[GPC] [Owasp-board] ESAPI Party

Jim Manico jim.manico at owasp.org
Fri Sep 23 12:27:21 EDT 2011 

Jason,

We can agree is disagree. It's not alcohol per say. I just think we have
better things to spend money on.

- Jim


> Jim,
>
> As you know, I am not a big alcohol person either. That said though -
> you really need to remove your personal bias about alcohol from these
> discussion. Alcohol does not in it of itself equal irresponsibility.
> People can be just as irresponsible *with* or *without* alcohol.
>
> In fact, it would be very easy to simply hold parties *without*
> alcohol and still incur expenses at a similar or HIGHER level.
>
> So the bottom line question is not whether it's appropriate to buy
> alcohol. It's whether or not a social gathering in support and
> interest of a project is an expenditure that supports the OWASP mission.
>
> And the universal consensus around the room last night was that we
> should be encouraging and enabling our leaders to grow OWASP and help
> them be responsible stewards of OWASP funds.
>
> Yes, keeping the lights on is important. But growing OWASP and leader
> empowerment is important too. It's a HARD discussion.
>
> And we should NOT be asking chapter and project leaders to wear two
> hats and solve that problem.
>
> It is *OUR* responsibility as Committee Chairs and as Board members to
> address those hard questions so that they can focus on growing and
> supporting their chapter/project/event/effort.
>
> We are not going to solve the question by calling out every effort by
> a chapter, project, or event.
>
> Nor are we going to be able to provide the leadership and guidance the
> rest of the community wants if we don't approach the problem with an
> open mind. If we walk away every time we come to hard discussions,
> we'll never solve those hard problems.
>
> Is prioritization of expenditures a problem we need to solve? YES. Are
> we going to solve it by constantly railing about alcohol? NO.
>
> For what it's worth, Chris has already stated that Aspect has decided
> to sponsor the ESAPI launch party so this specific event is now a
> non-issue.
>
> But as we discussed and concluded at the Chairs/Board meeting last
> night (which you may not have heard since you walked out), we
> Chairs/Board members have the action item to draft policies to guide
> our leaders towards appropriate expenditures of OWASP funds.
>
> -Jason
>
> On Fri, Sep 23, 2011 at 10:48 AM, Jim Manico <jim.manico at owasp.org
> <mailto:jim.manico at owasp.org>> wrote:
>
>     Less alcohol purchases is probably a good thing. Waiting to drink
>     until *after* the board meeting is something to consider as well.
>
>     If I had to vote between keeping the lights on and paying for
>     beer, I'd go lights.
>
>     Even some of the most drunk bastards within OWASP have confided in
>     me that we, especially at Portugal, go to extremes when it comes
>     to this topic.
>
>     - Jim
>
>>     Vote to approve the "meet-up"  always helps our efforts and
>>     community.
>>
>>     **bookmark this all**
>>     https://www.owasp.org/index.php/Donation_Scoreboard
>>
>>     There is no budget in the project bucket for ESAPI hmm....
>>
>>     Perhaps you can find a sponsor example
>>     Denim/Aspect/Cigital/WhiteHat or the otherson the show floor or
>>     any of the other involved ESAPI or get a chapter to help it
>>     (Denver, NYC, San Ant, etc...)
>>
>>     Pass the hat and ask for $20 bucks
>>
>>     Are we having fun yet or have we now become a "dry county"
>>     organization.
>>
>>
>>
>>
>>     On Sep 23, 2011, at 10:10 AM, Jason Li <jason.li at owasp.org
>>     <mailto:jason.li at owasp.org>> wrote:
>>
>>>     Chairs/Board/GPC,
>>>
>>>     Based on the Board/Chair discussion last night, I believe the
>>>     general consensus was that these types of events for projects
>>>     are reasonable and supported (with some sanity-check BS-meter
>>>     type caveats). Note that each committee has an action item to
>>>     draft guidance regarding appropriate expenditures for their
>>>     areas of responsibilities (chapters, projects, etc).
>>>
>>>     Everyone's concern over the OWAS ModSecurity Core Rule Set event
>>>     reimbursement request was that:
>>>     1) The reimbursement request for the event was preceded by a
>>>     request that was NOT appropriate (the "if dad says no, ask mom"
>>>     problem)
>>>     2) The event was not clearly an event about an OWASP Project
>>>     (someone attested that as an attendee, it "felt" like a
>>>     Trustwave event about ModSecurity, not an OWASP event about the
>>>     Core Rule Set)
>>>
>>>     In the case of this ESAPI party, the "plan" and "intent" have
>>>     been stated and the event is clearly an event about an OWASP
>>>     Project.
>>>
>>>     While we haven't yet decided on a process, *one* of the proposed
>>>     methods of budget approval for these events brought up was that
>>>     the "approval" role for such project expenditures should lie
>>>     with the Project Leader, followed by the GPC Chair, followed by
>>>     the Treasurer/Board.
>>>
>>>     Since Chris is the project leader and it is his event, it'd be
>>>     inappropriate for his approval.
>>>
>>>     For the record, based on the Board's/Chair's mutual
>>>     understanding, I believe this event should be approved and would
>>>     normally approve the expenditure. However, as the party is
>>>     planned to be held in the room that I am sharing with Chris, I
>>>     feel that I should abstain from this process to prevent the
>>>     appearance of conflict of interest. 
>>>
>>>     I ask that the approval decision instead be made by the
>>>     Treasurer (or the Board as appropriate).
>>>
>>>     -Jason
>>>
>>>     ---------- Forwarded message ----------
>>>     From: *Chris Schmidt* <chris.schmidt at owasp.org
>>>     <mailto:chris.schmidt at owasp.org>>
>>>     Date: Fri, Sep 23, 2011 at 9:17 AM
>>>     Subject: ESAPI Party
>>>     To: Jason Li <jason.li at owasp.org <mailto:jason.li at owasp.org>>,
>>>     Tom Brennan <tomb at owasp.org <mailto:tomb at owasp.org>>, Michael
>>>     Coates <michael.coates at owasp.org
>>>     <mailto:michael.coates at owasp.org>>, Dave Wichers
>>>     <dave.wichers at owasp.org <mailto:dave.wichers at owasp.org>>, Kate
>>>     Hartmann <kate.hartmann at owasp.org
>>>     <mailto:kate.hartmann at owasp.org>>, matt.tesauro at owasp.org
>>>     <mailto:matt.tesauro at owasp.org>, "eoin.keary at owasp.org
>>>     <mailto:eoin.keary at owasp.org>" <eoin.keary at owasp.org
>>>     <mailto:eoin.keary at owasp.org>>
>>>
>>>
>>>     All -
>>>
>>>     Given the events of last night’s meeting, Kate wanted to to run
>>>     this up the flagpole so that we are sure everyone is on the same
>>>     page.
>>>
>>>     As you guys are aware, I had planned on having a Room Party to
>>>     celebrate the ESAPI 2.0 release tonight. My plan with this (from
>>>     the beginning) was to charge this to the ESAPI budget as I don’t
>>>     *personally* have the money to do the party.
>>>
>>>     I am not sure what the actual cost will be, but what I had
>>>     planned on was
>>>
>>>     4 Bottles of wine
>>>     2 Cases of Beer
>>>     2 Bags of Chips
>>>     Salsa
>>>     Dip
>>>
>>>     I had hoped that since we are all here I could charge this
>>>     directly to the ESAPI budget and not buy It and expense for
>>>     reimbursement. However, Kate expressed concern given after the
>>>     meeting last night that this may not even be a reimbursable
>>>     event. Rather than chasing everyone around, I figured the
>>>     simplest form of resolution was to do this over e-mail. I would
>>>     like to get this resolved, one way or the other this morning as
>>>     early as possible so I can make other arrangements if necessary.
>>>
>>>     Chris Schmidt
>>>     ESAPI Project Leader (http://www.esapi.org)
>>>     Blog: http://yet-another-dev.blogspot.com
>>>
>>>
>>>     _______________________________________________
>>>     Owasp-board mailing list
>>>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>>     https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>     _______________________________________________
>>     Owasp-board mailing list
>>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>     -- 
>     Jim Manico
>
>     Connections Committee Chair
>     Cheatsheet Series Product Manager
>     OWASP Podcast Producer/Host
>
>     jim at owasp.org <mailto:jim at owasp.org>
>     www.owasp.org <http://www.owasp.org>
>
>


-- 
Jim Manico

Connections Committee Chair
Cheatsheet Series Product Manager
OWASP Podcast Producer/Host

jim at owasp.org
www.owasp.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global-projects-committee/attachments/20110923/9258585f/attachment-0001.html

More information about the Global-projects-committee mailing list