to
this
section
and
at
the
end,
if
there's
anybody
new
in
the
community
who
would
like
to
say
hello,
we
have
some
time
for
introductions
so
jumping
right
in
for
recore,
fossil
and
cosine.
A
We've
had
two
releases
last
week,
one
for
cosine,
one
for
recore
I,
believe
cosine
was
mostly
focused
on
some
bug,
fixes
and
a
few
small
feature
updates
and
for
recore.
We've
listed
some
of
the
things
here,
but
some
of
the
largest
items
that
were
updated
we
merged
in
support
for
publishing
entries
to
a
pub
sub
queue.
A
There
is
now
a
new
API
for
getting
verifiers
for
entries,
so
this
is
useful
for
monitors
that
want
to
know
if
a
key
or
certificate
was
used.
We
had
some
bug
fixes
and
then
we
also
bumped
record
to
1.21,
so
you
can
take
advantage
of
any
of
the
new
apis.
A
Were
there
any
other
updates
from
record
policy
or
cosine.
B
I,
don't
think
so.
We
should
probably
we'll
probably
plan
a
rollout
that
version
of
record
this
week
and
staging
and
assuming
it's
stable,
we'll
roll
it
in
a
prod,
probably
by
the
end
of
the
week,
so
but
I
don't
think
we
have
well,
certainly
thanks
to
to
Jameson
for
his
contribution
on
the
pub
sub
thing.
We
are
looking
at
what
that
would
entail
from
the
public
infrastructure
if
that
is
an
option,
but
I
think
there's
some
more
design
and
cost
analysis
that
needs
to
get
done
on
that
front.
B
But
if
they're
in
the
in
the
code
for
folks
that
want
to
take
advantage
of
it
for
private
deployments
today,.
A
Very
much
looking
forward
to
getting
another
try
and
you
know
as
you,
if
you
find
any
issues,
feel
free
to
find
out
bugs
I
think
there
is
also
an
opportunity
to
probably
update
some
documentation
around
this
too.
A
A
A
A
That's
still
ongoing
and
I
think
that
work
is
slightly
paused,
but
I
think
it
will
pick
up
soon.
So
once
again,
if
you'd
like
to
chime
in
and
you've
worked
on
clients,
there
is
an
issue
that
I
can
link
to.
That
includes
some
details
on
what
should
be
included
as
part
of
1.0.
A
Cool
well,
let's
move
on
then
to
infrastructure,
looks
like
we
have
a
few
things:
I,
don't
believe
there
were
any
updates
for
the
public
good
infrastructure
to
call
out
besides
record
being
rolled
out,
Marina
I
think
I
saw
you
mentioned
Teflon
CI,.
C
Yeah
I
just
wanted
to
bring
anyone's
attention
to
this
who's,
not
in
that
particular
thread.
There's
a
proposal
to
use
teflon
CI,
which
is
a
new
tool
in
the
kind
of
broader
tough
ecosystem
for
root,
signing
which
I
think
very
early
stages.
I.
Think
there's
a
meeting
tomorrow
to
discuss
this
further.
If
folks
are
interested,
is
on
the
I,
think
the
key
holders
Channel
and
slack-
or
you
can
contact
me
or
something
else
to
come
to
that
or
provide
the
right
input
on
that.
A
Very
very
much
looking
forward
to
this
for
folks
who
aren't
aware
there
is
a
recently
added
to
the
update
Frameworks
organization,
something
called
Teflon
CI,
which
is
a
way
of
simplifying
the
process
around
doing
updates
to
tough
metadata
right
now.
A
lot
of
what
we
have
in
the
root
signing
repo
is
very
homegrown,
and
this
is
a
nice
way
to
standardize
this
process.
A
So
we'll
start
with
the
staging
environment
ideally
give
that
a
try
and
then,
if
all
goes
well
and
we
get
good
feedback,
then
we
will
try
down
production
too.
So
we'll
take
some
notes
for
tomorrow's
update,
see
how
that
goes.
A
The
only
other
thing
I
wanted
to
mention
we
do
not
currently
have
a
scheduled
event,
but
the
tough
route
will
expire
within
a
month,
so
we're
going
to
have
a
signing
event
so
for
any
key
holders
on
the
call
FYI
I'll
get
that
scheduled
in
the
next
week
or
so
so
that'll
be
before
we
have
top
on
CI
ported
over
to
prod.
So
it'll
probably
be
the
last
time,
hopefully
that
we
do
a
update
this
way.
A
All
right,
moving
on
to
docs,
Lisa
or
Patrick,
did
you
have
any
updates.
D
Sorry
Google
meet
accessibility,
Phil
yeah,
the
a
quick
update
on
docs.
We
have
been
you
know,
fixing
some
bugs
and
stuff
from
the
platform
switch
over
things
have
been
fairly
smooth.
We've
been
sort
of
also
sort
of
been
discussing
in
issues.
What
some
of
the
next
directions
for
improving
dunks
will
be
so
some
of
the
ideas
floated
or
New
Gods
and
new,
like
you
know,
an
accessibility
audits
in
the
coming
months.
So
so
we're
going
to
figure
that
out.
D
If
people
have
opinions
on
that,
then
you
can
check
the
issues
for
some
of
that
recent
discussion.
So
thanks.
A
That
sounds
good
I
left
a
link
to
some
of
the
new
content
that
had
been
proposed
so
feel
free
to
take
a
look.
If
there's
anything
else
that
you'd
like
please
file
issues
in
the
doctor.
A
Were
there
any
other
updates
for
any
other
projects.
A
All
righty,
then
moving
right
along
Outreach
and
events.
I
only
wrote
down
that
open
source
Summit
in
the
EU
and
open
ssf
day
is
in
two
weeks,
I
believe
we
have
some
talks
not
directly
from
the
six
star
Community
but
from
members
of
the
community.
A
A
What
I
didn't
add
here
is
packaging.
Con
I
believe
is
also
in
the
process
of
reviewing
submissions.
Currently.
So,
if
you
haven't
seen
this
conference,
this
is
going
to
be
in
Germany,
Germany
I.
Believe
yes,
and
will
be
an
opportunity
for
those
from
the
text
repository
ecosystems
to
talk
a
bit
more
about
features,
standardization.
That
kind
of
thing.
A
All
right,
then,
moving
along
to
any
other
business
I,
see
a
feedback
requested
for
the
community
roadmap.
B
Yes,
I
can
I
can
take
this
one.
So
for
those
who
don't
know,
you
know
the
six
door
if
you've
ever
looked
at
the
community
repo,
we
have
a
roadknap.md
file
which
was
created
pretty
early
on
and
I.
Think
we've
been
moving
so
fast
that
you
know
often
it's
a
writing
down.
B
A
road
map
is
one
thing,
that's
super
useful,
but
it
also
gets
kind
of
pushed
to
the
back
burner
because
it's
less
fun
than
actually
delivering
code
and
delivering
function,
but
the
TSC
in
several
conversations
that
kind
of
realized
that
we
had
hit
a
point
where
we
wanted
to
actually
write
down
how
we
got
here
where
we
want
to
go
and
call
out
some
top
level
items,
and
so
it's
not
meant
to
be
a
prescriptive.
B
These
are
only
the
things
that
Sig
store
or
candy
or
should
be
in
the
future,
but
it's
meant
to
be
more
directional
in
terms
of
like
collecting
the
thoughts
of
the
current
maintainers.
The
current
contributor
base,
some
of
the
feedback
that
we've
gotten
from
users
and
just
characterize
it
in
a
little
bit
more
of
a
succinct
form,
although
it
is
a
pretty
long.
B
Markdown
file
being
brief,
is
not
one
of
my
strongest
Fortes,
so
you're
going
to
get
more
of
a
brain
dump
than
anything
else,
but
we
we
did
take
a
pass
through
a
variety
of
different
areas,
both
on
a
per
project
and
a
thematic
basis.
B
B
And
if
you
look
for
something,
for
example-
and
you
don't
see
it
on
the
dock,
please
add
a
comment
on
the
pr
it
may
have
been
a
unintentional
Omission
or
it
may
have
been
a
deliberative
mission,
but
making
sure
that
we
can
clarify
those
questions
wherever
folks
have
them
as
something
we'd
like
to
do
in
the
interest
of
it
being
a
living
document,
we'd
like
to
merge
it
within
say
two
weeks
from
now,
but
not
to
not
rushing
for
any
particular
deadline,
but
just
try
to
move
it
in
from
a
draft
point
of
view
into
more
of
that
living
document.
B
So
then
PR's
and
and
other
questions
or
comments
can
certainly
be
brought
in
any
at
any
point
in
time.
So
really,
the
reason
for
putting
on
the
agenda
today
is
just
to
call
for
eyes
on
it.
If
you
have
questions
or
concerns,
feel
free
to
ping
me
on
slack,
add
a
comment
or
questions
on
the
VR
and
look
forward
to
everybody's
feedback
off
of
off
of
the
roadmap.
A
S,
please
do
take
a
look
at
this
we've
already
gotten
some
comments
on
it
for
some
questions
on
potentially
missing
things
so
feel
free
to
take
a
look
at
this
perfect.
A
All
righty
were
there
any
other
items.
Anybody
want
to
chat
about.
A
Alrighty
well
then,
we
are
on
to
the
introductions
part
of
this
meeting.
If
there's
anybody
new
to
the
community
who
would
like
to
say
no
say
hello,
no
pressure
but
now's
your
chance.
E
Hey
I'm
Matt
Ryan
I
am
a
Dell,
Technologies
employee,
so
just
kind
of
parachuting
in
here
thanks
Bob
for
the
mention
about
the
road
map
that
was
actually
top
of
mind
for
me,
initially
as
I
kind
of
get
up
to
speed
here
on
sort
of
the
foil
of
the
community
kind
of
one
question:
if
I
may,
is
this
forum
largely
centered
on
contributors,
or
is
it
okay,
if
you're
more
of
a
worker
that
just
wants
to
understand
sort
of
strategically
holistically
the
direction
of
the
zig
store
project.
A
F
Hey
this
is
Sarah
Evans
I
have
some
audio
issues.
Can
you
hear
me?
Okay,
okay,
excellent,
all
right,
so
I
am
a
co-conspirator
with
Matt
from
Dell
Technologies
I've
been
working
attending
a
lot
of
the
different
meetings
and
organizations
within
openssf,
and
so
my
official
role
as
as
an
observer
to
the
governing
board,
but
as
a
technical
security
person,
I
found
myself
getting
involved.
F
All
over
different
parts
of
open,
ssf
and
Sig
store
is
one
in
that
we're
looking
to
understand
a
little
bit
more
deeply,
and
so
my
colleague
Matt
is
who
I've
been
working
with.
So
I
just
appreciate
this
forum
and
I'm
looking
forward
to
learning
more
about
six
store
and
working
together.
A
All
righty
well
that'll,
do
it
for
today's
meeting,
though
hope
everybody
has
a
great
week.