[GPC] Your project - OWASP JBroFuzz - has been identified as INACTIVE - Action is required!

Jason Li jason.li at owasp.org
Sun May 10 03:14:53 EDT 2009


Subere,

It is not our intention to archive or retire active projects. Try to
understand that we have over 100 projects at OWASP and we are trying
to establish the status of all of our projects. As you can probably
guess, many of these 100+ projects have been abandoned by their owner.
It's not feasible for us to look through every single individual
project and determine their status so we asked all project leaders to
complete a self update questionnaire. (Note that this status update is
separate from the reviewer process.)

To your point - "Does anyone on this thread even know when the latest
version got released?" - this is exactly the type of information we
are trying to gather for our projects in the self update
questionnaire.

We started by emailing the list administrator for each project mailing
list and by notifying the leaders list. We have sent out multiple
requests over the last month and a half through these mediums in an
attempt to contact project leaders. We have received responses from
most of our projects and have narrowed the number of projects
remaining. So now that the numbers are more manageable, we are
starting to look into individual projects and trying to find the
contact information..

So please take a step back and relax - we are not going to deactivate
projects that are active. If you have a chance, please fill out the
update mentioned by Paulo below. This will help us get ahead of the
curve in our agenda to improve overall OWASP project quality. If you
take a look at our committee agenda, some of the tasks that you
mention, such as creating consistent look and feel, standardized
input/output for better inter-project usage, etc, are exactly the
items we are already planning to accomplish. But the first step for us
is to figure out what we already have in OWASP projects by doing an
inventory of all projects.

--
-Jason Li-
-jason.li at owasp.org-



On Sun, May 10, 2009 at 7:34 PM, Subere <subere at uncon.org> wrote:
> Very interesting email Paulo, all, my answers are inline:
>
> Paulo Coimbra wrote:
>
> Hello Yiannis Pavlosoglou,
>
>
>
> Hope you are well.
>
>
>
> As you may know, the OWASP Global Projects Committee is undertaking the task
> of improving the OWASP Project structure -
> https://www.owasp.org/index.php/GPC_Project_Surveys_2009 - which includes
> identifying orphaned projects.
>
> No I did not know about this task, even though I knew about the global
> projects committee. The signal to noise ratio in recent time on the leaders
> mailing list has just been way too low to keep an eye of new initiatives.
>
> Initially, it was the requirements for achieving alpha, beta and release
> quality status; chased those and still got nowhere in terms of recognition
> for the project, internally that is within OWASP. Still the sourceforge
> download statistics seemed to be going up -
>
> In fact I believe I am still waiting for reviewers to be assigned to it? Now
> I am finding out that you regard JBroFuzz an orphaned project?
>
> Still, I have argued for having a communication channel in place and finally
> it seems to be here. I believe it is a very good initiative and something
> that I had in the past actively pushed for, but not like this folks, come
> on:
>
> After 3 years of constant updates on a small but stable fuzzer project,
> understand my surprise in receiving an email (on a Saturday) with the words
> "INACTIVE - Action required!" Does anyone on this thread even know when the
> latest version got released?
>
>
>
> In this context, the project owner(s) for each OWASP Project have been asked
> several times to complete a self update on the status of their project
> https://spreadsheets.google.com/ccc?key=pJzNU1yNJd7VBH1bS6rY0EQ&hl=en and,
> as far as I can see, you haven’t answered yet.
>
> If the non completion of the above spreadsheet has triggered all this, I
> protest!
>
> - Where is the help requested in getting some icons for the project?
> - Where is the review after managing to get the code scanned by Fortify
> (last requirement for release quality)?
> - Where was OWASP when I was giving bits of the code from JBroFuzz to help
> improve other projects (e.g. DirBuster)?
> - Where is the funding to buy a proper installer tool and not have to use
> shareware installers to meet your requirements?
>
> As the timeline of releases, improvements and version numbers illustrate,
> this project does have some audience (just look at the distros that have it
> e.g. BackTrack, Samurai). If you would like to pull the plug on it, fine, it
> is a simple small fuzzer, nothing more, but do not do so on the excuse of
> not filling in a spreadsheet!
>
>
>
> Thus, please clarify:
>
>
>
> 1. Are you currently leading the
> https://www.owasp.org/index.php/Category:OWASP_JBroFuzz? If not, can you
> provide the name of the new lead?
>
> Yes. I am the project lead on this project; for the last time, due to
> contractual obligations, I do not advertise my name on the project page and
> use the alias subere instead.
>
>
>
> 2. Do you or the new lead require assistance either with the technical
> aspects of your project, or with leading it?
>
> Yes and yes. Above is a flavour of issues; more importantly having
> interacted with a few tool leaders now, we like to get things done. I want
> to sit down with Rogan and discuss bits of WebScarab, who do I speak to
> about that? I want to go and tell the people involved with Java projects
> about a uniform Look & Feel, anyone?
>
> On this, there is the coding side: Very little democracy in programming: Can
> I have a medium to tell other project leaders that the UI hack to get it to
> work in linux on line 66 of the source file is excellent, but actually is
> from a book and shouldn't be GPLd? How about that their threading model is
> upside down? Or, more importantly, can all client UI projects within the
> next month adopt the following Help menu with set submenus?
>
> The biggest mistake on my end I would say was not to attend the gathering in
> Portugal and have apologised for that. Still, having channels of
> communication open with key people in the organisation from a technical side
> is something that would enable us to achieve more with less. That shouldn't
> just be a single meeting. Now, the first time we went through this process,
> very few things actually changed; ergo the reluctance to blindly follow.
>
>
>
> Please note that the Global Projects Committee will determine very shortly
> whether a project should be archived and retired or put up for adoption.
>
> Adopt us all! Above a certain level it seems that we all need foster homes
> under someone's wing to be allowed to operate within OWASP!
>
>
>
> I thank you in advance.
>
>
>
> Best regards,
>
>
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager
>
>
>
> Block your agendas for May 11-14 and join us - OWASP AppSec Europe 2009
>
>
>
>
>
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>
>


More information about the Global-projects-committee mailing list