[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Return to the matter of GitHub repositories for CTI TC work products
|
Hey everyone, I apologize for letting this sit for a bit, but I’d like to revisit the idea of a work product Github repo for STIX 2. I suggest we request one, covering the entire STIX 2 work product
(including observables), and call it “cti-stix2”. The stix2 term was what we settled on for the open repos, so this would be consistent with that. The maintainers will be the SC co-chairs for the STIX 2 work product (myself, Aharon, Trey, Ivan). The repo would be used for: -
Issue tracking for the STIX 2.x standards-track work products (parts 1 and 2) -
Wikis, for holding links / brainstorming etc. -
Potentially, markup for some ancillary documents (i.e. if we ever want markdown docs or something). We would not track the actual spec documents in the repo, those would continue
to be developed in Google Docs. See Robin’s links below for information on what work product repos are, who can contribute, and how to contribute. Any objections to this? Thanks, and have a good weekend, John From:
<cti@lists.oasis-open.org> on behalf of Robin Cover <robin@oasis-open.org> I've been reminded recently that we did not return to the conversation about use of GitHub public repositories for CTI TC work products. The matter was balloted [1] on 02-September-2016, followed by extensive conversation in September-October
about whether the two current OASIS offerings for GitHub repositories are usable or optimal for the TC's needs. Meantime, OASIS Staff has reflected on TC member comments, and has improved the documentation to clarify key differences between (A) "OASIS Open Repositories" and (B) use of GitHub for TC Work Products ("GitHub Repositories for TC Members'
Chartered Work"). Comparison is provided below [3], and revised documentation is located here: https://www.oasis-open.org/resources/tcadmin/github-repositories-for-oasis-tc-members-chartered-work We have also clarified that no formal TC ballot is needed to justify creation of any GitHub repository -- needing only some confirmation of consensus from the TC/SC Chairs; consensus can be purely informal in the case of Work Product repos,
and by unanimous consent in the case of Open Repositories. The CTI TC already has eleven (11) OASIS Open Repositories in operation, thanks espeially to the leadership of Greg Back: If the CTI TC members now wish to proceed with the spinup of the three GitHub repositories for development of CTI TC Work Products, all that's required is your confirmation -- Chair(s) to send me email, and/or submit the request forms.
I'll need to confirm agreement from the designated (initial) Maintainers, as we believe it's vital the Maintainers be fully supportive of the applicable policy for repository use and governance, and are committed to providing requisite leadership. OASIS has already launched seven (7) GitHub repos for TC work: Please let me know if you have remaining questions about use of the GitHub repos under OASIS rules -- preferably in private email
if you think a personal response on a controversial topic might prevent unnecessary resurrection of old debates or seeding of new ones. about licensing, governance, technical configurations of repos, workflow models, management of public feedback,
etc. - Robin Cover ======================== Notes ======================== Notes are for reference only, per possible need and interest. Not required reading. Optional. #1 Initial CTI TC Ballot #2 Comparison: OASIS Open Repositories versus GitHub Repositories for TC Members' Chartered work #3 OASIS Open Repositories: Examples #4 GitHub Repositories for TC Members Chartered Work: examples #5 OASIS Open Repositories: References #6 GitHub Repositories for TC Members' Chartered Work: References #7 GtHub public repos: dDiscussion topics of September-October [1] Ballot for "CTI-TC Chartered Work Product Repositories" ** ballots are not actually required (thanks to Mark Davidson for inputs) - cti-stix2: Initial Maintainers: Bret Jordan, John Wunder, Aharon Chernin, Rich Piazza an official repository for STIX 2 work containing specification documents along with wikis and issues relating to the official specifications - cti-cybox3: Initial Maintainers: Ivan Kirillov, Trey Darley an official repository for CybOX 3 work containing specification documents along with wikis and issues relating to the official specifications cti-taxii2: Initial Maintainers: Bret Jordan, Mark Davidson an official repository for TAXII 2 work contiaining specification documents along with wikis and issues relating to the official specifications [2] Comparison: OASIS Open Repositories versus GitHub Repositories for TC Members' Chartered work A. OASIS Open Repositories - with examples below [3] and references [5] a) anyone (OASIS member or not) may fully participate, including any OASIS TC Members b) input licensing governed by Individual Contribution License Agreement c) outbound licensing governed by FOSS (open source) license: BSD-3-Clause, Apache, CC-BY, Eclipse d) development practices and process governed by Open Repository Guidelines and Procedures, not by TC Process e) provides no direct support for public feedback to the TC itself f) assets developed in the repository may be contributed to any OASIS TC (Work Products) by any TC Member, subject to comnpatible licensing g) GitHub projects use the Organization oasis-open (
https://github.com/oasis-open/ ) B. GitHub Repositories for TC Members Chartered work - with examples [4] and references [6] a) substantive contributions expected only from TC member participants (substantive: "any contributions larger than a breadbasket") b) input licensing governed by OASIS policies and agreements: IPR Patent Policy, IPR Mode, Copyright, Trademark c) outbound licensing governed by OASIS policies for TCs, not by (OSI-approved) open source licenses d) development practices and process governed by OASIS TC Process e) support public feedback to the TC, similar to the TC comment list, via Issues, Comments, Conversations (rarely, pull requests) f) assets developed in the repository are automatically/inherently part of official TC work, not requiring additional contribution g) GitHub projects use the Organization oasis-tcs (
https://github.com/oasis-tcs/ ) ======================================================================== [3] OASIS Open Repositories: Examples ======================================================================== dita-lightweight "Schema files, tools and documentation related to the Lightweight DITA Subcommittee" dita-rng-converter. "Providing cross-platform tools for generating DITA-conforming DTD- and XSD-format versions of RELAX NG DITA grammars: document type shells, vocabulary modules, and constraint modules. It makes it as easy as possible to develop and maintain
DITA grammars by allowing use of RELAX NG syntax. tosca-test-assertions "Manages TOSCA Simple Profile in YAML templates and definitions that can be used to test TOSCA compliance using metadata (primarily the OASIS Test Assertion Markup Language) that describes the test and the expected behavior of the TOSCA
tool or orchestrator" legaldocml-akomantoso "Schema files, examples, exemplificative implementations and libraries, and documentation related to the LegalDocML TC and Akoma Ntoso schema" cti-stix2-json-schemas "Non-normative schemas and examples for STIX 2" cti-documentation "GitHub Pages site for STIX, CybOX, and TAXII" cti-stix-validator "Validator for STIX 2.0 JSON normative requirements and best practices" cti-pattern-validator "Validate patterns used to express CybOX content in STIX Indicators" cti-stix-visualization "Lightweight visualization for STIX 2.0 objects and relationships" cti-cybox3-json-schemas "Non-normative schemas and examples for CybOX 3" cti-marking-prototype "Prototype for processing granular data markings in STIX" cti-stix-elevator "Convert STIX 1.2 XML to STIX 2.0 JSON" cti-pattern-matcher "Match STIX content against STIX patterns" ======================================================================== [4] GitHub Repositories for TC Members Chartered Work: examples ======================================================================== "Supporting version control for Work Product artifacts developed by members of the CSAF TC, including prose specifications and secondary artifacts like meeting minutes and productivity code" "Tools for producing API descriptions for OData services that adhere to the OpenAPI Specification" "Standard vocabularies for annotating OData services" "Object Model for XLIFF Versions 2.0 and higher" "JSON serialization of the XLIFF Abstract Object Model" "Official repository for the source files for the written DITA specification " "Supporting version control for Work Product artifacts developed by members of the TC, including prose specification editing and UML diagrams generated by plantUML" ========================================= [5] OASIS Open Repositories: References ======================================== OASIS Open Repositories: Overview FAQ Document Licenses Guidelines Individual CLA Form =============================================================== [6] GitHub Repositories for TC Members' Chartered Work: References =============================================================== OASIS TCs: GitHub Repositories for TC Members' Chartered Work TC GitHub Repository: Documentation https://www.oasis-open.org/resources/tcadmin/github-repositories-for-oasis-tc-members-chartered-work c) TC GitHub Repository Request Form [7] GtHub public repos: dDiscussion topics of September-October CTI TC members provided input to OASIS Staff on a range of topics, some of which are referenced below. We have discussed most of these as Staff, and with Management, as well as with external experts and OASIS members in other TCs. We
are committed to providing the best support we can, given new policy considerations that need to be commensurable with existing OASIS policies and with OASIS Board directives. If you have further questions or recommendations, please send them to me and to Chet Ensign Example ttopics considered * Generic GitHub repositories (various testing tools) versus spec ial purpose repositories * Possible use of GitHub ropen source epositories outside of OASIS (for CTI TC -related code) * Preferable open source license(s) for CTI TC -related code * (Non- and appropriate-) use of Submodules * GitHub Organization Pages and Project Pages (WRT Orgs and Repos) * CLA requirement for OASIS Open Repos - some 28 people have sighed the CLA for Open repos - we know that most FOSS developers (as indivuduals) hate CLAs - we know that some companies don't even allow employees to sign them, or embattle employees for four months in the approval process - we know that some large vendors require CLA-level IP protection in order to safely incoprporate code into their commercial or open source products - we recognize that most large open source projects have DCOs and/or CLAs in their governance models, if the assets are intended for use in commercial products - Chet summarized in: Meeting Notes, November 17, 2016, Full CTI TC Session #1 https://www.oasis-open.org/committees/download.php/59406/OASIS-CTI-TC_Notes-Session1-Nov17-2016.pdf (page 5 on Contributor
License Agreements [CLAs]) - I do have a list of some (representative size/scope) projects that require signed CLAs for substantive (design, non-editorial) contributions * Usability of GitHub repositories by the outside world -- Robin Cover |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]