►
From YouTube: Sigstore Community Meeting March 7, 2023
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Okay,
hello,
everybody
Welcome
to
today's
six
year
community
meeting
on
Tuesday
March,
the
7th
I'm
gonna
jump
right
into
the
agenda
here
and
to
feel
free
to
add
things
as
we
go
along
to
the
relevant
sections
and
we
should
be
able
to
get
around
to
everything
so
we're
going
to
kick
off
with
a
project
around
Robin
and
starting
with
the
the
main
projects.
Rico
false
in
Coastline
I.
Think
the
big
news
is
cosine.
2.0
is
released
and
yeah
Hayden
Priya.
B
Hayden
wrote
this
great
blog
post,
which
kind
of
like
details
all
the
different
changes
and
some
of
the
like
new
things
that
we've
added
and
they're
just
like
a
bunch
of
flags
that
have
been
renamed
so
that
hopefully
they
make
like
a
little
bit
more
sense
now,
and
it's
like
more
obvious
what
everything
does
so
yeah
definitely
check
it
out
file
some
issues
if,
like
the
behavior,
is
confusing
or
not
what
you
expected,
or
you
see
a
bug
and
yeah
thanks.
A
Yeah,
congratulations.
Now!
That's
Lots
went
into
that
and
it's
nice
to
see
it
find
me
out,
has
ever
had
any
kind
of
feedback
reactions
that
people
generally
happy
or
just
I
haven't.
B
A
C
Fossil
I'll
be
cutting
a
1.2
release
in
a
bit
there's
a
little
bit
more.
That's
going
to
go
into
it,
the
pr
from
a
little
while
ago
for
creating
the
standardized
set
of
claims
for
CI
I'm
working
on
implementation
of
that
now
so
that'll
be
a
part
of
1.2,
and
there
was
also
a
question
on
the
slack
I
a
couple
weeks
ago,
released
1.1,
which
included
support
for
build
kite
that
has
not
yet
been
rolled
as
a
production.
C
I'm
hoping
to
have
some
docs
to
share
that
go
a
bit
into
witnessing
support
so
being
able
to
verify
the
Integrity
of
the
transparency
log
I'm
working
on
some
docs
there.
So
hopefully,
I'll
have
have
an
update
soon,.
A
C
C
Variable
for
that
does
anyone
else.
All
Flags
should
now
be
able
to
be
specified
in
the
environment
too.
So
cosine
underscore
yes,
should
be
sufficient.
A
A
All
right,
I'll,
just
read
it
version.
Six
Roots
was
issued
last
week
and
thanks
Commando
captain
and
this
route
contains
a
serialized
Json
protobuf,
with
the
trusted
root
per
the
protobus
specs
for
clients
to
use
cool,
and
do
you
have
anything
good
sign,
Billy
I
think
you
still
building
to
the
1.0
release
and
time,
stamping
see
Hayden.
C
I
just
wanted
to
mention:
we
just
cut
a
second
release
candidate
for
the
timestamp
authority.
The
only
difference
between
this
one
and
the
previous
is
this
is
using
go
1.20.
The
plan
is
cut
the
one
that'll
release
in
probably
a
week,
so
give
it
a
try.
Let
us
know
if
you
see
any
issues.
A
D
Huge
updates,
but
I
just
wanted
to
highlight
that
the
conformance
tests
have
been
officially
Upstream.
Sorry
if
we
covered
this
last
time,
but
I
I
missed
it
if
we
did,
which,
which
is
exciting
kind
of
next
steps
that
are,
are
sort
of
figuring
out
how
that
fits
into
our
overall
testing
strategy
for
clients
that
will
do
on
GitHub
and
not
on
a
call
with
this.
D
Many
people
on
it,
but
I
will
I
will
advertise
that
as
soon
as
that,
the
kind
of
discussions
go
up,
but
that's
that's
I
think
super
excited.
So
thanks
for
for
to
everyone
who
contribute
to
that.
D
Oh
they're,
now
they
they
are
now
officially
in
the
six-story
organization,
on
Gap.
A
Yeah,
that's
very
nice
to
see
and
other
things
in
clients.
How
is
private
beta
going
any
any
updates
from
npm
folks.
E
No,
nothing
in
particular
lots
of
good
feedback,
but
we're
planning
to
go
to
public
beta
I.
A
Look
forward
to
that.
Okay,
move
on
to
docs
season
of
docs
I
think
is
this
Lisa?
Did
you
throw
that
in.
G
A
G
A
Okay,
yeah
I
have
sort
of
tangentially
been
involved
with
the
Jenkins
community
and
season
of
Doctor,
and
they
had
a
really
good
experience
on
some
really
great
writers,
who've
actually
stuck
around
in
the
community.
So
yeah,
that's,
plus
one.
Let's,
let's
put
in
this
application
and
yeah
I,
encourage
all
the
projects-
I
guess
not
immediately,
but
if
we
can
start
scoping
out
specific
pieces
of
work
to
help
improve
the
documentation
for
our
sub
projects.
Our
client
projects,
yeah
I,
encourage
you
to
get
involved.
A
A
Okay,
Switching
tag
to
outreach
and
events,
kubecon
Europe
is
coming
up.
This
hasn't
really
changed.
It's
just
there
for
reference.
There's
a
channel
jump
in
there.
If
you're
planning
to
go
there's
a
bunch
of
folks
will
be
there.
I
encourage
you
all
to
get
together.
Pycon
just
highlighting
here.
William
Woodruff
has
a
talk
on
six
door,
so
that's
pretty
cool
and
then
also
at
devox
France
from
the
Java
client
side.
There's
a
six-star
workshop
with
me
I
think
that's
like
three
hours
of
six
door.
A
Goodness
that's
going
to
be
in
French
as
well,
so
yeah
I
think
there's
a
lot
of
work
they're,
putting
in
towards
having
materials
for
that.
So
looking
forward
to
that
open
source,
North
America
is
coming
up.
The
open
source
Summit
in
North
America
is
coming
up.
May
10
to
12th
part
of
that
will
include
an
open
ssf
day,
which
has
a
distinct
call
for
papers
which
is
open
now
I
highly
encourage
folks
to
submit
talks
around
six
door,
and
maybe
it's
relationship
with
other
open
ssf
projects.
I
think
that
would
be
cool.
A
Any
questions
on
those,
oh
any
ones,
I
may
have
missed.
Do.
Let
me
know
blog
post,
the
cosine
2.0
blog,
we
called
out
earlier
and
nothing
new
on
the
six
door.
Landscape.
C
C
We're
aware
of
that.
If
you
were
the
author
of
any
of
those,
and
you
still
have
the
original
text,
let
me
know
or
post
on
the
the
issue,
I'll
link
that
in
a
moment
and
then
the
ask
for
I,
think
it's
Dan
I'm,
not
sure
who
admins
the
medium
post.
We
need
to
turn
off
the
redirect
temporarily
so
that
we're
able
to
access
all
the
blog
posts.
A
Cool
yeah:
no
thanks
for
sorting
that
I
can
poke
down
and
see.
I
can
do
that
and
I
think
we
had
a
lot
of
the
posts
originally
in
Google
Docs.
So
I'll
take
a
look
at
the
list
and
see
what
I
can
dig
up
equals.
A
Okay,
moving
on
we've
got
lots
of
topics
to
get
through
I'm,
going
to
kick
off
the
one
on
logos,
I
stuck
that
one
in
so
I
want
to
share
it's
a
really
interesting
one.
But
the
links
Foundation
reached
out
to
say
that
the
rather
the
designer
who
did
the
original
six
door
logo
said
they
were
dealing
with
a
copyright
issue
around
the
black
seal,
so
that
was
kind
of
interesting,
but
what
they
suggested
they
needed
to
redraw
the
seal
part
of
the
logo.
And
then
we
need
to
update
to
the
logo.
A
So
they
provided
a
bunch
of
options
and
the
TSC
picked
one
to
be
honest,
most
folks
who
felt
they
looked
pretty
similar.
But
we
are
now
asking
for
the
updated
design
files
and
then
once
we
have
that
we
will
have
to
go
through
and
do
a
sweep
to
replace
the
old
logo.
So
a
bit
of
a
pain
but
yeah
I
think
we
have
to
yeah
just
copyright
issues
so
no
way
around
it.
A
A
So,
while
we're
doing
a
bunch
of
logo,
work,
I
think
we
can
do
some
on
some
of
the
other
projects.
So
I
know
this
has
been
a
request
for
a
while,
but
we
have
some
bandwidth
to
sort
it
now.
A
So
there's
a
request
for
the
six
doors
policy
controller
logo
and
what
I'm
asking
folks
is
to
give
some
input
as
what
they
would
like
that
logo
to
look
like
so
do
they
want
it
similar
to
the
601
a
completely
different,
color
or
yeah,
so
I
encourage
folks
to
go
in
and
add
to
building
up
the
the
creative
Reef
and
likewise,
if
there's
any
other
six
door
project
or
anything
in
our
ecosystem,
which
we
want
a
logo
typically,
because
we
want
to
highlight
it
to
end
users
and
we
want
to
help
people
discover
it
in
the
landscape
and
that's
a
good
time
to
request
that.
A
So
we
can
kind
of
maybe
do
some
batch
requests.
So
please
do
file
an
issue
on
the
community
repo
and
ideally
just
say
what
you
want
the
logo
for,
and
you
can
fill
in
some
of
the
things
from
the
creative
brief.
Just
like
what
sort
of
ideas
do
you
have
behind
it,
what
should
it
look
like?
What
should
it
not
look
like,
and
then
we
can
go
from
there
if.
D
I
added
this
a
but
in
response
to
a
question
because
someone's
like
I
have
an
idea:
if
I
start
working
on
it
will
I
be
stepping
on
toes
and
the
answer
was
I.
Don't
know
you
have
to
just
kind
of
shout
into
the
void
and
hope
someone
notices
right
now,
as
as
far
as
I
can
tell.
C
I
yeah
I
think
the
best
way
right
now
is
file
an
issue
in
the
repository
or,
if
you
want
to
pick
up
an
existing
one,
ask
write
a
design,
doc
yeah.
We
don't
have
any
cohesive
roadmap
across
the
board.
A
Yeah
is
that
something
we
think
we
would
be
useful
of
seeing
other
communities
figure
out
ways
to
do
it
and
it
usually
takes
the
look
of
what
people
are
planning
to
work
on
now,
what
they've
got
on
the
further
Horizon
and
then
just
all
kind
of
shared
in
one
place
and
maybe
broken
up
by
themes,
so
it
could
be
like
here's.
What
we're
doing
for
did
you
have
a
client
or
or
other
areas?
Do
people
think
that
would
be
useful.
C
Yeah
I
think
this
also
relates
to
the
formation
of
six
I
I.
Think
once
we
have
those
each
of
them
can
kind
of
set
their
own
road
maps,
and
it
should
be
a
little
bit
easier
to
get
involved
and
know.
What's
the
what's
currently
ongoing.
A
Actually,
since
you've
raised,
that
is
this
a
good
time
to
say
what's
happening
with
six
I,
don't
think
it's
ever
been
covered
in
this
call.
So
maybe
for
this
audience
it's
there
an
update
there.
We
can
share
from
the
TSC.
B
Yeah
I
think
I
know
that
there
was
a
TSC
meeting
last
week
to
kind
of
like
discuss,
sigs
and
like
kind
of
formalize
them
a
little
bit,
but
I
wasn't
able
to
attend
because
I
was
on
a
plane,
so
I
think
it's
probably
still
sort
of
in
progress.
And
if
anyone
like
wants
to
kind
of
see
the
progress
I
would
suggest
attending
the
TSC
meetings
which
happen
every
other
Thursday.
But
once
it's
more
formal,
then
we
can
probably
talk
about
it.
In
this
meeting.
A
Great
and
maybe
we
can
bump
up
this
roadmap
to
as
part
of
that
conversation
and
part
of
the
like,
looking
down
the
road
at
what's
coming
in
time,
yeah,
okay,
great.
D
I
always
feel
like
who
I
think
it's
not
on
the
call
today.
So
I
honestly,
don't
know
so.
I
I
told
him
I'd
follow
up
in
this
meeting
and
see
if
there
was
anything
I
didn't
know
about,
but
it
sounds
like
there's
not
and
so
I've
just
encouraged
him
to
again
shout
into
slack
or
file
an
issue
anywhere
and
we'll
get
the
right
eyes
on
it.
But
yeah
I
agree
in
the
long
term
that
this
would
be
a
really
nice
thing
to
have.
C
A
Okay,
next
item
I
just
copied
this
out
of
slack
I,
said
Dan
Lawrence
had
mentioned
this
openssf
elections
coming
up
everybody
who
contributes
to
six
store,
which
includes
non-code
contributions,
so
attending
meetings
participating
in
slack
is
eligible.
So
you
have
to
register
to
vote
just
say
for
your
email,
GitHub
handle
and
I
think
just
a
little
description
of
where
you've
been
participating
and
yeah
and
then
they'll
follow
up
once
the
election
candidates
and
the
timeline
has
been
set
out.
A
F
Yeah
I'm
I'm,
making
really
a
PR
to
cut
to
contribute
like
a
gym
with
the
protocol,
specs
right
and
and
I'm
wondering
like
to
publish
it
in
Ruby
James,
like
what
should
I
do
with
the
credentials
for
publishing
like
create
our
personal
account
and
just
add
the
key
or
how
do
I?
How
do
we
create,
like
a
sister
account
for
Google
Jams?
D
Wondering
all
right
yeah:
can
you
either
open
the
pr
or
just
open
an
issue
to
track
the
pr
on
the
protobus,
specs
repo?
And
if
you
have
and
I
missed
that
sorry,
I
I've
been
a.
D
Right
great,
then,
if,
if
you
do
that,
I'll
follow
up
with
you
there
for
other
languages,
in
some
cases
you
can
kind
of
set
up
authorization
based
on
the
repository
or
whatever
and
others.
We're
gonna
need
to
have
some
secret
that
winds
up
back
in
the
GitHub
actions.
So
we
are
happy
to
like
appoint.
D
You
know
someone
from
the
six
door,
Ruby
project
or
ideally
a
couple
of
folks
to
reduce
the
bus
Factor
as
kind
of
like
the
owners
and
then
have
I
can
give
you
access
to
add
a
secret
to
GitHub
or
we
can.
We
can
figure
that
out
there,
but
all
right.
We
don't
have
a
good
story
there,
but
we'll
we'll
make
it
work
if
yeah.
A
H
Yeah,
so
this
is
so
we
have
a
bunch
of
film
charts
and
there's
a
bunch
of
work
that
goes
into
putting
out
new
features
and
everything
else
like
that,
and
sometimes
the
health
charts
are
lagging
behind
so
I'm,
just
kind
of
amplifying
this
is
Andrew
block
is
actually
the
one
who
was
asking
about
this.
There
is
a
channel
in
the
slack
called
I'll
put
it
in
there.
H
It's
basically
Splat
Helm
Dash
charts,
and
so,
if
you
have
health
knowledge,
I'm
sure
we
all
would
appreciate
having
more
up-to-date,
Helen
charts.
That's
all.
A
Right
and
I
don't
know
if
I've
got
the
slack
channel
name
right,
but
please
feel
free
to
update
and
add
a
link
to
it.
Thanks
really.
A
Okay,
is
this:
no
other
new
business
and
yeah
nice
to
have
all
the
different
topics
we'll
go
into
the
phase
of
the
meeting
where
we
do
introductions
so
anyone
who's
new
to
the
community
like
to
say
hello
and
what
brings
them
here
and
what
they're
interested
in
seeing
from
the
community?
This
is
your
chance
I'd
love
to
welcome
you,
uh-huh,
hello,.
I
J
Great
and
hi
everyone,
I'm
Erin
I'm
at
chain
guard
I'm,
the
developer,
Education
team
and
helping
out
with
some
some
Sig
store
related
initiatives.
So
yeah
excited
to
be
here
thanks.
A
Foreign,
let's
leave
it
there
for
today.
So
just
a
reminder:
next
week
we
have
our
office
hours
format,
so
that
is
more
focused
on
demos
and
end
users
and
features.
So
specifically,
we
do
have
one
demo
lined
up,
which
will
be
cosine
2.0
and
its
support
for
oci
I
believe
Josh
dolitsky
will
be
doing
that
and
this
we're
still
open
to
anyone
else,
who's
using
six
door
to
come
and
show
what
you're
doing
with
it
and
get
some
feedback
and
input
from
the
community.
D
Sorry
I
I
wanted
to
say
no
pressure
nick,
since
it's
it's
short
notice,
but
we
would
love
to
have
you
give
a
a
little
demo
or
presentation
on
clearly
defined
and
chat
through
how
you're
you're
thinking
about
where
things
were
another
open,
ssf
projects
can
help
out,
because
that
sounds
like
a
cool
initiative,
so
just
wanted
to
nominate.
E
A
Perfect
yeah
thanks,
Zach
and
yeah
I
can
follow
up
with
if
you're
in
the
sixth
slack
I
can
ping
you
and
just
fill
you
in
on
all
the
logistics
and
any
questions
you
may
have.