►
From YouTube: Sigstore Community Meeting - Feb 7, 2023
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Okay,
I've
kicked
off
the
recording,
so
let's
get
started.
Welcome
everybody
to
today's
six
door.
Community
meeting
just
got
back
from
fosdem
I
was
there
on
the
weekend.
It
was
really
nice
to
see
a
bunch
of
folks
from
sigster
Community
but
yeah.
Definitely
some
good
updates,
which
I
can
share
a
bit
later
on,
but
yeah
as
a
reminder.
A
Please
sign
into
the
document
and
add
any
topics
we
do
have
a
section
at
the
end
to
one
newcomers
who
want
to
say
hi
do
feel
free
to
say,
hi
and
just
tell
us
what
you're
working
on
okay
I
think
that's
enough
preamble
to
give
folks
a
chance
to
join.
Let's
get
into
the
project
round
robin
which
we
normally
kick
off
with.
B
Yeah
I'll
I'll
jump
in
for
that
one
we
are
drawing
to
a
2.0
release,
which
is
exciting.
I
can
go
back
in
and
add
a
link
to
the
tracking
issue.
For
that
the
big
change
in
2.0
is
that
we're
dropping
the
cosine
experimental
flag
and
you
can
use
all
the
keyless
infrastructure
and
record
and
stuff
without
that,
which
should
be,
should
be
a
lot
of
fun.
B
We're
trying
to
keep
it
relatively
narrow
so
that
we
don't
have
to
put
every
possible
future
breaking
change
in
right
now,
because
I
think
that's
actually
pretty
user
hostile.
There
will
be
a
few
breaking
changes
and
we
will
have
good
docs
before
those
go
up,
but
there
is
now
in
cosine
a
well-defined
deprecation
process
with
some
infrastructure
support
coming
pretty
soon.
B
So,
I
think
where
we're
at
with
the
with
the
cosine
2.0
release
is
that
there
is
a
release
candidate
out.
You
can.
You
can
start
using
that
today
and
then
check
it
out
and
then,
after
that
bakes
for
a
little
bit
longer
we're
probably
going
to
just
flip
the
switch
and
call
that
release
that
latest
release
candidate,
the
cosine
2.0.
Unless,
obviously
any
any
issues
are
found.
Great.
B
That
kind
of
yes,
yes,
there
there's
going
to
be
a
bunch
of
docs
as
part
of
that
there's
going
to
be
a
blog
post,
I,
don't
know
if
Hayden's
on
the
call
the
blog
post
is
going
to
be
basically
a
summary
with
all
the
important
highlights
and
a
pointer
to
the
the
full
release
notes.
So.
C
A
A
Yeah,
okay,
I'm
gonna
go
through
these
get
sign
time:
stamping
I,
don't
see,
I
didn't
know
Billy
some
skip
over,
but
shout
if
you've
got
something.
A
Okay,
let's
get
to
replying
monthly
meeting,
that's
exciting
yeah.
B
So
so
we
had
our
first
meeting
of.
There
is
no
formal
designation,
so
a
group
of
six
door
contributors
who
are
interested
in
six
for
Clydes
today.
That
will
happen
monthly
if
you're
interested
in
that
it's
on
the
six
star
calendar,
but
also
just
join
the
client's
channel
notes
are
available.
There
were
no
decisions
made,
but
it's
a
useful
point
to
coordinate
across
sort
of
all
the
six
door
clients,
especially
we
have.
We
have
a
number
of
them
in
a
number
of
different
languages.
B
We
want
to
make
sure
that
they're
all
doing
the
right
thing
and
interoperable
with
each
other
and
and
so
on,
so
any
like
important
discussions
that
information
should
trickle
out.
So
it's
not
100
required
that
if
you're
working
on
a
six-star
client,
you
show
up
but
I,
think
it's
it's
nice
to
exchange
experiences
and
and
learn
from
learn
from
all
the
other
quiet
implementers
there.
All
right,
yeah
and
I
think
nothing.
Nothing
happened
at
that
meeting.
B
A
So
I
guess
basically
just
a
really
good
place
to
for
knowledge,
sharing
and
comparing
practices.
B
Yep
yep,
and
if
you
look
in
the
meeting
it
I
mean
it's,
that's
that's
explicitly
identified
as
as
kind
of
the.
B
Point
and
there's
a
couple
other
secondary
points
as
well.
A
Yeah
and
great
to
see
Vlad
was
there
now
we're
having
some
conversations
in
the
Java
Channel
about
tough?
So
is
this
the
kind
of
right
place
to
to
surface
some
of
those
kind
of
queries?
B
A
Okay,
so
yeah
folks,
just
to
be
aware
of
that
clients
meeting
and
join
in
on
that
any
other
updates
from
the
specific
clients.
Anything
folks
want
to
share.
A
All
right
events
yeah
a
week
ago
with
Cloud
native
security
con
and
there's
some
good
representation
from
1660
community
and
I've
linked
some
of
the
talks
I
could
find
from
there
so
do
check
those
out
and
we'll
also
add
them
to
the
playlist
of
community
talks
on
our
YouTube
channel
I.
Believe
there
was
some
members
of
the
community
there
were
there
any
conversations
with
noting
I
don't
know
if
anyone
else
who
was
there
I
want
to
highlight
what
the
conference
was
like
Impressions
and
any
other
feedback
for
this
group.
C
A
A
Yeah
anything
else
all
right
check
out.
The
talks
then
follows
them
for
them.
For
those
of
you
know
where
it's
like
the
biggest
open
source
conference
in
Europe
and
after
a
couple
of
years
virtual,
it
was
back
on
in
person
this
past
weekend
and
I
think
folks
definitely
missed
it,
because
it
was
really
well
attended.
A
Super
busy
everywhere
you
went
kind
of
rooms
were
packed
and
yeah
lots
of
discussions
around
open
source
things
like
the
upcoming
European
CRA
directive
and
then
plenty
of
like
security
topics
and
an
s-bomb
Dev
room.
I
will
highlight
this
talk
from
James,
strong
and
Lewiston
and
Perry,
which
was
kind
of
a
fun
take
on
comparing
six
door
to
rugby
sport
of
rugby.
So
that
was
pretty
fun,
but
also
in
the
room.
A
We
had
a
couple
of
six-door
community
members
like
her
butalumi
from
sort
of
type
in
the
Java
side
and
William
Woodruff,
so
yeah
we
had
some
really
good
discussions
again.
Just
comparing
and
contrasting
client
implementations
and
I
don't
see
William
here,
but
I
do
know
he
was
going
to
a
foster,
infringe
event
with
Homebrew
and
he's
going
to
propose
adoption
of
six
store
for
Homebrew.
So
that's
pretty
exciting,
so
look
forward
to
an
update
there
from
William
and
ducos
anyone
else.
A
Yes,
anyway,
check
out
that
talk
and
we'll
keep
folks
posted
on
general
adoption
and
then
just
a
couple
of
other
events
coming
up,
which
cfps
are
just
recently
closed,
I
think
kubecon
Europe.
They
I
believe
they're.
Just
putting
out
notifications
to
speakers
today.
Anyone
from
the
six
door
Community
aware
of
any
talks
accepted.
A
Okay,
I
haven't
heard
anything
but
yeah.
Let
us
know
if
you
did
have
a
talk
except
I'll,
take
a
look
at
the
schedule
soon
and
then
open
source,
North
America.
The
call
for
paper
closed
the
other
day.
So
that's
another
conference
which
has
Ace
software
supply
chain
track,
so
we'll
see
what
that
ends
up
being.
A
Not
sure,
what's
going
on
with
the
blog
today,
I
think
a
few
folks
have
pointed
out
it's
offline.
We
did
have
a
blog
post
up
on
the
Java
work
for
sigster,
which
is
great
having
that
in
place
for
foster
a
few
people
referenced
it
in
their
talks
and-
and
it
was
good
to
just
get
some
general
attention.
A
A
Guys,
let's
go
into
introductions
and
Ian
I
know
you've
already
spoken,
but
yeah
I
would
love
to
hear
what
brings
you
here
and
anything
you
want
to
share
with
this
group
so
go
ahead.
Sure
hi.
C
To
everyone,
your
number
Hall
I
work
for
Central
dubs,
like
Ops
2,
linking
for
Lockheed
Martin
and
we're
doing
a
couple
things.
First
off
as
an
end
user.
We're
deploying
Standalone
instances
of
the
the
Sig
store
stack,
so
we
can
look
into
that
and
then
I
think
there's
some
maybe
I'll,
say
government
sector
specific
issues
that
I'm
trying
to
work
through,
like
one
of
them
is
data.
Stills
like
what
happens.
C
If
someone
leaks
something
in
the
report
that
we
have
to
remove
the
compliance
reasons,
so
I'm
not
looking
to
get
that
stuff
here
really
but
yeah,
it's
kind
of
where
my
interest
slides
there.
The
other
item
that
we're
working
a
lot
on
is
some
open
source
tooling
around
using
software
materials
as
a
transfer
definition,
and
there
was
a
talk
that
I
gave
at
my
name
is
carry
Con
on
that.
But
we
do
a
lot
of
validation
of
stuff
as
we
pull
it
through
and
bring
it
into
an
isolated
environment.
C
So
my
team
is
working
at
looking
at
doing
that.
Integration
with
recore
for
validation,
of
signing
of
all
those
components
you
find
in
nespond
for
transfer
it's
a
little
bit
of
tool,
interoperability
and
also
an
end
user.
A
A
Kind
of
combining
the
two
is
like
using
six
dose
the
distribution
model
for
for
s-bombs,
so
yeah
I
would
love
to
to
hear
more
about
that
and
so
yeah
welcome
to
anytime
you,
you
want
to
talk
more
I,
just
certainly
office
hours,
which
is
very
end.
User,
focused
I,
welcome,
anytime,
you're,
ready
to
to
jump
in
and
share
more
on
that
you'd
be
more
than
welcome.
D
Yeah
hi
Ian,
also
real,
quick,
Tracy
I,
wanted
to
ask
I
think
John
slack,
but
it's
probably
best
to
ask
right
here
who
did
you
say,
was
interested
in
or
working
on,
Homebrew
integration.
A
Yes,
there's
an
in-person
on
on
Monday
and
yeah,
there's,
there's
kind
of
a
two-stage
approach,
but
yeah
I,
think
being
him
and
I'm
waiting
to
hear
how
that
that
meeting
went
cool.
Thank
you
great
all
right.
Any
other
topics.
Things
folks
would
like
to
discuss
or
see
from
the
six
door.
Community
now's
your
chance.
A
All
right,
let's
leave
it
there.
Next
week
we
have
office
hours
and
then,
in
two
weeks
we'll
also
have
we'll
come
back
to
the
contributor
Focus
meeting
thanks.
Everyone
bye.