Hello all;

It has come to my attention that there were three additional items that should have been on the PGB agenda yesterday, but I am hoping we can discuss and close on these over email.

For the first item, it has come to my attention that we do not have a technical steering committee member representing the new IOB open project. To date, our convention has been that each project should have at least one maintainer as a member of the TSC. TSC members are appointed at the discretion of the PGB, and do not require a ballot or vote, the action can be done via consensus. As such, I would like to nominate Charles Frick to the OCA TSC. If any PGB member has discussion on this, please let us know on this email list. If there is no dissention, I will assume this nomination to be carried as of January 20, and we will add Charlie to the list and relevant monthly meeting.

For the second item, it revolves around the TSC itself. The current TSC membership list, here https://github.com/opencybersecurityalliance/oasis-open-project/edit/main/TECHNICAL-STEERING-COMMITTEE.md, includes Sara Archacki. Sara is no longer with CIS and no longer involved with the PACE project. I would like to propose she be removed from the TSC.

For the third item, it revolves around policy of who is invited to present at working group and project meetings. I have had an individual reach out asking if since Elemendar was allowed to demo their product on the IOB call, if they could demo their product as well. I am very concerned this is a slippery slope. As such, I think we should be adopting a standing rule that in the future projects/products that are given time on an any OCA-hosted call, have to be available under an OASIS-approved open-source license (list is available here - https://www.oasis-open.org/policies-guidelines/open-projects-process/#repository-specification-licenses). If all are agreed, we can seek to adopt this standing rule in the February PGB call.

Please see inline.

Hello all;

It has come to my attention that there were three additional items that should have been on the PGB agenda yesterday, but I am hoping we can discuss and close on these over email.

For the first item, it has come to my attention that we do not have a technical steering committee member representing the new IOB open project. To date, our convention has been that each project should have at least one maintainer as a member of the TSC. TSC members are appointed at the discretion of the PGB, and do not require a ballot or vote, the action can be done via consensus. As such, I would like to nominate Charles Frick to the OCA TSC. If any PGB member has discussion on this, please let us know on this email list. If there is no dissention, I will assume this nomination to be carried as of January 20, and we will add Charlie to the list and relevant monthly meeting.

[AWM] No issues here.

For the second item, it revolves around the TSC itself. The current TSC membership list, here https://github.com/opencybersecurityalliance/oasis-open-project/edit/main/TECHNICAL-STEERING-COMMITTEE.md, includes Sara Archacki. Sara is no longer with CIS and no longer involved with the PACE project. I would like to propose she be removed from the TSC.

[AWM] Sara should be removed.

For the third item, it revolves around policy of who is invited to present at working group and project meetings. I have had an individual reach out asking if since Elemendar was allowed to demo their product on the IOB call, if they could demo their product as well. I am very concerned this is a slippery slope. As such, I think we should be adopting a standing rule that in the future projects/products that are given time on an any OCA-hosted call, have to be available under an OASIS-approved open-source license (list is available here - https://www.oasis-open.org/policies-guidelines/open-projects-process/#repository-specification-licenses). If all are agreed, we can seek to adopt this standing rule in the February PGB call.

[AWM] I tend to agree that this particular slope can be a slippery one. Are there any cases where there would be exceptions to the rule? For example, if PACE were to define standard interfaces to a variety of different collection and evaluation engines (i.e. OSQuery, an OVAL engine, the InSpec engine, etc.) and a couple of products implemented that, would we bar them from demos?

.....

[AWM] I tend to agree that this particular slope can be a slippery one. Are there any cases where there would be exceptions to the rule? For example, if PACE were to define standard interfaces to a variety of different collection and evaluation engines (i.e. OSQuery, an OVAL engine, the InSpec engine, etc.) and a couple of products implemented that, would we bar them from demos?

I think in this case, the demo is of PACE itself, which would be under an open-source license, so that would be fine. We would need to be very clear on the standing rule – the purpose of which is to just make sure we don’t turn into a commercial demo forum.

Please see inline.

Hello all;

It has come to my attention that there were three additional items that should have been on the PGB agenda yesterday, but I am hoping we can discuss and close on these over email.

For the first item, it has come to my attention that we do not have a technical steering committee member representing the new IOB open project. To date, our convention has been that each project should have at least one maintainer as a member of the TSC. TSC members are appointed at the discretion of the PGB, and do not require a ballot or vote, the action can be done via consensus. As such, I would like to nominate Charles Frick to the OCA TSC. If any PGB member has discussion on this, please let us know on this email list. If there is no dissention, I will assume this nomination to be carried as of January 20, and we will add Charlie to the list and relevant monthly meeting.

[AWM] No issues here.

For the second item, it revolves around the TSC itself. The current TSC membership list, here https://github.com/opencybersecurityalliance/oasis-open-project/edit/main/TECHNICAL-STEERING-COMMITTEE.md, includes Sara Archacki. Sara is no longer with CIS and no longer involved with the PACE project. I would like to propose she be removed from the TSC.

[AWM] Sara should be removed.

For the third item, it revolves around policy of who is invited to present at working group and project meetings. I have had an individual reach out asking if since Elemendar was allowed to demo their product on the IOB call, if they could demo their product as well. I am very concerned this is a slippery slope. As such, I think we should be adopting a standing rule that in the future projects/products that are given time on an any OCA-hosted call, have to be available under an OASIS-approved open-source license (list is available here - https://www.oasis-open.org/policies-guidelines/open-projects-process/#repository-specification-licenses). If all are agreed, we can seek to adopt this standing rule in the February PGB call.

[AWM] I tend to agree that this particular slope can be a slippery one. Are there any cases where there would be exceptions to the rule? For example, if PACE were to define standard interfaces to a variety of different collection and evaluation engines (i.e. OSQuery, an OVAL engine, the InSpec engine, etc.) and a couple of products implemented that, would we bar them from demos?

.....

This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.

. . . . .

Reasonable 😊

[AWM] I tend to agree that this particular slope can be a slippery one. Are there any cases where there would be exceptions to the rule? For example, if PACE were to define standard interfaces to a variety of different collection and evaluation engines (i.e. OSQuery, an OVAL engine, the InSpec engine, etc.) and a couple of products implemented that, would we bar them from demos?

I think in this case, the demo is of PACE itself, which would be under an open-source license, so that would be fine. We would need to be very clear on the standing rule – the purpose of which is to just make sure we don’t turn into a commercial demo forum.

Please see inline.

Hello all;

It has come to my attention that there were three additional items that should have been on the PGB agenda yesterday, but I am hoping we can discuss and close on these over email.

For the first item, it has come to my attention that we do not have a technical steering committee member representing the new IOB open project. To date, our convention has been that each project should have at least one maintainer as a member of the TSC. TSC members are appointed at the discretion of the PGB, and do not require a ballot or vote, the action can be done via consensus. As such, I would like to nominate Charles Frick to the OCA TSC. If any PGB member has discussion on this, please let us know on this email list. If there is no dissention, I will assume this nomination to be carried as of January 20, and we will add Charlie to the list and relevant monthly meeting.

[AWM] No issues here.

For the second item, it revolves around the TSC itself. The current TSC membership list, here https://github.com/opencybersecurityalliance/oasis-open-project/edit/main/TECHNICAL-STEERING-COMMITTEE.md, includes Sara Archacki. Sara is no longer with CIS and no longer involved with the PACE project. I would like to propose she be removed from the TSC.

[AWM] Sara should be removed.

For the third item, it revolves around policy of who is invited to present at working group and project meetings. I have had an individual reach out asking if since Elemendar was allowed to demo their product on the IOB call, if they could demo their product as well. I am very concerned this is a slippery slope. As such, I think we should be adopting a standing rule that in the future projects/products that are given time on an any OCA-hosted call, have to be available under an OASIS-approved open-source license (list is available here - https://www.oasis-open.org/policies-guidelines/open-projects-process/#repository-specification-licenses). If all are agreed, we can seek to adopt this standing rule in the February PGB call.

[AWM] I tend to agree that this particular slope can be a slippery one. Are there any cases where there would be exceptions to the rule? For example, if PACE were to define standard interfaces to a variety of different collection and evaluation engines (i.e. OSQuery, an OVAL engine, the InSpec engine, etc.) and a couple of products implemented that, would we bar them from demos?

.....

This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.

. . . . .

.....

My $0.02.

                Item 1 & 2: Concur

                Item 3:  I think we should have criteria for who/when/how someone briefs the PGB.  We should be open to new information and ideas, but we need to have some criteria to keep it in the lanes for which we are responsible.  Ensuring that the briefer(s) are relevant and applicable to our mission would just server to better manage our time and focus.