Hello!

hey hey, just caffeinating!

I only caught the last bit about Wagner... :-)

haha

Howard Shore, right?

Yep, IIRC

Recommended book, if you like the music from the Lord of the Rings movies: “The Music of The Lord of the Rings Films: A Comprehensive Account of Howard Shore's Scores”

i’m here David!

Can you hear me david, this is abhishek

I can see your words, but no audio.

Welcome everyone! We’ll be starting in a moment.

Hi everyone from the rainy and gusty Pacific Northwest. Hopefully our power stays on for the duration of the meeting. :-)

Whose computer should share the screen? Jory’s?

I'll share - sharing now

Looks like that has been answered :-)

I see the slides!

Is this till 11am or 11.30am ?

Good morning everyone from Seattle!

Good evening from Reims, France! Nice to see everyone

Hi everyone from DeployHub in Santa Fe

Hi Abhishek, this is expected to last 60 minutes.

All: There is a big storm in the Seattle area, they’ve been warned there may be a power outage. We hope that everyone is well there!

Power is ON so far. Crossing fingers!

I like “OpenSSF: The Next Generation” (shout out to the trekkies"

Are all these premier members?

Yes

yes!

JC: Yes

wow

The phrase “2 quadrillion dollars” is not a phrase I hear often :-)

Abhishek:just to confirm, which sections will you be presenting?

Abhishek if you can help with SLSA and Scorecard/Allstar that would be great

Hey David, can you adjust your mic? Your volume is very low.

Yes, can hear you well

The rename isn’t quite final though, is it?

Michael: You should be able to enable video now

Congratulations on approval of Alpha-Omega!

I’m really excited about the impact we can have with Alpha-Omega

All: This is a PUBLIC RECORDED presentation, don’t share anything that should be private.

Great work from the Vulnerability Disclosures WG. Thanks to all!

I agree, I’ve been promoting the guide in Hyperledger

By the way, there are a few PRs against the guide that are awaiting attention

We actually have a Vuln Disclosure WG meeting today at 4pm ET (all welcome!) - I’ll be sure to ask the group to take a look at the open PRs, thank you Arnaud

If you’re interested in the vulnerability disclosures WG, see: https://github.com/ossf/wg-vulnerability-disclosures

good time to plug the community calendar and slack channels for those who want to get involved! links here: https://openssf.org/getinvolved/

If you’re interested in the vulnerability disclosures WG, see: https://github.com/ossf/wg-vulnerability-disclosures

@Amir this is great work, congratulations!

@Amir can you link us to the report here in the chat?

Thanks!

Sure thing!

https://ostif.org/our-audit-of-flux2-is-complete/

Michael: You’re up!

squeee

This is PUBLIC

Brian - will you share your preferred contact information? (Email address I assume…)

Kay Williams has hand up

Brian can be reached at bbehlendorf@linuxfoundation.org or operations@openssf.org

Aeva, did you want to mention Gitbom?

Kay said “Executive Order” - She means the US White House’s Executive Order on Cybersecurity.

Happy to discuss it in the broader context, did not want to assert that it was part of the openssf yet :)

feel free to raise your hand, makes sense to me to mention it

will do. thanks for the nudge :)

I suggest raising hand & mentioning it

Even though the security risks is much talked about for OSS, how about the license associated with those OSS? what are the key risk the org should be concerned about? Any projects focusses on OSS license?

THanks for your question, I'll answer it after Aeva's mention

I have seen some questions about whether the meeting is being recorded and how the recording will be made available.

replying to the license question, this may also be of some help to folks: https://docs.clearlydefined.io/

https://www.openchainproject.org/

https://spdx.dev/

Thank you

thanks all. :)

Thank you everyone!!

Lets also share a link to the recording to the announcements mailing list. :-)

Thank you everyone

thanks

thank you all!

Thanks everyone,, honk!