From b70692ce0a14397386aa8609e97fda7aa823457d Mon Sep 17 00:00:00 2001 From: Wang Yan Date: Wed, 8 Mar 2023 20:42:27 +0800 Subject: [PATCH 1/3] add proposal of distribution spec v1.1 adoption Distribution spec v1.1:https://github.com/opencontainers/distribution-spec/releases/tag/v1.1.0-rc1 Engineering epic: https://github.com/goharbor/harbor/issues/17928 Signed-off-by: Wang Yan --- .../images/distribution_11/subject_flow.png | Bin 0 -> 23794 bytes .../images/distribution_11/subject_ref.png | Bin 0 -> 34434 bytes proposals/new/distribution-1.1-adoption.md | 263 ++++++++++++++++++ 3 files changed, 263 insertions(+) create mode 100644 proposals/images/distribution_11/subject_flow.png create mode 100644 proposals/images/distribution_11/subject_ref.png create mode 100644 proposals/new/distribution-1.1-adoption.md diff --git a/proposals/images/distribution_11/subject_flow.png b/proposals/images/distribution_11/subject_flow.png new file mode 100644 index 0000000000000000000000000000000000000000..2042a768c06655427988eef6dd19629dbef700d8 GIT binary patch literal 23794 zcmZ5{2{_c>_djDWC~LNCV=$HoV_&ik24mlbWF7myFA-x2A%oCJwkRPD$x`;Eh!&x2 zWl70Ws7Q$a_4#~%&-eHHKTnUw+nsyQ``&ZUd7X1!C&S#-;57YNdI}1P(}ozdB?Se9 zje>$w2u1^*q{}9sp`f7g4cEhk2Sj`N_c||29hkwVr zdU*u?XF`SZGGGER6IXYi!0@0jZ}ERec!axp{bx37b49eio0o@$jiGsno4iz@g4e%e zB0WOGe1Zc1XVLSh^Gg5zAv`A7m=RdOgc?BEWTZCI< z9Asj&jiZf?%@rg6og~mT;6Ia?197Ef|D8m^*4NEFJj_eaT*lQrHpo}kJpgAZt85jl zV(J&*=N}Ld7LL`C@wYb&Hqh4*LFr)ZW5eBXSd68PpT3W&yiA}gco=3E6=jGuN8x4A zN_+50(^~JWkNB=MkWF7UWQhd-X0-guG+!6e#QX?#%O;dV_CBRSu?#r9L~r- z#=;@g%gEl?$jwa-V<;aUrKoHiYwQ`M5T&oeTYGp}tN4Y7 zq1=I}5lRj+%26@a{+_Y=%AuBFb}~BJF;+pQex5o$cx4@VjGdW*Td;kUp0R1DwQq=A zv|Ws4i~&Z)*2Kol2W>19;t=R(Z0BK!)zS5}i&fC~^$pUGKpXi*>7!Ay(Kb2?4l(lR zKm~7aBdkn_xg}oS-Ox=hI0&rl?S9>rH{0l+(DVf>gV!>cjYlZOGfM|K}F#u=n<)IxKj1AW@ z!pfP2S_g)Lv35pLXkSm$P<=ClFn4_!jE|xx%Es3U?PhPN;OcE1=B*rSuIwfkWff&& z5*T8LSM*h}^957L1S|O);V~$4FNeTTMdbj0RJf8sn1YH8O2Hvo8S5a6)Adk{z{u;z z=$W{o?W{Z$?7jWGWzf-vroM(AvEe6c>*+^En&`RNIOv-C`q>$4%lf-V2l<(pgh$Ds zv7t7u-a#Qj3N~m9e`}1DN|?T`orSy|-qy!PE+|F^6`^ZpA82eJ5T#_}8l(~%Yinua zU}vhQ6Ju*DqhKH}?;eEqQ!>HiR-CTW4^^|1Y zZ4_QyU!}V{?5QD+LP=3$TSAVSbj;_VQ?L8}l%G8)aOK z9uPlF(KFgJ9INeNVrF-u zO50u5M^E41+|biV(K{&0$|%%50v8)@=b@wL?iOn%uZOns@K7?9!&!#dyT#yjBf=EG zE6a!L26|g7;XQP*`r2S63tPnqd07=J@G(3LhsIk*m|2*ZTl%?1=!belgc^E+>#y&H zi;6S^|0{WUWASEK9S?ckfJl6(0(cY^5f)-@t8k)TcyGB-gD@FO9iSrmo_^qmJVqtZ zMD35EXp|2 z-XJE_S`kdB?BIJMIVQqHCC1J}-abZ7F~&zp$uG=6!9NNejyKhJwbZq=h{Q+gyW7aR z#`s{+F^Z9{;c~7a;dGzv#4+kv&^qW!_E>70n+E3Y4{q^tu>F8JkttnNQ1 z82tVpw<4#fl6S|2f&xxqh}O1_cKUXS_U4(vcTyZvmr%y9R5B75k_}k34J(CZ;fQPW zdor3goO=_~(~X#gu5nSYFN(wI>BY1u^|YuhhE-PDMpz4vOY@x4B6NR`{=%kN&D+gy zyt1}=f1$O1^g^wy@~ei|6u~rRIs2@JYT#NZ7WS$5 zkT*}<0`|!I*=O0EFMoSHr{MSQSL&NHc`)VEgvmO)x`WMb&5%#evTqGohTIwrsviF` z^ruaLGLP=}`kN5e=78Bv)wkP19j}ER>CwHFnPNJLP*~*#+IS z`z%y1`~`s6yRPdaxr1l7L+WfFH1KF%iM!$q(W=Nu>}UDG%Z#?b2-xyH`1|J#Ipg^OZjn=N@+a7L;;lVy z+86v9PzBscmC$?GU$<#yEmSz3BC=v-3b#=g09$5!8um$#IZf=5bJ%vKOu zs71#QZJwUh#zm#S_CDpz!%dx3F3I_r-heSvD#ZT!Drb2t%5m*`N-``ZiDDQn_O6Ja*+>9@TTiEcu#^L*->4tr**orv!fFAiQ&Uuy~c z5Ia+%5+>0WwqK&a0*7cVtkpgID4%e2X!>Kt7oh`90)r7;6H^94=9TCS8-awwkbuDB zWjbx>Tz1b~dzj7Z(hCU%V#PaiQgmJdQs6Z!Q#(d-E>;^A+U-`f_B9?L#)_O(J(S6YQ*mou}~`h17=Dd7G|%}I|A{) z#vX*G+bi;4)xFFNw1`P!GB8*8#pkS*vV^XFzNk5tiHcETMp?p<{jlr}oTha$&FKmE zoC|l075wgA`SY1mA^fZPB-vGWXE9BnmXeC5Mo{-^O~T)GXVu1Bys%AB=T2d*O1vF~I#-c=N_AOigu|NGL; zuW>W8{OarHo$@l9rgA8TQ~q*Y{tjyo{cKct<9TDR=P{J@_1yy=$QQ?ymzOs??=?LA zuG%?j(HR>tS*gd+$(ytb6uv;G4lZNl-9YJkeKCp+&h+PrVLG-)i| zS+%=4|4^9vQS9;G-;+W)>XmeQ-)0^wkeEf~6ujTS3*@{^3#6SjL|D`cmYH3VR4t7?!ZMPNYIubedTcbc}Fj!3o#?|+sq|-Xu8fr zr%rj2)-At>owgn$g(mSwe^zP@a`+|0#SNt{wqWx!cGlmY3xQ02(?a5NI$o4%cK1Em z^eDP?_g%gHode8U*?@K}Zl%DIv+B|0y!3=(Y@&anBbk{Jv84n7U)5}P8@%SX%%h6f z9+1ffd*xFz#SBXqS>VoC*Mu?sb;%@oTvwWpv(nrX;m(bGG1u&4B|%Eu=?nfifXj2& z`n%Q76szj>x^xmvdEDwVu5VJJY!R`R^6jUQpkJl1pq1CFlCglJy-!RL!y-k{b2JAm zlxB!TkKW^h?&Hf24UOG6Wd;@*0$7=jIJF!Ey~ch{(YSB3C0PMJmB&tM+w3}Mp48@5 zpM0q_UypxU+@i=;n9+=1$`CCz=TQor7@sD)ChsON%RO*HwQoP;VSlE}E$5ll5{hZo zG(jF6{xq`z7rZmZcW_N5l!1#LDveqKky+^$Rt3%)^7y2%C1$WJzT7>lUr{9;W< zf1coA*v7s$7W8;=W6U<={G}&i!-6^}mge25v2_?m7`w;$fTO!+#;K^_M=BF#UdEQ| zYGy7yhh&@A>f7qUMG9{JVTo4*L%Bi)%LnFiUauz7qW2cl3eYnXcnUR{1!EQr(uJfP zvXtV)O0W_sQMjcTP`mun=m6W31EGGZ<5EE6;x5MaJcL{?l>}z&FuP~wv7b#o(q#9< zSwKSsA)YL7l1%2ASsy6=qDND7+;cb1)DIrO=j`{EiJI|8tWAhtN*%4bj6?UPxK~%{ zyhrznP4QpbY~*Y9pKh9|$WH|(Ba21(%3+&?Wfi8$|K4@q@QZ6hmtb43*3QSPxVEfR zE4%WSPywT;C>Tr#|M|y-t;>nGP&AYCvF}4H@EJ=ZV;Nc#K#ue$^o~lvYP`QMxyFV( z`Bj+`;UazFSC($|e$`vP>@QuHSWG0E-vJ)HJ%?8%^uB-0YiXZTZUc7p<&qzs4K)Q~ zKffqw4VZ4KZkAju)h@uN-E(tu%R@(rdiX>?P=52>7>jijau3LR@~6+M@={(db}F?# z>iOf_*dgk2V8&~gb^2x=MCDfD(LEI~B6h0bW>aVi(voNB`s0y7LI>rL&fqn6w)J-p zGR3N>tG{Sv@$F^NHNH`sUHbItu^CsB@SP>6j7xz&n)&(pkCWRs{MDp#lg*4uO8s@t z|G@lOx)e$^kGvuq_Ib*<>U?3W1n=8CYzmcLLbfXpNjYwhy#G4k=+0d%DeszCq&s}H zWtnQ5^Tmxq7@7s_%*CGWmgw!J*5Tx?0)Ly=$imdwwbUK3u(5wj?6e$JiJ-ns>0d5_&k@`-*@^;Fb?(Uvr=+@0kuX^fYAAu_3?K z6irn|{{9fPo^nY)#rU|-bT~t68C(Py&%5_8`uFu4p>u-UA=gJ*b|F(s*URHf#WAJn z^3<$SdpG005JmD0QS-m0aZ*^be0-n0wSP1v<;9_azEp+?w};J*0z@*yVtj5r15)FW zy%tLlgsy`_5?6l5t7~s5v(~9I)*1oy0|}Osp|pHvLRR`q+3tKn@OQ~0*5VEf&_;K% z9Gcfc z<|Upoeyf)@!ijO9ipXHUvaEI0(ou|i@P2u51_jF=54dv+uV@Sv_pgO zRN#m6dQUGWI;H;mozQUS$Q5<#L6K_!Cm~f6?HETrQ{kpR{E{g6zOYEZ8W++ zuYLOci7^|MoW0iZ@9yJOsH+bHYkY6-Keur7*7$(tKaUP*byQ&C6@6NuQIu?wRs^bIm$cp?mez*sB|!j}qMu z*f9NDi~a0}qF-L!t{b2<8ouHev07bpm5J^;8mfMcLW<2^La}I>(xE%>!;`lmAtCmP zyAH{~8p7X?UD*!N?a0Cp8K4#wq-Lda0`QPmMV*&_+d9W>>(!otQw5jaa5-1ll!%ZM zweJ(z24oJ{>jts+$u!cI+%93bY*rpWkPjvOyj&z9c-R^_$Px+pPul9MZ zP^S+Vh1o_9zl6h&y1bx57lzR?HH}Ox!7M=AR?nRa`q+^MyxnW)G~*f~U`B0{Pc5>> z_LThEyQO%o)X;OEpK|&MQUp-KYnlK`nrnYb~>Z zR-F7-kElh^!-mMWwB~US83lj`aY^5bZFo9BqpE{iRCzpeo_QDzV;1sPjx2PH-bm0Os1q+p+u4Jy6=3ncVWtz?x{w(JkAy{aX;Fr1aS+CO)N*PvIJc|o6 zx(T__Y^vpOGmekS|3c43hHotEl>qvzk-SPRuFT!y7xpiFDk37{la(uP3faJYf6dtR zQu@{v`K>=hMv_*_r4AVRFg1~-^QI`nYgipP7n~k;W;|>1heb%dGk^8@v56F!%#E2f2Kg6;-H((G(ots zvumi`tv21FdKJ%1^@-?BF%mc?a!1}boG+}m@QJ(zTRy5W75+zn#7i81r`k$&DjVK!1e z9bNT<6FALr-f=HStn&+VWYjrkn6T5~(ZS|UXEwg?!+zGg4MQXrp?T#ny7Li*r&i%t zMB=wf08_0#JdMivj&=+MdNDc-y^?xIx&>kE5IEWBZcyZ{_{+!imZAwbQ=_1Oob2pL zD&V@V*9jN^yK{eMHmLhj#J3q6H7C^yu8VEtk&4)zHEvTnH9_WdB-iu77G%XWC) zM8!kciYk>Eu zyR8;gYguhHeU6wq1`v8(@OavWq`eS`XiBl=BCv1(q$j?P-MPR$5AAZ!(b%uaGhgEL za91=(kcRe)-7*tSf}bDtLq*bMGo6=P-659Lc^P*Ma%yvh41D{xUa4)?0H}Ol>0`96 zg6{-oUWSoZxt#y0Zy(GncJ3-VQA%^Yv=F%^@n!9KVE*w z_~Q&4+nuh1?`kJuNPs=Xu=fIzgsaB}XoXBwS&6Pm87`=A?p1iov zY|8`1WVe{-II9Q ze7UuA>!~(!fA?G6+WUtOqqJS@=mYa$f3qnRMvA2EGC8H+EmKk3!a9asn7Y`CRAdb9 zt@bbboGI{Z#zMVFm|4G9B`WldTw0?nL3aW20SaQPn$=}R9|zy6lnMH%u5fwRzccl0 z*x<<3X&sa+hj>N;(avK0LJeD^ul(aCpr8t?=3uhzCB)U{d;WP)& zv*QG}XgF{sYjWB^8LB$pWZ@C&ctr3S=E#nn5q}A**j!d^`za=F0W{U1L&&tj3x9gei<4IK-6rSE!hr|Kk@E;w>YKPOf}BEe3^|$9D>CMEw&z1b*XyH4g9%DC{(Q~^vme|BBt$_FQeQM`@ekt zW{6x%re#|57|ItltIg(7TJvL_|GPUIH1mf`RlSFzmCi0p_Mm73yS**zNupoC8kn zowNQB_<9Ku5j`)ZK~@oo2CF^IX$uT;Lu>NDJr79IIL_}x2tfv0y?B8lD6@gL=<+_t z)iFVPimN=x8W`>C7*ev|O0**_Vkqt5?lEj9wl_Tc6>( zn+$9i9j5HGF3Qz%F)%*b^{MDP+w5{18PZY!-Nkd;@7QoII)k(3GfMm&hSdRntctV6 z?KT1}lzGEF!fe89wy)Ik=+1dJJ~#jD`d8!cKx1_T0ER8eLr{^ip!BW`rkgJ88mr~RnjmlK9Vd!v5L0AsHkKQ5I zZ&sU8!Lc?>5#cPUCdGz)O|8*^g|Jt6PNc<@8zM2t(K0FRz|%YZ`RMai-uhQATi?JL zuRX9_$3y_7)+~Y8HrzQi`(u%vgR5T=w&TigbRx%3uguJ0=QgL`Y=8AK zFy31!6E>E#hPU1H8WmfCouwle2{=u$C48S#nQhR{XTIqB#UmaE=|j7pOu}~0&^N!l zP^Bq04=xB}y$w(Cc3JZnI5sH11@fAgChP6TU#LfvBn;3iA<_YeFcB458@rQM9YX9G zg8jZ_|6DAe4sRtcxzorHRw7xpUadOFbH2{1C(pEFPWdg5G2*;4+-%vkNHVzVgN3*RaMCmNDgN7}8xC*l!>L%Z!DOSS{Fw+^7O*UKBy zfma_?=%;kmH9Rr86!uaX2b?@|uS65D@HOGStt9jE1qUr# zGaST4kAkGdVfm)sUM~K&M`0na>*HMeGw)FiLg;53Z>uv~Y&#BrjI0f0 zu$`dA@oC*gHt2iFhNtZ3Y`rt#L#OuDLAaxeng=pI%;(pu1&5TIH*)=?~T#03FAUOXr*oMa*5E9+CZIeqc#6*!z^G%f-GA$>X?+H#D&W3rL>PPjS>xWMwZ=x{# ztVkiPHZr&qn>DazqlDA{s%arm(~j*#$)2V}9-2T~ z3^No(_)LGu#6bD6#6?zX&8lNM3jikCar)E+ovTZ zs;~=Ff0=<$Zy}EDdh_Uxo?qk`dJgn#@>0}?>Z_-DzJNpqYp#LBp)l%P&`{2F_0jWd zZ~NZ>BP*OfhG4@zOU!}Rhmw~B3CxlZ8dBn8rjctPr7+%|oXCSmfU{f8r6W?|1gRJ# z5#+2Mi6lQ>>gUfDu8VNy(dCPppShL$kBa{F7h!`_Z^eMw_?Kle&f+0mthnnvO;GiL z#zPkzax{-lGNgyD-tT?GO!E``FzesDDQAY^61ew+JQH4J@ptKH-vzjm5)FU<7?FN` z=APIA_NE9MagqOi6ehq;Z(Hym#dB#Mf)?&+z18L_ly+_?I-MKGfQP(4C3%_5g&0&$ zr{MoiLmHC&V+XFU@l}l45y)!$SuaSQo~Or)56s_WXfToNUI=phDa`i2x1JkcNeVBP zR?uJj!$7ql7cgiRO&suwWWK4qC`V~YL3<8IowY%rArWQ6_uX(D3pLbXVnft{$};(V zN|0*1hfXsnN`|yXg)<|(leISEBYbU!i)<>h+l4#Z&jr?bzT7LjQk#?63hyXb%!Ylz zbwtDixI3dnwcgInPFi8|S$^N-m14-%#Wc{Fl%?dfR);K@#?8DepnpDUf;>ohn+47) z7M#_V0!oqwS4c6e2zKH0Vq2CU>qtu5m5(tieBUIq*M~ulnTfhShm7n)P$q~dW88hH zuW)0^POZ~61Te=s&K~c-?+$-@`8y@&b;pcm4TPxuUJe?SD|ol#xSA?k8(Eq+A8Mo* zEZl#NrOfBt)gj;@Qa??k=JcNw>J%&EJc2o6bO;L5j125qqD3WE>pPkS z7eD(hb%w}J`~xauJ|oYMkA7=@vm(@2Mz?#vt;%RQ+vh-vWT-R5B?ofvGw(1!n# zC3#D2eflhUr|-a7b%+ZO*)^>1Ovd8v4-@e>id32=w2`N^bZm|IcwfNnf9>>(Gjr^f z9BzSf+*9Oc`gGERsT!a0^jp-F!hC3|5HS~pQ*+{}n=FkSwtYQGMYMa0y|Sv7gTwpj zXJ|ZgKDnbp&@$KZufYjIW%f}g(m-DfQRu^eVTnJ4OxuI*(%W zTt<+Q&hY7?TpYuz!eHX5d#nqDE`ZZJM})|5aooanW;qmhK-QlZ=kvYq!dp?FM`sX6 z(3WhsRs&^Y+k0BdIiJ@WJB*OQd_wLueCUs+sh4d8B3<-H(6t^*%hZ;H&x|-^UjHB7 zN4imCT;p&yIEzdwlY(4EeW`G8TM{*da5pPGf9fi?I4WdoLA&!c-{R8;9PV9B2J_$W zO98nT^n9J`xNdrvO^Um?!4l*{4*D6|L$lzvZ4E4iJQfPu@e2)1t={9`_S1!5X&~7y zNE2!NDN{Tk!ft4aU2t2%5Wv6*LpDaRXJ0Ml$#^qW+AlqT&b};--?iuaz<4m!csdNk z)3N7fKrxS0jALlz+X^p;Q}0%yBoqKmA>RTA!Pi$`Z-jxGB0c@ zBm3xiGJ1p&@Fa8I^yNXGXYNu3jUNkQ8;6l`v%i&CveSa$jhM(|#YaG-8zu4z3M9}X7J#Z%dr3Hh1% zJB#vjaad%NCG}+ zt*;g-o072U(L#NB!&Qd)@}$HFN~A-|$W@ib%UocV@tN{+U4ju=Z0aHeRa#qvY@ zj_5`t4V;z0c++PX?GkCRXYM*YzUuVd^nKd!xCG)Q=AW?3`zqDl0u9x1&NvQp=8FQx zr!fs49o30g7g5^LYJE2;^%}p)+Je|e!$T;7Ms$x*ooJjGahq+uaR{64Uk;mOcy5N% z4_2RpZF^F?QNAVce0=YmaN7upGJ?|FL)BCEuTi?C{8{ky9<_UR4!I;4Y$#8UfnGnI zsjFX|bx3iX-e7s`u#({@NRr8TJTBmbVPbqs(Z_TTk3$km7)FxeoTS{0o)5eyKncdF zAVh)*kT5|!3VBP54*hQhoruZeg!f+hf2pEesl!e^icdnac`_v`vCCyVhCJ_QJcZ*V z_DzX#(b{Xfs$eb>ttgBo$yds;rRw(5AzUPb?Mty4J>?6a6ydwX7R@_q$E$tEhct8z z8&3SwCC+}tLUutvA!2W$=T`BM0iKZ?(JDO=RL&xfYPhvFP>7KRU?>EIqL9Xs7b+iA z{8vg%lGa-_;bGlgIfi%P>MN(ZHS6vfECkkN?bA4%d2l_by7L>p?*+bZjN=`{95f`1 z7X@u>OF9R^$`3;&Sua=LZ4D<}czwDm@|0;4`4<8N0C&cRq4k%6B@UF_c%eg9+IZ8G z&8SufnUB-@u|8RMFP~6x0i+(xAVmPl!!$`fI}=SFBNGG`Tgq3j$&8gfI*eYPjzvR5 z3=Ha$+go0JO`3|z3kQHIqqj-!8?KBBx+W1&MOK08+fFr*!(S zo}Nq-xKg8}+`~@sz9}S*nWw`XCsiuMwsk+zojcMq#j+BM)IvlWo7`$-yy(o#&tva& z#~vgRD>uVI#wKgR6Bmm$GI|Rg$R70DCtJ}9vn`6U!F1nr#DsOuG0}RZXi~KIr zf@Gz`4q)X-_%ruVbwzD{Tm!{X+mqa^(|(#6+Z+X8Sr~jfm+p0Y@u|Gq0LD(TVqpxFe)bKmIAdv!RQLDcG zM5Y_^<4@*(QI=p9$Stv||DVK7pBeHk4~y{@sJ^{JQyvkf)Dt1+7Bi*0YKpX& zqgFv;S3*(I)}SKQLr{v8$fkgyfv6y~gn934YrUC=DW-kMfuEY%Ne`GO2bZ6gDB50*D7jEJ6i;!?9+g2)H$YEhrhL{5@91-!h?k{P+nCQ zIIG|pNIX&tN&bWiW>88$RcJ*PVzoW(Zwk8$2tmokf8$+pdk|+KjuC}3eMhQPo5(jv%I2s%Gu}xmm+B`=nWVpb+bVf z`<_EIQoag!lQ70eW=c*DdJzALlhs+Vf+QG?!ofj@WSX}`MB~KqOoH;rNlk)|TfhlP zxMnW5*025skO=bW&;^5`G=&^4d|EZsP~Q|i2#ZhH=NHvVtkw@4Y|`os4vPTi$lF-o z0YylEyv07C3@b?d_96Wx^tq2aCx?za*apD1ySUawGemo+kR%SusO6ps0#&CBu4Ioc zVW%`RvvNSafHl7LLI?TMS?VAyC&|EZ1NjKR#=C-|Jf@Zm;G$NO0KBsbAsP3gGe16J zQhfe~0TxvF#~Oh3SNYC@8({_5b8pqywN+h0v^4uE*{q!2<)@12n4!Z3^`4^7W989pOw%-v7L_f>h$?QZE**{9qvTYq``=FOUZPa#ew z?0s9~D#!|6LArHS=v>Uk;cYx34&PT_N*qx(x_oj7rN__C) z{?2=6n>0qgaEH)2JaLM_0>u)_^Tj-6>FSD7)2~X+cithNE`M)d`Bi)#vf`p%KSo3I zsyC$4rt(3K_b}gRh#|5>8!5wpiW&D=VeI3O^QjnfCr|weil!i0H^qp3t=O(fR$eJPAA&znPIdrSllQ>uH)vb8wVE zp&WnAGRtJOF(==N@13_&hN*6m*P%pDi>W?97v_FZ~RcXBJba?@2>z3HKE9 zW_p*1+@zjOvQs%&xaDE5r7OtZP!Sn6^3&qTrf^B=mU==5d_J+U^Yj3eGKy&adaBfu zRrO-Ao|Qlg4F9S8pG>x?^#9Ie3l=j;@2S9F(;$|5`*~j3Y{8t{f*1AhkmYjc?ko2T z=_Jj#Vgks}&_Q-P?-AXj!#|IyzSLOU`SsRdCP~V3>wb^JcN3)#;bX6Vkz``}lxw*E zNqvszo+P&YjZv=Kyy-|%qFuD3V@U(1#ZDH7FP)!;)W`2gE?Mi-4 zMbFCAy8>CSz3Kru20Y1&YWT{YI$p{!a>3~?mZ^`sfS$TKPfUcBu8$-Lq1`9WZ6de#4x7NzNC=dZ?pFRiR<1l?Ag^+ zh%u5t2usTTDkXtL}h0;8j=}zc&k|6kRZ*Oy+ri4)Cu_#B{ z62dl~(F)%Mc{|k|IpcSrwhmYi@r8#UlKy+HJ?}7*QZ7Zw7a8IZ3+~$|IihIxUg(3+ zq>b^rCgYcP7Jv5UDFB9oFq?gu2&kdRxXmUY02o8Qz6NO0YoAj9BkAVGVuvSLtYd$z zZl;m7kiL}z`bC?$0n~-sZBo)--NJ(fU(gwh{8LaVq|02PaQjvybFBnUl5Ed`Qq>L#Ad zJ4XUFLTb^LPA3)wfzA za&5&{uOzE?1U>0BSOP?cu@U2D4D?>)KZ@+d_&;)=TIm5a-iYg2Abwn{zl9r-wyC{w z{ZkJsF9e23?ZII@uR^`Z`lrsyV+=mv=@w{Jpg!nU$n@W_)`78}3T9W}|gVqokt&h_Kl~xJ2^Fd~) z#ZYP**?2%?(LU$cwv}~aVyOzn?2mL@ek>2KfGqMyA7M6iq5n{hi&{lV!R?Ubn;OID ztL2Z|L51?Ual7)g2{YH_>P$T6N2!sP)?93~-kse1WIQ4ir?!L>1Uhw(j}k}+kzNcNasX}+O+${59>9~_T5Gn`^}CLrAqwJ4YRsTY2K zTD{%F`7S^@H;&igGI40p1CAXGn|rn zgZ=J(P|Ad$>_8RcnD;_#_@C>1YQ<{{srulOoK!((B{F{2W~kq@a#rnt^LnI*`&N}+`Uvlr z*W4|K3_uggZqo^~X;>-0Q)(M^HC$b~F}=Rfo9sSd6tWMP0V4tTA2FQm2GK``TlSE+ z1}k91K3e(v>n;|x2+>pZzb4GaXqEn9T#!WOab3waL$Q21Pp%)va~y1S;#)^W>O8t4amk5QPLJ)XtQ94tv-4C+lu=WN6-v8&&wHUM~PyBAmHB5byIzMSICc&Km?z z+8F^5KziGn{sVaaa;ae?p%VHaE3!-PEj*8h*)UK3Ny9}PD2iJGZU$^cR_8236=h74 z=c|$!M~zQEzr0jC0^C|F{F`=L8YGFF#4!u`XOln>0XAtktZLExJ(Wtns_qC!pJ;URvp08$G*3Nj+#; ziJ2C(Bm;}Ak`gRtc>XT1*wz&~sb}0AmPbie!~M<)rJ%8kPGzhNSII1D9s!s`BA@Pq zTE4{gW#w}_Ll3);icMNVzvTL<*gv~?9_mKoO=zDOwEUf->ynodT>kZ;EZ~?|2Ys8) zXgvm*D%n=tW6eWqti{*-u9hjF1$U+ z1pLyT_DI4=TjV!~NstZc1SnBrQF>TBKn(mTC8?C@;KjSUlVx!~hO0rp$nT0@M`uW2 z`q(n1pi)q$ejWtsinX8q&lfn(+4>g_lm)$ia8XIXXwxj$5bWP?Ce1_hoz3}#yUQ-# zoBwCLQP!@PeioN(4G1D* zpp^1L*Zc5u3dJ@7s z=VI3%q#;d;!*5{@3lggCRxN4)8Y8dRe()(n)kpDw81Df*#b@2szaprUcaRz`w+3b1 z)?rJ7m;?+~ygvg>uRQkaJuU!HxYk~SfNEAbA>*5-57^F%FvGOl!an!a(wpb^b={1( zO~Iml8FyblW1Y_^XqvFN2ihGp^5>kF^03j)^N+k<+eU%v&^5qYd;hzu`NkVYFdnc( zG~J!v0S?e>0N0Ek)uct3q8430J25}d%jCG_G0ke5G2baICDKda7xtVh0x_8Ine0zMKa&eqXWvoa0n zGk2hg(bx*k0nnO&y++Ka2AvE3OD1&UHp0NFr3=sSYuW{*pld)B6Z^vyG~!rX$+`Abtr3IlsQv-0 zAir}*^tKo4=O3m)hWb90Cubl(_WNt&$PMwI=Ad_t=9++>EM3wk3-P}~9K$I};o0BH zKPB&rH_&e<6r44#)&^G=g1D}xp!-Ys;a0`XnHvcX?uF*=fJI!5#tk zF(?Ajh6g+CZ#l6*gEw@bhe;Gc%vZ+bKMO;80soLiJ#xbk8h3Kfr6;h08CsYVy95R_y*?a_c z0h!bCqy=%&+jA_NYxKn@TjD$hNli(c!D1RejXrXjt*1AGF}jj^4;shtq)~KkkudHjwv8 z=}t0}M$Oh1pu#o9o+JXOy1?%2x1L~KpYglm!*6T*Z$trdO#v1($+4<%Pb5(@OcdBT z-9KRm?*KvX`H_0|uBI*l(-~WT(zphQO;#s80mVZLQHR;YuYhb}0a`O{Fw2TwuXuL= z%eIcwDO&p?8sL}n3NAeqC%ttFfNEO+GBKc)?;#Bnf5~^;&G#V4xdFZS_Gkap*CMs3 zz#YKXKVg+hWR%wOgZq2Z+PH?v=~)Jh4m*&hmL5=vN53bg+z3B?M(!~(1gREl_(syhgrDW(QyY|cHa$SgR z1|;FaSkPIfpp6M4eFCj?@4A@a@S)X2+TA=6JJ6h zjU@uGQ>p8og9gw7BV=jJ7w!wkAS(4^4LNBaNlS=z7i5_{tu$ADLhu!qEpgI_`T0^Q zq9%fP=OpDJ_#O?WWS5koqGgIb9XiN7N|u2*oNOap|%{;=uA9x)_e?b!ryp( z_g;vs?}S*uuohvm8ZbIzGYoX<>ne29);48L$13%9@|d2b=D;Kc$zA?{WRvlbcGJu0 z371%A9rMEAibO<6lam3w(}U4)rmEKVL9G-sSR$_012RGjr{K0nZh7X2FyrJcEiJ8k zlc*;FLHUv6mpu?4@BE-E)F5Yt0B^sZ_SE8pzkLF~jF1cUbmwSb85RozF@T0=!rJwB z_aVLjmxl?e2T6oFK+yMDr=zdug3AG(?E802IBRnkDFQFtzDGOMvWkDR@M2)^+fzWu zZY{AgcNQQdZZg>I3c3f*2AE3LCv1+Om7tF8tFhqlB0Pt{JNx`d^q`eAm9!9XJiJM;U!)$^tHN$pTeFD;t{tvKP`3nV1s= zuIy>65&Copd}3rcG%usbDOUVLBN?5`PwJ7q$|TSroZ1rkYryiwmzTF}K-2U|@8siS zCLN`G1)+5k*>f^tg36m#Xu{r;=s%R2CNLnb$5uI3fliR8`LGgog z<|om;6dRo3{iUee4vlW9PQEewtM?}3e}A|~2aUY7G1aL1di7I|rY+cWt8Qx+CXg>EfQF7IDp6s$F|k=z!WJN>vpA`%oMnO0QOe;FRaDV! za>FTU1;%5%CmpVzYzFA|=>Ymzcx>_?hob{xafCH=x(pW0MW7I1{CG~i-s_q^6g*c- zH)p{oAQoJKuLxqC&G|tD1Ry@8^x*O#+4RKLllZIU ziZ~w&j2kRO6kMi2_xwDuPXDi(EB}Y`ZQGefjihFbC`U5=hf5ue4h97dH#X7A9daL-1l`~*Lj`C zaURF%*d!E(3y*|59G@>yCrmDf_9s7(CYir1vQ^DaCLNHd+jf zpi7eP$I54xEfbbUeF5MolyI=JB;$qPdj0xlGb;B044pTAFO-Zs2>eTf*0FJY>;n8y zc(1BiAd`+JTLIJjk;=V{2AY2oO2r*SUTs7>Vi!;Xr#EZHVbV{)K-1k#kyP$|G|+Zd zC>@6gpawBB&pp_MD=;wg-u`YToevG9Ka!zxN6^3p?2UPfB&VJCBIP& z|5CpOvLT)}gfI5w?O+d+egUVgv|CSp=LoMQs6`CNBsq=ayA<}yV5r;}_`;PIC)0Nj z7^^Wf-;{a!Zt2_~dMago7K~*CZ!}L=4-jOHuvw8@7vCY0NCC0fSX*&6BJWA$N_2w~ zxPgZ4&h+&JZ!9L#Kg<>qv`Y}?I*~6SHK@OULAS!w{RcET`=4*^7fSLLr*Z?)HTz}L z2?TFJj5jxUuZILD_qwWbC-R?-ppPi#;4MRy6vGWA>qnU=lJ4EG_WbBaQPQcW4JBUu6zl`o?pB`zoQJG0_XY-LTgS}1*krS66z8_wH~jKNt-@o3AeZ}25zDS=%?{LUCZC2PV5)s<#Nll zChs?zmxMQjaLEnWlLM^RO*!m7Uf$9 z0NxBKDUw%-bJM`BkAi|X!4#c02;aQ`0|5E6>;j zO0o+aYktPV0X~ukIDAdX`k}1{3e&e9sjc36sG>lI4?HOT0$ZGG%t2{tdFhpNs**!;4^9S8+~>&fMobE{7r$5&%mQ|BCXBFgvqt9acxXNo`3Jiy_>z69fi!e zNYT>O&-KMiZ6c)7s|TXwOJ9Q$`#v5AK6ZhK{RdYsSej+(-i6|A?kli4o&DOw`S>(5 zBpC3c-1NCx?ZD{*qI|2WT~_y&fCWleKf5f^w%(M!|pIWI_+VRYwTBE-oSr z8<(4_bq{S-SdT2CR2=MN9M6-+dGXNCO+2O7wQ*ibmN~86V9I!8wD0)Ky!bhnqkIB9 zQxDBe*h)4#j&*1(G>IHZXAdWgI}fM&%un`nRHnZ@Gj#VNQ?R8dgvf`_?;_yDLo2{e z|LH#HY;6GwY9rIK2>8LFDVEmii_|&Q2)ag4ewE)yK4|47;)mmd4HR^V?$1lQejKt| zUQB=;o(yZT7%Q@o7^*;E5KAW$HTXZg1`<>3^w1N{0n;#{g)6vTBW} z>K68;+szzTP%rM+Nz#CNv0rKQM}6jnDV};VhAJ5VVKl7est%J5jKa%rAc9s)gKbA@ z=-0)%s>h6V-FmFwO_)wPC>K<@9|OsR24XtgM?=fJNtjZ3mrEM+HkEU4PyQw@)JFuV z>=*`gkRA-8Zd>Dk$=k=?mI=Ttp$$;KBMgTPrGTVv>3akJww^6iGULPe02Q08c<5|7 zIFM%C+6IGUJ7fLG7&8<%+uru~h%xB}CB40O58ZbMC&+K?UbDD_RidH5LVQhAacfUd zS*CKU6wgCGDhLmiKq=Wk*pA1$KNbK&_RirVN1d<%W$eYpAMVo1`ipVeTUulO1P~fJ zgfUIWs9XxA)Jr^B%6j#oPtUCkSa&uN+)eGTYv&({aznjy=K9(#YGSy7)%9H}{W{Xy zj?^9o%iFTBsSl$%vzFwIgg#!E&6Q$r%W&xv;2sGAS(}dhjU&9Ebz!3{7-*;<(BHI%8=K zy!St#;Gk{MzTrr7D>S?+#;ILeJfEbPR;xJuVU(xFGQ5?<<(Kh2IAiodpOV0r2;MXK zHbah#S$dvSLB%<#Z%iqcpril92M6YhTcXgoBKewYgKT?liW5rT3cP){XG+Ey%ScWD zv-xu7sa_E(Doa;s24g~hHH8-<;I#srP;uS=Y>^^o&c$7i>Un-?NR=BK4-yC%b~u0Tx{#HE6WbZH*d-4h}g%SL+^h8{iK)CR|7dI#cEbw@->QreYp{_2J&l-MmITo znZtRmW}0Jgf>9lK)9L(#R!I2TrvZ27qy7Uc?SLdq3io)0%?5#+l2EsURdTq42hfQ@ ze8yQx9tP)-{P0dut(J*CBwpbR0R~qO_HiFgA6u~bXp|{-%`b=_qv|gBXdt2Uppqr& zS>^$8hBco3%AG4NLMjefx_Ix*C(BuA8j`2!_c3p|4tGR?;5`L4?fSVMR=b3JX4c9Wijgb%i^c1rBSjL7 z`A3aYplq`le#|}q+t?b8T?^pc4nW1?SthGQb(Hq-u8Xg4sXZ_n_7BhAUBm{)srGxo zu`*WrSjh^C8(l;E)YTdhcYr?Pr(GSCg?+M+bE;ib3EN;S)0HM9egpI*mVb0BjY7Tu z6gnIlewukCAqMG9qUr#P-+}Hbx23XARJxX55Nqq;pb~RiJsc(ffZEeiZ>_j?9$&bA z)+Ar|=a-yppjD53?lF?_j9_0nj~JfVt;x>aQS>jazZt5LujU?9(){?8|sZSDQW7iyr={5HWR`}GneuburE}TXMbNft(o?Rwe`2q0MMPX-|s5@+MO1WU;T@ zwNtSE->gtvIrld`{uf&FM5sgUxMuNXcmo(m`vbs^ZG@#*q5n8k2SE`)b%?~aRDFj| zF9G{C<9~q~v{{m8XLTb0bn2P!(X}XVaT*5x`e2pN6E#>3o|lrBpGT_?#FO@e8F@pT~?0~DHY$Hkki zZ~;-KrU3Wfdp8PrOnj)Zry*+|xW>|d4n%KzIZ?M%=<%w6)Ak5b15pvcI8EfLlK z-$A8yZ<2zY%k6qP1El-5DuBDsg++U z-k}y+DC?~-MZ^Py17k>11C8O6W?0HbF!8X22$*Y^r-U%Il0>KpK0wEbgLq5`Jd=rN1>Q1SMI^!UA!Ak74$5JJ!Ja+)ITu-3*y>$M zesuFQ<8Lg8Op9#8|N3(ovP2qIyWg7#XMU5K z*rNgQF7s&r)SXD5j)ZIrRal=vg;gwnz1idEu(UMnb<)#!qige=8%RZ|xtvku2#@7IzhKinLqGUb=vhM~VQ%@>((NGc?`tP9Z@E--4 z5Wk>^7fF)T5DU9ywgfamF|*08iIKQB(GZMk=6%n^lFgxx8VkkOw|Bt|BA)at#F>w2 z4r}&WC4825zh!l#WiU4pJ0W^;{EG`}^i}co`neArBq|u!jjShTnUt3KK>^C)KA^X2 z8F+>PJ`{(z2PbZzh8M{kL{CqZ>K3N&3^^sn>Fm;scvl{MW(-PNS_{yU;zAi*n)Y5T zq?3))Kom;u@vs^19hmn~!irj@P=@2p0D)l7Y2iov{UkKJk9Iwrs6Fou`A{sQ$7(@p zmzy-EAEF_-hvBPTM~+h@k@_QGNxu*LJ^NZ@T|!m9HHUSi#JiveYIoL%p&pR%p`7)+ zvMYFgl9DB8|^pkYdfU3hK${e(#(7B$NcqRm9#u;#7+V_uXUbY~zDkN}E z64yB(&w3v0)SpApQIG{Fdn)SS<_w~yRke)#FbVSX(2~pT=%f|M~{XS~H0XcD|i(svEZFeB9&jtgS(q zM5+>T8-*rcG0Y}VbM%^tEk0=XHLCbr_)sa$Q(o~+p2cRH93w)@zE`J+ND^lM;0))Q zvP*M3l*lsJ(pQ9-D^-4gPN0mMoO(Lp@{Ba*G+LskL}p^n;QPBSybp@XM}p z19AqMQ@>XCIe=jQ2mG@n?Tx1+D_3a8?`3Yz zVa>1cfXvo7STs@Ujq%&+z!}XSi|N7a14G@?*j11EM_^n0-qP?}#{c@s@F6Obz8_@_ z%q+Rv?)WXTEbDlCM-R=Z#yoK%(aH{UY*;Yb(9KSbnJ^(J{k3U>of0i^X=YU$BjK7! z@J`k4EsoWdtW5&O$##ntZVC~7hvqkB8YcN9S`bG0LQKTZ`cDthP#x;dl=?;D=TO!u z_87*=h_#g9RzQRmck(L~Wrm2ZC&4P^?%1}vRu~= z5nMd5Y?RCebB(YHl6d)3(Lgrs>~E0mSl1veXx!4=ES&JvZ@|Tz)=D`|S}`>(8OwgE z(LLo&Dd4#^{A>M>H9I#h79Osewq-sw*M)+voPk=W$-eqtu#5M|-D2QlU4MK{43=s8 z&NMit#>Z?Wnc&Y4X*?W$b9vj#3)6w-V;}fu%XzEbpgx`}H%~4lblG=}KR-~k4F1vf Lm{AK2j)wgY>teHx literal 0 HcmV?d00001 diff --git a/proposals/images/distribution_11/subject_ref.png b/proposals/images/distribution_11/subject_ref.png new file mode 100644 index 0000000000000000000000000000000000000000..9173996ce6962e4b27ffb1ffd0d8da150bc27d83 GIT binary patch literal 34434 zcma&Nci7w1`9I7E5LO{!q(BP^B!NIlG%bm;B-^sAVar<*f#4xovTWIsCD|4;0a6ku zyAVc!0%4X?R!ho;P!d`orKA){8EK%562gWQ$a~a&fB(PNrALo+boRN&=N?`r=Q4Zl zcHnN?ZMWT?SuR!FZoBOX@OQ@4ok2K}y zgQn&nNPRGv-?Hj$uihKZcXS^Vf$zP3%Q7sz^}jj@grG-5;3CT~G6$tGD86Cy5scLS zSHIrYo&W0)pAUf!j*#k2%kld|bKd`I=zhKZzuxE$)*M!0#;v;wZA`>alDYrY33YF1 z^_~AW=zL^8@xKrLWT5}Aw55kuQ;$p0G+5C8%^VD9{oh>u?#SyPw46Z5T4NC$B`P%j zzfPQb@BccH!E}#?|JMnjM9R=dFkeTNAn)l65vZd{F6#6{yi>EsCRxKK!W@K|gRpq6 zUaJLzS{J;+Q4oOMyMroZX|&oFR2AW^6rZXaSVki(SR$*YTfplmc&7;&QhG8ZGTC&Y z*d2ksh=JEBji9^%tCb2~rR1eX6BL5G=klOz-) zg0Uu8h!CigNHxGykPI5&AKj75QgUo~ULUmy9VH1Ofmep$C|Jh`3^P=_vLVWpK%*+C z4lZb%Nj1mKiQdg*y_BOX5h(N%~(DU-LnBBB6P4-M2rgLqzGH<`c+eXzU=r~odmVhlRNz%8I;J#5$UvC&Y*1d%Ga zih(x`rA&qpm9nE8orhqhoI*jzOe&Fc5tyouYjBlfo8!<(Wj)kO6x|?^9T15y$5v~K zhLUi8Xkc~*%YsJnCR1So-040F?reY+^pVq)a$p*)4-N_@%MC*@Cl(1N%i?{-vz=0{ zTy53r?RujF%JL)BQw$6|6;pcG>Gb8cj954p@AL#PAe$|N8@SN4VOR!UCWZtt42ei~ zqalp4Vq+|`V8IBHkeVi#1mP6`g)$Iofkxgi-Xs$1Cel=s^s2$c_c6Dj8c}>QQW+>?BM-3^P^Fa+{Wdjys8V9&Pw?JVq%W zPqtw23LS3=%kqFR*<4s~vQSJU3~3v*nq=frhmTv@I7cGke~%LjXiyn?8B*aO@#w04H>v)N2y_L;R6tVz@i4+SF$p#756CVc_wq-0N zE7&mRxeUr-1Q48TOpJITE+X+kRwkT04QGr=7M}1F)-j@Tm~D_TeMvxfqb{fA zK%8`9^0v^N-paM?pbB2xgiKDrezDQ09wvfrkcv{-gf5rRxsv8G&%3pAq*?xl7-5wv6*90zy+1#@O$$zlx0B^5GJ zaT2X4UL)H#%cNIwTOxuLzzH%z%s?dNWMgJjsgUssszbG$5cB(0l7nzijP@L~F;RN$ zs17!UMM<-uf+Jz`lX#2UG@k~nD@Pf>1Zp$R#7Hz^YE-~SaDg*t+@w4jC%^-1G$eUc z9=2od7BGd0zoL;$0RmvH1j`wrsFPJv0t+rt$q33~iWg3IF*iLoaA$WE|5^j*q zW=zYOxBxt`nBCChsgHC@*2hw;6AJlo6k;4UFxV0rF;t?GC2P5u6X~iY^htzZ;DVVE z+FmRf5~B%(`-BzXVwf$_qbh0|rPR>LP@0VN`8r%+U4$0kQBmoMfm6?m*+EHT@S&ce z-E0yk<4tFC4iOLSFpUP{rpRWtqQUuo(1Mtj)uybNXqkdPtW=X4#pSauos%0hTdhJ; z!3~(yxGHq(IMU+kV^u?%O~);ps$=lbNQx;=<%?9)n6M-yFg2?@DO9?ll}v}_wyL*_ zHF?tDiKyN!wDg1xss}-ii3dz_)soY3Va^tjL@AL$2fsNk}iCLv(1 zpxD<#Cg)HwEfq8E+z1xS{lb_oc(PwJYhI-b&Y5XiJ(4i{l7;IPD@)Zwv#a!@V9ZQt zxTks9ZoQWe;Dpho%Sts*W8)G_sjMi6fDbc0dc;If1Gm9hF+!+j^TkG|Zca>+9I2Hq zMg~z$?@LKdbV4X>7JQVme3&G2R4nw8wvpC!TW9lPEFxjFo=?IlL8+^P<*Hb_Enl)!VtCfJ$QsEm%}B!fYKJXpuiMdS3CL$g}4R;cFnTuX69TJ)N3T!PErw(B9Y<~&Mjc2T1|wns z#wR!w8yRv@s^yCq9^|SXK^7%kQ?n#*aswV7#kyQ2b%7}g*x2WL{mvv)5dB`;(e1uJ z?$IG-B8gEK^Ch&G3@Wurz0g8N&0)+?A`5Fi;!_>J3HG;x#3lth?pZ*cvGsfdK*J6u zm@$uaf>yqY2T=nbbtFF%He#t&GioMH@^T||xI6a5nM-4qp?zBI~^2@Ry=K<1o8y+tVx78Sgocta zb(gfG3_QeYgGe^QR?<-m10%)x;<)DbQrd8cjvID@FM*-N`2284Q>uDDtxu>CfMSiT zhQfZHDpVB*18NW|he0m|PiWrCkyL=0mH)PyWFyp0va*|-jK~xhmb8kh;6MV@5+y}Z zTNXM}Qmj`@I-^?G;d_wHdx@;54Cq3$CTC2v(l(+z1?L+T&FZJA#5gr*RrwK^P`vC2 zh;Bt2Iu$X@!+2HW#GnZ`-9}A_JkFF7EEa1Q+GxPTE^lZIQGmK8S{@JmEH|ioK`aqR z+Sujmk} z5*?cCIJQ)Fw9XJMK<$C7m`TsUTYalFbZhx$2Fp$8R2IeaPKv6Fs!qfZ(Uln)Ot1iX zW&=iyo`M+}E9W_oCM68dK}#+tX46fnHKs~TBpD**Z2;cjOsUu%=7eY*7?2wXL>RIYip`b+(4oZDDnmZ7 z+UaCT%|zXzpJr(uL0QN!Wu2)rIGw_Ju2e~yK0#K}8eWA{X|L27;7wE-4>*8p* zXewDkL^oIKh%JmF2Lm+GOBt$)<-$oD?iRY;$f_Vzmrv$OWkI}Z;ffG!WHVZ;b_#5%0((mg}fj7=@c-onstYD zq9jDHL%LNOsE$2|fYD1NxDKSZftjjhix6kaL5p!|d!ouPu)ng5(g>T0I!{eV4^jhE zhq#K;YO8@o+Yus;<9Xy8wSqJ%c!MS%s?>0hP&y5#BX&ATQ;ktU-fh82Cs)Xz6>^+I zM`I^nqw@74+%^c2)0=vScQQg9nPfv*EyBLq41$`4R~wX_k}{oAy@yQ5T&CHJ5kNJi z*6L(URr-BM@QY?1sn$mY4XtwHN-pMN1GPh@H?lg-hyp~(m`+2itrq6b!+9U@6o zM5DY5J`rrHIzXIUzEew(c||Gr6`dYPt)?$VjilSo*H{<|&8*bs(N@)$gt4S>l;Z~0 zkSDOvZ<&Z@#n4-6(weSnFdpVG0WE>U>NbOhl+o=m8Wr84f}wab<#0s5hjeHOe0EFy z*pP!^3Ze*C6%!3;kgfzqsTB3otx0=SPFRW&hKW3vC?r*4P~c6zn{3B{Kb827*=RA))lgHutr z-iqqg7U62OAQ6<3LK_|c5+>3>K7g8WZP3u-2hFnHikelX3U;F18i{5ROR&9kqg6{- zJg#**9uP{3-XsFCX4Q~>WEE9RkVd*MRXPxdxJjm8l;E0S@t{LS&$dz&D!P<|^=&%O zvFWf4U;3uc2#^bX$%7!XQT8GAW(bU3iQFC*iTy> zh-9&xtf(bfu4qau!AtFU+ZsK^og^B5cIYK-Qj<)o%x0rXRK>H#e@$D>>$*mgOSc=a zZI7XLuVQwwG>%8KURFyDmt=tZWMmKPVaI6<*`hsE3Czz5zF4t6UdJ7M=mfb|mZocX z*W}1(D5yl&*W%NRp>d&Vm?=_jA&q1-X81u+aCBO#k|^zBe6`w!%9Wl<=IdZ*8Oy3> zq%df8q+E~DM3iAluuW&wL3M=ZO7ESr4gK`_+V@6}z+y z0pq9Gtry@XUPlHaI&9m(bCJesv3~0gYBZDJ@)7Fg63t@VeZSFDl~#jf2T(@ot1YgO z8oN+QiYA6$P3a~8^yOT?*O9_1H!&f!SP^0ye~=eroS(MR1*P9LO-b*z3QavKqja?< zNSUD!D~)n79dK%@M5<0`4<;eo&R0CKgjgI|H$`66LdI%}reHUUJzg!?XrqWHnO3i@ zi=>&=s(gAla)hxAz(>o&CCe{is8$tH^?qAwXUak?r+KatrWHa}tES}faS_cIf-?=ZpHve%d1L4>{~s$ zX4f$u>biEVOaVpc>F7XB8{&{aq;9(i4O(rNfr(Knoik-vswROK;AttsRp}N%6 zyfHd3a$+N>_0poL#gKcL7PV}l*{(TsqB6+D4o7nk7D)neT3HuK6~=zGTL#KQ19kcZ z%No{+z#k7VHDa{{Jt@MK0Rcl8%Gz}=k)b+t%T0xNA6QXY(~hN}AgH4NvLiCxja(5n z@o^B5Wmy224-5t=zLFo=fgzWha>x~(G3bKe1fkmVWFcEYdx-*<9dvqZKgH!HnMBou zoslfHfuUTNP!?8m7S=C~vIsmj8#vAu`+&0;pGlGVWR7BGwM-6hG~{|oo7SU5DCP6| zP-`=Vnva=T#m@5HFxRX|$wH!$8gyhjq3Lc<3EB<-Cagd3`&vV9)+Cz{3bixJul zB136@wV8^r^X*K9n={8SSFdo)o z2LdC;ORWtUBGIj*10pYAk>sIr$zqcOCu7425lAwEt}8=LDu{5H&tZW*%w(m;P)dfG zF6Y!Uc_J@5{i*^7O$X`G!}cKGzJo09M50iHla%ABYny8?k(p z^7S^G%x5MZLs%W5VwCi;Ar_0(Dvm>lPFPI4hz}v7DrNYHQL_U?#wf(Ab|*}#%8i0j zrl2$pjGh>2bckg+)<{`{T$saKZmCsNTa;ZWcezQx+Ep-i%AlJ>flGHPZm)$gA+T0D zg={j=>jkpl^~n-PqHH2t&XHl=}AFfk_sDcY*Vh7LscC0%a!ICeo^7 zVy&n48ikgH`GZbnfGE7vZsl}Q2&k~f2v|k(+vT7Xb)u->V3a(m02vsHaJo7wrQ~)J zaGRU+t4v90mm=Fl6O#t6MqGjmhW%LQv25G(l4Npd`?wk+<0K;6sT4i&WF*NI`eU_uF6AJ>2j*_fy;SQ+ryR1zxH z1S?O3ZKhF^nxSeA6Dcy)^|N`t8o^qYbX^crkKK`DQpojrDOHDuSsyWlw59?-*#IsK ziX@7W8N^hzo=y!h98C=?7FH8`ESDuQ389J{41726&>Es5+!>{*aL}oVrDPkA!=Gb5 z>fsYGLQ5%G5|topElPDuqrRyFNyy3x3B>Tg=WcwPq=)GSBn>OFNN3UorebGDiQ0g5 zRFdyn9T2BcL$=uQas-|Y!pPN>Ove$RR!E~Bs0dYhdKn}%D4LfawMip|QG=RUZ?aIf(eL|>wku=xRJC~RIyIL6flWIlUYffP$1o*!*=qFBWG*cfcJ<|qikhb zxdc@}cxEyXlx$KB;9{$oX{BPDc*rXq!$hhMX^@Crmo?NQ(p`-T{FKyS>}~~0kR9GC z#dYHdRtSb1Ogzmg6;f5Q-eAh3w7_Qz%)kzSzX=vN5NcvNVa`qiq>$IUUY4?HHWLB^ zj2+nR6sxw&O~2Nouo5;5v&DMC!4rX%M`1hA#CAt5*+H%e1P)M{FpA4P%{EgoQ5^e3 zLX*`(!>RX8qQ+VS!is+%s?5eYh;Myu`(V;?Cd_DgADn9qCp z-VpecWzQa9Ar)4N`CgpL!%SLMeqb1d5|nq^z|gHuIF4)irK;+T zvR=`hbfU^Pscuv6V`w7T2aY&44Ff-dVkHDC#ijGiAcEye(UX{TA)WJyG0gfliNt`V zN*OURLKS47w6lC*o4LB2VKU>kpUQQTY#Sa5nL1gRh;@#O8$f;EPR4*=iBk9WS}t9f|R8Tr+S8TvzA;&h}aY9Pj&Y!}!x zu&fwhAF^hPgWGm|kUr(pRI8iR^UV-0W?iL|B3dI~2ku$dL*ViVH=U;4OelDd2Mt?3 z(QVM2U1}wU8cP>}^@`AdTfzF!gpCGDnomU(p6w~X#W_I8jA97IlBp1dA+P1(s9M+f zQZ^x0+fFb7|Ntl4O>mr2MJ27wY34w*K`C${Ve8`SaaNpvcrBh2qvvEIB8bu zMR0$D>!?{TW>Xs5f!ta`OA?Y&^vk)@faP?J0wF^tMlUSzmlI)3QrWTrUIn1onX=oi z*f3k8dpOk1j1z+rks0QoQo{1fdRL(FCJ2#~N)#I;D6*NM8d0}VsiS;OOdBOKR%bkv z8hMZ=r-gD|HiH-jQ zY&k($Qk9{au+%KMWvIa6z0Aah&2C=wLdD|&djY>wtDp60Ef!UMzLgNP1Vj&XlC36_ z!Z<)6r=%H{U2lwatTh6aiXK)^mWo(C5kwjUGF-S&$PRUQLZuKPZ<`IFPUY}KifCqx zd~q@=nz~@4ec+gvTE#xY_tPK^Z0OZ;#qJ;>1ND+;Nrsg|+bOhrs!NS>6-b^S%?#x9 zCR*1X4~SF;>Pp2*ucRagjd3KB z<|RYQwiB(GbOXFLDrr<#*P2R}PL`c^T`A#B+$jJh%gQnJ^|~sE7nF)T#neZtB1Zje zoy$v54rc+t!$Zd9Jxi?Sa>GtC6N4oz0%U`>P;r=r z>=pQ`(-;kt%Fym&g(8USM{LQHiAWFv*D^|&%;Tf>PzXxRd_w3b0-bZR1wrbRQy{ZY z!0b_qp>0m|;zOF~Jn8pxj;-KjO7U44$prL-v9!M6mas|&!#PNz{4qo~gnle#tHX93 zAqq~#keUq+tWv3WoU}+PW>Fd0ZL!Ns^q@mkM&+?L8Vn;#O9d%7uM?_ILMD+I*i{aZ znPij2sd3J;6L6^%?-<_4d^T@K=_nqBFY+*AkCOsIAW4u4DxzIEjdv(?oNjhoLzBqF z7>bE02p2-DTP+EtXpA@1c1w~2QmEt<3;%D%9H>^bM8weCsul+rdev&9Kn~$@Z(@$| zB<*>iuwR>q0FgGz1*w~(%O%Ad4vL95Z%`_PYjJ;>@-n6mZy&oDr{%sX>?*(0UfuCsLoQE5OoJ+@=|2 zx_#g3Q@{&krG}b=Q9caZ8BFMNeGLJFwkiZsFQuySWJN3w;y77IwdBsYQt&9e5~*Ay z<7tpGQ#9RNA>i3Ugru63rX?7(RqC19wpW0M#gw8n%qmDS<>u z9nvr~A$wzdGV17gGpLLM$G1{;+P9@qP;B8;FU$Z6nAG61%Jl*uY5|bdXb@DjU7}!@ z13g(3=`b7{HKAnM9l-&(fMu<`OmIcNVRp4))2*mv8PE~aXGIV!>Csg|3r5wh(=Lv| zoD?e6*F>^8GMkwQI8}LEZ+C`8pT&&Gw9#Hf^G+oD4m7kn{g`MlJ~86VqK}k81Uf*v zzMad9WKYWxfmH*Es1+rUy4f7Ys=a#EbxJaT{%pkdP>?_)rz?6;PU&bEA1r_*r4*?k zdbVG5dqS>R8;EeFr71mvH_WEdw1%GF^hcRuoOP5JqC%@&qFJvFBEAFQo)cj$YVvlg z7xF@>frt>=PSjL2J*bFn$^|)WiFB74GjhE{)eAgRQIJuIZkiJp>I{f+w_)UJSvl#3 zLSe{|J+$nw_QaAcHt)f76ra=Oy#)M6(ZZ=0qR~-^zI?{Q=1<`8{$|^w?WKd`F z{D5X*&hv>OK$rQk4UKTzfW{!Pj3;SHi6EhGWU^FBt+GnCJ_16BRoJ=(P!B6L8tGVN zPKu*u5_s+kCV&M>7o~e0i?WK4EssjB0g1S;iX{^2OXKl`2R<7e#lbwg<^-*YTp~(? z% zm@Mg`RGdWFp3@X#eVl7JX(OxCj%$-D&$(_Jq-Mf>G*sDAfH~!;AZ0^Th#1nUhG&77e4No?YtzZ*7Jh3z6cF5*SE-peAi#7qMF8a=C(% zZb2@Tix8`cvmu*giPU6hp^d2AtMX(`Nfvo75tA;}N#p4dDd3rgG06By%9AQR7_xJX zah{D@nv24rY^8^Aq^4_?c16=7q9%wXv8gE|3mb7h<{{|;9MA*AbVei;jDiUWQV$F5 z(1C|ssUVfrMz!5(B8qAhT-)l7TZO(QW{hM(@4ICRBGb7f3v$y~*c|kzacbOZkq zmRgQtv|VIj*-~go%*jaLwJLcQU{1=k*dCTq8X&k(AUUD$P-H5jJL6K61xeuvqu(Tk z)vOWeP2UmeZi5>1^kg}QNq#yxve;3gjA_YI4~S2z)(g^Vwo;WFT*&~U6RFZv2QHQ> zJ(SA`T&3FRLH%|N!Mg!!85oih@@}&LLLDU`*8I54sTq0?sxUP)-yaT%-dVI|wi_O(H}pxSXhT9Ayr3$UD~MFPsg0dMO4MuI>=p^*1M z$f492RCA$$j-WA7BcW(qbCJ9%gYU5^7|D@crLZ=Xqku=<0ML`MfRvA!@xKnt7S6<$ z#iZJbRelWk!39?xNd{F}nvQ??5nr*_;{W~LM=(zaugYMa$J$u@Ko3diVk34N6 zgPKol`lEgJv{R@2X!`bZiJx6pJ$T>4o|p=)`sBb_aEJN)8U1U+>9AlA)7XzdD--Rh{OMQ_>X4S?m6LxGuLmP_w)<@o%5<` z>n_}|!_V&C>y~qG|7vyh+wE_9X}j8j+70L4K4r#Nzor{|%wOjI>R0#fd(gkKj`PY+ zpY-whj9&Ocy#_C$M%IQREYJbBaymmekVzu(LL7vaynuZCakzlnAK^2xfF zr@T@?JmLIhH^2AOuhu;O;#CWudG`5dPx|f2OJ+U{{rJ^6=VqeiyBxN5{TFhB*~s$e zZ~NE#ubjN?yJjNw;E$O( z-0BVAZdkMaY5agy&t%xb>Z^A@CUpkC@2t_b**~8T&!4|+?|+>4$FG?CFW7z03-VJh z9td}?`)<(;{_91|!f$hPfBNjAD~@H@6L+6dzVuq`xMfjkheto&`0mDyn?HQ_pPMgV z{nO>Co;|xe%-+)b(Jkv52Mm6E;o1M3b;;aSJN@9K>MZz;;MZH0JxX6c zA3pf8&DT3i9+Vf);%-x_g{9BxTduHu_*bww`;#USAOY{O)tWGCD*Kf zUHE$Qxo^&&fBp1B4_*1@3;3~1ZhHE#c}HBn*DwAwgOm7oZq?HF|MjTJw0reBU=I7x znQJcGvTFFRADsLLf1dl~lAY?W{N`j~-|F9qLZMJfy?MR;>f`0LN1N|0PhEWCUcWke zmE7p=Fl&e1mhE}*j7wj52wVGnWyQ*MTRy*erS;8*M(HmbiiiFFx6Q-P`@@x-v-s+@ zzvrI3<;>%D-{;KZN8Tr&-;}C9x8&aouRq~7v;I7mKMA&EW&VhkrYN`yF?FX!pA}-_?Hc`k%x1-g(u*!c`kKPPvrc_h@OqRlA;b z-L+TgYma8W{`bc7KF&=!WX(P0!mr+$EI;+A?%$?NpLck+HRH$WPoVaBzx#>@If%t$ zW>nV9n7wxX6VE1(5?37zgb1|#;$8QdyZYCsJi0Zvc!!;i+5M@XcA5Rw9_;?myWkP; zmm9C2>g}`fq+1_ahdny)lofYPYcII$f|Ci*xfCv$^N^kA-$^93eeZbzg*Y0@(oi={&56x#UdQ-gnjbk^>6^lgu z8ttWjU3t^HSMIPXee&b!doO0z+{38eet)UWB}!NQ;Dl$Vu9&fS=RFTR_NQll`}K(> zoV@>%YcH5O_xy$AT;j7Aj(g>WspPRcOg`PT>weSzc4XtmZ69qXQ=Pd)La5B&Z~h;r zDhF?W>7mR@{ujp_US#i+qzje-D$4}k1^}~DGC!F>D>5ssB zUVGjKZpF%jyH_5F?zQkra9}T;c;b{9jr8pOUj6#*&SGTuRrkIq9sTXXi@>LsXa3fI zzj$Dx`*&>G!XMss>#@&4tL|0r4DTLL>=T`-8y-93TK>wPd{bU=>z!W}kyY?2wfCg= z^o3``Q_p{bc@NO#Df_(mqrzuDiYIhU@Ra_;?e97a8on!DL%JJV_ip<jU>@2y)5az3A5c+kmnG3<)h9<&d?;iN~#@Ur91`t)DlfA^oizVoN6tgpAc z{qlXfaPx-`zOu`gAHSJDDE1dNe!32`{E7x zk01H$qQ89c+J`%S-Q3~67q6JN&*HDwuldc%58qz6nVtUZf4=(ouF34AzI2ZRnBl)( zSoz}d{}HF(d)Thu%UJKV&tLlIvlm}*#{pOU_3~?9dC-2~p+DUvI`e+L|J>hiy7BMF ztor2%XI+11`3|PO@s#PA*~E1_)*cyua@*T)zkTPD-QJx=xRcX{t;hn#uI>Yd$`_w++kR-OFt_>;!04=rb-_e1xY8+w<$ z{`^ljZh2n$bpDD(*X_2Ezld=fPrVPC-f}I`FP^vCez$86c4mM1&dP^&zUk(h-~ao) z&Cfr6d>jASo!&dol^^U>Ea&|T=51PfdG)K0UO)W9i}oY0nt$>&AG~}=GQE7?!u<#9 z2Yh|u-dn%=>Z{v6Sbx{yr)_@g$#Z7EwEYoB9Kn5g(xQtFK8`j7VoU(WH#roPDcB%K?x>?!1p8yo{=h-jJIBak3<2N3C=QHc-m5mGbe$rp^ z&9bdWRqmYqy0rEu&;0JtXT;}!`BS2vTbG!!VkI_OxA3hWoc;1WixzDdZO-){{bK*4 z7d`gvN|!ux)v^oTfUA|!<14bm`=@#P{OiH=^5%2@Sbg+K$M5v%+MQ-PkL8cKa^WL0 z-?((zzFTMidH%)67EgChemMNag3qr!`lQQ_9_+o}x5q)H&v#nT`PU1-e1G+_eHJ{r z_m;Q6_+Y*8)oIPOy^mgd@Y6~9v~~ScKi#wz>%4r#r(3vfvi!)3jc+mEkS}~yyng%b z#}^E@&fHR8eETUsiGOZ-#YJa6@Mvr8^bcOW|F)m(vZ(&-ML&N3sq?P->f{|Ce)ax# z>37{%{gW%-E<54-uW$bL2imkLXORrU6ledQbWb~I$x&N^_jiBy)JFSdoMiV^1Y|c$+geQZC>){r9{0w*H(qk>eYbz|%46vZ_Md&--N?G_p8V6Cr`|nghqJ?7?oNO6o6N-r z&;H$mmyoEC31`llv$eCws=L+ummU**F#E$lUhvvuXPoxx<}W{b{r!6$|NgSaGv|Kw z^j?3xcw_RM0+#r8kGrQYG4;E(2mJ*IcI>5ppSSIdt)E*bKk?7M-F?y(ME{f}b1S#Y zm+iD8^WNX?K8O~Ue7Vb^OR?_XF9|nqxZ`PV7IB8Lc>jkw>yNx+zuRtE^~Fc8U$y_y z+U!G~Jod&H?yBAM(!0-J8?3)2b!VU-uYVC_Rdv{ zJ~(CPM;=;NojG2++x|Z};;fzD{`I2APnrIs2X=bq^TqEjzWt~NwwpS2+T5!(?;LiH zLtM6?a`{}Tbt4^{Gitk`t8}b>?@yr_4)0Y$)EjT&Zfq^Tc-TzY-;r-8@BxD zf#lSped_Pd+2a>4A80NID*YF4CbwjE_&c-Z*POZjjN7*Dc=_vRnYVPVe9r!E`aUjba+dC-jc_+E?@T9IbWDymG_mYxg~H-v?%#vG~JW&3r%>%HFk?uUE*`8oYhSFZhd-;GOm{d(=;H>^47%6&g&@4S#{ZT;w}_AdAD zvueq@V`uHQ>Q{SSa?4|1UNL=D{UY!{D{|PZP??iZNJ>w8;j17YovKgcE5U`eNMjhp}BJ(o0nMq?DFIh$1VJadzSgg zX7(pntbhCp^(b%0Wp7`<?QM@@21IF|TyX zyu0qf5BPGIYu5hasM^#sZ>EOta;3d*IrWJ5j(XrKQ1sHZ{m1S=|8nE@Po2AT=GFHD zF>%b}*FLmk>9+Tuobns>{#&v0>{ots^qG$7yV)5r6{r*i}+W#@`46no$ zA3vSnRK1zq(|Y&F6$f0@erEZ8mz}%*l7p^~HRGHwkGS{*&2gM_-`er}pMUf6E7e6i zyi`BKXBg{t>1rt-xd3>y!Y|anmx}%pSkYkd!D{z!>zer9(e}d znKEU^Vp(ve9(vW=hpXU$o>|E~9~UvPPKiN|lc^{qXI{_69mEx>pDZ2I@u zgPWG#dt~9%^KM@}15>6x;H8$A_L)oUv*x1{E<5RvBb4^JyU)4McSn-{S@1hzEBfB$@L)>yavMCQ_`u3By$ zg{7t(cMZ{>f7t4Ety8}Q>h+pGj6TlI#HXHlv3u)-*PggYD87VTIER>{-SzQ7FCVfO z_VO!>&N>-i^|rclulL@ZvFP+!&wlaQizf(=-?;JNmM46?XW{Avmlg5FPfuC4>5k7&TJqv9a}O>qc*`yd&KCEKt?%E4+#{TD zG=0ZG*X;KaHWSFZn?CvH`XAqZ=Zc5Vf9lZR@7db{fdjoyu;>C*>EM9)Zzu$iPXS%=7J6|lDv+{0zp5-imGY9{E&w~nB`N3-r zx_+0!lD}`c@S&?up0SQwTkHJ&VB6U?>!u?QnEz<)=)s!h*Dt$*d}jUnIZr%aTU|?^ zi_e<>w(gyF>7sWJKA4`iaq0Mww-+4si=Uo-;IeDqy8OCrFTA}#*ej2}d63|6^DEvP zH}3h?JAaw6Vlg*4d(kf14iCT&ZrXWIaarQleb**i`%l^78^BJt16|x%dc-fkTe|EI zGkLSgF*{%V!S3Il$IDY*IAacfUGYSE!v)zh&&(D+gPVWc`_Ex%jkIjdO?h(>eAO?` zeDdR6K6~khUh)SA9s0=LUw?Yyrme?6^uQBM@2@L1T=BsUyDaD*v~A0C(Z`QGbHtN) z;hNhw1A7gff90XqXZU}eCH?B>_z}+I-{^O~!SB8=a^;4%M$<<$f7X879@i}Y^wV?J z$%lBqp1FKc=IB-RUAFsR^`CxzEH?Z0BhQ>=O5-Q#==>8ITl~}Pzy0h7^b~U;UxYqb zO6|UQ>9WKXA73)#XGe2eZ~FS16Zcpb?Y-sf8&6sBEPv$E%VxB9TlN07zihX3s(i$> zYWm^Sqf0j}{nw4pFk8-gN8VxOHom2NGvc?u=!z>3xcu6y*L;+IaM@`KHr)2&_oM5+ zfApJkUn}qNH)`9fi*Eh#hX)9bdBEzM9(ijW_SSn#Z{7Yj;{082GJ9XEN3Z(TuOEB$ zf3y)$5-5)-TIBq58itCOCD2@9ye5)JeJldJro59CCwEQz;l-z*+t>1e>5Ck~xA)+et%5 zZ&71k#ICbS^X-)DHjhqe1otb=8o}R#$cUIJRD#PK(f&>bQgaOS#U?HV;|MA05Hf^h z8aw1Cp))|o+nDVIsu^x9LVCWOCI?;|;D|Xe9~`*&Cr972xt%ioE&K%#CYXgR9>ImN z6rkgYY&M@31Jy2MSfduvc8NiZ+W2bT`ya{hG8vpGN6t3E=2OyI7S-P(3u;7$)lTrG zr%;jOy3Xj>2;O|j&Ev8Q0#2C0Z8VwtMc$baXx zJ0&>#{3u}qJSF%F7CL%yPR^6-^<+wsDQiRHRC#YIz##*sdBBMR`YIZ_t!q;93< zqOeOMB9M2}Zw{KqM-)AT?Ven0c%Qu(h||dzblm|3sWJ=&>s!lXGBP$5I1ipm;Cx$ndw>v2_?|}GobSr*&wa>#-ReB2 zNqy_P@fF7ekn_Ob1CRCF-K?*d0K(k;&eNTNY}910@$*NXfV1tVckz(~6PW+pBLy>$ z|K-8?&Lo3Ka@+5N^y;b>}2Uh^NVz0P-Z0Iw!=g|+LXaeQlbnpM5olFmy3w>}M2J$^Ew z=Y8l1h|F#LLmDDMFf%o89_lLb>4zRge0^rOxe+MrHw>K1UGPz}rk`#(>#hkVPn8SsOJYMUtnJHQa9xzs# zU#&=99|O*}KUC-Pv$5ko#5O!UoJ~;BFm3&OcRCmLOnk#Eln%@R$CP}L?D&#xR9zi@ zAqRc3%%+#)sv5O=Rhpt)Sg)fZA|_H9ls4bkd`&0;xZ!*7^LjJmxlN#nyaTA7-{vc} zBR9t;DiNuqfU=R%6T7j3+z#(U)$dtcK$9zeo5gOR>f~h^eAiN6H<(NVXP`N-XQFGj zw`yQ68i&Hp10k5ziR1#R(_2ux@1#!4olwS+WXT)Wfesl5<>?UAimN&86Cf5$B}AxT zJUkh4eYn3PCMSPigEk%#aWOjA%rBHvG@2(+_Tlr5YToiqn8J{Kb>;MUCI%=VwbBr< zq7##lFi~Bbq~|rh|8ww@;R73`up8}YzK~Yiyo~n59wrI9JWx4P?_2!;9O;Y|h`hE7 zy1#zuNX>wMa{u?(Sr+o-6(EofKp*0F{=sPuCe%_IMz=a-M9Jjed9?UBP)q;?N^O$$Y$7J<+MZQW& zR&1Qt7gmsiS94PHo%y}Uw|EmXagTX4XWtu?0abvn!PtwmpzJC96u*pi#Z{~1LWUEE zM|Vjj@a9GSDYBkPnPX*MqF}%jWWZ89qnferBr4eIf^3eZdkXaeKI#-k5`1I^Ppzp8 zna>S5)E1uF-AI)PYR4%t-WNT&DU*-NLjx9un`4gd9kBwIxRAxqU|oa%ihprY z02AOc7EXO!b@lmXujaj>XnH<-PJ0Rpxcq;PU>3saG=@dY{^vWVxRDu#IkFJpT0%(y znDxo+wI|e=n&PLs6cQuTD9*1A>obY_Ar3j>S6SQ5=6moyVsO+B8S5A+h`0 z+x8a<<5X_A|IPvAc(Zm&>5jHyVgIfMX@sLe`Bt|Xfbw+5`sXl~<1 z`ND7UWh39Sd3c0+Ierb6P!f7&imAH`QjW#gSR-?WBBYy=Z`zN)VJ&a*A@=y9zy)S? zHrjJpY1JDRubp&?7_32t&?{hBaE#lBvsPWMmy%JYRHsnjuJymgnwTjjS&wlS_y2q8 z`YoL$ndygM+u9~51V3Z8D=(-porZAyMcrfL=`nZNUP5=%^NWg#_$Az(NgxeVj|&*X zMo-+`-93s}m8VX;EF;g|lX3nORyf1}3P4p(K6ua3xg+ddt_s}BFYNXu}>sSApk0+^O5A5Hv#OWR# zM()AaX(PJ+nxaAnZc4hO7<{JTpo_916)k}! zdIzwM4x*sZu6Ah9FMw)BF*ofGnW|{GTqjE-#StIpk#Rfqx^Kiyukf0@zZ!LWK#ai( z4Rhc4I=qjVngavku8oN7p`$@VN;r zpx=TiAl*p0y$AZbiW$!p9xgcp@O1l^aA<`T+*EKz43^Wj%#dwHC!aw@=%8fW!muKQ zV6tXT0hLx|6p=Sa1)b@L<6!NoXpfSKYG-J1m@GYwaR=`&?H`C`?9t_Jnh-MZ&+KZN zf3Xqu1W^sZxUZY`!xvv&pCXa|I|pCHCsMpX<^-q@;4h{*inalCqyJ2HE3a8ZJo z$Pmx|{V_Jgh)23VLQ(#GsZn-=Z&**h!_AR@7G&_{tK((e&vLz;JoIz*65yJGrO@A0 zm}*??FD#lBqjHNCHS4=bY*sbh0?%Gf+0AX;7eEh zW1jj%j*VKjEM_6+Bofy%D$E~+h>#T+`f6j@=fJ;5K>(9H5^#0Ygsgu(8%JqK_~QHb z2k}cLA@HPmHA#ztEJ%FzBgHC!B4gv=+!<+z<)!C4G&@!6R zuLQnf#u2~YLW;BwN!BK)jrehyoF|zR4pT-ZDTG^ud`JDwS((u&U^C2rvjDRu|@3} zguF_@s`N7A(MRGHWynZ|n=$bJwDIvVKIsFjG7Y9FhchR;J(JL6?)r`8Gi7tvR9|@hKFdXgFgl zE5Rivz1M#J{`m`*L2v_&@(JSAeE+a40sVC8OJ(Juy#(yp7n_%*=`Zwxf3JwXIieJI zUzbl#@G2+*6bo@s*6Q}^cLPx7y6C*;_yq?B?PH=UhBaDwn%k?xN|XZr9=0_kQV3lF zSoFbWlrT98TtlBOzfW?bQnNTA?a&6kF zgTdS48dMVJwEUn4i_vVJ6^gJOCoEI3s&)~H`1x#d`pc^KqV9U5(ok%;iHi4M?l@`5 zLww)5QO1%1y`g_ zoE82%dTa=QSjhh+@(G-@wapZo{;I00e$h?r6F3d+;Y0@?ClZw1s|PU0jO#bi_GCW$ zhre3wZ${}Mb@sEE1YAX^MVp0z>-LDF&p(68IRDj8hDllJINKpp5+Ir~3n@73 zxxG9bC3sGo9817Ugw(1Eu^I3wsqSUOA)9H_Ur%S1+<7VV`&u=iBW4`8@cBOj zc}lj2ba?b*HzxGAI=E#7hGKH?{${o9YOP9B5@xM(s|F-UFF!JKK0l zR-}Btj=CBBMU8m~`<9Z`Pao^18K03Wj74}JNA|1~1$yVbC&?uiz%fAW|LK$NXK5|J zCS7k#-1Fj}{>OTsFnz1_xy#YtKV}xXFmhK}gx7T0vvdNF__)L>NvQ{CeXW|uBkH4S zsJcd-EWp|?zA=VBi@OYk68umiTXyIYdThBn#aPbF_fABMjM?$N zsmK_td5nL)z-lw(`s-)(IWK3y{TopgK0X6x{!uMGZ&+o{6|(U_qebR)UEDC2c}#oA zTR8JCi3P%EHzibKvSG6M4o0Nm_oG_Y`{u7At2th5C9UO~yvfg;*FNnPCPJ^YCy>3X z>ifTZVOSU({H3C;Jy9KvM?;+u6Jx}HAOdmJ&Vg}8`1oy-Qd21%-+P3;NB%oq{fU5> zl`WOOU`PJ*QUtWKX%>8b!p1S^QjLhP(q|Qo7 zar+HSL*WqbstSDg(3o;eUEESyJO5qj*~hXi+f}n&e2fd5>wF$lupAVXULLdU%_=XG z+vKo}`g{nzJgNtf*J{h|pm7=rzw<$G2~$%fHfABUV$KESL>P6H!t_UhDqEhcPU9TE zyEJjpJi|XukH^$=J7JFBf8raI?U>O~)ZP3cfX2Jx91E~2XNKjj>LU(D^2@CzOWnu3 z`q^lg!)tIBqskyqBODnA?914Ci>2z+MOy1P$wYP4C73 z^9kCz=>5ky#Y@?4sH~F{9nfkMf?6H`dm7PuZ0q!@###V!&K6|p1%U+z3q6Lmwk*m_ z3D)evB2AbtME_NQxS3)v>o?`n5(4 zEVAKz`PV(0m9s7tdRk7KKYsnP33DNQr;y9peBCU1rrTX@xDLhL3fuWH{p7~&`>2#B!nT(MaJ;rwg}}5xsxMxEm--l;{TwEgT)e5BK>B#UF~_R=swfpC!w-s@wC zcx)=OOx_%u`~kw7v%Fq4kAO#fOl(!q_xp;xNF;}cS;pX;hANEq~)QA;ccNKr%2dkKeKJ0kE|e{+e?I1$BrCgA*gP zMEDkhD0y_w`D|=+c@yuvG&43mMFOhTGOgINzKm}Q zUdzC9VZaQ%I=H#mZ&5H;aePFMk)E$8UHM$Y#24cE#AL#K8|^CW?sgK z?BZBg0cluSzk8n&`ER7zGI!*3;_JZ9Nz03jMVH=>A9+Di#nek(J)te@t*ys2p$3sa zTQ|2Mv)`v@_SK8JnL)re1Zo}s&C0{Q5{N1_>NgE9^kQ9uVA3=g zPjyqD83ev<+7CA6W*PfQ@#iVlYQ%*-AKF*?MJ@l$9P3WL?+_`~t)@aBV@&?DMd3`h zw+vU!>u()7u;zSkW}(B6%|05Asip-dWfw+%>T^}>y}7#|g{=s6yQ~nXI_*t7Ua5vt z>Wkqi^ncPROXERf<-}Db$64<5O*gDHk^!zeg5U-VJlX(CXY_{m&PXmF|BHTfV?25<3L!{28XmPa zNQKw|(e(CB3c?tj+~QSm7N_w$0ETB;T}_=PiV>|XZ9%xj5x_Pe7c&3+(HDv32n5DP zt(Cw(R3xn0(n1{|jg(SUL^GPp7u|2~PR{Ruk3;rM{t|6G5TL+Di-z&EO7&d&{ef+d zbF4ea{Kpb5jYQ*{zD;{lBQ8Bhzi5NcO}FjB#iv`07H0kv#SZv~ohiS?+uc8Gl?e>e zOuqZdG^9nDXtYipuZ zOw#}ws{_cvq_xx10>PAY62!8q4eQF~eKPhZ%h2w?@9DMwgG;3__~EYY7MBsFQHBgZ zeW<$>$V9_8Ni&VN-`R9H)U-OCP(C8aX_g^ioK| zLk&N*`$+0G-6bOQ#a!R?<4>fD0z*oC_sZ9@_5vR}*+(XOTRbL0W}iE{|A}*=ZZOFW zN5j(v;-&*|!TDb;i~q#KSKIoQx%>9ba>?(FK^6ufd<^tWu+XI$h5e(>W=Y-}X)W=-(Q^mJ68ECPp!lR0jm8wT-t;4o?9B(VhBee{zmDlx~Z9JJ-fX~N$65{u;tA<(CRq+j=TP(;b8M5(m{8Lh%vPagi|H&uWa6m#4H2PGgw)nH!XLC!&rdHvU3%llF7_UXTfax%(+QaoPFr3r>k@4_ zFdV20drF0kt>9@95!ki$wVqkaE~=eM1wI)1o)RIyyIsu!rj)OC60G_>RB{s2Iko!*m5^@(B%n z4#KEj5o|*1{5b(W?GVv|jq3JGP?<2u-l6%N~4HSCRoqwOwklAcp%{kTC zZ^&`G@}%0F5eug_pV+wB?i!?w%6~-BB8CCAGM(c&w+h0Qv888tIL%6Lh62AXfxKo3 z6`33)m+xhkg^0Gi?LJR#0UfHI{v< z<~a`;WoWXtS?0^{(^(~-pF-`>CHEz3qhJ}->r*)gxt+>CJ>M&gFB%MKP;o2_zQv%U zqnkR8$fjJ-la@wsUFtBXbfYE2oZ?H!qQ62oP@zLoJ{ee^U6hF{Q=gqDJ#tK;!& zj0;1x8VeBzpDMt2Vh7(VL<$!f^$^#DMtvSgXQ`h)iS-smzjN^0^u9W=KKPI^{`ukl zuYRdK1{u@RN9*u}jP;jFq|8EMh2}Ox8o@bB{l>4NZhr2}#p_-NAU4i_-FV};B~@Lt zLb|gdv(jlic9bG_|G2bNRTK>s!PN<*`KE&H+V3#8X^>EW+LB^}qC)EsQqTy*iQ!uz zCd_zoe)rB6+;pJA4C~`=4rX$jn;Z!v7_;9?Hn)L{tV%sC??A1>$qV56H5P)Zwx)@o zqCT-otNcg$#2WYs&y+*;iBgz{i0)*%&ruMu%Bw=KNn|2O4||(mgJ$@qjh_OUu=6`N zblj2M+qh2HfVP|dbtng&*DuEmWiGc8)$2#^LfdH&=dOO%gy0ju2&pz|v{lI!OihdV z%WKC!yRuT$zf1V+!@<`?if6f`c_ht3HprDc9#bhj9JqQJ$@F1ycjY_r>knbwc!#|& zE76BkC|4L5K1?hp5X_);Q|z%?bow;*zp&YBXlqo5TngIw-GMtg@EIcA_X`NJ z<2Gxj9W{!1@t#`LOF1uqvlTe9`G;c~9TLC+eO!u7qMc@?gVFdG=>Cjn(^i6g>gqhR z^m2)3U&sLcR@@@l0pcJy}QWjhLU8@8OoV-jAx zg#mtdmKH!YHPrZB+qjv97T;1F<>msRl8@-4pdnX!exe5Yo55S4BIeTAm^y?GkCNJl z{SwJ>h zx4)QmS$pt3ZZ!Ka3a80UdS#A-IWYdnbdDx8aLNPgtY^zg%xwuaLjv<;fd6?5S~Git zbIPw?J^iZyP7(BLET@nUN)}F<{Tdy7gYpIWG!=5XX$QVLq7qP1M>vQiz`JNzgGt+L#2x;H z0;sw(qdH{l>A1M6pxRH)tu~a6DM7Dgn)!K3r^L16h2syxsYEqlNBZsZ3U#Fc3zrsNtZem%WEfmMYA& zyW6BM2nXMb8&vB?_Vx8S0Bpq%eC(Uebgg#)QZUaB;xW;|-#14u+pz23%R_ijcLD0j zVh5ByIX;|2PPiKj=J6ir;;63&BJS|YThZ6wY&D#ZU{HSBA^g6F72r)TG&>R{f5JvY*uc~RLVmp7K#VpmiSC}aBzBlc-G}^RnfZFBV#37TgI)C z+;sbq9J&@^(rNfm#u4)O|HeGbB`#h7BC1NfG~;i@STy+X6#(98oRa|Om)oPHkqNrwoPRm|*%S@(a;hLKN@O>hmuY3P zz5*8Fl9Uwu_m_WR zwP$zGox{O=!#VKtwL!vr2jHNo71X9i0Qva6cC>+Wk%rPuML$@%zZs#46o`6ru`hOjCN$Vxc#9o zrE7Wb0FYu{)K&ii@>AMwZoGj2jxC>n0hw4B~;T)*ms-&pbn~Hk#ZLMUF>yjddea6 z&dz4GLYDFpVDLycz|um#zP^(n#xU*jX1zaFSM05TGihX0)E+6)P`&Tj_VCcsK}~-z zIVck!F*NLi1yvw$WZ93zRR#S2XAAS?DnyR!=1>m>5@;_E%CArKwA?wqyaY1%Kt2PQ zJ&phOD+l*DPP6tDaHsO{#s(LPEil^82ou<@Vb5NUakdCYVv~&G$fML@osJ5vl>a;e zHX8_~t7UWRG`twFU7|H3-5_wY_mK0*aAq%R{``gS^77ziYsZ}vSpMLd+=W)xe11e3 zFWy-YPd_1qQi*!Synp_oaD;PquK(k$^>!aDQVOrKTo$61#hJPinh+Kime$2aOMuUQ z>w7XSL%~lh=Mip?F^bKI`YfDvGpcn0SN>_2p7R?3+}YA7nl&8KCdk+R*gU01e97E~ zjQHHC=!zfQhhyNY`0*fH=S|dKl0&GP{`jQwPuEtl!jFefwiLO^EW84XC_H)%>r5(4 zuX!a%`1Dse74DxDJfJg6t3~vTqn)x@e(s#vwhG%zXSxlB17}I`^GRM30}!d6x~L{ei0ZS)%Z z;?<93US}eJiH@EUfi#M~32SkF?g$}ACARA5Enn*LZ{z1#O9+PJ+H2VD-JRVJDQ|?H z&>|j7N!jvK(Bn}Ic+pS{XBalEB0lx4J*{OxG^3T2loTd5cKMr?!0fNdG(72H1Uu6C zC&v|)P|$6`IqGdqSS1hHdH%to3w=CX-Z%lSwfc-4{Km*XhxU%Z{RPm8fF-J)`Yp5= z33<37MpM>fb4Z4FEd>vik2H^p^wlTtL)$cNWxTLwz#L-6!%Mc^L>PjP@aJ?+-iR^^fgL!jqxEK^GU);|lzS%hn1uF6=cuo&~BF9Pth za&@dpSx|DB)6+{@a%)yh&ZmFu1AuWsHdPs{sRU7#g@DkBt;Yu_vWX#RrD05^7f#WU zskZ=DooyiaxkembYu<^2HB`MDkU2sx>r;ELFP(W?p=H@8^lS4BT*!IMx1pS505EXb zT>bn$4NiLb>?us^3|>YhU0kc}nT1UAaE{^?;J^lbxb^uE-HB zr|K|zL$&kM<}3+2xH6TvN9fP-Cmu`B$?7`+7Q^Zgx>Z|@@Q!Eqyf>Q1v_2ez={0>L zk4+aejJ1hOqp`0vzAz(Tu%bZMf3MFbPf3;RS?BG%#K0_6M=<+NvVkoybAEHF8ZQ_x@O7Ew`c-k$x^5;CSy!a_>v*#i0$x5O+SWM>|HG)OFXm?a zB(C+_K$(uL^}e`?S;BlX5Zijcj%)%$>+M6I=R#U<-t=)tcYHUW8S?0AM9~EyW_VOH zD^}S1?{oKYdj|K?TFcyLb_eBiFbzdo3`BW_0hFI>>k|`HFO+1()K-C_gOSnVTvpPa z;?ps240>ye*ON`h-NzBs4JEym#8RM@33MS{rR^k#AenIb?JEg~q4;AKzM{v^Y1b_V zm&j_&@21rudku{hX?B5ufnsrI<4&<^D&NqnTu2*sbKdaJPhpF=TlO3KPQD0?ic#~^ zjB}>>6Mq3!>?v^!t0(u#h0PTAgXTTOo+J3M`^2_^%Lg1Ya)5LH|3CciegX2L!vNi7S@5yR%i|mp4W&bgRdWm}@5fF%E z;QIpnFU%nuc_J|ZC*~z5xc@aIh)K+0=%NSQ^F1D;k3HS;v4pLYY)2>z#e|_?LC^)j zu~5qId?)$r*La)ZwNX^uKY~HL_yLRl?Wc8~;#XaM7ckB#dZ9k_91M6ulHoIG&#~^) zA7#jk;n(A9G+`F+3oj2JE~$2Dt^eY35YH`1C+?^su>1o zUg)r99oF*l@_4;vcVTYqXcSBACwoF9fSBploP6o|+c}vHir49wg-B?P%VN+eYk{Wi zj%6L^XH*slNhjbHLINvV+|f$+gFS)6j#W}Cn8~3|U-w$>vDEkVuX%D|&5HWrH>ca9{;L2$egFj89mi>d{R!ft!YYVw&H%i72W<8F zihqyg-?%WqXWpgh`$?Yj?ZUW}HV!`?_f{%g7{YfbAOs_T^L&>P9H2Snuz@k+7q36dAs~3Dll$byuFZ+y!RDi1EKxM3+{uVT;RXbH_*W!;+%P#G|dM{)OOc zl$rM)O0_S+Bk=p2SowjZZ{r#cjbs6{R-yWfzj?QJF$4@dfQAHMgn>3Tou!V~j$aeV zGFb4uQSMl@iX@p*;}smfXlt(kA$@3?Z&-r;QX@^cTHzj6rA1@X?zW~j4o@x$PRxPE z)=5BgDBV>PsHd^g=FTPNnxB;^l^+4H@mg5Kjx7~k70AH!2kZDrj)anG)mGgABlUA^!n8*HdmsqS9#kE+0nLCK>+yKCDOGVEVDzB{+^acc?oqp7k!MlUus2$#p zQ2Vex5YI?hYbQqg4v=15AXO_<9y9D~%iFH(#~55M6$Rg`fKIdQ2V0N7uZBU4YjFR2 zUOvGYtieXfsW-`kCyn>DJAx%D&lX0X5Q)WgRaW#At1@Uo&klyw#*mM zCCB^QYjp^!=g6jge`(uBsX9ba-2$vffL8|R58d ziI~;l@Kaes8~L@e?YP>*!f-mv>&mL2M-vB_#H_TzD2?HkxOt}Wq+Aa0+;g=a3wZmP zM+9qnY4_6deUrG(kXq16?$rPN$VFjoF)S9n?}-qkU}m|vqJohvl>*mL-1{JB21Xla zjJZPjZ9GpPe)W@@#zNaG9)ZswcWsJFCJmvl3+>+>(k(;YML}iWvI%zpv`-UWQ7(2S z!-qBS^nbt#Hb(76M`L`WY^Z~tUX2j5nRhf}<9mUa{!Lp(jI9$Q%9coqKCof7q@w@r z)6TqahBJW$27HhP(zEN4q4b~~#tHh2OC>rqK2@QHAt^bu_^Mk2&az`2+8M3jii-`n zM)nd}Jbgz1=wT*Aqa!4gwI*agh1**|N*((CUF~HSePfIy}34eT+jP zs13Sz9eY9$&+q=M5FwF*Pt-{aBYA`W9ty$RqF-+^YpOE?SbvaT4s=;vAD?z{OzMa> z`%!Y0c6gc=$T~wtWKa0eoq?<|HJKd4ru)q5bLEyN;LOOGJeC$W^C|l5t&b)_<-%Z` z1@%bZzYLiQNGmKYPZd1nB1p%%Oq!LqztU|z%41YF$N}o#Fr8f!|0AsBBx<`R{ViK6 zsh|RO{ddxj&~P)VX`&im3}8Ca_w^U>z0}OxL_Or8r432Zjw_N$n&_CCs>kn_ZsbMB z(J|ia-%Vcx*TKkR7%_DS;q@=+jm`g_1H)#HAJ*6^Z997b+9z4?cd2>rq**5l`VBmW z3nPp%&O89`lpRDv!>jU6&!yiW-(^!eqO#x;iP zh$wpPB&kMp+-Vs=FGD(hZ{)}AuXz;sR^Z;hA0-U*@3NhPz#5S^Sptoeg_G_?QVJ)Q zF4Awh4>&6v_H3oO-!zfSUzv4ysoZSQp8TAxHP*XN@WQ`Zl(t1Tk;eMsc`_-(A&-f< zhh$CndoBg0J^1&yn}?wuf3sfzQqU|^0CLJ8WkW{xJ?5#LSe}G`>v=L6<`8d$8+W5V0*tTc3qN+A=a6SoL>h#rv!xKyW$tYNv!iCzGz9{5=n|aNyhE3sPs-{+e*^j!#{<;auBS$XIo5=;n{ufA#w=40Z2`%8|1(61b8>MeLPgUDd1 zRnv^fcCON}JzIXoEh#TjQWAnQBuVm%OP1&$_8IF>&cINFm7oEhM+~d0=pVPYSBYv< zpl%%^gUY@c2|ZZgt_p0}+@yQ|ISC?ALr+XWR!tNMT>S>y6MPQz*5Uv991Z^Ypm@{x z=s(9x3SB~f|F`4epTm#;uh0KKbiBxzDLy~|M@L7SAgDeov-IgrGU&)*1M&>>9|msj zBoH810|}in;CgHSULV+v+_v_3J9bYCwCDyT%Bf#b17cve5AvrkdV2cJW6-%T50*;7>O_Db^)lHFSUEWp;O_e) zRP16c$?FKvA7rZ=c&q)dqD@$k25Wt_q6xrS>07Zkx?txIKK|*6F*w)-(o_Wqq3-YH z3A*OpE>-JQssCu+9($_>I;H4tAL`ncOM#dJFO0ju5Zm0}&o2oQJNp73Uw<`KASRlw zs+*{FI3_UADJui+R0s<8Eh`GTVPl))QB+ja1x+Y$ETS84^WWryG+5u4FOEQ^L_Yfs zGR0H;k90s(Nav<#*=GaCu~5KeUVA<8*BBMNpUDxlC+XK1a#geSGIqV*Ck44I1t&w= zTn9^r zBac5;@@9tttZI@2gM-rm>gZ^B@`UKhxE|N1b}I4|f-c2C7TX_@PN5HQ zrfnc%(cHOpiyOyzy)~NuJgfIun$icgA9MN`v=B9N4e(R)*<+)ip-lrFi)BB280vdw z-*@bPz9R!vtc?DcU>?iQ1(4-Vw!dh7$g#4Zl*)&r;-twJ7=EI4$v_kVg6W@`_XZr* zI6+_u^*qng?$&{F5OmHC`eWEr^4gk&)&o2W?db;_b0OR+AJ$#y2xJcLeMF@KBu@)Z-kGh4k#~$5ddGj!|zA zAYg5o2GY5XgTp%rUC04w=q^lvjeb_8tc4fE{0aRioAgaV-&0!^&Iu1uuN~U5MDXfU znU{g!rJqW1tLyfe18F@h7mbJjxg=!~v=_3g5IsbZRt*6uuNv6q=VM~WL#;aXV6gM_ z=A?~tfelu4Zr_T=PsBlB7=@Sc_ za`wmn+B!ad_lWt` znUyO0W-Hk1;l6|hWmd*&c#K%bte)DpL|i+ndtxQaEjZ+(7v*RP@(H`LQ5lx zhd<#{pU7J*o`yQ~g1@vB!iO?O_yZB)JlLOEzGPECZG9#$0wF^vrT~CKjQ+RkyN26i z)Hk6pnWsf>BB~#X^6F&<4@3D2;$RVSe$hU|UVB>e;oFs4K8Gdsr$B36;IdejHr?m^M=K^Id=A_cRt=rN*tob- zknZ|UoHBEnLci{Jd0c++Ue2*BS`-ibfMDn3c5#19gOh3} z5C4bO{FQ;WHa!RQzkVQ+Ddzqv_4b}f9kOd<+d@dc_eZ~67`c2?tI?#Y-C9xl5%MYr zmvQ4JgL|>e*Q5}YG9GmZxq1d!%?ZKSb<>OQx}gb$?)G0LJ!TU^bU=dy&_`P+*74rB z|F&w@!K2X00Xu|ztks`U5`KRi7w|MVb;WMU#-$D!L1H*O&LRRNF zMLBoaxYt?$4_zzE^@jRW+uvVo?W$V6X+1T_E-AYRJ;C^SFBd&Aau*EFqj)<4{L~$X21&Vo s()RRq?Z~?qf%OCu6Z|sIM`P~sV%7(wVns6&5x_qc1x@*SS*x)B0Xh73SpWb4 literal 0 HcmV?d00001 diff --git a/proposals/new/distribution-1.1-adoption.md b/proposals/new/distribution-1.1-adoption.md new file mode 100644 index 00000000..69e7a9df --- /dev/null +++ b/proposals/new/distribution-1.1-adoption.md @@ -0,0 +1,263 @@ +Proposal: Support OCI distribution spec v1.1.0 in Harbor + +Author: Yan Wang + +## Abstract + +Container registries have evolved from being storage locations for container images to becoming repositories for a wide range of artifacts. The Open Container Initiative (OCI) has introduced the OCI Artifact Manifest and the referrers API, which enable users to store and manage additional types of artifacts, such as signed Software Bill of Materials (SBOM), provenance, attestations, and even videos. The referrers API also allows users to establish relationships between artifacts, further enhancing the capabilities of container registries. The OCI 1.1 specifications, which include these new features, are currently in their second release candidate (RC.2) and are expected to be officially released in February 2023. + +## Motivation + +The need to distribute detached signatures and signed SBOMs for container images has driven the development of new reference types in container registries. The OCI Artifact Manifest provides support for storing signatures, SBOMs, and other references, allowing users to create a graph of related artifacts that can be tracked together or pulled independently. Together with the referrers discovery API, these enhancements to the OCI v1.1 Specifications offer powerful new tools for managing container artifacts and improving supply chain security. + +## Goal + +Support OCI distribution v1.1.0 +1. Recognize and build the linkage of artifacts by using the subject attribute. +2. Support the Referrers api. + +## Non Goal + +1. Migrate existing Cosign signature. +2. Migrate the existing artifact with subject field. +3. Supports [Referrers Tag Schema](https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc1/spec.md#referrers-tag-schema) + +## Future Goal + +1. Deprecate Cosign version before image spec v1.1.0. +2. Replication/Proxy Cache supports [Referrers Tag Schema](https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc1/spec.md#referrers-tag-schema). + +## Personas and User Stories + +This section outlines the user stories for different personas who interact with OCI distribution v1.1.0. + +* Personas + +Authorized users in Harbor with image push scope. + +* User Stories + + As a project admin and user, I want to be able to push and pull a manifest with a specific subject. + As a project admin and user, I want to be able to delete a manifest with a specific subject. + As a project admin and user, I want to be able to delete an artifact and the manifests that reference it via garbage collection. + As a project admin and user, I want to be unable to garbage collect an artifact's cosign signature individually. + As a system admin, I want to be able to copy an artifact and the manifests that reference it. + As a system and project admin, I want to be able to reserve an artifact and the manifests that reference it via a retention policy. + As a system admin, I want to be able to set up a replication rule to replicate an artifact and the manifests that reference it. + + +## News in distribution spec 1.1.0 + +***Subject*** +An association between two manifests, often used to link an artifact with an image. The "subject" field is present in both the image and artifact manifests. + +According to the Distribution Specification v1.1, this property is optional and defines a descriptor for another manifest. The "referrers" API uses this value to establish a relationship with the specified manifest. + +```yaml +{ + "schemaVersion": 2, + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "config": { + "mediaType": "application/vnd.oci.image.config.v1+json", + "size": 7023, + "digest": "sha256:b5b2b2c507a0944348e0303114d8d93aaaa081732b86451d9bce1f432a537bc7" + }, + "layers": [ + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "size": 32654, + "digest": "sha256:9834876dcfb05cb167a5c24953eba58c4ac89b1adf57f28f2f9d09af107ee8f0" + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "size": 16724, + "digest": "sha256:3c3a4604a545cdc127456d94e421cd355bca5b528f4a9c1905b15da2eb4a4c6b" + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "size": 73109, + "digest": "sha256:ec4b8955958665577945c89419d1af06b5f7636b4ac3da7f12184802ad867736" + } + ], + "subject": { + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "size": 7682, + "digest": "sha256:5b0bcabd1ed22e9fb1310cf6c2dec7cdef19f0ad69efa1f392e94a4333501270" + }, + "annotations": { + "com.example.key1": "value1", + "com.example.key2": "value2" + } +} +``` + +![Subject_Reference](../images/distribution_11/subject_ref.png) + +***N/A*** The subject field for image-index: https://github.com/opencontainers/image-spec/pull/1020 + +***Referrers List*** +A list of manifests with a subject relationship to a specified digest. The referrers list is generated with a query to a registry. + +***artifactType*** +The descriptors MUST include an artifactType field that is set to the value of artifactType for an artifact manifest if present, or the configuration descriptor's mediaType for an image manifest. + +```yaml +GET /v2//referrers/ +Link: ; rel="next" + +{ + "schemaVersion": 2, + "mediaType": "application/vnd.oci.image.index.v1+json", + "manifests": [ + { + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "size": 1234, + "digest": "sha256:a1a1a1...", + "artifactType": "application/vnd.example.sbom.v1", + "annotations": { + "org.opencontainers.artifact.created": "2022-01-01T14:42:55Z", + "org.example.sbom.format": "json" + } + }, + { + "mediaType": "application/vnd.oci.artifact.manifest.v1+json", + "size": 1234, + "digest": "sha256:a2a2a2...", + "artifactType": "application/vnd.example.signature.v1", + "annotations": { + "org.opencontainers.artifact.created": "2022-01-01T07:21:33Z", + "org.example.signature.fingerprint": "abcd" + } + } + ] +} + +``` + +Request with filtering(artifactType): + +```yaml +GET /v2//referrers/?artifactType=application/vnd.example.sbom.v1 + +{ + "schemaVersion": 2, + "mediaType": "application/vnd.oci.image.index.v1+json", + "manifests": [ + { + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "size": 1234, + "digest": "sha256:a1a1a1...", + "artifactType": "application/vnd.example.sbom.v1", + "annotations": { + "org.opencontainers.artifact.created": "2022-01-01T14:42:55Z", + "org.example.sbom.format": "json" + } + } + ] +} + +``` + +***Referrers Tag Schema*** + + - + +* : the digest algorithm (e.g. sha256 or sha512) +* : the digest from the subject field (limit of 64 characters) + +This tag should return an image index matching the expected response of the referrers API. Maintaining the content of this tag is the responsibility of clients pushing and deleting image and artifact manifests that contain a subject field. + +### Benefits + +In order to ensure secure supply chain processes, it is crucial to distribute signatures, software bill of materials (SBOMs), and scan results along with container images or Web Assemblies. Several years ago, registries lacked standards and tools for natively storing, discovering, and pulling a graph of Open Container Initiative (OCI) artifacts. To address this issue and enhance the capabilities of registries, a new artifact manifest attribute was introduced that can describe and query relationships between objects stored in a registry without altering existing content. + +## Artifact reference + +Harbor has already defined an [accessory](./accessory.md) to clarify the connection between the subject manifest and the linked manifests. + +### Build reference + +![Build Reference](../images/distribution_11/subject_flow.png) + +A registry MUST accept an otherwise valid manifest with a subject field that references a manifest that does not exist, allowing clients to push a manifest and referrers to that manifest in either order. + +```yaml + +CREATE TABLE artifact_accessory ( + id SERIAL PRIMARY KEY NOT NULL, + /* + the artifact id of the accessory itself. + */ + artifact_id int, + /* + the subject artifact id of the accessory. + */ + subject_artifact_id int, + /* + the type of the accessory, like signature.cosign. + */ + type varchar(1024), + size int, + digest varchar(1024), + creation_time timestamp default CURRENT_TIMESTAMP, + FOREIGN KEY (artifact_id) REFERENCES artifact(id), + FOREIGN KEY (subject_artifact_id) REFERENCES artifact(id), + CONSTRAINT unique_artifact_accessory UNIQUE (artifact_id, subject_artifact_id) +); +``` + +Needs to be updated + +```yaml +DROP FOREIGN KEY (subject_artifact_id) +Update column subject_artifact_id to subject_artifact_digest +``` + +### Managing Artifact with subject + +Use this information to know about how you can work with artifact with subject and how artifact with subject affect system behaviors. + +#### Deleting Manifests + +User Stories outline the behavior(***Hard***): + +1. If the top-level artifact is deleted, all the manifests that associate with the artifact are deleted. +2. The manifests with subject can be deleted individually. + +***[N/A]*** +How are registries expected to behave when a subject is deleted? https://github.com/opencontainers/distribution-spec/issues/378 + +#### Replication + +![Signature_replication](../images/cosign/signature_replication.png) + +When pushing/pulling an image or artifact manifest with the subject field , and the referrers API is available. + + Tooling that copies images between registries may recursively query for referrers and copy them. + +#### Tag Retention + +- If any artifact configured as retained, all the manifests pointing to it are retained. + +#### Copy Artifact + +- Tooling that copies images between projects may recursively query for referrers and copy them. + +#### Immutable + +- If any artifact configured as immutable, all the manifests pointing to it are immutable. + +#### Garbage Collection + +- An untagged manifest with a subject field pointing to an existing manifest should not be removed. +- When a manifest is deleted by a garbage collection policy or by an API request, all untagged artifacts that referred to that manifest may be cleaned by garbage collection. + +#### Proxy Cache + +When proxying an image or artifact manifest with the subject field , and the referrers API is available. + + Tooling that proxies images between registries may recursively query for referrers and copy them. + +### To be discussed +N/A**** + From b61db951622bb5d86c394d5d8ea742ded820243d Mon Sep 17 00:00:00 2001 From: Wang Yan Date: Wed, 8 Mar 2023 20:50:12 +0800 Subject: [PATCH 2/3] fix the format Signed-off-by: Wang Yan --- proposals/new/distribution-1.1-adoption.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/proposals/new/distribution-1.1-adoption.md b/proposals/new/distribution-1.1-adoption.md index 69e7a9df..0a67d516 100644 --- a/proposals/new/distribution-1.1-adoption.md +++ b/proposals/new/distribution-1.1-adoption.md @@ -37,13 +37,13 @@ Authorized users in Harbor with image push scope. * User Stories - As a project admin and user, I want to be able to push and pull a manifest with a specific subject. - As a project admin and user, I want to be able to delete a manifest with a specific subject. - As a project admin and user, I want to be able to delete an artifact and the manifests that reference it via garbage collection. - As a project admin and user, I want to be unable to garbage collect an artifact's cosign signature individually. - As a system admin, I want to be able to copy an artifact and the manifests that reference it. - As a system and project admin, I want to be able to reserve an artifact and the manifests that reference it via a retention policy. - As a system admin, I want to be able to set up a replication rule to replicate an artifact and the manifests that reference it. +1. As a project admin and user, I want to be able to push and pull a manifest with a specific subject. +2. As a project admin and user, I want to be able to delete a manifest with a specific subject. +3. As a project admin and user, I want to be able to delete an artifact and the manifests that reference it via garbage collection. +4. As a project admin and user, I want to be unable to garbage collect an artifact's cosign signature individually. +5. As a system admin, I want to be able to copy an artifact and the manifests that reference it. +6. As a system and project admin, I want to be able to reserve an artifact and the manifests that reference it via a retention policy. +7. As a system admin, I want to be able to set up a replication rule to replicate an artifact and the manifests that reference it. ## News in distribution spec 1.1.0 From b1829c64ddc5a7ad9259c6a9a1a6c981cc8212f7 Mon Sep 17 00:00:00 2001 From: Wang Yan Date: Wed, 8 Mar 2023 20:58:26 +0800 Subject: [PATCH 3/3] continue edit Signed-off-by: Wang Yan --- proposals/new/distribution-1.1-adoption.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/new/distribution-1.1-adoption.md b/proposals/new/distribution-1.1-adoption.md index 0a67d516..08ed615c 100644 --- a/proposals/new/distribution-1.1-adoption.md +++ b/proposals/new/distribution-1.1-adoption.md @@ -46,7 +46,7 @@ Authorized users in Harbor with image push scope. 7. As a system admin, I want to be able to set up a replication rule to replicate an artifact and the manifests that reference it. -## News in distribution spec 1.1.0 +## What's New ***Subject*** An association between two manifests, often used to link an artifact with an image. The "subject" field is present in both the image and artifact manifests.