 All right, we are now recording. This is June 14th. Tim is passing to you. Hi everyone. Today is June 14. This is the sandbox reviews. So let's just get started. The first one is cluster PDA. The cluster PDA is seems to be in the multi cluster space. And say if you have a lot of clusters, then they help you find where things are. Has anybody looked at in depth? It's pretty early stage. I mean, it's like six months old. I was just going to say the idea looks good. It's more like a discovery thing to see what's running in which cluster. But I agree also because like one contributor basically has all the commits and there's a second one that starts to pick up but it's been like all the rest is very small contributions. Yeah, very young, but it seems like a well situated project and I can see a need for it in the space. The only concern that I have is around the resource editing capabilities and the access control associated with that. Because originally reading through the documentation sounds like it's read only so it's a stateless checks and providing that information back but later on it starts to discuss the ability to offer command and control over those resources and I'd be very curious as to how they propose doing that and what sort of access control mechanisms they have a plan for integration. So I would recommend that they talk to the stag if we choose to accept them. Yeah. I do that one person is doing the heavy lifting here iceberg. But I think, you know, there is a decent idea that we should give it a shot I think. But there's a clear use case there also to synchronize resources across clusters. This is something they stated to start this is everyone started with this. And we do have two repositories. Yeah, this makes sense. One person may have done the heavy lifting. And the other person has more than 10% of the commits although I haven't looked at lines of code and real code. But there are some other people coming along and it like others have said it's a legitimate use case. I didn't realize I guess I need to go look deeper about the editing capabilities I only went through the viewing capabilities which is where I'd seen the need. So yeah, I agree they should talk to the security tag just because when you've got, you know the ability to edit across all of those clusters. That brings in a lot of opportunity for security issues. So, are we ready to work. Any other thoughts. Hang on question. Are we voting, or are we going to have them go be reviewed by security tag. I think we can accept them and then they can talk to the stack. There is no rush. Got it. All right. The vote is open. I need to. It's true you need to find chat. Yes. Yes, I don't know where to look. Okay, plus one. Yes. Okay, now I found my chat window. 123456. Harry waiting on you. Yeah, I'm back. Yes. I need you to vote on plus to be here please. I'm right now on my phones I'm trying to figure out how kind of do that. Yeah, you can voice it and I will cast it for you. How's that. I'm supporting all these projects actually. Okay, so that is a plus one. Yeah, it passes. Yeah, okay. Oh, okay. Thank you. Thank you, Harry. So the next one is called tone buckle. And actually there is one more project from the same people. I think it's a palette. Those two, I think we need to take it up together. Is that okay with everyone? Sure. Yep. So this provides a policy model. It's, it's. It's, it's literally. Got under 100 commits. Less than 10 issues. No PRs and it is extremely early. No stars. It's the way it's developed. It's just been developed in a couple of spikes. Yeah. Right. Without active. Like it had only had a minor change, I think to see I in the last bunch of months. So it doesn't look like it's even being actively developed right now. They have no forum for discussion or communications channels as well for contributions. Just issues seems to be the only place for it. And even the issues, they don't seem to be managing very well. It seems to be from CNN. The only issues are from themselves. Yeah. I was also going to say like that even the action implementation, it looks more like a cap to the schedule or. Right. And they also talking about Q fed as well. Right. Which is kind of old. Yeah. It seems like a very specific use case that maybe they had internally and they wanted to open source, which is admirable. But at the same time, comparing to other projects. In the last couple of months, there has been no contributions whatsoever compared to projects that we reviewed earlier. Like even it's been on the market for six months. We had contributions from several companies. And there is like a very kind of visible disparity. And I think that's one of the things that I think is important. And I think that's one of the things that I think is really important in the interest from the community on this one, on these two ones actually. I was, I was thinking if there is a possibility for them to cooperate with one of the committee six more closely and maybe have a cap around it. And hence bring this overall rather than just having as an independent project. I'm trying to understand how it will survive as well. Because looking at the road maps. I can see that. But like what's next because I feel like it's going to struggle to, to have extra enhancements to itself as a project. Yeah. And for pallet, I went and I looked at it because they talked about Kubernetes scheduling and I realized they never showed up in the meeting minutes for sig scheduling over there either. So it doesn't look like they've engaged with them as far as I can tell. Yeah. So let's do that. And the state for pallet, just to add the state for pallet looks very much the same. And all it does is an implementation of co-scheduling or gang scheduling. There's other projects that do that with our maturity. So it's not filling a hole or anything. So they have three people to talk to one is the CNC of working group for batch. And the Kubernetes working group for batch. And the six scheduling in Kubernetes. So we need to tell them to. So I would also add that pallet should probably talk to security as well. There is a potential use case with that to schedule a security pod to execute scans. But you can do that with any of the other scheduling opportunities. Yeah. It's a batch. Sig scheduling and six security. Yeah. And the projects just don't look very active. Right. If something's going to move from sandbox to incubation to graduation. I like to see a project look like it's going to be active and have a life. And if it's just going to get the occasional work done here or if it was done out as a proof of concept and now it looks really cool, but it hasn't found a place yet. Like what's going to happen if it becomes a sandbox project? Is it just going to have that same thing and then linger and wait for it to go away? Or is there going to be something that's going to lead it to incubation? Does it have that opportunity there? Do we see that? And I'm struggling to see where it would go for that right now. So my first reaction here is like if they can do caps and if they get things into existing projects, that would be the better fit rather than having a standalone project for a smaller use case. It's better to be part of a bigger, larger story for them. Okay. So can we move on to the next one? That's fine. Moving on. So the next one is open cost. This seems to be, the cube cost is the company and open cost is the project name. Yeah. I had a couple of questions like, like clearly the project is seems popular and has traction. There's, but there's two parts. One is that they mentioned a specification for open cost and then the implementation. And it's, it's also not clear if open cost is the full cook cost or if it's like a bit of a cook cost. That was the only question I had is like, what's the relationship with cook cost moving forward? And I think being kept only into cost that is not an open cost. Thanks. Yep. I would agree. They look like a well situated project and would be a good candidate to engage with the environmental sustainability working group. Their contributor file is pretty robust, but they don't have any community meetings scheduled or at least discussed at all. I read somewhere that open cost is the engine or something. I forget exactly where I read that. Yeah. I also understood that there's like the specification and then it's like the reference implementation. But it, but it's not clear. What's the relationship cost. So that's actually a good. Good thing to call out since the, since this project both includes a specification and a reference implementation, the intent is to keep them as a singular project. Correct. Instead of breaking them apart. Because we have, I think we have a little bit of both within the foundation where we have just a spec that's its own project and then a separate one as a reference implementation. And none of the cases are merged. Yeah. In this case, together would be the better way to do it. I'm sorry. I think all the specs have a reference implementation. There might be a separate one as well, like with notary and there's still a reference implementation as if I think for all of the specs have, have something that's at least a reference implementation. So I think this kind of fits on that point of view, but there's different. There's kind of different views of what a reference implementation is, whether it's designed for production use or it's to test the spec. I think all those things can be worked out. Right. You know, we can tell them that he, they come on in as a single project. And let us know exactly which part of. Cube cost will be coming in. Yeah. And from this, you know, they're actually getting active contributions from people outside of cube cost the company, like from Stack watch and bolt software. They're already actively contributing to it from outside. Yeah, definitely. I agree with that. Yeah. I think it's a lot of, there's some momentum on the project, even at Kupcon you can see people talking about. Yeah. And the other thing that I like is that, that they're using so many of the other projects. That we have here. So. I had one question in regards to the management of the project because kind of a separated from cost initially and a lot of members and a lot of like of contacts, they refer to keep cost. Do we want that to be separate, like to be open cost only and it has like its own management community rather than allocating that or for it to follow under a company overall. We normally deal with that as part of onboarding. So it's not fully separated now. Does it mean it's going to have its own organization in GitHub or we're fine to live it within the Android? No, it would have its own organization. Amazing. That was something which I was, I do remember we did something about that, but I was not sure if it was during the onboarding process, but as long as they kind of deep brand, keep cost as much as possible, especially when it comes to, to the kind of the contacts and reaching out. And I think that's, that's a good one for me. So separate from this discussion is whether they can have a company called cube cost, where cube is a play on our project and you know, that goes into trademarks issue, mark issues. I think we can keep that separate and say, I think you've already, I think you've already lost on the cube one. Cube is not a trademark. I know it is not. Exactly. Kubernetes and KHS are the trademarks. Cube isn't. So that's why it's separate. So it's super important for later. Yes. Okay. So I've read it. What any additional commentary that Amy needs to tell them, they'll review the recording anyway. So it should be fine. Okay. We can move on. Yeah. Iraqi mesh is the next one. We are on. Five Iraqi mesh. So. Who is able to talk about Iraqi mesh? Lots of networking stuff here. And they were talking about an on why doesn't really want to deal with. Non HTTP protocols. So they would, they want to do more of those. Was that the reason we'd sent it back because they, they're coming back to us after we sent them away was it, and I'm sorry. I didn't grab the notes on it. Why we sent them away last time. Yeah. In the meantime, I had a question because they put the SCNCF logo at the end of their GitHub. Saying they are part of the SCNCF landscape. Yeah, I saw that too. I asked about it and I was told it's very odd, but I don't actually think it breaks any rules. Okay. I went and asked. Okay. Yeah, that one, right? Yeah. Yeah. Enriches the landscape. Sure. Yes. Awesome. For sure. Okay. So. Networking folks, any networking folks here. My only question. I think it's not like really concerned, but it seems to be quite. Well integrated with Istio by default. They actually integrate with offer. And then they have a standard, which it was. If I'm not mistaken. I think they mentioned it's Istio only. Yes, it is Istio only. They have six releases. It's a reasonably active project. Yeah. Their documentation has a lot of circular links and the doc site is fairly lightweight. They do have a multi year roadmap, but the contributions for the entire project are skewed to just one individual. Yeah. Yeah. So, I mean, I think that read me explicitly calls out that if you do want it contribute, you have to email them to be able to do so. Interesting. Yes. So I'm, I'm concerned over the love, the difficulty in getting more contributors to grow the project. They also mentioned on why the CNCF answer on point four, they mentioned that. Yeah, I'd like to see. More support beyond just Istio. So the person. Wow. Is an engineer in Tencent cloud. And he's the one who's done the heavy lifting. So. There is a strong connection to both on why and Istio. I have a feeling that they'll be okay to do more things like the way we do stuff here. Well, you know, if we think of it as an extension on top of Istio or something that works with it, other projects that only work with Kubernetes and say, don't work with one of the other schedulers out there. We don't tell them that they need to go work with two schedulers. So when it comes to something that kind of extends or adds on to something, like when do we draw the line to say it's okay that it's just on this one platform and it doesn't work with other platforms. Where do we draw that line? This holds under it. Like from my perspective, I feel like they should be on the project roadmap because it's, it's in their interest to grow their use cases and adoption. So I presume there's going to be more interest in other integrations. I think they should prioritize that, but I don't think you should fall under us if they don't do that, like inevitably like it's going to happen that they will fade away within the landscape or they just going to survive on the few use cases. Amy, I'm not pushing back on them because they in number four here, they have mentioned that it is not a priority right now because there are more urgent things to fix. So I'm not going to push back on them. And I would actually want to put this to a vote. Yeah. I agree. I just wanted to add like I mentioned earlier, but I do think the project is very cool, like adding non-HTP or CRPC support, but they do mention that the added value is to like be the top layer without integrating with one solution. So it's kind of fair to say that they should look at other service mesh implementations as well. It's sandbox. They can get to it eventually. Yeah. Yeah. It was just feedback. I think it's, it's not a stopper. Yeah. Yeah. Yeah. Not yet. Not as of today. It's in process. It's in process. I am happy to kind of vote on it. Like because I'm a bit concerned about Emily's comment on like, which they should streamline the contributions. It shouldn't be gate gate by one person. So if the caveat is that the contributing guidelines are going to be updated, I'm going to, I'm happy to vote on it. Otherwise, I'm happy to kind of maybe rethink this a bit. So, well, we'll say we can do a vote and then say subject to them opening up the contribution to everybody. Right. To follow the normal processes that we use in the CNCF community. Right. Yep. Yeah. So, adding a, adding a, a new governance process. Yeah. Yeah. How, how maintainers can be added. Okay. So let's vote for it then. The caveat that they fix their dots to be more inviting to other people and not just an email. Okay. Four, five, six. Hurry. We got it. Okay. So the next one is Curve. Curve came to us before. And we sent it to six storage. A tax storage rather, and the tax storage came back with the recommendation to accept it as, you know, a sandbox project. So. I think they are okay with it. If they are okay with it, I think we should be okay with it too. But let's just go through the usual things and make sure that things are okay. So it's got GPL and GPL v3 licenses on the top. I can't see what they apply to. Okay. So again, the caveat here we would add is the clean up the licenses only then we'll accept. Right. Well, if it is GPL, GPL v3 because it's using tools that. I mean, all the storage stuff. Potentially is. Then they'll have to get an exception from the government board. They won't be able to clean it up. If they, it's not that code is. Likely, it's not that good. Right. So we send these back out and then we got a recommendation. With the, from the tag. So here the caveat would be. We'll ask a question that can, would you be able to get rid of. Oh, sorry, the license file does have. Which parts of what so. Some of it's in tools. Some of it. Yeah. It's in the tools. They're going to have to go to a government board. I think for this. It's looks to me like it. Might not be part of the core software might be. All in tooling. It's external. So it might be. I think a great exception. So do we have precedents where this kind of stuff is in a separate repository. And, you know, during the ideal pull both repositories and do the bills, I guess. No. No, we've got exceptions where things are part of, you know, Linus kernel code and things like that where it's GPL license. So in terms of precedents, then we have open EBS and there was one more. Right. Sorry. For the license, you mean. Yeah, for the license. Oh, sorry. Because it looks like they're vendoring in the outside tools, which means they're distributing and they have it. It's not like in their environment, they just go and install it. Right. And use what's already existing. Because there are certain rules around exception. If it's included in your distro and how that happens. But this looks like they're actually including it and doing that. And so. So the caveat will be a license review, right? Yeah. So it will be accepted based on a clean license review. Well, I mean, it'll have to be GB approval or rework. Okay. So, and GB approval, so two caveats. I also had one question because I don't remember like that. It is kind of in the area of open EBS and Longhorn. I think they do claim that the storage project in the CNCF are not performance and convenient enough to support this. And there is currently no project with the same position. Positioning as curve. Maybe there are details, but in, in general, it's the same area. Right. Yeah, I noticed that too. Okay. It's just, I don't, I don't think the statements are, are very fair. It's not a, again, not a stop or just a comment. So I have a quick question about that. Is there any expectation that we make requests to do comparison of projects from an independent party? Because this is very biased. Usually we work through this. The processes that we have the annual reviews and things like that where we tone down what people are claiming. And make them play fair with each other. You know, propose some benchmarks or something where both of them can, you know, multiple projects can run the same benchmarks and say something about it, I guess. Okay. Okay. So let's, let's vote on this, Amy. What's open. Two caveats we said, right? Two caveats. Can we just one question. Shall we vote on it before the GP approval? The GP vote on license. Can we do that? As a recommendation from the TOC. So it needs to go into this weird space where we'll tell the GB that we want to bring this in. So they need to help us do it. Right. We can't go otherwise. I'll step in here. So the way that this will work is you all will vote to be able to accept them as a project from there. And then apply to the governing board to be able to get an exception for licenses. Okay. Cool. So the camera is going to be the license. This is not uncommon. We've seen a few of these before. So. Awesome. Okay. One, two, three, four, five, six. Harry's already. Yes. Okay. So we're done with curve palette. We are done with open feature. So open feature actually ping me just before. You can you asking about, hey, can we do something quickly? Kind of thing. So they're number eight on our list here today. So I was looking for Golan stuff and I don't remember seeing it. Did anybody see support for Golan? I didn't see go. I saw, you know, Java that I think the Python was a stub and node node is where their examples were even come out of if you look in the playground. Right. Yeah. Is there any other project that does this in the sense? Yeah. I wasn't sure actually. And I, I'm struggling to figure out like what exactly we are doing here, which is going to be useful to multiple people, right? I think it's the flag feature thing where you basically deploy instead of having feature branches, you just depend production and you do feature flag to enable disabled things. Yeah, it's configuring its configuration management around feature flags for your application. And the system they have here is, it looks like it's pluggable and it's spec based. So while they've got a reference implementation and SDKs to work with it, they also have a spec so you can swap out things in the background and here they compare to some others. So if you go look at something like flag Smith, they're doing that same kind of thing of the feature flag stuff. Okay. Okay. Feature enabled or not. So it makes a call to some backend service to get that information back. And this is an open source one built around Kubernetes and cloud native technologies where the other ones, if you start looking at them like flag Smith and cloud bees, you're looking at things that are either proprietary or outside of the cloud native architectures. They're differentiators to say it's built on the cloud native stuff rather than the proprietary or just stuff outside of that. And it could be the first one we have in this area. I want to say data wire had a very similar open source project many, many, many years ago, but they got rid of it because they didn't have a good use case or the market wasn't ready for it. So it looks like basic tooling was from Diego. And there's a bunch of contributors to the spec. I mean, they have a solid roadmap, clear community engagement. They look well supported. Yeah, it reminds me a little bit of GitHub scientists. Because it's that same permission model based thing a little different, but similar idea. What does the operator do. The operator is a way of having kind of that reference implementation and then how is it connected up to the things in your cluster, right? They're using cloud native technologies. How do you get this stuff inside of Kubernetes and specify your flag configurations using Kubernetes stuff? Yeah, okay, CRDs in this case. Okay, so any other questions? Can we work? Okay, Harry, good job. Laptop. Okay. So, Amy, let's vote please. What is open? Yep, voting on it. Yes, it passes. Yay, let's go to QWadden now. QWadden is a policy engine web assembly similar to what OPA does, I guess. Distributed using regular container registries. And so the difference is OPA is regular only and here they are saying you can use Wasm and you can use any language of your choice that Wasm supports. They have a regular implementation in Wasm as well. I'm not sure if it's using the upstream one from OPA. Okay. So it's a custom implementation because this is written in Rust. Yes. They do use projects. Look at that. Yeah, their roadmap is pretty robust and I think they had more than one, if I remember correctly. I'm looking from here. Yeah, if you go through their GitHub repo, they've got a few, I think this was one of the projects that a few other things are working about. They've got their roadmap, they have development. Okay. Yes, yeah, I was looking at the slash one, which is the development one. Yeah. Yeah. The contributing information is fairly robust, but it's more focused about how to get it installed rather than how to contribute to the project. And they have fairly consistent commits with two primary maintainers. I mean, overall this seems like a good project and I can see a good fit for it in the ecosystem amongst the other policy engines. Absolutely. So the other one fun here was the policy hub. Seems to be like a website where people can upload their policies, I guess, or I guess this is the download portion. I don't know how they, there is no login. So they won't be printing off of a GitHub repo or something. Yeah, supposedly you can submit policies to them. They'd be accessible here. So it's more about policy exchange. So if there is a policy that makes sense for a vast number of organizations or industry verticals, they could potentially upload them here. And I know they'd like to eventually integrate with artifact hub to get them listed there and where people can list their own, but until they're part of a foundation or in the CNCF artifact hub isn't going to list them. And so that's why they have their own as well right now. Okay. So one of my questions here is like, it might not be something for, for some books for you, but in the future, I see like a lot of components being part of keyboard in going back to operator hub. Actually, it was, what was the project called we actually had it up. The hub itself was a standalone project that we voted on with operator SDK. That was the one being a separate in the future as well. So I presume like some of the, these consolidations are going to happen. It's going to be more clear for us of the directions of the project. Like again, like my concern, honestly, a concern, observation is that there are like multiple components currently, which we are voting on collectively, but this is going to change if they want to kind of move up to incubation. So here one, one observation here is all of these are from Q wardens itself. And if you look at the, you know, URL for the container image, they are also Q warden slash policies. So I, there is no third party that has added their own stuff here. I guess this is just a way for them to show a UI where people can pick things up from easily. So yes, we can add a caveat saying, hey, the policy hub we are assuming is going to fold into the artifact hub and we are voting on, you know, the rest of the things. Well, in the operator SDK and operator hub were separated out because the operator SDK could be used and then those assets not hosted within operator hub. Operator hub if you wanted to. So there was also some legality around the hosting that the two needed to be separated. Katie saying it's a great like parallel to this, but I think it's a little bit different in this offering that we don't have the, the weirdness when all these assets just feed into that. Yeah. And here they actually say they want to integrate with the artifact hub right in there. Right there. Yep. Yeah. Okay. We'll call on the same page then. Let's work then. Okay, thank you. That's one. One, two, three, four, five, six, seven. Okay. Q warden. You're going to have a party mat today for Q warden. I'll do it tomorrow. They're in Europe. Okay. So has anybody looked at. Yeah, it looks like it's a lot of monitoring framework for services running on Kubernetes. With expected state testing. And I think that's the key value on this. Is that you can assert what your expected state is supposed to look like and it will continually supposedly evaluate whether or not that remains true. Okay. Overall. And they have a contributing file, decent content, no community meetups. They have a security markdown file, which is the first one out of the ones we've reviewed, but it's a template. So it doesn't really help. And there's one primary contributor. It's super early. Doesn't look like there's been a ton of activity. And it's GPL. It has three. Yeah. So it's a dependency that is GPL V three. And that dependency is developed by the same person who developed this. So he picked the license for both. Okay. Um, Is however, another contributor. So he would have to. Um, re-license it. Um, so I think it's, um, I would, it's, it's, it's a no without re-licensing it before it starts. And also it's way too early, right? Yeah. No, no. Six months of help. Six months of time, I mean. Yeah. But yeah, maybe some additional, some additional feedback is that there's actually no other projects that would do something similar. So there, there is potentially value here. So it's not like it's not worth proceeding. Um, or pushing for forward. It does some comparisons with 24 seven and similar projects for external monitoring of services. So that's quite interesting. It would help if it was easier to find the overview of what it was. Yeah. On the read me, for example. Yeah, there's just. They need some help with their docs. Yeah. Yeah. Yeah. Yeah. Yeah. Yeah. Yeah. So getting it in a, in a much better place for potentially getting people interested in using it. It's going to take time. I'm gone. Should we give them space to work here or not? Right. I would highly recommend giving them six months to come back. We could, we can't approve it because it will not be approved. Yeah. For reasons. So it's like they have to go away and re-license it. Yeah. Okay. Amy, you have Hydra will need to be re-licensed and re-applying six months. Yep. Sounds good. Okay. Let's go to the next one. Dev stream. This seems like collection of many things. It's a tool. It's a tool stack builder. It Marico is the company behind it and Dev stream is one of their two open source offerings that they have. They have good documentation, a good roadmap, consistent contributions to main contributors, community meetups, and a slack. And they also have security files as well, which is nice. It seems like an easy way to get your developer environment up and running very quickly. It's quite cool. And it applies verify, delete, destroy. They have a developer guide. They have growth ladders. Development workflow. Project layout. Let's look at architecture. I think we don't see any red flags here. So this looks good. Apache license. Yeah. 26 contributors right there. I think it's four or five people in the recent past. Okay. Ready to work. Plus one. Okay. How are you? Was that a plus one or a minus one? And Katie, there's a star. What does the star imply? Katie had some challenges with the keyboard. It is fine. Yeah, lots of challenges. Yeah. We can move on. Okay. Hex. Policy orchestrator. Yeah, this is from. Let me remind myself. Strata strata is the name of the startup that is working on this. If one primary base to identify. I didn't address identity and policy. Q and no opa are closer to what they're doing. Okay. Identity is fragmented across multiple clothes. Technology stats. Yeah. Their description is they have their own query language or identity. And they integrate not only Kubernetes, but also all the public cloud providers and things like this in one place. Yeah, the AWS identity, GCP beyond cops, snowflake. And a ton of others. So is this aimed at people who are writing applications or the infrastructure people. I think I had a confusion there. Yeah. I think that's it for anybody who has to deal with identity. By making it one way to work with identity across multiple places. Right. Because you'd have to query each individually using their own way of doing things. Simplifies it. I think that's it. That's my understanding as well. Yeah. It's interesting for sure. Because that's pain in the butt, but I don't. They're integration with other projects is curious to say they integrate with Harvard because they store their images in the Harvard registry, which is. I don't know, like, I got to be confused. Yes, the integrations are OPA, Kiverno, things like this. Look at that. They have security MD to three applications, policy administrator policy, orchestrator server demo application. There is some other curious information in the repo. So while they do cover a few projects, their security file also describes other projects. That might be within scope. And maybe I missed it on the main repo, but Hawk in particular. Where do you look here? On the security. Markdown file. Yeah, let me go. Yeah. Yeah. Yeah. What is Hawk? I'm not familiar with that. Is that part of a deliverable? Yes. I see it. On the first one. Yeah. It's a dependency. Okay. So they're saying a dependency and here's. Hawk authentication scheme. Yeah. I've never heard of this. So is it like, yeah, see the OAuth to it? I guess it's similar to that, right? That's where we stick in. W, W, W authenticate. Is this a project? A different project though the highest where Hawk is. Yeah, this is not part of this. That's what I'm saying. Something that was implemented. Yeah. This is what you're looking at, right? It's a new HTTP authentication from 2012. Yeah. Formerly editor of what specifications. So it's in the same family. Okay. That's, that's from 2012. Yeah. Also basically has one contributor now. Yeah. And it's only six months old. Yeah. To be honest, I'm not sure that I feel like it has enough information to evaluate it effectively and understand what it's trying to do in the reply. Agreed with Justin. They need to do some cleanup and confirm what, what the project is actually going to be doing and what it entails and how it fits. I'd love to see more management around the more, I like roadmaps, but when there is a timeline attached to them, because otherwise the roadmap can be. Well, kind of used or kind of find the words anymore. Anyway, kind of timelines to the roadmap, otherwise it's like it has no deliverables overall. Another thing which I was kind of observed is that the issues at the moment, they're not very well managed. They don't have a descriptions. They open by contributors, but it only has the title of the issue and that's pretty much it, which makes it very difficult for inviting for other contributors from the outside. So I would like to see a better management of that as well. So, so reading that first paragraph here, it does say that orchestrate identity and access policy across all your environments, right? Like whether you have, if you have mixed stuff, some running in AWS, some in GCP and some somewhere else, then it helps you. It gives you the tools to do something that's really not very well defined though. What is orchestrate identity and access policy really main? I just, I guess in my head, I'd put it as policy as code, so to speak. And then it orchestrated that off there. So to think, but maybe I haven't wrong. So they use Regal and IDQL to do what they're doing. And I sent, where was I? Oops. Yeah. Right there. It gives you control managing native policies across including mobile policies. I think the value is that it does more than the traditional policies that are connected to the cloud providers and Kubernetes. So what will we do for policies? It will integrate with the cloud providers and things like this. It thinks beyond Kubernetes. Yeah. And I like the idea of it. And I mean, to your point, Katie, about your feedback, I don't know that we typically expect timelines for sandbox, though. It's like, yeah. Is there anything blocking it? And does it have potential of something more fully formed that does fill a void today that it's difficult to manage these things across cloud providers. I don't see anything specific that I'd be like either licensing or it's just not a great idea that I would want to say no to. That's my two cents. Yeah, I agree with you. So here it says hexa translates and orchestrates IDQL policies into native policies for your application platform data and cloud systems to unify policy management. And we don't have one of these here, right? So I'm inclined to at least take to a word. So one last question. This is just for the policy orchestration. This does not include the IDQL language, right? It's IDQL language is in the same repository. Well, it's by the same org. So that's the other thing is, is it both? Or is it just the one? You are absolutely right. I don't see IDQL in this repository. So let's do XR org. There's a comment in the submission for sandbox about IDQL. Does it specifically say whether or not it's being contributed? Oh, look there. There is a policy directory. That has IDQL specifications. They also mentioned using contour as the ingress service and given the email messaging that we got earlier about contour. That might be a potential issue for them to be successful moving forward. Overall, I'm not comfortable with the lack of clarity in what it is that they're hoping to accomplish and how they're actually going to go about it and what all this request entails. Okay. Is that enough feedback to send them, send it back to them? So are we asking them to rewrite, you know, what is there or come because we don't understand it well enough or are we asking them to come back in six months? Which one is it? Has there been a tag they spoke with? This is the thing, but maybe that's going to clarify a bit of the message and the topic. As Emily mentioned, if you'd bring this to a vote, I would kind of hold myself because I don't have enough clarity. Generally, I am not clear where exactly we put this project within the landscape. So the closest would be tag security. Let's ask them to go there. Yep. Okay. I think it's very early. It's got 31 stars and eight folks. It's very, like I'm perfectly happy with them coming back in six months when they should definitely talk to tag security and they should definitely clarify what they're trying to do. But six months seems a good time for them. Yeah. I don't want to hold them for six months, but I do want something returned back from tag security so we can look at it again next time. And it's going to take a while for us to get there too. And I think I heard we had a question around IDQL, where that fits and what goes on with that. Is that part of this? Yes. That should be part of the question to tag security. Okay. Okay. We got through 12. Thanks a lot everyone. And that was a good, good call. Thank you. Thank you. Thank you for your questions to our next meeting being the 26th of July for Sandbox. Okay. So being none. We'll track towards being able to do. I don't want to be able to put a meeting in August because it's so hard to get Cora in August just generally. So July. See you then. Yes. Bye. Thanks. Bye.