 We'll give it a couple of minutes to see if anyone else joins, and if we have some topics. Hi, Victor. Good morning. Morning, Taylor. Today is special day. We got low attendance today. Something going on. Daylight savings starts on the 13th. So that wouldn't be it. And good morning. I'll be with you in a moment. I'm just going to get my coffee poured. The meeting will be better for it. Sounds good. Right. Okay. Let me get the meeting minutes up and we will begin. Hi, Frederick. I posted the meeting notes. And if folks can add their names and. Any agenda topics not handed over to you and if you're now back and ready. Yeah, I'm here. Good morning, everybody. I just need to write so. Good morning. Welcome to the CNF working group for those of you who've come. It seems like six of us. So not a huge meeting and probably not a very long one this morning. Right. The upcoming events, the reason the daylight saving is in there is our meeting is tied to UTC. So it moves when daylight savings strikes. So come March the 13th, the meeting will shift, I believe, to nine AM Pacific, as opposed to eight. You know, that is how it works when UTC is what we're tied to. And similarly, it will shift the same way when Europe moves on the 27th, we've got that funny two week period when we don't. Everything doesn't work together. So set of upcoming events the usual rules apply. CFP is if you want to put a paper in then there are a few there the open source summit and well both of the open source summit have CFP is open so if you've got anything which you would like to file about CNF about NFV in general. So if you have time to get a paper in if you think you would like some help with that then obviously we always they're ready to help. If you need some need someone to bounce ideas off of or you want your right up to be approved but we're quite happy to help you along with that. We'll do the poll requests in a moment but I just wanted to mention because we haven't got there yet and it's been on my mind for a few weeks. The chairs are me Taylor and Jeff who unfortunately hasn't been able to make it for a few weeks because he's got a conflict for the three different domains me from the CNF creators developers. Taylor for the community and Jeff for the CNF users. The time is coming to an end in about, I think it's four or five weeks at this point. So we should probably send an announcement out and make it clear to everybody that if you would like to stand for the one of the co chair seats for next year, your moment is here now is your chance. We will get the details of that sorted I don't think we've actually planned it out just yet but we will get the process in place. Our mailing list isn't used terribly much but last time we did this then we asked everybody to post on the mailing list and I think it would be a good idea. If that went out to the, to the main list that everybody gets a chance to check up. Right. Pull request. I don't know what pull request we have so here comes a surprise. We have three. Count four. Okay, that's an auto generated one I see we do have a couple of failure failures going on so that will need checking before we merge it but I don't imagine anybody's got too much of an objection to that it's just a bot coming in and telling us we've got a CI to sort out because it's out of date. So, I guess Taylor and I will go and double check that and see what we have to do. Configuration best practices communities components you can guess how much homework I've been doing this week I haven't read this. As anyone looked at this so far I've got any thoughts on the subject. I haven't taken a look yet. I don't see anything too. I don't, I wouldn't call this comprehensive. But I don't think there's any particularly objectionable elements in here. I don't see much in the way of sources in the sense of this is why we should be doing it. This one created in a difficult questions why about seven days ago all right. Yeah, exactly seven days. And I added these he talked a little bit last week, and I went through the best practice, I guess, spec or template or whatever that we have, and talked with them a little bit about references and everything. And if you notice this is also under the user stories. Yeah. I think we all need to move over. I think it's a good start for the conversation around this particular best practice. Yeah, I mean I'm not sure this needs a user story I think we all accept that there are certain things that are considered to be good that you should do with Kubernetes. And I wouldn't worry terribly much about justification but if we did have some degree of sourcing to say this is why we think these are the best practices we have and why we haven't bothered put others in, then that would certainly help. But I would rather we committed it before much longer than made it completely comprehensive because something is better than nothing. Again, I don't see anything terribly objectionable here so. That's a good point. So I would say it should be moved over. It's one of the things which I already told them. And then the related thing is we should probably review and update what's required in the proposals best practice proposals area, because we do have some things that are required that we may not care about at this point. That's the first command at least. Yes, absolutely. I know we've got a document in a format that we should be using. I don't think that changes very much of what he's written I think it just means we cut and paste over to the format we'd like but yeah, particularly hard job. But yeah, I mean in general, what is that object to this all looks like fairly sensible stuff. Okay, so that's job one is a formatting problem, and then references if we can find them. I think that for him the pain references before we go through approving it. I think actually I'm not so bothered about that too but if we, if there are any obvious ones we can at least ask him. Maybe a resubmission with over to the correct area. I guess you know one thing that we've said but I don't think it may not be documented as we, we would eventually have the approved list of best practices. So it's almost like we need to have a section where they can be come in and be iterated on. And then hopefully they could be listed, or even moved into something. Well, yeah, I mean iteration is effectively a pull request on the existing best practice so that should be having a best practice to iterate on having this committed would would solve a bunch of problems for that. Okay, I think one thing that maybe this one needs is to be a more explicit name, because it's, can you go back into the file changes. So I think it just says configuration configuration best practices of Kubernetes system components yeah. So I guess your APS or security best practices. Is it one enabling disabling it actually is multiple. So this is multiple. This is almost like a synopsis of a set of best practices now that I'm looking at it. It's a whole bunch of best practices and we probably need each of those to be submitted as their own. I don't think it's necessarily a problem that a best practice has checklist items, you know more than one checklist item I unless there's a reason to separate them out into multiple I wouldn't but I mean the synopsis needs to be a little more mandatory, shall we say, nearly all of this is best practices for the purposes of security from what I can read here which makes which he's managed to put in there but he's put in there as a subtitle as opposed to the actual title. So if we, I imagine that's because he was thinking this would want to be broadened out. But if we actually get ahead of that and just say no let this will be the security best practice part and if there's more than, you know for efficiency for reliability then we keep those independent. Then we would basically be good that's how I would do it. Let's go to the very top one as example disabling anonymous request. Someone may agree to that, but they are they don't agree to that one but they agree to everything else so they don't turn that on. And then what do we say that they're not following which I'm getting to the point where if a service providers looking and saying which best practices are you following and they'd say oh we follow the configuration best practices. Except they didn't follow one of them. Disabling anonymous request or API authorization configuration. Yeah, the compliance document would say not only that they aren't following it but specifically how they're not following it so again, we would be covered in that circumstance it would be written down as to what they were doing it wouldn't be a I haven't checked this box it's I haven't checked this box because so I think I see where you're going. It would be nice if this were a checkbox and it was a simple yes or no but I think you're going to see this with any best practice that you know there are ways in which you can manage to not follow an aspect of what is advised as opposed to simply ignoring it. I think this seems like a list of best practices that someone could implement each piece independently and then within each of those like enable audit logging. There's actually a lot of different aspects that you could change on that and people may have different preferences that are like where are you going to put your audit policy file. So make sure that it doesn't stay on the house because then it can be accessed if someone gains or it or it can disappear, you know, there's a bunch of different things like that that I start thinking. But those are then implementation issues versus you better have audit logging enabled or something. If someone's going to claim that. What are you doing there are you saying that it's not detailed enough for you. I'm saying that each of these potentially should be their own document versus having them all listed. When you go and look at the user story section, like the supply chain attack. It seems fine to have them all split out until someone goes Oh this one's really important let me do a bigger right it. But this one seems like they're. They are being stated as here's a lot of different user stories. I'm sorry a lot of different best practices and each of these could be their own right up with their own references of why it's good. Yes, they could. Absolutely, but my question with that is, is the effort of breaking it down and the spreading of the information into multiple files actually making this more useful to us or is it just basically. Burying the information making it a little more complicated to use, because I think the result works out the same you would have to comply with all of these, or you would have to detail why you weren't complying with some of them. You wouldn't simply say I am not complying with security best practices and I'm not giving you any detail as to why, because we asked for that in terms of how compliance is written up. One thing would help with the. If we're going to say that people should do references which I think references should be a part of any of the best practices that forward, then it would be good if, if they're, if you're going to have multiple practices included in one document to make sure that you are a reference for each of them, ideally. Oh yes, absolutely. I'm still good, even though I kind of lean towards splitting it up. I'm good with having, if that happens, it could happen after the first iteration where we get this in with references in the correct area and not under user stories. Yeah, and then it can be decided to be split up or added to. Does anyone else have thoughts is a lot for me and then I hike you sure welcome. All right. Everyone can look at this one add comments. I'll remind Ben that we want to move it over. Although, I guess that could happen after the fact. We do what references I think. Yeah, I mean what actually if it comes down to I would want it to be moved as a first step. The references I would take as a wish list item that we can't have straight away. I can't see, I think one or two of these things could do the more detail like the credential type and detail, because this one seems to be asking for, you know, that that seems to go through things without actually saying you must do exit simply saying here are some notes that you might want to give consideration to so we can actually set it if we can set a threshold against it that that would be maybe a little more useful. But there are notes here that you could do X that in the passive voice it is very important. We just need to, you know, bring that back to a threshold, you have done this, or you are not in compliance. But anyway, all right well I mean, again, I like that it's a good first start. I think, obviously, I have some preferences for making it better but I wouldn't necessarily want to see all of those preferences dealt with before we let it in. I just think we should, you know, we'd be better off with it in and then improving it over time. Okay. Next. Oh yes. Yeah, this one's on my homework thing it's been sat here for a month plus and I need to do my homework on it so, but I don't see that it's getting more comments, let me take that and run with it. I'll pull request out and get the comments that Pankaj dealt with and deal with it most of what he said, I believe we agreed was recommended rewording to make it more understandable but I didn't see anything in there that was desperately needed to improve the content it's really just the comprehensibility that seems to be in debate. With a few rewordings then I would hope that's ready for commit, which means I'll take the work in progress label off of it as well. This is Jeff story, which apparently is now some getting old, so probably in need of actual committing. Yes, should be on the next call after the time shift he had said that he won't have a conflict. Good. Let's let's just hold off until next week and I'll you and I can bet the bag them to make sure he's on that one. Yeah. I'm not seeing again huge objections to the content just niggling reword stuff again so if we can persuade him to do his homework. But if we can persuade him to do his homework and do a rewrite on this, then I would like to think that we could actually be in a position to approve it next week rather than debate it, that would be good. But it doesn't again look like anyone's got significant objections. Yeah, best held until Jeff himself has a opportunity to comment on that is Jeff running tomorrow next week's meeting as well. I'm not sure sounds about right. I think he's got about a month of saved up meetings to run so that seems yeah we can take off. It doesn't doesn't matter but anyway yeah we'll get him to do a rewrite and if we can get him to give it the once over before next week's meeting then it's another one that should be ready for approval so. In terms of homework then I have my pull request to update. We'll see if we can get Jeff to do this one. Taylor if you can talk to Ben and see if you can do the work that's necessary on the other one and again speaking personally exclusively. I think it's got the right content it just needs as much as anything formatting with a bonus dose of references if we can throw it in then as well as moving it to the right location. Yeah, Victor, can you take a look at the air gap again and see if if there's anything that's blocking approval thumbs up. Pond ties messages were more of stuff that could be expanded on but not blockers. Okay. Yeah, I can take a look. I'm not sure what yours were but it may have already been addressed. Well I guess my, my comments were regarding other tools that I discovered. I mean, nothing besides having new references. Yeah, so there was one comment there I saw about a short definition. Just, you just passed it and from vector. Yeah, so this one here is Jeff talking about how you do license management the applications on top. And that's going to be a little difficult and asking for definition which I think is obviously worthwhile. I mean, what is edge what is air gap to I can see where that one takes us. Or maybe we can resolve that and maybe we can request the additional bad definition into the glossary project needs to appear. Yes. If you think there is a simple way of rewording this then obviously you can propose a change on this as opposed to to give Jeff some clues as to what you're looking for. If you think it involves clarity in the glossary then please stick a pull request on the glossary. And then we can get that in first and then just got more to work with whichever you like to do. But the, you know, let's just try and have this ready for approval by the end of the week and again we will go chase Jeff and you can certainly communicate with him in the channel and get that done. But it's been outstanding for plenty of time at this point and it would be worth our time to finish the job. Did we make the change on how many the number of members that we want for approval. No, I don't recall seeing that so talked about adjusting it lowering it first. I believe it's five and you were talking about making it three and to do that you would have to change the government's file. So, so then we need a back on that. Yeah. All right. But it does seem like a sensible plan because we're struggling to get attendance at the moment so. Yeah, this one we need one vote even. I think I'll give my thumbs up after this call. This one has no thumbs up I don't think that's right we don't even have one. No but we do have three people who've looked at it and actually it's more than three because I've read it enough times at this point. Yeah, I'm ready to give it a thumbs up. I was holding off to get more opinions. Well, the opinions do ask for changes so there's a little bit left on that well I say that some of them have obviously seen changes or at least there have been changes since. Yeah. All right. The little circle for on Kai and Victor, I guess, bill as well. They're circled by their names. The recycle button or whatever that is, it should re request yep. There we go. Then they'll all get notices and if they come back and want more changes they can request and otherwise we can move forward. All right. Well, we'll call that dealt with that is the last pull request so I can, I will work my way back up the stack of what we were talking about. Right, so that is the end of what's been put down in the agenda. Does anyone have anything else they would like to raise while we're all basically meeting. Well, the spring break I don't, I didn't know if that was. And you can move that maybe the very last beyond elections. The, I will not be, I'll be out for spring break. Okay. I'm not, but that doesn't mean so I wouldn't like a day off. So, I will take the judgment of the majority. Anyone else with preferences. I feel like we haven't got that many Americans here so spring break may not be a concern to everybody but I think if we march the 14th is literally next week isn't it. Yeah. Okay, so let's take that to the channel and make sure we actually have everybody's consensus. So here is, I don't care either way. I'm not going to say if there's not enough people coming then I would obviously cancel but I'm perfectly capable of coming along so. Ideally the next. Yeah, the next one Jeff real beyond to help me with some of those things forward. I see Lucina typing so if you volunteered for that. Lucina, you got audio today. Okay, let's let's go with. Well if Lucina does it then Lucina does it if not one of the rest of his needs to jump in but. But yes so we'll double check on that. It's not quite the same as President's Day but you never know. All right. And again unless anyone's got anything more to raise then that would seem to be the end of today's work. Anything else. No, and Lucina and chat said she'll take care of it so I think we're good. Thanks and thanks everyone else. Bye bye. All right, thank you everybody.