OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-interoperability] Re: [cti] Re: [EXT] [cti-interoperability] Motion for Open Repository for CTI Interop Issue Tracking

Hi y'all - 

Please forgive my jumping in. Just want to provide you with a couple of notes in case it helps. 

John-Mark asked about the mechanism for allowing public review feedback. That is covered by people subscribing to the cti-comment@ mailing list. They get a couple of notifications during that that their feedback is covered by the same IPR mode the TC conforms to. So that is tied to use of the -comment@ mailing list. 

In setting up Open Repos and GitHub for TCs, we anticipated people would take advantage of the ability to fork repos, open or comment on issues, etc. Anyone who wants to make a substantive contribution can sign a CLA that has the same effect as the subscription notice above. 

In addition, in the case of GitHubs for TCs, in "GitHub Repositories for OASIS TC Members' Chartered Work" (https://www.oasis-open.org/resources/tcadmin/github-repositories-for-oasis-tc-members-chartered-work), the last paragraph labelled "Substantive Contributions and Public Feedback" includes this statement: 

"Public feedback on repository content is also accepted: persons who are not TC members are invited to open issues and provide comments using a TC Repository's GitHub Issues tracking facility or using the TC's comment list. All such content created in GitHub Issues and/or posted to the TC's archived comment list is governed by the terms of the OASIS Feedback License."

So we have covered public *feedback* there - if someone outside the TC issues a pull request against a TC GitHub, that is a different matter of course. 

Please let me know if you'd like to discuss further. 



On Thu, May 24, 2018 at 9:36 AM, Jason Keirstead <Jason.Keirstead@ca.ibm.com> wrote:
I am with Allan on this. If we can't accept bug reports from non-TC members, this entire STIX Preferred effort is doomed to failure.

I fail to see how reporting a bug or change request on something like a test case is an IPR issue. There is no IP here.

Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems

"Things may come to those who wait, but only the things left by those who hustle." - Unknown

From:        Bret Jordan <Bret_Jordan@symantec.com>
To:        Allan Thomson <athomson@lookingglasscyber.com>, "Back, Greg" <gback@mitre.org>, OASIS CTI TC list <cti@lists.oasis-open.org>
Cc:        Interoperability Subcommittee <cti-interoperability@lists.oasis-open.org>
Date:        05/24/2018 02:30 AM
Subject:        Re: [cti] Re: [EXT] [cti-interoperability] Motion for Open Repository for CTI Interop Issue Tracking
Sent by:        <cti@lists.oasis-open.org>

The reason I think it needs to be a TC Repo, is the issue tracker will track changes.  Due to IPR rules, I do not think we could take suggestions from non-TC members, aka, no bugs, issues.


From: Allan Thomson <athomson@lookingglasscyber.com>
Wednesday, May 23, 2018 4:05:12 PM
Back, Greg; Bret Jordan; OASIS CTI TC list
Interoperability Subcommittee
Re: [cti] Re: [EXT] [cti-interoperability] Motion for Open Repository for CTI Interop Issue Tracking

Our intention is interoperability (i.e. STIXPreferred) is available to non-TC members to participate in. I can imagine that non-TC specific information be available on the repo.
So I think it is appropriate in this case that the repo is open rather than restricted to the TC.
Allan Thomson
CTO (+1-408-331-6646)
LookingGlass Cyber Solutions
From: "Back, Greg" <gback@mitre.org>
Wednesday, May 23, 2018 at 2:58 PM
Bret Jordan <Bret_Jordan@symantec.com>, Allan Thomson <athomson@lookingglasscyber.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Interoperability Subcommittee <cti-interoperability@lists.oasis-open.org>
Re: [cti] Re: [EXT] [cti-interoperability] Motion for Open Repository for CTI Interop Issue Tracking

I’m fine with either, but I’ll point out that a motion to create an open repo is very different from a motion to create a TC repo. Based on what Allan is saying in the purpose statement, it’s probably more suitable as a TC repo [1], using this form [2]. Again, I would be in support of either one, though.
[1] https://www.oasis-open.org/resources/tcadmin/github-repositories-for-oasis-tc-members-chartered-work
[2] https://www.oasis-open.org/resources/tc-admin-requests/request-a-tc-github-version-control-instance-be-created
On 2018-05-22, 20:07, "cti@lists.oasis-open.orgon behalf of Bret Jordan" <cti@lists.oasis-open.orgon behalf of Bret_Jordan@symantec.com> wrote:
I second this, however, I would suggest the name just be cti-interop this way as an official work product repo, we could use it for other interop related things.  Yes, obviously, it will have an issue tracker, but we could do other things with it as well.

From: cti-interoperability@lists.oasis-open.org <cti-interoperability@lists.oasis-open.org> on behalf of Allan Thomson <athomson@lookingglasscyber.com>
Tuesday, May 22, 2018 4:45:42 PM
Interoperability Subcommittee
[EXT] [cti-interoperability] Motion for Open Repository for CTI Interop Issue Tracking

I move that the TC approve by unanimous consent requesting OASIS to set up an OASIS Open Repository named cti-interop-issuesusing the following pieces of information:
      * Purpose Statement: A CTI-Interoperability issue tracking repository
      * Initial Maintainers: Allan Thomson, Jason Keirstead
      * Open Source License: BSD-3-Clause License
      * GitHub Name: cti-interop-issues
      * Short Description: OASIS Open Repository: CTI-Interop Issue Tracking
If there have been no objections by Friday, 25th May, 8am PST, I will submit the form [1] to request OASIS staff to create the repository.
    [1]: https://clicktime.symantec.com/a/1/O_ihu1E08Xl2-dCkw-ASiK6V6aRPMzaHPgA8JWCVguA=?d=uExWX7fZn2Kl6plF49kKe_LZP8lrMkLtXgjcy41DR0Fu0FSDcexzZAqC2nn1IMYh1vZ5FISBNpMlibp8Q0YGdjpkIAvhfVRjM1dsDF7cV4gT9qa8h0OjnyVkwC9MH38YSKD2lIHqyY8rhnZXjDuzWpBtp-VTHGRkjFV0W281F9vYddlnNEAE25ie-1Nhr0af-1LmnMK3x4VacBd2yc3UUhapIM5Pqqb-yRWtSq1ZVe0EGfmckl5y8-UwGLKOPkChB785CerSuPcODwZCi8FkAo5apC1IyU_dwL9khyfWaWdeH9AkaMHufWKd5VmISpiqqD5sPRcc9KLHxJQ_oIEHIjQQjQRnSPNRM6xRsDeD8nYOLsbdk6iZwtmXnnNOsf4riJlDR8Bh2-ZNEkQF5Kbql5CIO0Bj-vXyUHnKYHCAjWuD7fSaz6YXLfHN71fJx4whN1cAV3AA_F8MAUW8uP9AXd6s3VH576SP6yheifXsvXSPrvmnnX2t1VHrp2KdF36FZzPIqViSYyR4Mk5GEw%3D%3D&u=https%3A%2F%2Fwww.oasis-open.org%2Fresources%2Ftc-admin-requests%2Fopen-repository-request



Looking forward to Borderless Cyber 20183-5 Oct, Washington, D.C.
Organized by The World Bank, OASIS, and Georgetown University

Chet Ensign
Chief Technical Community Steward
OASIS: Advancing open standards for the information society

Primary: +1 973-996-2298
Mobile: +1 201-341-1393 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]