[GPC] DRAFT GPC Goals - RFC ASAP
christian.heinrich at owasp.org
Fri Oct 21 20:07:30 EDT 2011
I have read the documentation provided by the GPC i.e.
http://sl.owasp.org/gpcws-jun11-proceedings#h.4z9gh8ff79fg and I would like
their final decision to be reconsidered by the OWASP Board based on the
references cited below and that a second round of RFP be issued with GitHub
1. The SourceForge interface presented to the end user/consumer is bland and
would therefore result in the OWASP Project developing their own
"presentation" view independent of SoureForge. This is also argued within
http://usersinhell.com/why-sourceforge-lost/. Github allows the Project
Leader to develop their own presentation view using http://pages.github.com/
2. There is no distinction made in the intended use or technical nuances of
git vs svn i.e.
- svn, via it properties, allows files to be marked as executable,
i.e. svn:executable, and/or as a specific mime-type, i.e. svn:mime-type.
svn is therefore ideal for "tool" projects as the source code is configured
automatically to the end user's operating system which therefore facilitates
easier building by the end user.
- As git is based on distributed repositories it would therefore allow
the GPC fulfil their request to have a copy of the source code by cloning
the git repository at scheduled intervals without placing an additional
burden on the Project Leader. "git-svn" would provide the ability for the
GPC to clone each svn repository in git also.
Also, the ability for the GPC to mark specific git cloned repositories as
private repostories on GitHub would allow them visibility in the development
activity of a "Incubator" project, hosted as a git repository at
https://www.dropbox.com/ for instance.
3. The ability to for an end user to make a comment on the source code which
references specific line number(s), commits, etc i.e.
https://github.com/features/projects/codereview or post patches with version
control similar to pastebin i.e. https://gist.github.com/ has not been
considered in the RFP.
4. There is a significant cost saving as "Organizations [accounts] are free
for open source" as quoted from
5. GitHub is more popular in a number of metrics than Sourceforge i.e.
therefore has a smaller barrier for entry with the wider open source
6. GitHub doesn't require an end user to know the relevant svn or git
commands to review the commit history or activity of each leader/contributor
i.e. https://github.com/features/community and the metrics and their
associated presentation to the end user can be expanded by reusing
http://www.ohloh.net/p/dic (as an example OWASP Project) and
http://www.ohloh.net/tools for comparison with other OWASP projects.
7. Having OWASP as an listed "Organization" on GitHub would promote OWASP in
the wider community and hence we should not considered a closed stand alone
project hosting implementation e.g. http://fi.github.com/
Also, I listened to
https://www.owasp.org/download/jmanico/owasp_podcast_88.mp3 and Jason Li
doesn't provide the reasons for approaching https://launchpad.net/ (as an
example) considering their intended use is for OS development, i.e.
That stated, I noted that the cost for OWASP to host this ourselves is
extremely overpriced due to the selection of overpowered hardware. This
could be clarified by approaching https://dev.launchpad.net/ for a suggested
Obviously, in light of the reference to https://dev.launchpad.net/ above, an
Organization Account with GitHub is the outright winner over SourceForge
based on the points raised above.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Global-projects-committee