►
From YouTube: Sigstore Community Meeting - Feb 21, 2023
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Okay,
everybody
Welcome
officially
I
have
kicked
off
the
recording,
and
this
is
February
21st
and
the
six
door
community
meeting
we're
gonna
start
with
a
project
round.
Robin
then
cover
some
Outreach
and
events,
and
then
we
have
some
time
for
any
other
business
as
well
as
introductions
for
anyone
who's
new
or
wants
to
say
hi
I've,
slightly
changed
up
the
format
you
can
see.
A
I've
got
one
section
for
kind
of
the
main
projects:
Rico,
filthy
and
cosine.
Then
some
of
the
supporting
projects
and
the
climates
so
we'll
use
that
format
and
see
how
well.
B
A
Works
so
just
starting
off
with
saying
the
main
projects
and
I
think
cosine
2.0
release
is
the
big
thing
on
the
horizon.
Do
we
have
folks
who
can
share
an
update
on
that
I'm?
Looking
for
Priya
or
Hayden.
A
Okay,
we'll
come
back
to
the
if
the
journey
I
do
believe
there
was
a
blog
post
in
the
works
and
everything
was
imminent.
I
was
hoping
we
could
get
an
update
on
timing,
but
yeah.
Let's
come
back
to
that.
If,
let's
jump
on
the
call
later
again,
okay,
any
updates
for
full
Theory
recall
anyone
wants
to
share.
A
C
Yeah,
so
people
have
been
asking
us
for
for
a
bit
when,
when
his
guitar
I'm
gonna
hit
1.0,
so
I
finally
put
together
a
milestone
for
1.0
the
date
tentatively
I
just
pulled
out
of
nowhere
is
I,
just
set
it
to
the
open
ssf
day
for
open
source,
Summit
n
a
so
I'm,
not
sure
if
we
want
to
do
any
broader
things
there,
but
anyway,
the
two
things
we're
mostly
waiting
on
is
offline
verification.
C
So
we
we
found
out
a
few
months
ago
that,
like
git
sign,
is
relying
on
some
of
the
apis
in
record
that
didn't
go
ga,
so
we're
looking
to
move
off
of
those
and
only
use
the
ga
apis
and,
as
the
results,
also
support
offline
verification
and
being
able
to
generate
bundles,
although
it'll
be
a
slightly
different
format
and
then
the
other
thing
is
something
we
talked
about
a
while
ago,
which
is
get
signed,
verify
so
right
now
you
can
do
verification
of
git
commits,
but
it
doesn't
do
like
the
full,
rigorous,
like
identity
plus
identity
provider,
flags
that
you
can
do
with
like
cosine
verify.
C
A
A
A
Maybe
we
could
plan
a
good
sign
chapter
in
in
that
as
a
way
for
folks
to
get
started
in,
because
we
know
a
lot
of
people
sign
up
and
have
done
the
course
it's
something
like
700
books,
so
maybe
I
will
in
a
milestone
and
I.
See.
Lisa
gives
me
a
yes
so
yeah
if
we
could
throw
in
some
better
supporting
like
docs
in
an
updated
chapter
in
the
six
hour
tutorial.
That
would
be
good.
A
Great
okay,
thanks
for
that
update
on
get
sign
just
jumping
back
to
full
Co
I,
see
an
update,
I,
don't
know
if
Higgins
on
the
call
but
added
support
for
Bill
Kite,
which
is
pretty
exciting
and
yeah
I
think
we're
going
to
get
a
blog
post
around
that
as
well
for
the
blog
coming
up
soon.
A
Okay,
moving
on
to
clients,
I
wanted
to
call
out
yeah
at
office
hours
last
week,
I
had
a
notice
of
the
six
door,
JS
1.0,
and
there
were
plans
for
npm
private
beta,
so
folks,
with
JS
maintainers
other
folks,
I
see
Brian
on
the
call.
It's
the
only
one
want
to
maybe
just
re-share
that
and
tell
us:
did
the
private
beta
kick
off
how's
that
going?
What
are
you
looking
for?
Okay,
we.
D
Have
it
did
yeah?
Last
Wednesday
we
kicked
off
the
private
beta
of
basically
being
able
to
publish
npm
packages
with
the
Sig
store
signed.
Provenox
we've
got
customers
doing
that
right
now.
If
anybody
here
is
the
npm
package,
maintainer
is
interested
feel
free
to
reach
out.
We
can
get
you
added
to
the
beta,
but
yeah
feedback
so
far
has
been
very
positive.
So
we're
excited
so
and
hoping
to
turn
this
into
a
public
beta
I.
E
A
A
Cool
okay,
yeah,
looking
forward
to
that
and
yeah,
we
can
keep
an
eye
on
the
blogs
and
stuff
to
get
that
out
and
post
it
and
promote
it
on
Thursday,
yeah
cool,
jumping
back
to
docs.
Any
updates
on
that
front.
B
Yeah,
the
one
thing
is
that
there's
been
a
lot
of
updates
to
policy
controller,
so
we're
gonna
work
on
kind
of
breaking
that
up
a
little
bit
to
make
it
more
in
line
with
what
the
other
projects
have.
Because
there's
a
like.
The
overview
is
very
long
right
now
and
we
are
exploring
the
kind
of
re-platform
off
of
nuxjs,
but
we
didn't
make
any
decision
and.
F
A
Great
thanks
for
that
update,
Lisa,
any
other
project
updates.
Otherwise,
let's
go
into
Outreach
and
events.
A
A
So
yeah
really
nice
to
see
it
heavily
featured
across
the
program.
It
looks
like
they
will
be
a
bunch
of
community
Folks.
At
the
event,
there
is
no
dedicated
like
six.com
for
for
this
this
event,
but
it
looks
like
there's
a
self-organizing
group
in
this
channel.
Felix
wolf
has
set
up.
So
if
you
do,
plan
to
attend,
I'll
just
have
kubecon
EU
fomo
do
join
in
there
and
see
what's
being
organized
at
the
event
for
folks
to
get
together.
A
Any
comments
on
that:
okay,
otherwise
open
source
North
America
the
cfp
closed
a
few
weeks
ago.
They
were
waiting
for
the
schedule
to
come
out,
but
that
event
is
likely
to
have
a
supply
chain,
security
track
and
I
believe
like
open
source
itself.
A
The
open
ssf
has
a
call
for
papers
which
is
independent
and
still
open.
Actually,
I
will
find
the
link,
because
you
can
submit
talks
for
the
open
ssf
day,
which
includes
six
star
talks
and
yeah.
It
looks
like
if
we're
planning
some
announcements
around
get
sign
and
other
things
that
might
be
some
good
topics
to
put
in
proposals
for
and
yeah
a
nice
shot
at
pycon
yeah
I
saw
there
were
a
couple
of
six
star
talks
did
William.
Did
you
add
this?
In?
Did
you
want
to
speak
to
that.
G
Yep
I'm
sorry,
oh
yeah,
I
added
that
in
so
I
have
a
talk
at
pycon
about
six
store
in
the
IPI
packaging
ecosystem
and
then
I
believe
there
are
a
couple
other
talks
that
we'll
mention
six
store
in
the
context
of
General
ecosystem
health
for
python.
A
Awesome
and
that
is
April
19
to
27th,
yeah,
great
and
yeah.
Just
a
reminder
for
folks,
like
any
talks
on
six
dollars
that
are
out
that
get
posted
publicly,
we
do
add
them
to
a
playlist.
We
have
a
community
playlist
on
the
six
star,
YouTube
channel,
so
folks
can
find
the
most
recent
talks.
So
just
drop
a
note
in
slack
in
the
general
Channel
or
just
ping
me
directly
and
Roxanne,
who
helps
out
with
that
we'll
we'll
get
the
talk
added
to
the
playlist.
A
Okay,
blog
posts.
We
have
this
post
come
out
by
Matthew
Benoit,
a
nice
one
on
cosine
and
policy
controller
with
gke
and
I.
Believe
we've
got
one
in
the
queue
that's
waiting
for
the
cosine
2.0
announcement
from
Hayden,
so
that
we'll
wait
for
the
announcement
to
go
out
on
Thursday.
Ideally.
B
A
A
G
Or
yeah
yeah
I
I,
don't
have
anything
prepared
for
that,
but
basically
the
size
of
things.
There
is
that
the
Homebrew
annual
body
meeting
happened
a
couple
weeks
ago
at
first
on
and
as
part
of
that,
I
I
brought
up
the
idea
of
using
six
door
in
in
homebrews.
G
Just
we
because
we're
already
everything
is
done
through
CI
already,
instead
of
actions,
so
it'd
be
a
relatively
easy
lift
to
sign
everything
that
Homebrew
currently
distributes
with
the
ambient
credentials
in
GitHub
by
Essex
store,
and
so
the
other
maintainers
are
receptive
to
that
and
I'm
currently
working
on
a
proposal
that
we'll
make
public
once
was
just
finished,
and
so
it's
not
fully
public.
G
Yet,
but
basically
the
plan
there
is
to
roll
out
six-door
for
client
side
verification
as
well
as
CI
side
sign
in
for
Uber.
A
Yeah
that
was
very
exciting
and
yeah
I
think
echoing
lots
of
folks
here.
Just
let
us
know
how
we
can
help
yeah.
A
Okay,
so
introductions,
anybody
would
like
to
say
hello
or
ask
any
questions
or
anything.
This
is
floor
is
open.
Please
feel
free
to
use
it.
Foreign.
A
Okay,
sorry
I'm
looking
today
yeah
and
more
than
welcome
to
look
and
whenever
you're
ready
do
feel
free
to
speak
or
not.
F
Until
last
month,
I
was
the
head
of
open
source
of
Coleman
Sachs
and
I.
Was
one
of
the
people
impacted
so
I'm,
using
my
newly
found
free
time
to
get
involved
in
further
groups,
and
this
was
one
that
I
wanted
to
check
out
so
I'm
just
sort
of
lurking
and
checking
out
and
seeing
if
there
are
ways
in
which
I
could
be
helpful.
So
glad
to
be
here.
A
A
H
So
I
just
left
one
note
in
here
about
wholesale
1.1
being
released,
which
adds
support
for
build
kite
but
I.
Think
and
I.
Don't
know
if
anyone's
mentioned
already,
the
standardization
work
that
we've
been
doing
with
GitHub,
but
we've
been
trying
to
set
a
standard
set
of
extensions
within
the
full
Co
certificates
that
map
to
claims
from
CI
providers
like
build
gitlab,
GitHub
actions.
H
We
just
checked
that
in
this
morning,
so
fantastic
I'm
really
excited
about
that.
So
we'll
start
doing
that
work
very
shortly.
So
the
reason
I
mentioned
build
cut
ears,
for
example.
Right
now
we
don't
have
any
additional
extensions
that
give
you
information
about
build
provenance,
for
example,
but
we'll
be
able
to
add
on
to
that
too.
So
yeah
that
just
got
checked
in
I
think
that
was
the
only
thing
to
mention
I
believe
for
recore,
we'll
also
be
doing
a
cut.
H
Soonish
there'll
just
be
some
bug
fixes.
A
That
I'd
love
to
check
that
out
and
encourage
folks
to
take
a
look.
H
A
Okay
on
that
highlight
I
think
we're
gonna,
leave
it
there
for
this
week.
Yeah
next
week
is
office
hours,
where
we'll
be
looking
at
I
think
we
have
a
hopefully
a
demo
from
Josh
litzky
and
some
of
the
oci
integration
work
for
cosine,
but
we
also
have
slots
for
anyone
else
who
would
like
to
come
along
and
do
a
demo
just
let
me
know
or
drop
it
directly
in
the
meeting
agenda.