OASIS Static Analysis Results Interchange Format (SARIF) TC

  • 1.  Re: GitHub for samples, etc [ Raw minutes of SARIF #5 meeting 2017-10-25 ]

    Posted 10-26-2017 16:43
    Dear contributors and facilitators, I think these are all working and easing suggestions. Just as a side note, if this is a contribution - and I think it is ;-) we should always be able to place it in kavi :shiver: but inside a folder named Contributions (that exists in e.g. OData TC, but is missing (yet) on planet SARIF - I cannot create, but request this from those who can ... The status draft is fully OK. I will request a folder just in case, there is contributed substance that might end up in our work product and thus would require some contributory remarks / link so OASIS can then in later stages of the process easily ensure, that IPR was always respected or "transferred" All the best, Stefan On 26/10/17 18:31, Robin Cover wrote: > Re David Keaton's reply to *Paul Anderson* > > [ provide samples for documenting their use of markup ] > > > I would suggest appending it to the discussion of the github issue, > to make it easy for people to retrieve. (You could submit it as a > document to the SARIF TC web site, but the most unofficial type of > document it accepts is called "Draft" which is not really what you are > submitting.) > > 1) Using the GitHub repo's comment/conversation mechanism is just fine > for collaboration; you can always use a TC discussion mailing list (or a > TC Wiki, or the TC Kavi repo), but it's your choice as to venue: they > all work > > 2) Any kind of content contributed as part of a TC's technical > discussion is deemed to be "at working draft */level/*", even if it is > not structured and composed in template form with a document cover > page, etc. So my recommendation is to not fret about templates and > style for bits and pieces that are in draft -- which may or may not be > incorporated into some formal document at some time, by document editors. > > What's important? Engagement, conversation, respectful debate, and > enjoying the dialog with other bright people. GitHub Issues will work > for that in many cases. > > Cheers, > > - Robin > > On Thu, Oct 26, 2017 at 10:54 AM, David Keaton <dmk@dmk.com > < mailto:dmk@dmk.com >> wrote: > > Paul, > > Thanks for asking! > > I would suggest appending it to the discussion of the github > issue, to make it easy for people to retrieve. (You could submit it > as a document to the SARIF TC web site, but the most unofficial type > of document it accepts is called "Draft" which is not really what > you are submitting.) > > If you go to the comment box at the bottom of the following > github issue, it contains a note that says you can drag and drop a > document into a comment. > > https://github.com/oasis-tcs/sarif-spec/issues/55 > < https://github.com/oasis-tcs/sarif-spec/issues/55 > > > David > > On 10/26/2017 06:35 AM, Paul Anderson wrote: > > Hi: > > > [20:03] Stefan: Paul and Yekatarina to provide samples for > documenting their use of markup > > What's the preferred way of sharing this? > > -Paul > > ... 8< - - -


  • 2.  Re: [sarif] Re: GitHub for samples, etc [ Raw minutes of SARIF #5 meeting 2017-10-25 ]

    Posted 10-26-2017 16:52
    Just to clarify, Paul and Katrina are not submitting these documents as contributions to the Working Draft. They are giving us examples of the output of their tools. Kavi is fine but I actually think from a workflow perspective, given what these documents are, it is easiest if they appear in the github issue. David On 10/26/2017 09:43 AM, Mr. Stefan Hagen wrote: Dear contributors and facilitators, I think these are all working and easing suggestions. Just as a side note, if this is a contribution - and I think it is ;-) we should always be able to place it in kavi :shiver: but inside a folder named Contributions (that exists in e.g. OData TC, but is missing (yet) on planet SARIF - I cannot create, but request this from those who can ... The status draft is fully OK. I will request a folder just in case, there is contributed substance that might end up in our work product and thus would require some contributory remarks / link so OASIS can then in later stages of the process easily ensure, that IPR was always respected or "transferred" All the best, Stefan On 26/10/17 18:31, Robin Cover wrote: Re David Keaton's reply to *Paul Anderson* [ provide samples for documenting their use of markup ] > I would suggest appending it to the discussion of the github issue, to make it easy for people to retrieve. (You could submit it as a document to the SARIF TC web site, but the most unofficial type of document it accepts is called "Draft" which is not really what you are submitting.) 1) Using the GitHub repo's comment/conversation mechanism is just fine for collaboration; you can always use a TC discussion mailing list (or a TC Wiki, or the TC Kavi repo), but it's your choice as to venue: they all work 2) Any kind of content contributed as part of a TC's technical discussion is deemed to be "at working draft */level/*", even if it is not structured and composed in template form with a document cover page, etc. So my recommendation is to not fret about templates and style for bits and pieces that are in draft -- which may or may not be incorporated into some formal document at some time, by document editors. What's important? Engagement, conversation, respectful debate, and enjoying the dialog with other bright people. GitHub Issues will work for that in many cases. Cheers, - Robin On Thu, Oct 26, 2017 at 10:54 AM, David Keaton <dmk@dmk.com < mailto:dmk@dmk.com >> wrote: Paul, Thanks for asking! I would suggest appending it to the discussion of the github issue, to make it easy for people to retrieve. (You could submit it as a document to the SARIF TC web site, but the most unofficial type of document it accepts is called "Draft" which is not really what you are submitting.) If you go to the comment box at the bottom of the following github issue, it contains a note that says you can drag and drop a document into a comment. https://github.com/oasis-tcs/sarif-spec/issues/55 < https://github.com/oasis-tcs/sarif-spec/issues/55 > David On 10/26/2017 06:35 AM, Paul Anderson wrote: Hi: [20:03] Stefan: Paul and Yekatarina to provide samples for documenting their use of markup What's the preferred way of sharing this? -Paul ... 8< - - -


  • 3.  Re: [sarif] Re: GitHub for samples, etc [ Raw minutes of SARIF #5 meeting 2017-10-25 ]

    Posted 10-27-2017 21:46
    Hi David,  I have the TC Admin JIRA request to create the folder 'Contributions' at  https://issues.oasis-open.org/browse/TCADMIN-2789 . Do you all want me to go ahead and create that?  Also, let me clarify one thing. The definition of Contribution is at ( https://www.oasis-open.org/policies-guidelines/ipr#def-contribution ). It reads " any material submitted to an OASIS Technical Committee by a TC Member in writing or electronically, whether in an in-person meeting or in any electronic conference or mailing list maintained by OASIS for the OASIS Technical Committee and which is or was proposed for inclusion in an OASIS Deliverable." (emphasis added)  I provide this simply to note that it is fine to have a folder for Contributions but that doesn't mean anything outside that folder is *not* a Contribution. If someone sends something as an attachment to the TC mailing list, it is a valid Contribution even though it is not in that folder.  In this case, as Paul and Katrina are *not* submitting them as proposed inclusion in the TC's work, then they aren't Contributions. If they just sent them to the TC and said "Here, use as you see fit" then they would be.  In any case, please let me know if you would like the folder set up.  Best,  /chet On Thu, Oct 26, 2017 at 12:51 PM, David Keaton < dmk@dmk.com > wrote:      Just to clarify, Paul and Katrina are not submitting these documents as contributions to the Working Draft.  They are giving us examples of the output of their tools.      Kavi is fine but I actually think from a workflow perspective, given what these documents are, it is easiest if they appear in the github issue.                                         David On 10/26/2017 09:43 AM, Mr. Stefan Hagen wrote: Dear contributors and facilitators, I think these are all working and easing suggestions. Just as a side note, if this is a contribution - and I think it is ;-) we should always be able to place it in kavi :shiver: but inside a folder named Contributions (that exists in e.g. OData TC, but is missing (yet) on planet SARIF - I cannot create, but request this from those who can ... The status draft is fully OK. I will request a folder just in case, there is contributed substance that might end up in our work product and thus would require some contributory remarks / link so OASIS can then in later stages of the process easily ensure, that IPR was always respected or "transferred" All the best, Stefan On 26/10/17 18:31, Robin Cover wrote: Re David Keaton's reply to *Paul Anderson* [ provide samples for documenting their use of markup ]   > I would suggest appending it to the discussion of the github issue, to make it easy for people to retrieve.  (You could submit it as a document to the SARIF TC web site, but the most unofficial type of document it accepts is called "Draft" which is not really what you are submitting.) 1) Using the GitHub repo's comment/conversation mechanism is just fine for collaboration; you can always use a TC discussion mailing list (or a TC Wiki, or the TC Kavi repo), but it's your choice as to venue: they all work 2) Any kind of content contributed as part of a TC's technical discussion is deemed to be "at working draft */level/*", even if it is not structured and  composed in template form with a document cover page, etc.   So my recommendation is to not fret about templates and style for bits and pieces that are in draft -- which may or may not be incorporated into some formal document at some time, by document editors. What's important?  Engagement, conversation, respectful debate, and enjoying the dialog with other bright people.  GitHub Issues will work for that in many cases. Cheers, - Robin On Thu, Oct 26, 2017 at 10:54 AM, David Keaton < dmk@dmk.com <mailto: dmk@dmk.com >> wrote:      Paul,            Thanks for asking!            I would suggest appending it to the discussion of the github      issue, to make it easy for people to retrieve.  (You could submit it      as a document to the SARIF TC web site, but the most unofficial type      of document it accepts is called "Draft" which is not really what      you are submitting.)            If you go to the comment box at the bottom of the following      github issue, it contains a note that says you can drag and drop a      document into a comment.       https://github.com/oasis-tcs/ sarif-spec/issues/55      < https://github.com/oasis- tcs/sarif-spec/issues/55 >                                               David      On 10/26/2017 06:35 AM, Paul Anderson wrote:          Hi:              [20:03] Stefan: Paul and Yekatarina to provide samples for              documenting their use of markup          What's the preferred way of sharing this?          -Paul ... 8< - - - ------------------------------ ------------------------------ --------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/app s/org/workgroup/portal/my_work groups.php -- /chet  ---------------- Chet Ensign Director of Standards Development and TC Administration  OASIS: Advancing open standards for the information society http://www.oasis-open.org Primary: +1 973-996-2298 Mobile: +1 201-341-1393 


  • 4.  Re: [sarif] Re: GitHub for samples, etc [ Raw minutes of SARIF #5 meeting 2017-10-25 ]

    Posted 10-27-2017 22:51
    Chet, Thanks very much for the clarification. Yes, please do set up the folder because we may need it in the future, even though today's case is different. David On 2017-10-27 14:46, Chet Ensign wrote: Hi David, I have the TC Admin JIRA request to create the folder 'Contributions' at https://issues.oasis-open.org/browse/TCADMIN-2789 . Do you all want me to go ahead and create that? Also, let me clarify one thing. The definition of Contribution is at ( https://www.oasis-open.org/policies-guidelines/ipr#def-contribution ). It reads "any material submitted to an OASIS Technical Committee by a TC Member in writing or electronically, whether in an in-person meeting or in any electronic conference or mailing list maintained by OASIS for the OASIS Technical Committee *and *which is or was proposed for inclusion in an OASIS Deliverable." (emphasis added) I provide this simply to note that it is fine to have a folder for Contributions but that doesn't mean anything outside that folder is *not* a Contribution. If someone sends something as an attachment to the TC mailing list, it is a valid Contribution even though it is not in that folder. In this case, as Paul and Katrina are *not* submitting them as proposed inclusion in the TC's work, then they aren't Contributions. If they just sent them to the TC and said "Here, use as you see fit" then they would be. In any case, please let me know if you would like the folder set up. Best, /chet On Thu, Oct 26, 2017 at 12:51 PM, David Keaton <dmk@dmk.com < mailto:dmk@dmk.com >> wrote:      Just to clarify, Paul and Katrina are not submitting these documents as contributions to the Working Draft.  They are giving us examples of the output of their tools.      Kavi is fine but I actually think from a workflow perspective, given what these documents are, it is easiest if they appear in the github issue.                                         David On 10/26/2017 09:43 AM, Mr. Stefan Hagen wrote: Dear contributors and facilitators, I think these are all working and easing suggestions. Just as a side note, if this is a contribution - and I think it is ;-) we should always be able to place it in kavi :shiver: but inside a folder named Contributions (that exists in e.g. OData TC, but is missing (yet) on planet SARIF - I cannot create, but request this from those who can ... The status draft is fully OK. I will request a folder just in case, there is contributed substance that might end up in our work product and thus would require some contributory remarks / link so OASIS can then in later stages of the process easily ensure, that IPR was always respected or "transferred" All the best, Stefan On 26/10/17 18:31, Robin Cover wrote: Re David Keaton's reply to *Paul Anderson* [ provide samples for documenting their use of markup ]   > I would suggest appending it to the discussion of the github issue, to make it easy for people to retrieve.  (You could submit it as a document to the SARIF TC web site, but the most unofficial type of document it accepts is called "Draft" which is not really what you are submitting.) 1) Using the GitHub repo's comment/conversation mechanism is just fine for collaboration; you can always use a TC discussion mailing list (or a TC Wiki, or the TC Kavi repo), but it's your choice as to venue: they all work 2) Any kind of content contributed as part of a TC's technical discussion is deemed to be "at working draft */level/*", even if it is not structured and  composed in template form with a document cover page, etc.   So my recommendation is to not fret about templates and style for bits and pieces that are in draft -- which may or may not be incorporated into some formal document at some time, by document editors. What's important?  Engagement, conversation, respectful debate, and enjoying the dialog with other bright people.  GitHub Issues will work for that in many cases. Cheers, - Robin On Thu, Oct 26, 2017 at 10:54 AM, David Keaton <dmk@dmk.com < mailto:dmk@dmk.com > < mailto:dmk@dmk.com < mailto:dmk@dmk.com >>> wrote:      Paul,            Thanks for asking!            I would suggest appending it to the discussion of the github      issue, to make it easy for people to retrieve.  (You could submit it      as a document to the SARIF TC web site, but the most unofficial type      of document it accepts is called "Draft" which is not really what      you are submitting.)            If you go to the comment box at the bottom of the following      github issue, it contains a note that says you can drag and drop a      document into a comment. https://github.com/oasis-tcs/sarif-spec/issues/55 < https://github.com/oasis-tcs/sarif-spec/issues/55 >      < https://github.com/oasis-tcs/sarif-spec/issues/55 < https://github.com/oasis-tcs/sarif-spec/issues/55 >>                                               David      On 10/26/2017 06:35 AM, Paul Anderson wrote:          Hi:              [20:03] Stefan: Paul and Yekatarina to provide samples for              documenting their use of markup          What's the preferred way of sharing this?          -Paul ... 8< - - - --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php < https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > -- /chet ---------------- Chet Ensign Director of Standards Development and TC Administration OASIS: Advancing open standards for the information society http://www.oasis-open.org Primary: +1 973-996-2298 Mobile: +1 201-341-1393


  • 5.  Re: [sarif] Re: GitHub for samples, etc [ Raw minutes of SARIF #5 meeting 2017-10-25 ]

    Posted 10-27-2017 23:12
    Thanks for confirming David. Done. It is all set!  /chet On Fri, Oct 27, 2017 at 6:50 PM, David Keaton < dmk@dmk.com > wrote: Chet,      Thanks very much for the clarification.  Yes, please do set up the folder because we may need it in the future, even though today's case is different.                                         David On 2017-10-27 14:46, Chet Ensign wrote: Hi David, I have the TC Admin JIRA request to create the folder 'Contributions' at https://issues.oasis-open.org/ browse/TCADMIN-2789 . Do you all want me to go ahead and create that? Also, let me clarify one thing. The definition of Contribution is at ( https://www.oasis-open.org/po licies-guidelines/ipr#def-cont ribution ). It reads "any material submitted to an OASIS Technical Committee by a TC Member in writing or electronically, whether in an in-person meeting or in any electronic conference or mailing list maintained by OASIS for the OASIS Technical Committee *and *which is or was proposed for inclusion in an OASIS Deliverable." (emphasis added) I provide this simply to note that it is fine to have a folder for Contributions but that doesn't mean anything outside that folder is *not* a Contribution. If someone sends something as an attachment to the TC mailing list, it is a valid Contribution even though it is not in that folder. In this case, as Paul and Katrina are *not* submitting them as proposed inclusion in the TC's work, then they aren't Contributions. If they just sent them to the TC and said "Here, use as you see fit" then they would be. In any case, please let me know if you would like the folder set up. Best, /chet On Thu, Oct 26, 2017 at 12:51 PM, David Keaton < dmk@dmk.com <mailto: dmk@dmk.com >> wrote:           Just to clarify, Paul and Katrina are not submitting these     documents as contributions to the Working Draft.  They are giving us     examples of the output of their tools.           Kavi is fine but I actually think from a workflow perspective,     given what these documents are, it is easiest if they appear in the     github issue.                                              David     On 10/26/2017 09:43 AM, Mr. Stefan Hagen wrote:         Dear contributors and facilitators,         I think these are all working and easing suggestions.         Just as a side note, if this is a contribution - and I think it         is ;-)         we should always be able to place it in kavi :shiver: but inside         a folder         named Contributions (that exists in e.g. OData TC, but is         missing (yet) on planet SARIF - I cannot create, but request         this from those who can ...         The status draft is fully OK.         I will request a folder just in case, there is contributed         substance that might end up in our work product and thus would         require some         contributory remarks / link so OASIS can then in later stages of         the process easily ensure, that IPR was always respected or         "transferred"         All the best,         Stefan         On 26/10/17 18:31, Robin Cover wrote:             Re David Keaton's reply to *Paul Anderson*             [ provide samples for documenting their use of markup ]                > I would suggest appending it to the discussion of the             github issue,             to make it easy for people to retrieve.  (You could submit             it as a             document to the SARIF TC web site, but the most unofficial             type of             document it accepts is called "Draft" which is not really             what you are             submitting.)             1) Using the GitHub repo's comment/conversation mechanism is             just fine             for collaboration; you can always use a TC discussion             mailing list (or a             TC Wiki, or the TC Kavi repo), but it's your choice as to             venue: they             all work             2) Any kind of content contributed as part of a TC's technical             discussion is deemed to be "at working draft */level/*",             even if it is             not structured and  composed in template form with a             document cover             page, etc.   So my recommendation is to not fret about             templates and             style for bits and pieces that are in draft -- which may or             may not be             incorporated into some formal document at some time, by             document editors.             What's important?  Engagement, conversation, respectful             debate, and             enjoying the dialog with other bright people.  GitHub Issues             will work             for that in many cases.             Cheers,             - Robin             On Thu, Oct 26, 2017 at 10:54 AM, David Keaton < dmk@dmk.com             <mailto: dmk@dmk.com >             <mailto: dmk@dmk.com <mailto: dmk@dmk.com >>> wrote:                   Paul,                         Thanks for asking!                         I would suggest appending it to the discussion             of the github                   issue, to make it easy for people to retrieve.  (You             could submit it                   as a document to the SARIF TC web site, but the most             unofficial type                   of document it accepts is called "Draft" which is not             really what                   you are submitting.)                         If you go to the comment box at the bottom of             the following                   github issue, it contains a note that says you can             drag and drop a                   document into a comment.             https://github.com/oasis-tcs/s arif-spec/issues/55             < https://github.com/oasis-tcs/ sarif-spec/issues/55 >                   < https://github.com/oasis-tcs /sarif-spec/issues/55             < https://github.com/oasis-tcs/ sarif-spec/issues/55 >>                                                            David                   On 10/26/2017 06:35 AM, Paul Anderson wrote:                       Hi:                           [20:03] Stefan: Paul and Yekatarina to provide             samples for                           documenting their use of markup                       What's the preferred way of sharing this?                       -Paul             ... 8< - - -     ------------------------------ ------------------------------ ---------     To unsubscribe from this mail list, you must leave the OASIS TC that     generates this mail.  Follow this link to all your TCs in OASIS at:     https://www.oasis-open.org/app s/org/workgroup/portal/my_work groups.php     < https://www.oasis-open.org/ap ps/org/workgroup/portal/my_wor kgroups.php > -- /chet ---------------- Chet Ensign Director of Standards Development and TC Administration OASIS: Advancing open standards for the information society http://www.oasis-open.org Primary: +1 973-996-2298 Mobile: +1 201-341-1393 -- /chet  ---------------- Chet Ensign Director of Standards Development and TC Administration  OASIS: Advancing open standards for the information society http://www.oasis-open.org Primary: +1 973-996-2298 Mobile: +1 201-341-1393