CybOX, MAEC, and STIX tool repositories

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

CybOX, MAEC, and STIX tool repositories

Back, Greg
[My apologies if you receive multiple copies of this email. It is being sent to the cybox-discussion, maec-discussion, and stix-discussion lists.]

All -

The following GitHub repositories each contain a variety of tools, with few or no dependencies among them.

https://github.com/CybOXProject/Tools
https://github.com/MAECProject/utils
https://github.com/STIXProject/Tools

We are planning to migrate each tool into its own repository, which will have a number of benefits:

- Each tool can be independently versioned, tagged, and released.
- Issues for each tool can be tracked without needing a separate label to identify which tool is being discussed.
- Users are not required to download all tools in a particular project in order to use one of them.
- Each tool can be updated to new versions of the corresponding standard independently.
- Individual tools can more easily be integrated into other projects.

It is possible to retain the git history of each tool within the corresponding new repository, but work which is based on a current repository (i.e. forks of the existing repositories) will not merge automatically onto the new repositories. Because there will be no changes to the tools themselves as part of this migration, any changes from forked repositories can be merged manually without the possibility of conflicts. Open issues and existing tags for each of the three existing repositories will need to be migrated to the correct new repository manually.

The plan is to follow the process below for each of the three original repositories.

1. Add a note to the top of the README describing this migration.
2. Migrate each tool into a separate repository, and verify that it still performs as expected.
3. Ensure each repository has the proper README and LICENSE files.
4. Create new tags in the new repositories corresponding to the equivalent commits in the original repository.
5. Modify the README in the original repository to point to the new repositories.
6. Manually create new issues in the new repositories corresponding to open issues in the existing repositories, including links to ensure the discussion can be followed.
7. After a week or two, remove all files except the README from the original repo. The full git history and all issues will be kept for reference.

This process will start beginning next Monday (11/4) for CybOX, and be followed by MAEC and STIX.

If there are any concerns or questions about this process, please email the corresponding list ([hidden email], [hidden email], [hidden email]) or reply to this message.

Thanks,
Greg Back
MITRE
Reply | Threaded
Open this post in threaded view
|

RE: CybOX, MAEC, and STIX tool repositories

Back, Greg
For now the plan is to leave them in their respective organizations (CybOX tools under CybOXProject, etc.).

I've suggested consolidating the repos for each of the organizations before--either under the MITRE organization or one for just CybOX, MAEC, STIX, and TAXII--but at this point it is likely to cause more turmoil with very little benefit (the overhead of managing the organizations is minimal), and moving repositories between organizations is relatively straightforward to do later. Especially with the current development on the new versions of CybOX and STIX, moving the schema repositories would be a rather disruptive change.

Thanks,
Greg

>-----Original Message-----
>From: Kyle Maxwell [mailto:[hidden email]]
>Sent: Thursday, October 31, 2013 11:48 AM
>To: Back, Greg
>Cc: cybox-discussion-list Cyber Observable Expression/CybOX Discussi; maec-
>discussion-list Malware Attribute Enumeration Discussion; stix-discussion-list
>Structured Threat Information Expression/ST
>Subject: Re: CybOX, MAEC, and STIX tool repositories
>
>Will these be under the MITRE organization or still be separated into
>different organizations for each project?
>
>On Thu, Oct 31, 2013 at 8:57 AM, Back, Greg <[hidden email]> wrote:
>> [My apologies if you receive multiple copies of this email. It is being sent
>> to the cybox-discussion, maec-discussion, and stix-discussion lists.]
>>
>> All -
>>
>> The following GitHub repositories each contain a variety of tools, with few or
>> no dependencies among them.
>>
>> https://github.com/CybOXProject/Tools
>> https://github.com/MAECProject/utils
>> https://github.com/STIXProject/Tools
>>
>> We are planning to migrate each tool into its own repository, which will have
>> a number of benefits:
>>
>> - Each tool can be independently versioned, tagged, and released.
>> - Issues for each tool can be tracked without needing a separate label to
>> identify which tool is being discussed.
>> - Users are not required to download all tools in a particular project in
>> order to use one of them.
>> - Each tool can be updated to new versions of the corresponding standard
>> independently.
>> - Individual tools can more easily be integrated into other projects.
>>
>> It is possible to retain the git history of each tool within the corresponding
>> new repository, but work which is based on a current repository (i.e. forks
>of
>> the existing repositories) will not merge automatically onto the new
>> repositories. Because there will be no changes to the tools themselves as
>part
>> of this migration, any changes from forked repositories can be merged
>manually
>> without the possibility of conflicts. Open issues and existing tags for each
>> of the three existing repositories will need to be migrated to the correct
>new
>> repository manually.
>>
>> The plan is to follow the process below for each of the three original
>> repositories.
>>
>> 1. Add a note to the top of the README describing this migration.
>> 2. Migrate each tool into a separate repository, and verify that it still
>> performs as expected.
>> 3. Ensure each repository has the proper README and LICENSE files.
>> 4. Create new tags in the new repositories corresponding to the equivalent
>> commits in the original repository.
>> 5. Modify the README in the original repository to point to the new
>> repositories.
>> 6. Manually create new issues in the new repositories corresponding to
>open
>> issues in the existing repositories, including links to ensure the discussion
>> can be followed.
>> 7. After a week or two, remove all files except the README from the original
>> repo. The full git history and all issues will be kept for reference.
>>
>> This process will start beginning next Monday (11/4) for CybOX, and be
>> followed by MAEC and STIX.
>>
>> If there are any concerns or questions about this process, please email the
>> corresponding list ([hidden email], [hidden email], [hidden email]) or
>reply
>> to this message.
>>
>> Thanks,
>> Greg Back
>> MITRE
>
>
>
>--
>Kyle Maxwell [[hidden email]]
>Twitter: @kylemaxwell