[Governance] VPS Windows 2012 Server

Matt Tesauro matt.tesauro at owasp.org
Mon Mar 2 18:11:41 UTC 2015


I know both of you have done great things for the Foundation and I hate to
see you put in time with little reward.

Move on to something that provides more value. ; )

Cheers!

--
-- Matt Tesauro
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site
OWASP OpenStack Security Project Lead
https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project

On Mon, Mar 2, 2015 at 12:09 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> I'm ok with that
>
> I also agree with Matt that the ROI is quite low at this point.
>
> regards
>
> Johanna
>
> On Mon, Mar 2, 2015 at 2:06 PM, Jason Johnson <jason.johnson at owasp.org>
> wrote:
>
>> So are we all good with shutting the server down and saving some money?
>> On Mar 2, 2015 11:15 AM, "Matt Tesauro" <matt.tesauro at owasp.org> wrote:
>>
>>> Jim,
>>>
>>>  I do mostly agree with your points.  I guess I'm looking at this from
>>> another direction.
>>>
>>> Running that server has opportunity costs for Johanna and Jason which
>>> isn't providing much ROI to the community or Foundation.
>>>
>>> Keeping infrastructure up and running, available and providing value to
>>> the community is a non-trivial ask.  It appears to me that usage is minimal
>>> so the community is probably "spending more" then the value its getting
>>> back.
>>>
>>> While the SWAMP may have warts, its functional and, for those that want
>>> to have their code checked, it can work.  If they have concerns about
>>> handing over their open source project's source code to DHS, well, DHS can
>>> just download it it if they really want it so I don't that's much of a real
>>> issue.
>>>
>>> So, since we have had little uptake and its non-free for Johanna and
>>> Jason to run this thing (in terms of _their_ volunteer time), then pointing
>>> projects to the SWAMP seems like a good thing to me.  It will free Johanna
>>> and Jason up to get wins in other areas at OWASP.
>>>
>>> HTH clarifies what I was meaning earlier.  Hard to be precise on your
>>> phone in the dentist's office waiting room. ; )
>>>
>>> Cheers!
>>>
>>> --
>>> -- Matt Tesauro
>>> OWASP WTE Project Lead
>>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>>> http://AppSecLive.org - Community and Download site
>>> OWASP OpenStack Security Project Lead
>>> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>>>
>>> On Mon, Mar 2, 2015 at 8:15 AM, Jim Manico <jim.manico at owasp.org> wrote:
>>>
>>>> It's just "scanners in the cloud" and not easy to use last I checked.
>>>> SWAMP has a lot of maturing to do, not to mention the privacy issues of a
>>>> cloud service vs. open source tools.
>>>>
>>>> --
>>>> Jim Manico
>>>> @Manicode
>>>> (808) 652-3805
>>>>
>>>> On Mar 2, 2015, at 2:35 PM, Matt Tesauro <matt.tesauro at owasp.org>
>>>> wrote:
>>>>
>>>> Why don't we point projects to DHS's SWAMP for security scanning?
>>>>
>>>> They have already managed the relationship with vendors, its free to
>>>> use and doesn't require any infrastructure for the Foundation to maintain.
>>>>
>>>> <Matt's 2 cents />
>>>>
>>>> --
>>>> -- Matt Tesauro
>>>> OWASP WTE Project Lead
>>>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>>>> http://AppSecLive.org - Community and Download site
>>>> OWASP OpenStack Security Project Lead
>>>> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>>>> On Mar 2, 2015 5:26 AM, "johanna curiel curiel" <
>>>> johanna.curiel at owasp.org> wrote:
>>>>
>>>>> Hi Jason
>>>>>
>>>>> I think we need to communicate this clear to the leaders in order for
>>>>> them to use this. I also think, Jason, you need to communicate the whole
>>>>> story in order for people to understand about this project.
>>>>>
>>>>> I think it was a very good initiative from you, however, as you can
>>>>> see it requires a lot of work to make it feasible.
>>>>> Last year I setup around 10 projects but I remembered we had issues
>>>>> with SVN repositories.  I saw some emails last month regarding access and
>>>>> renewing the VPS contract that you exchange with Kate and Paul.
>>>>>
>>>>> Like I mentioned, I do not have access right now and since last year.
>>>>> I sent you an email, to Paul and Kate  some week ago, asking if you had
>>>>> access to this server. You did not answer my email and Paul requested me
>>>>>  to fill a contact form to check the access with Kate. The access worked
>>>>> for me through Sarah's account, and when this changed I do not have access
>>>>>
>>>>> Do you have access to the server?
>>>>> I have not use the server since November last year. I also sent you an
>>>>> email to check if you had access but I did not get a response from you.And
>>>>> now suddenly you sent this to a mailing list, so I'm kind of surprise from
>>>>> your reaction.
>>>>>
>>>>> We also need to promote this properly if we want leaders to use this.
>>>>> The project never got at this point because
>>>>> -Getting a sponsor for vulnerability scanning was an issue for some
>>>>> board members
>>>>> -I do not have access to the server after the renewal contract and the
>>>>> account was changed from Sarah's email to Paul or Kate
>>>>> - I did not hear  from you regarding access to the server
>>>>>
>>>>> At this point as you can see, it involves a lot of work pulling these
>>>>> kind of projects.
>>>>>
>>>>> Could you clarify and let me know if you have access to this server?
>>>>> You were the admin of the system.
>>>>>
>>>>> Regards
>>>>>
>>>>> Johanna
>>>>>
>>>>> regards
>>>>>
>>>>> Johanna
>>>>>
>>>>> On Sun, Mar 1, 2015 at 8:25 PM, Jason Johnson <jason.johnson at owasp.org
>>>>> > wrote:
>>>>>
>>>>>> Currently we have a VPS that hosts a build server for OWASP and I was
>>>>>> curious if anyone was using this or if we think it could be used in some
>>>>>> other manner. Another option is to get rid of it all together and save
>>>>>> around 75$ a month.
>>>>>>
>>>>>> The idea behind it was to allow every project to have a space to
>>>>>> build there apps or have them scanned for vulnerabilities. Im not sure how
>>>>>> people feel about it at this point but i'm all for ideas or even
>>>>>> decommissioning it if we think its not bringing value to our cause?
>>>>>>
>>>>>>
>>>>>> I know Johanna was working on this at some point and it is a huge
>>>>>> task to take on so let me know if we want to reappropriate this sever for
>>>>>> something or simple remove it from owasps assets.
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Governance mailing list
>>>>> Governance at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/governance
>>>>>
>>>>>  --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "OWASP Projects Task Force" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to projects-task-force+unsubscribe at owasp.org.
>>>> To post to this group, send email to projects-task-force at owasp.org.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CALKUk%2BM4LWay4w-FtcnH2HLTq818Uu18zpvtLd5V8L-LJyJFcg%40mail.gmail.com
>>>> <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CALKUk%2BM4LWay4w-FtcnH2HLTq818Uu18zpvtLd5V8L-LJyJFcg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20150302/cb92619e/attachment-0001.html>


More information about the Governance mailing list