Re: [cti] Status of CTI OASIS Open Repositories

[Mark Davidson <mdavidson@soltra.com>]

I think having one global org for every TC is a negative for usability and will decrease the quality of the interaction our TC has with the outside world.

 

A semi-technical (or technical) non-TC member who is trying to learn more about STIX and TAXII will not, at first, be guaranteed to understand what OASIS is or understand OASIS’ role in the development and governance of STIX and TAXII. Requiring knowledge about OASIS and its relationship to STIX/TAXII – i.e., understanding that https://github.com/oasis-open/ is where you find STIX and TAXII open source repositories (or further, that they have a CTI prefix) – is just not going to happen for the majority of people.

 

We should be making the work produced by this TC as accessible as possible to the people outside this TC. We are not doing this work only for ourselves. I think we’ve demonstrated this already with the CybOX merger into STIX, so let’s keep going. FWIW, I agree with previous posts stating that the two approaches are roughly equivalent for TC members. I just think we need to focus on the external/outsider persona – they are the ones who need the most help consuming and understanding the work we are producing, and we should make it as easy as possible for them.

 

Thank you.

-Mark

 

From: <cti@lists.oasis-open.org> on behalf of "Bret Jordan (CS)" <Bret_Jordan@symantec.com>
Date: Monday, October 10, 2016 at 7:37 PM
To: Greg Back <gback@mitre.org>
Cc: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: Re: [cti] Status of CTI OASIS Open Repositories

 

The chartered work repos have one primary purpose for us, and that is issue tracking against the published specifications.  We may use them for wikis or other things over time, but for the foreseeable future they will be used for issue tracking.

 

Bret 

Sent from my Commodore 64

 

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

On Oct 10, 2016, at 5:33 PM, Greg Back <gback@mitre.org> wrote:

On 10/10/2016 3:08 PM, Bret Jordan (CS) wrote:

I disagree.  It would make things a lot easier if the Chartered work

repos were done as TC level projects instead of individual repos.

What specifically would be easier?

What specifically are we trying to do with Chartered Work repos? I would not recommend using them for prose specifications, unless we're planning to develop the specifications as Markdown, HTML, or some other plain text format.  I've been given the impression that we don't want to include JSON schemas as chartered work products, hence why cti-stix2-json-schemas and cti-cybox3-json-schemas [sic] are open repositories.

Further, I think this TC should create an open source project on github

that is outside of OASIS for all of our opensource projects and

contributions that come from MITRE or others.

The MITRE members of the TC have made an explicit decision to contribute our code to OASIS Open repos, rather than (for instance) continuing to use STIXProject.

What does being "outside of OASIS" gain us? What does it even mean for "the TC" to create something outside of OASIS (and therefore outside the TC)? As I've said before, anyone (including a TC member) is of course free to create whatever repositories they'd like.

----------

I'd still appreciate hearing from Mark, John, and/or Trey.

Greg