diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4238e94d..5b1f6991 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,25 +1,25 @@

Public Participation Invited

-

This OASIS Open Repository ( github.com/oasis-open/cti-python-stix2 ) is a community public repository that supports participation by anyone, whether affiliated with OASIS or not. Substantive contributions (repository "code") and related feedback is invited from all parties, following the common conventions for participation in GitHub public repository projects. Participation is expected to be consistent with the OASIS Open Repository Guidelines and Procedures, the LICENSE designated for this particular repository (BSD-3-Clause License), and the requirement for an Individual Contributor License Agreement. Please see the repository README document for other details.

+

This OASIS TC Open Repository ( github.com/oasis-open/cti-python-stix2 ) is a community public repository that supports participation by anyone, whether affiliated with OASIS or not. Substantive contributions (repository "code") and related feedback is invited from all parties, following the common conventions for participation in GitHub public repository projects. Participation is expected to be consistent with the OASIS TC Open Repository Guidelines and Procedures, the LICENSE designated for this particular repository (BSD-3-Clause License), and the requirement for an Individual Contributor License Agreement. Please see the repository README document for other details.

Governance Distinct from OASIS TC Process

-

Content accepted as "contributions" to this Open Repository, as defined below, are distinct from any Contributions made to the associated OASIS Cyber Threat Intelligence (CTI) TC itself. Participation in the associated Technical Committee is governed by the OASIS Bylaws, OASIS TC Process, IPR Policy, and related policies. This Open Repository is not subject to the OASIS TC-related policies. Open Repository governance is defined by separate participation and contribution guidelines as referenced in the OASIS Open Repositories Overview.

+

Content accepted as "contributions" to this TC Open Repository, as defined below, are distinct from any Contributions made to the associated OASIS Cyber Threat Intelligence (CTI) TC itself. Participation in the associated Technical Committee is governed by the OASIS Bylaws, OASIS TC Process, IPR Policy, and related policies. This TC Open Repository is not subject to the OASIS TC-related policies. TC Open Repository governance is defined by separate participation and contribution guidelines as referenced in the OASIS TC Open Repositories Overview.

Licensing Distinct from OASIS IPR Policy

-

Because different licenses apply to the OASIS TC's specification work, and this Open Repository, there is no guarantee that the licensure of specific repository material will be compatible with licensing requirements of an implementation of a TC's specification. Please refer to the LICENSE file for the terms of this material, and to the OASIS IPR Policy for the terms applicable to the TC's specifications, including any applicable declarations.

+

Because different licenses apply to the OASIS TC's specification work, and this TC Open Repository, there is no guarantee that the licensure of specific repository material will be compatible with licensing requirements of an implementation of a TC's specification. Please refer to the LICENSE file for the terms of this material, and to the OASIS IPR Policy for the terms applicable to the TC's specifications, including any applicable declarations.

Contributions Subject to Individual CLA

-

Formally, "contribution" to this Open Repository refers to content merged into the "Code" repository (repository changes represented by code commits), following the GitHub definition of contributor: "someone who has contributed to a project by having a pull request merged but does not have collaborator [i.e., direct write] access." Anyone who signs the Open Repository Individual Contributor License Agreement (CLA), signifying agreement with the licensing requirement, may contribute substantive content — subject to evaluation of a GitHub pull request. The main web page for this repository, as with any GitHub public repository, displays a link to a document listing contributions to the repository's default branch (filtered by Commits, Additions, and Deletions).

+

Formally, "contribution" to this TC Open Repository refers to content merged into the "Code" repository (repository changes represented by code commits), following the GitHub definition of contributor: "someone who has contributed to a project by having a pull request merged but does not have collaborator [i.e., direct write] access." Anyone who signs the TC Open Repository Individual Contributor License Agreement (CLA), signifying agreement with the licensing requirement, may contribute substantive content — subject to evaluation of a GitHub pull request. The main web page for this repository, as with any GitHub public repository, displays a link to a document listing contributions to the repository's default branch (filtered by Commits, Additions, and Deletions).

-

This Open Repository, as with GitHub public repositories generally, also accepts public feedback from any GitHub user. Public feedback includes opening issues, authoring and editing comments, participating in conversations, making wiki edits, creating repository stars, and making suggestions via pull requests. Such feedback does not constitute an OASIS Open Repository contribution. Some details are presented under "Read permissions" in the table of permission levels for a GitHub organization. Technical content intended as a substantive contribution (repository "Code") to an Open Repository is subject to evaluation, and requires a signed Individual CLA.

+

This TC Open Repository, as with GitHub public repositories generally, also accepts public feedback from any GitHub user. Public feedback includes opening issues, authoring and editing comments, participating in conversations, making wiki edits, creating repository stars, and making suggestions via pull requests. Such feedback does not constitute an OASIS TC Open Repository contribution. Some details are presented under "Read permissions" in the table of permission levels for a GitHub organization. Technical content intended as a substantive contribution (repository "Code") to an TC Open Repository is subject to evaluation, and requires a signed Individual CLA.

@@ -27,12 +27,12 @@

Fork-and-Pull Collaboration Model

-

OASIS Open Repositories use the familiar fork-and-pull collaboration model supported by GitHub and other distributed version-control systems. Any GitHub user wishing to contribute should fork the repository, make additions or other modifications, and then submit a pull request. GitHub pull requests should be accompanied by supporting comments and/or issues. Community conversations about pull requests, supported by GitHub notifications, will provide the basis for a consensus determination to merge, modify, close, or take other action, as communicated by the repository Maintainers.

+

OASIS TC Open Repositories use the familiar fork-and-pull collaboration model supported by GitHub and other distributed version-control systems. Any GitHub user wishing to contribute should fork the repository, make additions or other modifications, and then submit a pull request. GitHub pull requests should be accompanied by supporting comments and/or issues. Community conversations about pull requests, supported by GitHub notifications, will provide the basis for a consensus determination to merge, modify, close, or take other action, as communicated by the repository Maintainers.

Feedback

-

Questions or comments about this Open Repository's activities should be composed as GitHub issues or comments. If use of an issue/comment is not possible or appropriate, questions may be directed by email to the repository Maintainer(s). Please send general questions about Open Repository participation to OASIS Staff at repository-admin@oasis-open.org and any specific CLA-related questions to repository-cla@oasis-open.org.

+

Questions or comments about this TC Open Repository's activities should be composed as GitHub issues or comments. If use of an issue/comment is not possible or appropriate, questions may be directed by email to the repository Maintainer(s). Please send general questions about TC Open Repository participation to OASIS Staff at repository-admin@oasis-open.org and any specific CLA-related questions to repository-cla@oasis-open.org.

diff --git a/README.rst b/README.rst index faacc536..ffd7b406 100644 --- a/README.rst +++ b/README.rst @@ -3,11 +3,13 @@ cti-python-stix2 ================ -This is an `OASIS Open -Repository `__. +This is an `OASIS TC Open +Repository `__. See the `Governance <#governance>`__ section for more information. -This repository provides Python APIs for serializing and de-serializing +This repository provides Python APIs for serializing and de- +serializing STIX 2 JSON content, along with higher-level APIs for common tasks, including data markings, versioning, and for resolving STIX IDs across multiple data sources. @@ -29,8 +31,10 @@ Usage ----- To create a STIX object, provide keyword arguments to the type's -constructor. Certain required attributes of all objects, such as ``type`` or -``id``, will be set automatically if not provided as keyword arguments. +constructor. Certain required attributes of all objects, such as +``type`` or +``id``, will be set automatically if not provided as keyword +arguments. .. code:: python @@ -38,9 +42,11 @@ constructor. Certain required attributes of all objects, such as ``type`` or indicator = Indicator(name="File hash for malware variant", labels=["malicious-activity"], - pattern="[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']") + pattern="[file:hashes.md5 = + 'd41d8cd98f00b204e9800998ecf8427e']") -To parse a STIX JSON string into a Python STIX object, use ``parse()``: +To parse a STIX JSON string into a Python STIX object, use +``parse()``: .. code:: python @@ -55,21 +61,28 @@ To parse a STIX JSON string into a Python STIX object, use ``parse()``: "malicious-activity" ], "name": "File hash for malware variant", - "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']", + "pattern": "[file:hashes.md5 = + 'd41d8cd98f00b204e9800998ecf8427e']", "valid_from": "2017-09-26T23:33:39.829952Z" }""") print(indicator) -For more in-depth documentation, please see `https://stix2.readthedocs.io/ `__. +For more in-depth documentation, please see +`https://stix2.readthedocs.io/ `__. STIX 2.X Technical Specification Support ---------------------------------------- -This version of python-stix2 supports STIX 2.0 by default. Although, the -`stix2` Python library is built to support multiple versions of the STIX -Technical Specification. With every major release of stix2 the ``import stix2`` -statement will automatically load the SDO/SROs equivalent to the most recent -supported 2.X Technical Specification. Please see the library documentation +This version of python-stix2 supports STIX 2.0 by default. Although, +the +`stix2` Python library is built to support multiple versions of the +STIX +Technical Specification. With every major release of stix2 the +``import stix2`` +statement will automatically load the SDO/SROs equivalent to the most +recent +supported 2.X Technical Specification. Please see the library +documentation for more details. Governance @@ -77,66 +90,87 @@ Governance This GitHub public repository ( **https://github.com/oasis-open/cti-python-stix2** ) was -`proposed `__ +`proposed `__ and -`approved `__ +`approved `__ [`bis `__] by the `OASIS Cyber Threat Intelligence (CTI) -TC `__ as an `OASIS Open -Repository `__ +TC `__ as an `OASIS TC +Open +Repository `__ to support development of open source resources related to Technical Committee work. -While this Open Repository remains associated with the sponsor TC, its +While this TC Open Repository remains associated with the sponsor TC, +its development priorities, leadership, intellectual property terms, participation rules, and other matters of governance are `separate and -distinct `__ +distinct `__ from the OASIS TC Process and related policies. -All contributions made to this Open Repository are subject to open +All contributions made to this TC Open Repository are subject to open source license terms expressed in the `BSD-3-Clause -License `__. +License `__. That license was selected as the declared `"Applicable -License" `__ -when the Open Repository was created. +License" `__ +when the TC Open Repository was created. As documented in `"Public Participation -Invited `__", -contributions to this OASIS Open Repository are invited from all -parties, whether affiliated with OASIS or not. Participants must have a +Invited `__", +contributions to this OASIS TC Open Repository are invited from all +parties, whether affiliated with OASIS or not. Participants must have +a GitHub account, but no fees or OASIS membership obligations are required. Participation is expected to be consistent with the `OASIS -Open Repository Guidelines and -Procedures `__, +TC Open Repository Guidelines and +Procedures `__, the open source -`LICENSE `__ +`LICENSE `__ designated for this particular repository, and the requirement for an `Individual Contributor License -Agreement `__ +Agreement `__ that governs intellectual property. Maintainers ~~~~~~~~~~~ -Open Repository -`Maintainers `__ +TC Open Repository +`Maintainers `__ are responsible for oversight of this project's community development activities, including evaluation of GitHub `pull -requests `__ +requests `__ and -`preserving `__ +`preserving `__ open source principles of openness and fairness. Maintainers are recognized and trusted experts who serve to implement community goals and consensus design preferences. -Initially, the associated TC members have designated one or more persons -to serve as Maintainer(s); subsequently, participating community members +Initially, the associated TC members have designated one or more +persons +to serve as Maintainer(s); subsequently, participating community +members may select additional or substitute Maintainers, per `consensus -agreements `__. +agreements `__. .. _currentMaintainers: -**Current Maintainers of this Open Repository** +**Current Maintainers of this TC Open Repository** - `Greg Back `__; GitHub ID: https://github.com/gtback/; WWW: `MITRE @@ -145,34 +179,46 @@ agreements `__ -About OASIS Open Repositories +About OASIS TC Open Repositories ----------------------------- -- `Open Repositories: Overview and - Resources `__ +- `TC Open Repositories: Overview and + Resources `__ - `Frequently Asked - Questions `__ + Questions `__ - `Open Source - Licenses `__ + Licenses `__ - `Contributor License Agreements - (CLAs) `__ + (CLAs) `__ - `Maintainers' Guidelines and - Agreement `__ + Agreement `__ Feedback -------- -Questions or comments about this Open Repository's activities should be -composed as GitHub issues or comments. If use of an issue/comment is not +Questions or comments about this TC Open Repository's activities +should be +composed as GitHub issues or comments. If use of an issue/comment is +not possible or appropriate, questions may be directed by email to the Maintainer(s) `listed above <#currentmaintainers>`__. Please send -general questions about Open Repository participation to OASIS Staff at +general questions about TC Open Repository participation to OASIS +Staff at repository-admin@oasis-open.org and any specific CLA-related questions to repository-cla@oasis-open.org. -.. |Build_Status| image:: https://travis-ci.org/oasis-open/cti-python-stix2.svg?branch=master +.. |Build_Status| image:: https://travis-ci.org/oasis-open/cti-python- +stix2.svg?branch=master :target: https://travis-ci.org/oasis-open/cti-python-stix2 -.. |Coverage| image:: https://codecov.io/gh/oasis-open/cti-python-stix2/branch/master/graph/badge.svg +.. |Coverage| image:: https://codecov.io/gh/oasis-open/cti-python- +stix2/branch/master/graph/badge.svg :target: https://codecov.io/gh/oasis-open/cti-python-stix2 -.. |Version| image:: https://img.shields.io/pypi/v/stix2.svg?maxAge=3600 +.. |Version| image:: https://img.shields.io/pypi/v/stix2.svg?maxAge= +3600 :target: https://pypi.python.org/pypi/stix2/ +