Christian Heinrich christian.heinrich at owasp.org
Sun Oct 23 17:52:12 EDT 2011


Are you stating that the OWASP Board has funded the GPC proposal without any
oversight or due diligence that I believe is required considering the
numerous complaints made against the GPC by a large number of Project
Leaders as acknowledged by Jason Li in the recent OWASP Podcast #88?

On Sun, Oct 23, 2011 at 12:19 AM, Thomas Brennan <tomb at owasp.org> wrote:

> As always your welcomed to work with the committee and community in a
> constructive manner.
> On Oct 21, 2011, at 7:07 PM, Christian Heinrich <
> christian.heinrich at owasp.org> wrote:
> Tom,
> I have read the documentation provided by the GPC i.e.
> http://sl.owasp.org/gpcws-jun11-proceedings#h.4z9gh8ff79fg and I would
> like their final decision to be reconsidered by the OWASP Board based on the
> references cited below and that a second round of RFP be issued with GitHub
> being approached.
> 1. The SourceForge interface presented to the end user/consumer is bland
> and would therefore result in the OWASP Project developing their own
> "presentation" view independent of SoureForge.  This is also argued within
> http://usersinhell.com/why-sourceforge-lost/.  Github allows the Project
> Leader to develop their own presentation view using
> http://pages.github.com/
> 2. There is no distinction made in the intended use or technical nuances of
> git vs svn i.e.
>    - svn, via it properties, allows files to be marked as executable,
>    i.e. svn:executable, and/or as a specific mime-type, i.e. svn:mime-type.
>     svn is therefore ideal for "tool" projects as the source code is configured
>    automatically to the end user's operating system which therefore facilitates
>    easier building by the end user.
>    - As git is based on distributed repositories it would therefore allow
>    the GPC fulfil their request to have a copy of the source code by cloning
>    the git repository at scheduled intervals without placing an additional
>    burden on the Project Leader. "git-svn" would provide the ability for the
>    GPC to clone each svn repository in git also.
> Also, the ability for the GPC to mark specific git cloned repositories as
> private repostories on GitHub would allow them visibility in the development
> activity of a "Incubator" project, hosted as a git repository at
> https://www.dropbox.com/ for instance.
> 3. The ability to for an end user to make a comment on the source code
> which references specific line number(s), commits, etc i.e.
> https://github.com/features/projects/codereview or post patches with
> version control similar to pastebin i.e. https://gist.github.com/ has not
> been considered in the RFP.
> 4. There is a significant cost saving as "Organizations [accounts] are free
> for open source" as quoted from
> https://github.com/blog/674-introducing-organizations
> 5. GitHub is more popular in a number of metrics than Sourceforge i.e.
> http://www.readwriteweb.com/hack/2011/06/github-has-passed-sourceforge.phpand therefore has a smaller barrier for entry with the wider open source
> community.
> 6. GitHub doesn't require an end user to know the relevant svn or git
> commands to review the commit history or activity of each leader/contributor
> i.e. https://github.com/features/community and the metrics and their
> associated presentation to the end user can be expanded by reusing
> http://www.ohloh.net/p/dic (as an example OWASP Project) and
> http://www.ohloh.net/tools for comparison with other OWASP projects.
> 7. Having OWASP as an listed "Organization" on GitHub would promote OWASP
> in the wider community and hence we should not considered a closed stand
> alone project hosting implementation e.g. http://fi.github.com/
> Also, I listened to
> https://www.owasp.org/download/jmanico/owasp_podcast_88.mp3 and Jason Li
> doesn't provide the reasons for approaching https://launchpad.net/ (as an
> example) considering their intended use is for OS development, i.e.
> http://www.ubuntu.com/
> That stated, I noted that the cost for OWASP to host this ourselves is
> extremely overpriced due to the selection of overpowered hardware.  This
> could be clarified by approaching https://dev.launchpad.net/ for a
> suggested hardware platform.
> Obviously, in light of the reference to https://dev.launchpad.net/ above,
> an Organization Account with GitHub is the outright winner over SourceForge
> based on the points raised above.

Christian Heinrich
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global-projects-committee/attachments/20111024/06f36d16/attachment.html 

More information about the Global-projects-committee mailing list