OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] Status of CTI OASIS Open Repositories

I hear what you are saying and there are definitely pros and cons to having some more generic repositories - but I am trying to envision the near future where we will hopefully have a whole bunch of various code contributions from vendors, members and hopefully non-members alike. This is just my opinion of course, but I think we should try to make the process to contribute code to the TC as light-weight as possible, to encourage people to contribute to our open repositories vs. just throw it up on their own Github account - as if they do that, then IPR and access is not as assured. Having to make a motion to create a new repository every time someone wants to contribute some new code, is a fairly heavyweight process in my opinion. It also means that only TC members can contribute any "new things", because the public can't trigger a vote on making a new repository - so the public is basically only able to contribute to things that already exist, not contribute anything new (unless they proxy through a member).

Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown

Inactive hide details for Robin Cover ---09/28/2016 10:35:01 PM---Jason, The decision about creating something like "stix-toolsRobin Cover ---09/28/2016 10:35:01 PM---Jason, The decision about creating something like "stix-tools" is (of course) a

From: Robin Cover <robin@oasis-open.org>
To: Jason Keirstead/CanEast/IBM@IBMCA
Cc: "Kirillov, Ivan A." <ikirillov@mitre.org>, "Back, Greg" <gback@mitre.org>, OASIS CTI TC Discussion List <cti@lists.oasis-open.org>, Robin Cover <robin@oasis-open.org>
Date: 09/28/2016 10:35 PM
Subject: Re: [cti] Status of CTI OASIS Open Repositories
Sent by: <cti@lists.oasis-open.org>


The decision about creating something like "stix-tools" is (of course) a decision for the TC members, and I have no horse in the race.

Some might think "-tools" itself is too broad, and encourage minting a name more specific to the kind of tool (or tools) you want to develop in the repository.

One of the OASIS (SSO/SDO) peers has taken a position that specific-purpose GitHub repos works well, as opposed to (an arguably equally competent)  design that uses folders within a single repository.   Using separate repos means less work (design work, workday-work) when creating and applying labels to issues and pull requests: you don't have to permute out name elements that are scoped to the sub-projects within the repo.  Just use one taxonomy of types/labels without namespace worries.  And: you can five write privs to relatively more of the interested parties with fewer discussions about (uh) "who can/should " maintain which sub-projects...

But as always: it's up to the TC, and I am no expert here.

- Robin

On Wed, Sep 28, 2016 at 7:48 PM, Jason Keirstead <Jason.Keirstead@ca.ibm.com> wrote:

Robin Cover
OASIS, Director of Information Services
Editor, Cover Pages and XML Daily Newslink
Staff bio:
Cover Pages:
Tel: +1 972-296-1783

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]