Well, here is where my head is at.
While we have yet as a TC decided upon what our requirements are for "major version", we do know that at least one of those is breaking changes. Moving from STIX 1 to STIX 2 was a a huge breaking change, because we changed serialization formats - but the move from STIX 2 to STIX 3 may not be as drastic. If we go on the basis that it requires a breaking change, then simply making the decision to remove one of the TLOs may require a major revision change. It is unclear to me what the benefit would be to have to spin up a new Github repo every time we decide to remove a TLO.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown 
"Wunder, John A." ---09/02/2016 09:29:09 AM---Our thinking was just that if we ever have another major version release of (for example) STIX, it w
From: "Wunder, John A." <jwunder@mitre.org>
To: Jason Keirstead/CanEast/IBM@IBMCA, Patrick Maroney <Pmaroney@Specere.org>
Cc: "Jordan, Bret" <bret.jordan@bluecoat.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Date: 09/02/2016 09:29 AM
Subject: Re: [cti] More Github Repos
Sent by: <cti@lists.oasis-open.org>
Our thinking was just that if we ever have another major version release of (for example) STIX, it would be due to very fundamental changes and we’d want a clean break. And of course to distinguish from the “legacy” DHS/MITRE repositories.
I’m fine either way.
From: <cti@lists.oasis-open.org> on behalf of Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Date: Friday, September 2, 2016 at 8:11 AM
To: Patrick Maroney <Pmaroney@Specere.org>
Cc: Bret Jordan <bret.jordan@bluecoat.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: Re: [cti] More Github Repos
I would say I agree with Patrick... I am not sure why we should put version numbers on the repo names. Versioning is part of Github. STIX 2 "stable" would just be a tag and/or branch...
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown 
Patrick Maroney ---09/01/2016 08:05:12 PM---I would argue instead for a single Open and Work Product repo for each of the 4 SCs and the use of G
From: Patrick Maroney <Pmaroney@Specere.org>
To: "Jordan, Bret" <bret.jordan@bluecoat.com>
Cc: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Date: 09/01/2016 08:05 PM
Subject: Re: [cti] More Github Repos
Sent by: <cti@lists.oasis-open.org>
I would argue instead for a single Open and Work Product repo for each of the 4 SCs and the use of Github Branches for variants. Ultimately Github provides a number of very useful capabilities for managing workflow, variants, releases that will serve us well.
Patrick Maroney
President
Integrated Networking Technologies, Inc.
Desk: (856)983-0001
Cell: (609)841-5104
Email: pmaroney@specere.org
_____________________________
From: Jordan, Bret <bret.jordan@bluecoat.com>
Sent: Thursday, September 1, 2016 6:58 PM
Subject: Re: [cti] More Github Repos
To: Patrick Maroney <pmaroney@specere.org>
Cc: <cti@lists.oasis-open.org>
I think major release numbers are okay... Since if we ever do a STIX 3, we will probably want to start fresh at that point.
Thanks,
Bret
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
- On Sep 1, 2016, at 14:24, Patrick Maroney <Pmaroney@Specere.org> wrote:
Recommendation: Remove the version specific attributes from the requested Chartered Work and and Open Repository Names/Descriptions.
Understand that we need to discriminate (for now) between the “Legacy” and “Next Generation” Github Repositories. However, making Version specific instantiations of the multitude of separate Chartered Work and and Open Repository will greatly complicate things long term (i.e., as new major releases occur).
Patrick Maroney
Office: (856)983-0001
Cell: (609)841-5104
<image001.png>
President
Integrated Networking Technologies, Inc.
PO Box 569
Marlton, NJ 08053
From: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> on behalf of Bret Jordan <bret.jordan@bluecoat.com>
Date: Thursday, September 1, 2016 at 2:09 PM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: [cti] More Github Repos
I move that the TC approve the requesting of OASIS to set up the following OASIS Chartered Work Repository projects, stix2, cybox3, and taxii2 named cti-stix2, cti-cybox3 and cti-taxii2 using the following pieces of information:
Purpose Statement: This STIX repository will contain official specification documents along with wikis and issues relating to the official specifications.
Initial Maintainers: Bret Jordan, John Wunder
GitHub Name: cti-stix2
Short Description: OASIS Chartered Work Repository: Official repository for STIX 2 work
Purpose Statement: This CybOX repository will contain official specification documents along with wikis and issues relating to the official specifications.
Initial Maintainers: Ivan Kirillov, Trey Darley
GitHub Name: cti-cybox3
Short Description: OASIS Chartered Work Repository: Official repository for CybOX 3 work
Purpose Statement: This TAXII repository will contain official specification documents along with wikis and issues relating to the official specifications.
Initial Maintainers: Bret Jordan, Mark Davidson
GitHub Name: cti-taxii2
Short Description: OASIS Chartered Work Repository: Official repository for TAXII 2 work
Thanks,
Bret
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."