Add terms to OpenSSF glossary

[di]

In #51 (comment), we struggled a bit with aligning terminology across ecosystems, and disambiguating certain terms.

The WG should publish a glossary at https://repos.openssf.org/glossary contribute to https://glossary.openssf.org/ to define our preferred terms for various concepts, as well as "a mega synonym table mapping concept across ecosystem" (per @joelverhagen). We should also update currently published models/guides to align around these terms.

Some examples, loosely grouped & not exhaustive, that should be included:

• package / project / release / version / artifact / module / distribution / binary / file
• package repository / package index / package manager / installer / uploader / publisher
• maintainer / owner / consumer / user / admin
• yank / soft delete / delete
• upload / publish

[simi]

• namespace

[david-a-wheeler]

May I instead strongly recommend you contribute to the OpenSSF-wide glossary, here?: https://glossary.openssf.org/

This effort's been quietly ongoing for a while (slow because other tasks need to be done too), so many terms aren't defined yet. But it'd be good for at least there to be agreement on terms across the OpenSSF.

@GeauxJD has been leading this charge.

[david-a-wheeler]

We've already set up a pretty-looking glossary page, formatting stuff, etc. Just add markdown files with definitions, and it magically looks good.

[di]

That's great, I didn't know that existed! Yes of course.

[david-a-wheeler]

We frankly haven't done a good-enough job pointing people to it. It's hard to get people to use a glossary when it has no contents :-). So... let's fix that :-).

[GeauxJD]

We will be sharing it with the BEST WG soon and inviting contributions but I want to get the search functioning in it first (there's an issue in the repo for that)

Also the Security Baseline project has a "Lexicon" section with could be useful https://baseline.openssf.org/versions/2025-02-25#lexicon