►
From YouTube: Cartographer Community meeting - Dec 1st. 2021
Description
00:00 Intro
01:36 The TL;DR
06:55 CNF Security TAG/Supply Chain WG invite
11:01 Classifiers naming in Delivery
24:06 End of year calendar
Community meetings happen each Wednesday at 8:00 AM PT/11:00EDT
See the agenda here (https://bit.ly/2Z67z08), add any topic you may want to discuss and join us live!
A
Okay,
welcome
everyone
to
the
cryptographer
community
meeting
today
is
the
first
day
of
december,
and
we
want
to
give
a
warm
welcome
to
the
maintainers
team
and
also
to
scott
andrews
in
cora.
Welcome
to
the
community
meeting.
Thank
you
for
joining.
A
Hello,
so
let
me
share
my
screen
here
and
okay,
that's
something
different!
There
you
go!
Okay,
yeah,
please
remind
that.
The
agenda
is
open,
so
feel
free
to
drop
in
any
discussion.
Topic
that
you
could
do.
You
would
like
to
ask,
and
also
your
your
name
to
the
attendees
list.
It
should
start
there.
You
go.
A
There
you
go
okay,
now
for
the
tldr
and
probably
for
the
the
polls
who
are
joining
us
for
this
meeting.
We
have
section
at
the
beginning
of
the
meeting
called
the
tldr
where
someone
from
the
team
usually
josh
when
he's
available.
A
We
share
what's
new
in
the
project
this
week
and
what
the
team
is
working
on.
It's
a
quick
overview.
So
we
can
go
straight
to
that
item.
Josh.
B
Yeah,
just
updating
the
notes
there
before
getting
started.
Yeah,
we
have
a
lot
of
breaking
changes
in
this
week.
We
are.
The
first
thing
is
we're
updating
the
labeling
on
supply
chains
to
be
best
match.
So
now
your
workload
basically
define
like
your,
so
your
supply
chain
will
go
and
it
can
define
multiple
labels
and
characteristics
that
it
supports
along
the
way
and
then
your
workload
can
it
does
a
best
match
of
all
the
available
labels
on
the
supply
chain.
B
So
if
you
have,
if
your
workload
matches
against
one
supply
chain
with
say
two
labels
and
another
one
with
one
label,
it'll
pick
the
one
with
two
as
the
the
one
it
matches
against.
Another
breaking
change
we
introduced
is
overrideable
params.
B
So
now,
when
a
template
author
specifies
a
param
that
param
can
be
overridden
by
the
supply
chain,
as
well
as
overridden
by
the
workload
at
different
levels,
so
check
out
that
issue.
There's
some
interesting
nuances
there.
B
The
other
big
thing
we
did
was
we're
reducing
the
controller
permissions.
So
now,
when
a
workload
propagates
to
a
supply
chain,
it
will
actually
use
the
a
service
account.
That's
found
in
the
namespace
of
the
workload
to
perform
all
of
the
different
controller
actions
so
submitting
different
crds
along
the
way,
and
then
the
other
big
thing
that
we've
done
recently
is
we've
overhauled
logging,
just
adding
a
whole
bunch
of
like
debug
messaging
and
just
some
better,
just
yeah,
better
messaging,
to
make
troubleshooting
issues
a
lot
easier.
B
Yeah,
so
those
are
the
big
things
and
then
the
we're
basically
right
now
we're
working
on
overhauling
our
docks
just
trying
to
provide
as
much
information
on
all
the
new
stuff
we've
been
building
we're
also
trying
to
get
a
release
out
the
door.
So
we've
gone
through
a
couple
rcs
that
they're
posted
up
in
github.
B
You
can
check
those
out
and
so
yeah
we're
working
towards
finalizing
a
release,
and
then
the
last
thing
is
we're,
probably
gonna
be
slowing
down
a
bit
over
the
holidays
as
we
approach
the
end
of
december.
So
just
another
thing
to
keep
in
mind
so
yeah.
Those
are
the
things
we've
been
doing.
A
A
B
A
A
C
C
Guess
done
the
control
caller
permissions.
Is
that
something
that
that
require?
I
mean
I
should
look
it
up,
but
because
I
just
was
running
into
this.
Actually
I
was
I
was
upgrading
from
one
release
candidate
to
the
latest
one
in
order
to
use
the
params
from
the
workload,
and
I
found
I'm
getting
these
errors
that
say
that
the
git
repository
object
can't
be
created,
so
I'm
I
was
just
looking
at
that.
Actually
in
about
the
in
the
last
like
two
releases
ago.
C
B
Yeah
there
are
yeah,
so
basically
yeah.
It
will
pick
up
a
service
account
from
the
namespace
that
your
workloads
are
running
in,
and
so
it's
a
documentation
update
that
we
need
to
make
everywhere,
but
yeah
basically
you'll
have
to
update
your
your
roles
that
get
bound
to
that
service,
account
to
make
sure
that
you
have
all
the
necessary
permissions
to
create
all
the
objects
that
get
created
within
that
namespace.
B
So
git
repository
is
one
of
them
and
then
all
the
other
objects
in
the
supply
chain
that
get
created.
D
There's
an
example
on
the
repo,
so
in
there
under
developer,
I
think
there's
like
a
service
account
that
has
a
bunch
of
roles.
E
A
A
Okay
next
thing.
Well,
previous
meeting,
we
canceled
previous
meetings.
So
no
not
exactly
a
follow-up,
and
now
we
have
the
up
invite
discussion
section.
The
first
topic
was
proposed
by
rashid.
I
think
he
won't
be
able
to
attend
so
we'll
go
to
next.
I've
been
attending
the
cncf
security
tech
meetings.
A
You
know
best
practices,
white
paper
and
a
reference
architecture,
doc
right
now,
it's
using
a
different
set
of
tools,
but
there
are.
There
are
many
sections
that
are
open
to
collaboration,
but
for
collaboration,
and
they
they
ask.
They
made
us
an
invitation.
First
thing
we
could,
whenever
we
feel
we're
ready,
we
could
join
one
of
the
sessions
to
present
cryptographer
the
design
philosophy,
a
demo
and
part
of
the
of
the
team.
There
includes
mike
lieberman
from
city
who's.
A
Also,
I
believe,
co-founder
of
chain
guard
and
well
he's
considered
an
expert
on
the
supply
chain
security
field,
and
he
will.
He
will
also
wants
to
see
the
demo
and
provide
feedback
for
the
project,
even
if,
in
the
future,
cartographer
is
not
part
of
a
cncf
or
if
we
go
to
a
different
foundation.
That's
a
totally
separate
conversation.
A
As
I
pointed
out
in
a
in
an
issue
yesterday,
they
brought
up
the
salsa
framework
that,
like
kind
of
the
the
standard
for
what
they
would
like
to
see
in
a
demo
demo,
that
includes
at
least
these
steps
and
that
you
can
see
there
and
also
to
emphasize
that
you
can
make
it
that
cartographer
is
flexible
right,
that
you
can
use
different
tools
for
different
steps.
A
So
that's
kind
of
the
overall
message
in
parallel,
I've
been
exploring
the
process
with
the
continuous
delivery
foundation,
how
to
propose
a
project,
and
all
of
this
probably
that's
for
a
further
stage,
but
that's
so
far,
there's
an
open
invite
from
the
cnc
of
security
back.
A
F
I
was
going
to
say,
and
actually
I'm
from
this
one
would
be
to
include
hector
here.
I
think
we're
actually
presenting
at
the
ancor
open
source
meetup
later
today
to
discuss
not
exactly
this
but
related
topics,
so
so
yeah,
including
somebody
from
those
teams,
would
be
really
helpful
because
they're
they're
responsible
for
looking
at
these
kinds
of
things.
A
Elaborate
there:
okay,
that's
great
yeah
by
the
way
cartographer
will
be
part
of
the
you
know,
content
in
the
encore,
oss
meetup.
It
will
happen
today
we
announced
a
couple
of
days
ago,
so
it's
interesting
to
have
this
collaboration
between
open
source
projects.
That's
great!
A
Okay!
I
believe
there
there's
another
item,
blueprint
and
owner
named
discussion.
I
believe
it
was
proposed
by
rash,
but
I'm
not
sure
his
lack
message.
G
This
was
something
that
I
kind
of
I
kicked
off
because
I
started
using
the
term
blueprint
in
code.
I
think
that
it's
something
that
I
had
used
in
nrcs
before,
but
yeah
once
it
hit
the
repo
it
gave
a
larger
discussion.
G
Essentially,
we've
got,
we've
got
delivery
and
supply
chain
and
they're.
Both
you
know
they
both
create
some
logical
object,
along
with
your
workload
and
or
deliverable,
and
so
there's
sometimes
in
code
and
then
also
just
in
discussions
where
we
want
to
talk
about.
G
What's
that,
what's
that
generic
object,
that
a
bloop
that
a
supply
chain
and
a
delivery
represent,
for
example-
and
I
called
it
a
blueprint
that
they
are
blueprinting
out
these
logical
processes
that
are
going
to
happen
and
then
what
do
we
refer
to
the
their
partner,
the
that
workload
or
that
deliverable,
as
I
I've
always
liked
to
order
rash
russia
that
we
had
used
owner
at
some
points
previously?
G
And
so
that's
what
made
it
into
the
code
but
yeah
we
wanted
to
have
a
discussion.
What
do
people
think
at
a
high
level.
E
H
I'm
a
fan
of
blueprint,
it's
a
concept
we
used
in
in
vra.
You
know
you
create
blueprints
and
then
stamp
out
deployments
based
on
blueprints.
So
I
like
the
way
it
encapsulates
the
idea
so
that
you
know
that's
my
opinion
on
that.
I
don't
know
if
it
overloads
the
term
as
we've
used
it.
You
know
across
vmware,
but
I
certainly
like
the
idea.
G
Okay,
I
would
say
I
yeah
blueprint.
It
was
the
first
term
that
I
reached
too,
and
I
I
like
it.
I
think
the
suggestion
that
guys
is
that
you
know
we
are
a
cartographer.
Maybe
we
should
look
for
some
mapping
term
map
does
seem
to
be
maps,
are
a
pretty
basic
data
structure
so
that
wouldn't
be
great
but
yeah
like
I
don't
know.
If
there's
some
other
map
like
word
chart
because.
E
I
think
the
interesting
aspect
of
it
to
me
is
that
when
you
change
the
blueprint
every
you
know
everything
that's
using.
It
also
changes
immediately.
There's
there's
this
like
it's
not
just
you
know
a
template
that
happened
once
and
then
you
know
only
new
things
get
created
from
it.
If
it's
you
know,
if
it
changes
or
get
created
differently,
if
it
changes,
I
don't
have
suggestions
on
how
that
should
improve
the
naming,
but
I'm
not
sure
if
blueprint
suggests
that
or
doesn't
suggest
that.
D
C
D
G
I
was
just
gonna
say
that
I
don't
think
that
I
I've
never
thought
of
the
workload
as
I
think
the
workload
as
the
order
that
a
developer
brings
to
you
know
this,
this
path
to
production
factory
and
with
that
order
they
kick
off
the
actual
instantiation
of
the
supply
chain.
G
G
But
yeah
I
I
wouldn't,
I
think
specifically
to
your
question
marty.
I
would
call
the
actual
thing:
the
instantiation
it's
the
word.
I
always
reach
for.
C
So,
just
to
sorry
just
to
make
sure
that
I'm
understanding
the
question
here,
it's
the
suggestion
is
to
because
there's
now
deliveries,
there's
another
like
sort
of
like
sibling
relationship
to
a
supply
chain,
and
therefore
this
is
an
attempt
to
find
a
term
that
would
encapsulate
both
of
them
and
then
so
that's
blueprint
and
the
other
one
is
just
like
and
that
when
you,
when
you
use
when
you
leverage
a
blueprint
to
make
a
blueprint
of
your
own,
what
do
you
call
that
the
thing
that's
going
to
actually
instantiate
the
blueprint
you've
filled
in
you've
customized,
I
guess
so
you've
personalized-
is
that
right.
G
I
think
the
first
one
was,
I
thought
I
thought
that
marty
was
asking
about
what
should
we
call
workload
deliverable
which
have
that
relationship
with
with
the
blueprint
objects?
So
we've
got
this
generic
blueprint
term.
What's
the
generic
term
for
the
the
objects
that
they
pair
with?
G
C
C
F
I'm
so
partial
to
the
like
cooking
analogy,
so
like
recipe
makes
sense
to
me.
D
F
I
Another
good
term
that
comes
to
mind
is
mold
because
it's
it
seems
to
fit
well,
it
doesn't
sound
good,
but
so
it's
like
a
mold
that
you
use
to.
I
don't
know
how
we'll
go.
C
G
D
F
We
could
do
it,
we
could
do
a
naming
exercise
right
like
what
we
did
with
the
name
for
cartographer
itself,
like
no
we're.
Never
gonna
find
a
name
that
everybody
loves
right
then
this
is
one
of
the
things
that
I've
learned
about,
naming
you
know
naively
just
like
we're.
Never
gonna
find
a
name
that
everybody's
like
yeah,
that's
it.
So
I
think
that,
like
most,
maybe
maybe
the
way
forward
here,
if
it's
not
pressing,
is
to
just
do
like
a
super.
A
Sorry,
having
some
serious
laptop
issues-
okay,
that's
great!
I
will
I
will
react.
I
will
add
the
action
item
to
to
hold
a
naming
exercise
yeah.
The
final
point
here
will
be
to
agree
on
the
in
the
calendar
for
community
sessions.
A
A
I
would
say
that,
having
our
last
community
meeting
for
the
year
on
december
15th,
we
will
make
sense
and
well
cryptographer
office
hours
will
be
on
december
13th
and
we
could
resume
on
the
first
week
of
january.
If
you
agree
it
could
be
a
second
week
of
january,
but
at
least
in
december
I
would
say
that,
two
weeks
from
now
it's
what
majority
of
the
projects
are
doing.
I
don't
know
what.