OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti] Status of CTI OASIS Open Repositories


On Thu, Sep 29, 2016 at 7:02 AM, Jason Keirstead <Jason.Keirstead@ca.ibm.com> wrote:

I hear what you are saying and there are definitely pros and cons to having some more generic repositories - but I am trying to envision the near future where we will hopefully have a whole bunch of various code contributions from vendors, members and hopefully non-members alike. This is just my opinion of course, but I think we should try to make the process to contribute code to the TC as light-weight as possible, to encourage people to contribute to our open repositories vs. just throw it up on their own Github account - as if they do that, then IPR and access is not as assured. Having to make a motion to create a new repository every time someone wants to contribute some new code, is a fairly heavyweight process in my opinion. It also means that only TC members can contribute any "new things", because the public can't trigger a vote on making a new repository - so the public is basically only able to contribute to things that already exist, not contribute anything new (unless they proxy through a member).

Jason, I'll raise the matter of requiring a motion/ballot with Staff.  We probably want some kind of confirmation from the TC Chairs(s) -- indicating that there was consensus on the key elements of the request (name, Maintainers, choice of FOSS license, etc)

Re:
> a whole bunch of various code contributions from vendors, members and hopefully non-members alike

That sounds great, and OASIS Open Repositories are intended to support that.   It's a TC decision whether you want more or fewer repositories. It's a TC decision as to whether the repos are described as "generic" or having closely defined focus.

I don't quite understand your meaning here:

"... so the public is basically only able to contribute to things that already exist, not contribute anything new (unless they proxy through a member)"

For the OASIS Open Repositories, once the repo is created, anyone from "the public" (non-TC member) can be a full participant, including Maintainer, per consensus.  They can contribute "new things" in the same way as anyone can contribute new things to any GitHub public repository.  Perhaps I misunderstand your concern....

I have assumed, maybe incorrectly, that your mention of a new repository (additional to those reported by Greg Back [1]) meant you want a new OASIS Open Repository ( https://www.oasis-open.org/resources/open-repositories )

- Robin


[1]

cti-stix2-json-schemas
cti-pattern-validator
cti-marking-prototype
cti-stix-visualization
cti-stix-validator
cti-documentation
cti-cybox3-json-schemas

 


-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for Robin Cover ---09/28/2016 10:35:01 PM---Jason, The decision about creating something like "stix-toolsRobin Cover ---09/28/2016 10:35:01 PM---Jason, The decision about creating something like "stix-tools" is (of course) a

From: Robin Cover <robin@oasis-open.org>
To: Jason Keirstead/CanEast/IBM@IBMCA
Cc: "Kirillov, Ivan A." <ikirillov@mitre.org>, "Back, Greg" <gback@mitre.org>, OASIS CTI TC Discussion List <cti@lists.oasis-open.org>, Robin Cover <robin@oasis-open.org>
Date: 09/28/2016 10:35 PM
Subject: Re: [cti] Status of CTI OASIS Open Repositories
Sent by: <cti@lists.oasis-open.org>





Jason,

The decision about creating something like "stix-tools" is (of course) a decision for the TC members, and I have no horse in the race.

Some might think "-tools" itself is too broad, and encourage minting a name more specific to the kind of tool (or tools) you want to develop in the repository.

One of the OASIS (SSO/SDO) peers has taken a position that specific-purpose GitHub repos works well, as opposed to (an arguably equally competent)  design that uses folders within a single repository.   Using separate repos means less work (design work, workday-work) when creating and applying labels to issues and pull requests: you don't have to permute out name elements that are scoped to the sub-projects within the repo.  Just use one taxonomy of types/labels without namespace worries.  And: you can five write privs to relatively more of the interested parties with fewer discussions about (uh) "who can/should " maintain which sub-projects...

But as always: it's up to the TC, and I am no expert here.

- Robin

On Wed, Sep 28, 2016 at 7:48 PM, Jason Keirstead <Jason.Keirstead@ca.ibm.com> wrote:
    Hello all;

    IBM has been developing a STIX 2 generator, useful for testing tools. It is rudimentary at this point, but we will continue to improve upon it - and would like to share it with the community for both collaboration and improvement.

    It doesn't seem to fit into any of these repositories as they are named so specifically. Should we make some more generic one called something like "stix-tools" to cover this and also future potential contributions that would not fit into these buckets?

    --
    Sent from my mobile device, please excuse any typos.


    Kirillov, Ivan A. --- Re: [cti] Status of CTI OASIS Open Repositories ---

    From:"Kirillov, Ivan A." <ikirillov@mitre.org>
    To:"Back, Greg" <gback@mitre.org>, cti@lists.oasis-open.org
    Date:Wed, Sep 28, 2016 2:09 PM
    Subject:Re: [cti] Status of CTI OASIS Open Repositories


    Great news! Trey and I hope to begin populating the CybOX 3 JSON schema repo soon :-)

    Regards,
    Ivan

    On 9/28/16, 12:04 PM, "
    cti@lists.oasis-open.org on behalf of Back, Greg" <cti@lists.oasis-open.org on behalf of gback@mitre.org> wrote:

    >The following OASIS Open repositories have been created and populated with content that MITRE has been developing on behalf of DHS.
    >
    >- cti-stix2-json-schemas
    >- cti-pattern-validator
    >- cti-marking-prototype
    >- cti-stix-visualization
    >- cti-stix-validator
    >
    >There are two other repositories that exist, but do not (yet) have any content:
    >
    >- cti-documentation
    >- cti-cybox3-json-schemas
    >
    >The open repositories are meant to assist with the development of the TC's work products (but do not contain work products directly). Both TC members and non-members are able to contribute to the repositories, but in order to do so, you must sign a Contributor License Agreement (CLA):
    https://www.oasis-open.org/resources/open-repositories/cla . This applies *even to TC members*.
    >
    >We welcome participation from other members of the TC (or even non-members who have an interest in the TC's work). Please use GitHub for any issues/enhancement requests for the code/schemas themselves. Feel free to respond to this email if you have questions about the process, etc.
    >
    >You can find the repositories here:
    https://github.com/oasis-open 
    >
    >Thanks,
    >
    >Greg Back
    >MITRE
    >
    >---------------------------------------------------------------------
    >To unsubscribe from this mail list, you must leave the OASIS TC that
    >generates this mail.  Follow this link to all your TCs in OASIS at:
    >
    https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 
    >




--
Robin Cover
OASIS, Director of Information Services
Editor, Cover Pages and XML Daily Newslink
Email:
robin@oasis-open.org
Staff bio:
http://www.oasis-open.org/people/staff/robin-cover
Cover Pages:
http://xml.coverpages.org/
Newsletter:
http://xml.coverpages.org/newsletterArchive.html
Tel: +1 972-296-1783






--
Robin Cover
OASIS, Director of Information Services
Editor, Cover Pages and XML Daily Newslink
Email: robin@oasis-open.org
Staff bio: http://www.oasis-open.org/people/staff/robin-cover
Cover Pages: http://xml.coverpages.org/
Newsletter: http://xml.coverpages.org/newsletterArchive.html
Tel: +1 972-296-1783


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]