Christian Heinrich christian.heinrich at owasp.org
Fri Oct 21 20:07:30 EDT 2011


I have read the documentation provided by the GPC i.e.
http://sl.owasp.org/gpcws-jun11-proceedings#h.4z9gh8ff79fg and I would like
their final decision to be reconsidered by the OWASP Board based on the
references cited below and that a second round of RFP be issued with GitHub
being approached.

1. The SourceForge interface presented to the end user/consumer is bland and
would therefore result in the OWASP Project developing their own
"presentation" view independent of SoureForge.  This is also argued within
http://usersinhell.com/why-sourceforge-lost/.  Github allows the Project
Leader to develop their own presentation view using http://pages.github.com/

2. There is no distinction made in the intended use or technical nuances of
git vs svn i.e.

   - svn, via it properties, allows files to be marked as executable,
   i.e. svn:executable, and/or as a specific mime-type, i.e. svn:mime-type.
    svn is therefore ideal for "tool" projects as the source code is configured
   automatically to the end user's operating system which therefore facilitates
   easier building by the end user.

   - As git is based on distributed repositories it would therefore allow
   the GPC fulfil their request to have a copy of the source code by cloning
   the git repository at scheduled intervals without placing an additional
   burden on the Project Leader. "git-svn" would provide the ability for the
   GPC to clone each svn repository in git also.

Also, the ability for the GPC to mark specific git cloned repositories as
private repostories on GitHub would allow them visibility in the development
activity of a "Incubator" project, hosted as a git repository at
https://www.dropbox.com/ for instance.

3. The ability to for an end user to make a comment on the source code which
references specific line number(s), commits, etc i.e.
https://github.com/features/projects/codereview or post patches with version
control similar to pastebin i.e. https://gist.github.com/ has not been
considered in the RFP.

4. There is a significant cost saving as "Organizations [accounts] are free
for open source" as quoted from

5. GitHub is more popular in a number of metrics than Sourceforge i.e.
therefore has a smaller barrier for entry with the wider open source

6. GitHub doesn't require an end user to know the relevant svn or git
commands to review the commit history or activity of each leader/contributor
i.e. https://github.com/features/community and the metrics and their
associated presentation to the end user can be expanded by reusing
http://www.ohloh.net/p/dic (as an example OWASP Project) and
http://www.ohloh.net/tools for comparison with other OWASP projects.

7. Having OWASP as an listed "Organization" on GitHub would promote OWASP in
the wider community and hence we should not considered a closed stand alone
project hosting implementation e.g. http://fi.github.com/

Also, I listened to
https://www.owasp.org/download/jmanico/owasp_podcast_88.mp3 and Jason Li
doesn't provide the reasons for approaching https://launchpad.net/ (as an
example) considering their intended use is for OS development, i.e.

That stated, I noted that the cost for OWASP to host this ourselves is
extremely overpriced due to the selection of overpowered hardware.  This
could be clarified by approaching https://dev.launchpad.net/ for a suggested
hardware platform.

Obviously, in light of the reference to https://dev.launchpad.net/ above, an
Organization Account with GitHub is the outright winner over SourceForge
based on the points raised above.

Christian Heinrich
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global-projects-committee/attachments/20111022/e664d186/attachment.html 

More information about the Global-projects-committee mailing list