Proposal for bringing clarity to the Notary Project branding

[toddysm]

@notaryproject/notaryproject-governance-maintainers In the last Notary Project meeting (notes and meeting recording) we discussed how to clarify the branding of the Notary Project and make it clear to people who are interested to use the tools and participate in the community what means what. This is related also to the following two items notaryproject/specifications#262 and #32.

In the meeting, we discussed the following changes, which I am posting here for discussion by maintainers.

1. Archive the notaryproject repository and create a new repository called specifications that will contain the specifications that are across any tools as well as used by any external tools or projects that want to interoperate with our tools.
   1.1 Inside the new repository, we will structure the specifications in folders to provide more clarity. Right now, we have two main specification areas - one for signatures and signing workflow for OCI artifacts, and one for Notation plugin implementation. Those should be in separate folders. In the future, we will have more specifications that will be placed in their own folders. Each folder will have a README.md to explain the purpose of each document inside the folder.
   1.2 The repository will have its own README.md to explain the purpose of the repository as well as link to the READMEs in each individual folder.
   1.3 Current notaryproject repository contains folders for requirements and scenarios. Requirements can be captured as GitHub issues in the future and scenarios can be documented in the GitHub issues, HackMD documents linked from the GitHub issues or on the project's website in notaryproject.dev repository. Hence, the proposal is to not move those to the new repository.
   1.4 Current notaryproject repository contains the latest security reports. The latest security reports cover multiple repositories under the organization. Note: there are also some security reports in the notary repository that are specific to the implementation in that repository. The proposal is to migrate the latest security reports and the threat model to the .github repository and create a relevant directory structure in it. Also, to link to the security reports from the READMEs of the relevant repositories they cover.
2. We need to update each individual repository README.md with the following information: link to the overview, purpose of the repository, is it in active development or not, is it archived or not.
3. We need to have a process for archiving repositories under the organization and make sure that we clean up all repositories before the release.

We also discussed to acknowledge the terminology we use and how should we use it. The confusion comes from the use of terms like "Notary", "Notary V2", "Notary Project", "Notation". Here is the proposed (very draft) language:

1. The name of the GitHub organization is "Notary Project". When used this term has an all-encompassing meaning and will refer to the GitHub organization, the community, all specifications, and all the repositories under the organization including tools that are released by the community. Because this term is too broad, it is recommended to always use it with additional clarifiers unless we mean all of the above. For example, "Notary Project's signature specification" or "Notarty Project's signing workflow" or "Notary Project's Notation tool" (see about the last one below). The term should be used as an encompassing brand.
2. The name "Notary" refers to the TUF-based implementation from the notary repository. This is the only meaning of that term and we should use it only if we mean the TUF-based implementation.
3. The name "Notary V2" or "Notary v2" has no corresponding implementation or any relevant assets under the organization. Thus, this name is unclear and has no clear meaning for anything that Notary Project community collaborates on. Hence, this name should not be used in any context relevant to our work.
4. The name "Notation" refers to the implementation of the CLI and the libraries in the notation-go and notation-core-go repositories. If not clarified, the term "Notation" will mean the CLI. Of course, the CLI meaning can be clarified with "Notation CLI". If we want to address the libraries, we should always clarify with the corresponding library in mind. For example, "Notation Go", respectively "Notation Go library" for the library in the notation-go repository as well as "Notation Core Go", respectively "Notation Core Go library" for the library in the notation-core-go repository.
5. The term "Notary Project release" is also confusing because it doesn't clarify what is released (see above for the meaning of the term). We should use specific clarifiers for the releases. For example "Notary Project's signature specification release" or "Notary Project's Notation CLI release" or simply "Notation CLI release".
6. Last but not least, we would like to propose a change in the Notary Project logo to include the word "Project".

Note that the release of the specs and the Notation CLI are contingent on the branding changes that we describe above. I am appealing to the maintainers to take an active role in discussing and agreeing on the changes as soon as possible.

CC:// @TheFoxAtWork and @mattfarina for your feedback and comments on the above.

[toddysm]

One additional thing that was brought to my attention - the concepts of sub-project and working-group would be very helpful in clarifying the use of the repositories and terminology. Notary, Notation, Notation libraries are good candidates for "sub-projects" of Notary Project.

[toddysm]

Updated the issue to use numbered list as per suggestion from @iamsamirzon on the Notary Project community call.