Well said, and I agree.
Thanks,
Bret Bret Jordan CISSPDirector of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
I would also say that presumably these new repos are not going to include the previous STIX 1/TAXII versions so technically they only will include 2.x and future revs. Not 1.x. If they are named without version I would expect all versions including 1.x. I have a slight preference for the number in the repos because it helps distinguish from the previous version that is very different as Bret says. Regarding major vs minor changes. I think the heart of the issue is not the number per se but what defines compatibility/interoperability. For example, introducing a new optional TLO may not break any implementation if those implementations don’t need to support that TLO. Whereas if the use case requires use of that TLO then they would obviously want to support that TLO and make sure they support the mandatory aspects including agreed behavior. I would rather we focus on defining what is required for compatibility and interoperability and less about the number of the spec. allan I like the distinction it gives. Keep in mind that the reason we are using these repos (the official specification ones) is not for the source control, but for the wiki and issue tracking. Branching and Tagging and all of the other Git stuff is not what we are looking to use these repos for. Bret
Sent from my Commodore 64 Our thinking was just that if we ever have another major version release of (for example) STIX, it would be due to very fundamental changes and we’d want a clean break. And of course to distinguish from the “legacy” DHS/MITRE repositories. I’m fine either way. I would say I agree with Patrick... I am not sure why we should put version numbers on the repo names. Versioning is part of Github. STIX 2 "stable" would just be a tag and/or branch...
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown
<image001.gif>Patrick Maroney ---09/01/2016 08:05:12 PM---I would argue instead for a single Open and Work Product repo for each of the 4 SCs and the use of G
From: Patrick Maroney <Pmaroney@Specere.org>
To: "Jordan, Bret" <bret.jordan@bluecoat.com>
Cc: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Date: 09/01/2016 08:05 PM
Subject: Re: [cti] More Github Repos
Sent by: <cti@lists.oasis-open.org> I would argue instead for a single Open and Work Product repo for each of the 4 SCs and the use of Github Branches for variants. Ultimately Github provides a number of very useful capabilities for managing workflow, variants, releases that will serve us well.
Patrick Maroney
President
Integrated Networking Technologies, Inc.
Desk: (856)983-0001
Cell: (609)841-5104
Email: pmaroney@specere.org_____________________________
From: Jordan, Bret <bret.jordan@bluecoat.com>
Sent: Thursday, September 1, 2016 6:58 PM
Subject: Re: [cti] More Github Repos
To: Patrick Maroney <pmaroney@specere.org>
Cc: <cti@lists.oasis-open.org>
I think major release numbers are okay... Since if we ever do a STIX 3, we will probably want to start fresh at that point.
Thanks,BretBret Jordan CISSP Director of Security Architecture and Standards | Office of the CTOBlue Coat SystemsPGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." On Sep 1, 2016, at 14:24, Patrick Maroney <Pmaroney@Specere.org> wrote:Recommendation: Remove the version specific attributes from the requested Chartered Work and and Open Repository Names/Descriptions.Understand that we need to discriminate (for now) between the “Legacy” and “Next Generation” Github Repositories. However, making Version specific instantiations of the multitude of separate Chartered Work and and Open Repository will greatly complicate things long term (i.e., as new major releases occur).Patrick MaroneyOffice: (856)983-0001Cell: (609)841-5104<image001.png>PresidentIntegrated Networking Technologies, Inc.PO Box 569Marlton, NJ 08053From: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> on behalf of Bret Jordan <bret.jordan@bluecoat.com>
Date: Thursday, September 1, 2016 at 2:09 PM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: [cti] More Github ReposI move that the TC approve the requesting of OASIS to set up the following OASIS Chartered Work Repository projects, stix2, cybox3, and taxii2 named cti-stix2, cti-cybox3 and cti-taxii2 using the following pieces of information:
Purpose Statement: This STIX repository will contain official specification documents along with wikis and issues relating to the official specifications.
Initial Maintainers: Bret Jordan, John Wunder
GitHub Name: cti-stix2
Short Description: OASIS Chartered Work Repository: Official repository for STIX 2 work
Purpose Statement: This CybOX repository will contain official specification documents along with wikis and issues relating to the official specifications.
Initial Maintainers: Ivan Kirillov, Trey Darley
GitHub Name: cti-cybox3
Short Description: OASIS Chartered Work Repository: Official repository for CybOX 3 work
Purpose Statement: This TAXII repository will contain official specification documents along with wikis and issues relating to the official specifications.
Initial Maintainers: Bret Jordan, Mark Davidson
GitHub Name: cti-taxii2
Short Description: OASIS Chartered Work Repository: Official repository for TAXII 2 workThanks,BretBret Jordan CISSPDirector of Security Architecture and Standards | Office of the CTOBlue Coat SystemsPGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|