[GPC] Your project - OWASP JBroFuzz - has been identified as INACTIVE - Action is required!

Subere subere at uncon.org
Sun May 10 19:34:07 EDT 2009


Very interesting email Paulo, all, my answers are inline:

Paulo Coimbra wrote:
>
> Hello Yiannis Pavlosoglou,
>
>  
>
> Hope you are well.
>
>  
>
> As you may know, the OWASP Global Projects Committee is undertaking 
> the task of improving the OWASP Project structure - 
> https://www.owasp.org/index.php/GPC_Project_Surveys_2009 - which 
> includes identifying orphaned projects.
>
No I did not know about this task, even though I knew about the global 
projects committee. The signal to noise ratio in recent time on the 
leaders mailing list has just been way too low to keep an eye of new 
initiatives.

Initially, it was the requirements for achieving alpha, beta and release 
quality status; chased those and still got nowhere in terms of 
recognition for the project, internally that is within OWASP. Still the 
sourceforge download statistics seemed to be going up -

In fact I believe I am still waiting for reviewers to be assigned to it? 
Now I am finding out that you regard JBroFuzz an orphaned project?

Still, I have argued for having a communication channel in place and 
finally it seems to be here. I believe it is a very good initiative and 
something that I had in the past actively pushed for, but not like this 
folks, come on:

After 3 years of constant updates on a small but stable fuzzer project, 
understand my surprise in receiving an email (on a Saturday) with the 
words "INACTIVE - Action required!" Does anyone on this thread even know 
when the latest version got released?
>
>  
>
> In this context, the project owner(s) for each OWASP Project have been 
> asked several times to complete a self update on the status of their 
> project 
> https://spreadsheets.google.com/ccc?key=pJzNU1yNJd7VBH1bS6rY0EQ&hl=en 
> <https://spreadsheets.google.com/ccc?key=pJzNU1yNJd7VBH1bS6rY0EQ&hl=en> 
> and, as far as I can see, you haven't answered yet.
>
If the non completion of the above spreadsheet has triggered all this, I 
protest!

- Where is the help requested in getting some icons for the project?
- Where is the review after managing to get the code scanned by Fortify 
(last requirement for release quality)?
- Where was OWASP when I was giving bits of the code from JBroFuzz to 
help improve other projects (e.g. DirBuster)?
- Where is the funding to buy a proper installer tool and not have to 
use shareware installers to meet your requirements?

As the timeline of releases, improvements and version numbers 
illustrate, this project does have some audience (just look at the 
distros that have it e.g. BackTrack, Samurai). If you would like to pull 
the plug on it, fine, it is a simple small fuzzer, nothing more, but do 
not do so on the excuse of not filling in a spreadsheet!
>
>  
>
> Thus, please clarify:
>
>  
>
> 1. Are you currently leading the 
> https://www.owasp.org/index.php/Category:OWASP_JBroFuzz? If not, can 
> you provide the name of the new lead?
>
Yes. I am the project lead on this project; for the last time, due to 
contractual obligations, I do not advertise my name on the project page 
and use the alias subere instead.
>
>  
>
> 2. Do you or the new lead require assistance either with the technical 
> aspects of your project, or with leading it?
>
Yes and yes. Above is a flavour of issues; more importantly having 
interacted with a few tool leaders now, we like to get things done. I 
want to sit down with Rogan and discuss bits of WebScarab, who do I 
speak to about that? I want to go and tell the people involved with Java 
projects about a uniform Look & Feel, anyone?

On this, there is the coding side: Very little democracy in programming: 
Can I have a medium to tell other project leaders that the UI hack to 
get it to work in linux on line 66 of the source file is excellent, but 
actually is from a book and shouldn't be GPLd? How about that their 
threading model is upside down? Or, more importantly, can all client UI 
projects within the next month adopt the following Help menu with set 
submenus?

The biggest mistake on my end I would say was not to attend the 
gathering in Portugal and have apologised for that. Still, having 
channels of communication open with key people in the organisation from 
a technical side is something that would enable us to achieve more with 
less. That shouldn't just be a single meeting. Now, the first time we 
went through this process, very few things actually changed; ergo the 
reluctance to blindly follow.
>
>  
>
> Please note that the Global Projects Committee will determine very 
> shortly whether a project should be archived and retired or put up for 
> adoption.
>
Adopt us all! Above a certain level it seems that we all need foster 
homes under someone's wing to be allowed to operate within OWASP!
>
>  
>
> I thank you in advance.
>
>  
>
> Best regards,
>
>  
>
>  
>
> Paulo Coimbra,
>
> OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>
>
>  
>
> Block your agendas for May 11-14 and join us - *OWASP AppSec Europe 
> 2009 <http://www.owasp.org/index.php/AppSecEU09>*
>
>  
>
>  
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20090511/d2f3dec8/attachment.html 


More information about the Global-projects-committee mailing list