[GPC] [GPC-Mailbox] New Project Request for File Hash Repository

Jason Li jason.li at owasp.org
Tue Oct 25 17:49:35 EDT 2011


Lucas,

I forgot to address the second part of your question.

If you're asking about where to host the source code, project leaders are
free to choose the project hosting infrastructure of their choice (Google
Code, SourceForge, GitHub, etc).

If you're asking about a server to run the application, OWASP does not
currently have any infrastructure in place to provide project leaders with
server space/cycles.

Just brainstorming a few ways we might be able to overcome this limitation
and support the paradigm you're going for:
* Create a standard Google form (under @owasp.org Google Docs) for
submission and write standard clients to query the public spreadsheet
* Accept submissions via specific email and add new entries into a wikipage
in a standardized format that can be parsed by written clients
* Release the hash repository periodically as a flat file in your chosen
source code repository

There's probably other creative solutions as well...

-Jason

On Sun, Oct 23, 2011 at 9:52 PM, Lucas Ferreira <lucas.ferreira at owasp.org>wrote:

> Hello Jason,
>
> who should I contact to ask the creation of the project mailing list?
> I would also need to host the project server somewhere. Who could help
> me with that?
>
> Thanks,
>
> Lucas
>
> On Thu, Oct 20, 2011 at 02:53, Jason Li <jason.li at owasp.org> wrote:
> > Lucas,
> > Since no other GPC members have spoken up, I've created a preliminary
> wiki
> > page for your
> > project: https://www.owasp.org/index.php/OWASP_File_Hash_Repository
> > We still need to create a mailing list for this project.
> > Do not feel compelled to wait for any particular action on our part to
> begin
> > working on your project.
> > -Jason
> > On Thu, Oct 13, 2011 at 12:26 AM, <no-reply at owasp.org> wrote:
> >>
> >> Dear Lucas C. Ferreira,
> >>
> >> Thank you for submitting your project idea, the "OWASP File Hash
> >> Repository, described as:
> >> The goal of this project is to build a repository of hashes of
> executable
> >> and source files. This repository can then be queried by clients to
> >> determine the status os of files based on their hashes. Some statuses
> are
> >> GOOD, MALWARE, SOURCE CHECKED, etc. This repository can consolidate
> several
> >> available sources (NIST, MHR, VirusTotal, etc) and provide better query
> >> capabilities.
> >>
> >> Please note that your description exceeds the allowed 250 characters. It
> >> will need to be adjusted before we can create this project in our
> >> infrastructure.
> >>
> >> We have recorded your idea as a Tool Project using the "Apache 2.0
> >> License" license.
> >>
> >> The deliverable for this project is "Executables: server and several
> >> clients. If possible a running instance of the server for clients to
> query."
> >>
> >> Your project proposal will be presented to the community and the Global
> >> Projects Committee will respond to your request within seven (7) days
> (20
> >> Oct 2011).
> >>
> >> OWASP Global Projects Committee
> >> projects at owasp.org
> >
> >
>
>
>
> --
> Homo sapiens non urinat in ventum.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global-projects-committee/attachments/20111025/7b68245f/attachment.html 


More information about the Global-projects-committee mailing list