 Good morning. Good morning or afternoon or wherever you all are So I'm going to put the meeting notes in the chat If you're on a computer Please add yourself to the attendance if you're calling in say who you are and somebody will add you and we need two scribes if I Could have a volunteer two volunteers that would be amazing This is a going to be a working session So we're shifting towards having which we were doing about a year ago where we would have presentations every other meeting and then working sessions every other meetings so that You know people can decide if they have if they can't attend every meeting They can kind of pick the meetings that they want to attend to they want to attend And then we can do a little more prep and be efficient with our our meeting times Um, we the upcoming January meetings are visible in the planned meetings, which is above the agenda I'm very excited to have Jonathan Meadows who will be presenting open source training materials on January 8th And Justin Cormac have it has agreed to facilitate that meeting Would love to have people sign up for scribes ahead of the meeting and then we don't use have to use the meeting time for that Um, but uh, you know, we can always recruit people day of as needed so while people are gathering if you have We're going to do check-ins in the working meeting sessions So we'll ask everybody to talk a little bit about what you've been up to security wise Events you've been to things we should know about and then Also, feel free to take this time to add something to the agenda. I see that Some folks are doing that. Thank you so much. Put your name next to the item if you Have a thing And then if uh, I I'll talk about the intake priorities because that's my pr Although I hope Justin Kappos will chime in because there's a couple of discussion points. I updated the pr just now with notes With like most of the things that people have mentioned and I'm going to put the pr in here so um So let's just start with check-ins. Thanks ash. We need one more scribe I will start With a check-in all the most my name is sarah ellen if anybody is new um, I am one of the safe security co-chairs and um, I JJ dan and I are um Maybe you all have noticed but we are kind of taking turns with who is the responsible one to show up at meetings Or make sure that we have a meeting facilitator. So um, I volunteered for um, december january and so um, jj and dan Will attend when they can but um, but then it gives you know, it gives us a little um Ability to um, also attend to other things in our lives. So um So I think all of my other updates are on the agenda So next I will ask emily to check in Um, I am coming back after not being available for these for a while. Um I've got a couple updates already on the agenda that I will talk about later Great. Thanks, emily tabatha I'm still just getting my feet under me Um, do you want to I think you you're um, I think you're new to the group since kubekan Maybe we should each say like what we a little bit about any affiliation or what we do here at the sig Emily, you want to go back to like Your role just mention People know your Although we're gonna come in the agenda So yeah, I'll let it go be that I'm doing a couple of different things so far I've been doing a lot of the governance and documentation updates within the repo as well as the security day stuff with Michael and a few others, but I will talk about that later Thanks, emily tabatha Um, I really only represent myself and at the moment I'm just kind of seeing what's happening and seeing You know in what ways I contribute in the in what ways I can contribute meaningfully in the Time that I have available in my you know personal time So, you know, I'm interested in in doing security things and uh, you know in a lot of Advancing what's going on with attacking Kubernetes Great. Thanks, tabatha. Justin kappos I'm Justin kappos. I'm a professor at NYU for those of you who don't know me. Um A big piece of news today is our tough project Reach graduated status that was officially said so hooray And yeah, I also do things related to security assessments and have been working stuff with the landscape But both of those are on the agenda so we can just wait to talk about them Great Brandon lumb Hi, um, I'm Brandon. I work on tree out related things as well as um, I participated in some security assessments with the sick um Some security related updates. We just got encrypted containers merged into cryo So if you're using open chip, you can actually play a bit Uh, other than that, uh, I think most of the stuff that I want to talk about is in the agenda as well I've been working with jesson kappos on the um new landscape stuff super jesson kormack Hi, um So, yeah last week I was in seattle for the natury v2 concertina signing kickoff. We had Lots and lots of people there. Thanks for everyone who came and everyone who died. I think we'd um 16 people in person which was great. Um and So it's a collaborative effort with amazon and microsoft red hat vmware um jfrog and other uh docker and others to basically um Get um makes and changes to nature to basically Make the the the primary aim is to have Signatures in as in registry artifacts so they can be moved around But there's a whole bunch of secondary Requirements and we're doing requirements gathering process at the moment. Um, I'll paste the The working dock link in from there, but um, yeah, it was really nice to see so many people come together and work together on Other cnc project which is pretty nice Hi billus um ash I'll take notes while you talk Hi, so I'm one of the maintainers of the open policy agent project As far as updates are concerned not too much this week I'll be a reviewer for the cloud custodian security assessment And also I've worked with the SIG on the opa security assessment in the past Thanks. Thanks ash robert Hi, yes, uh in terms of update. We're trying to get the falco assessment kicked off. So, um kind of coordinated kickoff call January 6th And uh, also available to participate in the cloud custodian assessment as well Super Um, andrey vegas Thanks, our andres andres vega. I put the answer the wrong place Thank you. Dalligan from the road. I am product manager at sidetel currently involved in the soft assessment for strippy inspire New to the group since kubecon very interested to participate and contribute work to Landscape trail map work as well as any secure by default efforts that the group puts on Great. We are always brainstorming on how to be secured by default while not preventing everything Um capo Did I pronounce your name right? Coordinating courting all the meat buttons. Uh, so my name is capil. I work at amazon on the open source team. I'm also the primary maintainer on clock custodian and Uh, partly just trying to get used to the process It looks like we've got a bunch of people signed up for reviewers But we're still looking for a way to secure your review if anyone has time in in early january and yep General focus on security is trying to secure cloud control planes Great because none of us want our data leaked anymore Yeah, it's it's important stuff Um, and then I don't know I if we have anybody from any of the um partner sigs or working groups I didn't hear anybody chime in there Um, I will just uh from policy this is robert from policy work group We did talk about cloud custodian Um, and I think capil you presented to us a few weeks back Um, so there's interest, um, but we're a small group So I think I'm probably most of the bandwidth that the group has but we'll try to get some other recruits Um, but it could be it could be a good landing place for the project eventually Thanks one other update. Uh, howard has put forward a proposal for kud con For an our back discussion Um, so I don't know when they start giving feedback on those proposals But as soon as I get it, I'll relay it here right because the CFP closed Yeah, yeah, he got it in just just before the deadline So I don't know how long it takes them to to give up the thumbs up. I think it's mid january From memory. Okay, great I'll give an update as soon as I hear Great. Thanks for that update. You provide a little glue between the afternoon meeting and the morning meeting um so Where is our oh our agenda's at the top so now, um security assessment status, um, I am going to share my screen Right. So these are the minutes Um, there's a pr That um, I really appreciate all of the feedback on um, this I think we talked about it when it was a google doc sometime back, but that was a quite a while ago um, we for those of you who are new, um And most of the group is new since this started about a year ago Um, we started this assessment process Um about a year ago within toto, which was at one point um proposed as a precondition to new projects entering And then there was great discussions about how we prioritize these things and the toc was new And so lis who was appointed as our toc liaison and joe beta, but lis was the one we had a first meeting with um Suggested that we go forth and not be blocked by the fact that the toc hadn't determined priorities and so we worked through the process and we did in toto and opa and now we have a um A Prioritization rubric. So I just wanted to go through it. Um to see if um, you know, there's any feedback Which I think Here we are at So what We've um, we're changing the read me To have A list of ongoing projects because we needed to Refer we we didn't want the information about who was doing what Like buried in various documents of the repo. So the read me is where we keep the list of members So I added um The before I added this list of ongoing projects So I sort of filled in other projects as well so that um, the policy team is highlighted here. There's an open pr which is describing the policy team um That hasn't finalized yet. So this was kind of a comment from that pr that I just figured I'd pick up at the same time so to surface that security assessments isn't the only thing we're doing and then um related to this pr is um That justin capos is the facilitator and now we have a co-chair representative. So the idea is that Uh, and this has been happening informally, but of the three co-chairs If there's anything that you know, if anybody has a question that needs to be Either from the toc about the security Security assessments or from the security assessment team to the toc that i'm You know, we have these chair syncs with the toc liaisons and generally the chairs Um attend the toc meetings. So then that should streamline communications Of course, anybody should feel free to talk to anyone But then i'm the official point person If it comes to either contention or just making sure that communication happens by mentioning things in the various meetings that i'm in so um So then that's basically establishing the fact that there will always be a co-chair who is you know the responsible one um Of course any chair um can chime in and help but it's good to have So that we don't rock the ball have one of us be responsible to the group um And then um and then jj has been doing this informally where he syncs with howard on the policy stuff now and then and so we're kind of Generally having this um and this is reflective of the project process That is um described as somewhere in our governance so um, so then oops So how do I navigate this thing? Oh, so if I go to security assessments Then a break we're in this context. So now there is an intake process document and um There's a lot of words here. I welcome reviews, but I think we We need to go through final word smithing, but basically this is the highlights that um A a precondition to starting an assessment is that the project is either already a CNCF project Or it needs to assert That it's cloud native So we're still like It's not like we have a really clear definition by some people's perspective Some people think it's obvious what cloud native is and When it comes down to it And some is if somebody asserts that's not so cloud native then Usually there's a little confusion there um, so I think that um, you know, that's something we'll just iterate on that definition and then um The key thing that is actually blocking most of the projects right now is that There needs to be both an identified project lead And a written self-assessment and those are sort of the external things So that once those exist then our security team um, like Comes into action um, and just and maybe can chime in a little bit about how that happens um and then um The priority so these are the priorities we've agreed on with our toc liaisons, which is um The top priority which actually has never happened But we want to reserve the right for the toc to say okay Here is our top priority put it at the top of your list um And with the agreement that they're not going to interrupt something that's ongoing This is just for the q of not started things um So they can just request that something jump the q or be inserted in it And then but generally we don't we have not gotten very Um pointed feedback from them. They're just like great. You're doing stuff And so The other the next priority is that if something has already received a security audit We Are generally De-prioritizing them But if a year has passed Since their audit and we want to like Pay attention to them so And this is more of a bootstrapping because This assessment process is new a bunch of projects already had an audit when we started this process um and then um cncf projects that request a review are next right or they could be invited by a sig member we could just May occasionally want to or need to do a little outreach And then they're generally prioritized by project maturity. We do graduated projects before sandbox And then lastly we are um You know, it's totally fine if we decided it's a good idea to do non cncf projects or for them to approach us We would just prioritize cncf ones about that generally So um, and then there's a little note about this annual review all idea There was some discussion should be bi annually or so forth I kind of think that annual is like it's more likely that somebody was around who did it last time and um I think that for a lot of projects that may be just a Hey every like the project says Here's a pr updating my assessment and somebody says okay, you fixed a few bugs and it all looks good, right? If there's no features added there may it I expect it to be a very lightweight process and even some features may not really affect the assessment itself um, so The big news is that we now have a github project That um, can I jump in and just say one thing real quick, please All right. I our goal with all of this isn't to have there be like a big um bureaucratic set of rules that follows every possible way of doing it. It's just to give some like loose guidance. So um, don't interpret anything said here as um We have tied our hands in a way that we shall exactly do only these things um Like fundamentally for instance, let's say that the spiffy spider assessment, which is about to start You know, um, we have a hard time getting the lead reviewer for it and you know Some other project comes along and we have all the people ready to go You know it You know, I don't think these guidelines say exactly what happens in that case and that's good because you know We'll have to play it by ear We may have multiple assessments going on at the same time Even if the groups are disjoint or if the load seems reasonable or one stalls So just treat these more as thoughts about how this might go rather than You know a shall must You know a sort of thing in terms of a standards document Thanks, Justin. I think that that's a really important point like we're trying to get things written down to help People understand generally what we're doing and to get to align us so that we can just you know Sometimes it's non-controversial and we just are like, okay. Well, how are we going to arrange these things? um, typically It so far it's been fairly non-controversial um But it you know it sort of establishes guidance. So are there questions about this priority list before I go on to logistics All right, so we have I think the biggest question is We should just have people comment on the poll request with all the questions they have and things like that Or just go in and do that, right? Yeah, absolutely. I just thought sometimes there's uh Just depending if anybody has live stuff Cool. Yeah, so don't be shy to weigh in and do that. Um, you'll see a big chain of those kind of Edits from a bunch of people already. So and actually they're Speaking of that There was a comment from you Justin that I had A question about Which was um Way at the bottom here That's I think a detail I have to find So, um This is about the security audit being higher prior the projects that have received a CNCF security audit I guess it's the um Two versus three Um, and like what I wanted to I I'd be rich is sort of interested in different people's perspective on This not that you know, like we Like Justin said, this isn't like super important. Just good to have feedback um Where I think mostly we're bottlenecked by Bandwidth and getting everybody getting the whole project together, but like If they were a project like spiffy is inspired come to us and they've written a sales assessment and that's um That's a big unblocker, but if there was another project, right? I guess it's been about a year Since we started this process. So almost all you know, we've got a queue of like five projects that have received audits but haven't Don't have an assessment and what I was thinking is there's a value to The assessment which is completely different from the audit and And some value to having that body of work um, whereas something that hasn't Given like much attention to these security things the assessment is a lot more work and so I was kind of thinking these would be like sort of easy to knock out But maybe that's not the price like so there's like there's the value to the project And then there's the value to the outside world Which wants to take a look at a a number of projects and be able to assess them quickly So and let me be clear about my my comment. I'm not saying that three should be higher than two But I don't actually think an order here really matters. I mean, I think Saying these are things we could take into account and we'll adjust Makes more sense than trying to decide on a rigid order now when We haven't I think we haven't seen enough it if if this were becoming a very politicized problem that Projects were fighting and we needed someone to step in because there was an issue then I think I'm all for then trying to set up a process, but I think we're kind of trying to Put structure around something that I think that I think I'll say that I think that fairly soon almost all the projects will have had a security audit so it won't be so relevant Because they're going through them They're going through them pretty quickly now So I talked to so if there's only been about Six and there's like 35 projects. No, no, no, there's there's there's at least 10 Well in any case there are a lot more audits to do Then have been done and what I talked to chris about chris a about um in Uh A kube con is of making because now he's got a whole queue of audits, right? And that it would potentially streamline the process to now that we have an assessment process to say The next person who wants an audit to do an assessment first And then we can get into that pipeline kind of thing. Does that make sense just in karmic? Yeah, that would make sense. Yeah, we could do it explicitly by that. Yeah Because it like sort of the the assessment queues up the like initial narrative of the audit in some ways Yeah. Yeah. Yeah. Yeah. No, I think that yeah, if we coordinate it I think it was a bit of a problem with falco where we almost did them simultaneously Yeah, that's sort of like it's in this cost of us getting our process together great any other thoughts on this Thanks, justin capos appreciate your both of both of your justin's perspective on this so um justin capos and I got together earlier this week and um Made this project where we the idea so we have these blocked ones which are generally blocked by It's you know, there's a tag for need self assessment If it becomes a contentious if it comes in bottleneck, then we could have like need lead reviewer Right now. There's a small number of them. So you just look at the issues and figure it out um And then spiffy spire did their um self assessment Um this week. So they're now in the backlog um and so Justin capos, is there anything that you want to like sort of chime in on on things that you would like People to do or help with or just perspective on this thing I'd like people who are interested to please go on these issues here um the assessment issues and Say, hey, I'm willing to do this. You do not have to be Experienced in this since there's only two of them that have been completed There's a total of I don't know six people or something that have ever done an assessment So don't worry too much about that Even if you feel like I haven't really audited code or really know what to look at or look for Even just saying hey, I kind of know what I'm doing But I just want to help out as I can that's useful because you know You'll build that skill set and then you know by the time some of these other projects are ready Maybe you're ready to take a more active role and maybe even lead a future assessment And then do you know by memory justin which ones are in particular need? I think Um, I think we ideally want at least one more person for spiffy spire Um, especially because I I did almost like the prototype of this myself um So I I think this will be a pretty easy one to do but um like it's a I almost didn't want to be on it again because I've already kind of You know given all my feedback Past but I also wanted to do it because I wanted to see how easy it was to redo it and how much the project had changed Um, so having at least one other person on here. I think would be really helpful as an additional reviewer Uh, the other projects were missing a mix of things in some cases. We're missing a lead in some cases We're missing a couple of reviewers So, you know, just uh, just take a look and see what's of interest and we'd love to have people Jump in and and help out. Uh, and I appreciate everyone who has already volunteered Um, one thing that we will not do if if you end up do end up signing up for two things You know or something like I think I have We're not going to go and try to make you have to do two things in the same two weeks or something crazy like that um But you know also don't do that for everything because at some point we might try to do at least some minor parallelization But we'll keep in mind who's on what as a way of prioritizing it and then um A few people have asked whether we're doing stuff over the holidays and my assumption is that we won't really kick off any Of these assumptions until the new year or somebody correct me if that's not correct for one of these If it's the case that that brandon and evan Are excited to work over the holidays and that you know because they're going to be doing this initial dumb question phase They can kick that off whenever if they want to wait until after they can wait until after um But like emily myself and whoever else A chimed in and wants to join will be will be helpful In those early phases, but most of our work will go A little later in the process Yeah, so i'm going to be probably traveling in the next couple of weeks. So Um, it's not a good time for me to kind of be I'm responsive then so um I I think That probably after the new year. So the first couple weeks of january. So the first week of january. I'll be free um, so if I'll coordinate with evan and And brandon, I know we have this sort of weird before the holidays things But I would love if you would be willing to be a little bit of a guinea pig to pick the moment the pick the start date, right? so that we can track how long it takes because we I think we're working on um, um, like Having a reliable timeline for these things This will be a weird one though because they've already effectively done this almost like the assessment before Yes, and Yeah, okay. Okay. Sorry the things that took a long time were due to In the in opa in my mind were due to our lack of coordination at the end about like who is doing the slide thing and so forth So I think there are some optimizations that have nothing to do with the content But our like handoff and who does what that um since brandon has also been very involved in like Working on our repo and our triage and the github issues. I think is really well positioned to like anticipate where We might not have a clean handoff and tighten that up because this should take much less time but Like we will have to make sure it doesn't all right, so please chime in on things and now To the next agenda item security landscape update, justin Okay, yes um, so I worked a bit with brandon on this and also had some nice feedback from A few other folks on a really rough write-up. We did Basically the update I wanted to give is number one. We had discussed giving a broader update at this meeting and I We're in agreement that we have a good concept and we're really happy with it But we actually want to flesh it out a little more than we've been able to So we'd actually like to request that Amy or someone at the CNCF Get us a little bit of someone who has some of that Nice kind of javascripty foo Thing where we can do little images that you click on that expand out and talk about things as part of the process and so if that is something we could arrange then in You know, I guess depending on uh, since we're going to be busy with spiffy spire depending on Like how all that shakes out, but I feel like we could get something together to show the group pretty quickly just doing You know 10 percent of the actual work that would need to be so people can take a look at it and And then understand if they think the concept is is really solid But it's one of these things that you know either that or I can spend 30 minutes trying to explain to everybody with post Cart post it notes and stuff when otherwise it would be like a 30 second thing you play around with So I think getting the CNCF to do some work To help us would would be a good ask here so I think we need to Maybe we can like offline figure out what that is but like, you know, just also like does the group want to hear Anything more before we advocate spending I think we have people on staff who can help with this but Just in terms of priorities and you know, I don't think we have anything else we're asking for money for but for staff time for um any feedback So is the idea to hold off from seeding content? Once we have a framework to present it in or Yeah, so what we'll basically do Yeah, what we'll basically do is take a small part of Like what would happen in a cloud in the cloud native landscape for how this would all work We'll do a very tiny part seed some initial content that ends a draft To show how this would look how this would work what the utility of it would be And then if we all like it then we go ahead and we flesh the whole thing out and if we want to make changes It's easier to see Um the limitations and problems and ways in which we make changes with something that's more concrete rather than You know look at you know, imagine you have this post-it note and imagine you have that post-it note and so on kind of thing So yeah, and so for folks who are new we um about it I don't know nine months ago or so Small sub team came up with a security landscape structure. What are the categories and our goal was to make it so that More often than not one project would be in one category, but that these are Are these are kind of different way of looking at the whole cloud native security landscape of cloud native land It's completely different from The cloud native landscape because we want to sort of look at the security projects and potentially the non-security projects differently, right Would like you know kind of it's not like security and policy is one thing Right, there's many things and people need to know how to apply these projects. And so this has been Different people have had different perspectives and and On that maybe this is a good way to look at it or maybe these categories are explained well and so By I like this idea just in which if I'm interpreting this correctly Is that you you and brandon have some different? ideas about how to adjust the the buckets and the landscape structure And that it would be easier to talk about it if there were projects in the buckets That that's true. It's it's a bit more than that It's um and I think it's one of these things easier to see but it'll be an easier way for people to find things an easier way for people to understand the pros and cons and an easier way to just sort of locate in and wrap their head around what They should do from security what security products protect against what they don't protect against and so on in the cloud native space So like I said, we're going to do this for a tiny part. We're going to do this for things that are kind of in the CICD like, you know Get development stuff like that stages of it because it's just easier For us to to work it because that's part of wherever our expertise is And then I think then it'll become a lot clearer like the way we've been this and how we're cutting things Great, so it's sort of like a prototype of uh Exactly Brandon, do you have anything to add there? Yeah, and I think another kind of um direction that we're seeing if this is by looking at the processes Of talk native and how security advice is this it kind of provides a good foundation for If and when we want to write a white paper as well It let us give it gives an opportunity to think about a lot of the the details there Um, yeah, I think that like we that's a that's a good thing to raise The the idea was that the this landscape or the Or some thinking from the landscape would go Into the white paper. So they're kind of dovetailed together And we haven't quite figured out like are they cross linked or is part of the content go and one or the other but it's Part of the point of the white papers to understand the landscape. And so they're very related great Um, anything else on that topic? No, thank you. I need a drop though. So thank you. All right. Thanks Justin. So um quick Call out for help on logistics. Um, we don't have to spend a lot of time in like in like in less people have great ideas, but like If we could have an automated Markdown linter with link checker. It would be amazing I don't know if people know of these things or somebody would volunteer to look for one But um, the we we're a bunch of technical people with tools Yay Um, thank you I'll I'll write up an issue with the kinds of things that we um are looking for And assign it to you or you could write an if you would open an issue Then I can assign it to you Otherwise I have to get you to comment on it before I assign it to you Okay, I'll go ahead and open it. Thank you um, then there was a uh Comment on the chat that maybe there are some transcription tools we could use Instead of scribes and I was wondering if anybody knows that Robert are you here still? Yeah, well, I know aws has one But uh, obviously it's a commercial tool. So I don't know if there's anything open source or We could you know someone I could kick in some money for a commercial tool. What does might make it easier If there's a commercial tool that's you know, well, it's a reasonably I mean I think we should look for open source stuff because we're kind of open sourcey But I you know, we use open, you know, we use netify which we pay for We use I mean, I don't know. Maybe we're under their open source license, but the cncf does pay for something so um And then some of the commercial tools will make them free for open source Products open source projects and nonprofits So, um, that could be looked at would you are you volunteering to look into that Robert? Uh, you sure right and I think capill you're from aws. So I don't know if you're still on but maybe we can Chat offline about what Sure And Robert will you open an issue? Yes So Before I get to the error, but there was a pr that you open about the transcription stuff Um, what's that from the service that you you mentioned that cncf provides? Well, that's um, we used a service. Um, and so that If we had that that's very asynchronous like you put in a ticket and you know, you put in an order and you get it within 24 hours um I think there are also real-time systems that may be lower quality but maybe But as good as any of us typing um, you know And so I think that'd be like I think there's a there's sort of two aspects of it, right? One is the real-time meeting notes kind of aspect um, or just getting it automated so that It would happen at post meeting um, so I think we The service that I we were using for that is not practical for this It's not just expense. It's also like having a human who has to go Submit a ticket and you know the back and forth. So we were only doing that for presentations where it's really high value And the idea is to take those transcripts and turn them into something that would be a page on our microsite um But if we could do it routinely both in terms of it's if there is something that was more real-timey or less expensive Or we could do it in an automated way um, right after the zoom meeting it You know real-time would be amazing. We don't need as high fidelity for something that is meeting notes as opposed to presentation Well, so we upload the meetings to youtube and I thought they had some for transcription facilities as well We have seen that on youtube as a user, but I haven't seen how to make that happen. So maybe People could if you if you're know of that Maybe we can chime in on the issue and we can sort of take our collective knowledge Because I think also that sometimes I've looked at things several years ago and then new features appear And I'm not aware of them. So it could be yeah that we just have to turn on a checkbox on youtube, which would be great um, so uh, so yeah, I think a little google searching and Looking at what options are out there would be very fruitful um all right, so yeah, um so being at the at the end of The globe now I get reminded about meeting times being not very practical for the east side So I'm wondering whether I know we talked about this before a little bit where we wanted to rotate the time so that We could get some participants from asia, especially, you know when we have the cube cons in china so I am wondering whether You know how we should go whether we we want to do this and whether we want to kind of like Maybe do a rotating thing where you have a meeting Um in one time zone and then just like two set times and this would take between the two of them I think it would be amazing to be more geographically inclusive. I've just struggled to know how to manage that um one idea that I Like I just thought of while you were talking I'm curious what other people think is it could be like a round cube con because we have like we tend to have cube con centric conversations before and after cube con So you could say that like A month before and two months after or like whatever the right interval is We sync with the cube con time zone I like that So then this meeting would like rotate it. There'd be like three times that we pick as Friendly to the cube con time zone plus another Right and then we could make sure that we have um like so like I like we've been talking about like How like dan's chair um Term he he he picked the short straw And he will be or the long straw. I don't know. Maybe I got the short straw. Any he's going to be um his term is up in um the mid year and You know, I think in my dreams There would be a future where we we have a chair from They have chairs across different geographies, right? So that It's so that everybody doesn't have to travel across the worlds You know, I don't know Then it's sort of like it it sort of helps the the local events and now they're doing these um forums So what do people think about that kind of? synchronization and rotating around the time zone Or are there other ideas about how to make it feel more stable? It seems relatively fair and motivated by practical concerns Okay So I think we should make it brandon would you I think we should make it a suggestion on github Yeah, make sure that we get input from people and would you Volunteer to actually pick some times That are like and how exactly it would work. I think it's just you know There's a lot of different ways to make it work that would be fair and appropriate I just You know, somebody needs to write it down Yeah, I'll create an issue with kind of like the generic problem segment and then Well, I try and figure out how it will work. I think if if we get ideas from people that'll be great as well great Super Did I hear somebody else say something? Okay cloud native security day Emily Um, so we wrapped up our retrospective a few weeks ago. My time is a little weird But we finished our retrospective. It's linked in the meeting notes for anybody that wants to take a look at it We had some great conversations about how we can iterate and improve on the next one for kubecon europe So take a look there You there's also a new ticket number 305 also linked in the it's coming text So if you have some more ideas About what we can do to improve it that we missed in some of our feedback feel free to comment on the ticket We'll be going through them We're looking to start scheduling timeframes to meet up and take how Take the information from the retrospective and how we can apply it and incorporate it into the kubecon europe I see that there's a comment about red team blue team demo session. I think we had that in the original ask not specific to chat ops But within the submission content and i'm i'm not clear if we got anybody that was interested in it But definitely comment on the ticket with that information Thanks Any questions suggestions? thoughts for cloud news security team And is this a link to the github issue Can you link to the github issue about? Um the amsterdam cloud news security day so that people have Other questions like a chairman it's there in the Meeting agenda under it's coming Oh, okay, great The if so right now, I believe Michael and I have both agreed to Coordinate and plan and run the event again But we are definitely looking for more volunteers to help While it is it was rewarding to see how many individuals gave submissions to it Trying to cram and a few people reviewing all of the submissions was a little challenging So if you're up for volunteering on something small like reviewing submissions with us Or assisting with planning or even day of coordination and all hands on deck that would be fabulous Please also comment in the ticket We also have this idea. I want to mention to everybody that um of having more of the sig members like actively participating and like distributing them and like having some responsibility to Be there as somebody who would Um kind of be visible and tell people about the sig and connect people to each other and so forth We haven't quite figured out what the responsibilities are but um So and also the cncf does do travel grants I think it might be an opportunity for us to kind of reach out to our members or prospective members who are in europe and See if that we can have good representation of the sig there And if there are people who would like to be involved and willing to volunteer who You know might need some financing There are grants if we get our act together early enough to ask so I want to kind of put that out there Um for the caveat that you know like emily and michael are still working on like the what and the details but if people are if you or somebody you know is in europe in the region And is like I don't know if I can go Because my company won't sponsor it or you know Like financing would matter Then um, then definitely would love to have someone help think through how we could organize some You know that um though anybody who's been active certainly can submit a travel grant to cncf and We'd be supportive at least verbally supportive of that all right any um Last announcement so we're eight minutes before the hour we can definitely end early But I want to give a chance to open the floor if there are questions that We haven't covered or thoughts that people want to add or announcements All right, thanks everybody. Oh, and we will not be meeting on christmas day In fact, we have canceled the two next meetings and so our next meeting is january 8th Thanks everybody. Thanks ash for taking notes Hey Great job ash. Thanks