[Governance] VPS Windows 2012 Server

Jason Johnson jason.johnson at owasp.org
Mon Mar 2 18:41:33 UTC 2015


OK with that said I'm going to decommission that server and we will keep on
keeping on.
On Mar 2, 2015 12:11 PM, "Matt Tesauro" <matt.tesauro at owasp.org> wrote:

> I know both of you have done great things for the Foundation and I hate to
> see you put in time with little reward.
>
> Move on to something that provides more value. ; )
>
> Cheers!
>
> --
> -- Matt Tesauro
> OWASP WTE Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
> OWASP OpenStack Security Project Lead
> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>
> On Mon, Mar 2, 2015 at 12:09 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> I'm ok with that
>>
>> I also agree with Matt that the ROI is quite low at this point.
>>
>> regards
>>
>> Johanna
>>
>> On Mon, Mar 2, 2015 at 2:06 PM, Jason Johnson <jason.johnson at owasp.org>
>> wrote:
>>
>>> So are we all good with shutting the server down and saving some money?
>>> On Mar 2, 2015 11:15 AM, "Matt Tesauro" <matt.tesauro at owasp.org> wrote:
>>>
>>>> Jim,
>>>>
>>>>  I do mostly agree with your points.  I guess I'm looking at this from
>>>> another direction.
>>>>
>>>> Running that server has opportunity costs for Johanna and Jason which
>>>> isn't providing much ROI to the community or Foundation.
>>>>
>>>> Keeping infrastructure up and running, available and providing value to
>>>> the community is a non-trivial ask.  It appears to me that usage is minimal
>>>> so the community is probably "spending more" then the value its getting
>>>> back.
>>>>
>>>> While the SWAMP may have warts, its functional and, for those that want
>>>> to have their code checked, it can work.  If they have concerns about
>>>> handing over their open source project's source code to DHS, well, DHS can
>>>> just download it it if they really want it so I don't that's much of a real
>>>> issue.
>>>>
>>>> So, since we have had little uptake and its non-free for Johanna and
>>>> Jason to run this thing (in terms of _their_ volunteer time), then pointing
>>>> projects to the SWAMP seems like a good thing to me.  It will free Johanna
>>>> and Jason up to get wins in other areas at OWASP.
>>>>
>>>> HTH clarifies what I was meaning earlier.  Hard to be precise on your
>>>> phone in the dentist's office waiting room. ; )
>>>>
>>>> Cheers!
>>>>
>>>> --
>>>> -- Matt Tesauro
>>>> OWASP WTE Project Lead
>>>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>>>> http://AppSecLive.org - Community and Download site
>>>> OWASP OpenStack Security Project Lead
>>>> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>>>>
>>>> On Mon, Mar 2, 2015 at 8:15 AM, Jim Manico <jim.manico at owasp.org>
>>>> wrote:
>>>>
>>>>> It's just "scanners in the cloud" and not easy to use last I checked.
>>>>> SWAMP has a lot of maturing to do, not to mention the privacy issues of a
>>>>> cloud service vs. open source tools.
>>>>>
>>>>> --
>>>>> Jim Manico
>>>>> @Manicode
>>>>> (808) 652-3805
>>>>>
>>>>> On Mar 2, 2015, at 2:35 PM, Matt Tesauro <matt.tesauro at owasp.org>
>>>>> wrote:
>>>>>
>>>>> Why don't we point projects to DHS's SWAMP for security scanning?
>>>>>
>>>>> They have already managed the relationship with vendors, its free to
>>>>> use and doesn't require any infrastructure for the Foundation to maintain.
>>>>>
>>>>> <Matt's 2 cents />
>>>>>
>>>>> --
>>>>> -- Matt Tesauro
>>>>> OWASP WTE Project Lead
>>>>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>>>>> http://AppSecLive.org - Community and Download site
>>>>> OWASP OpenStack Security Project Lead
>>>>> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>>>>> On Mar 2, 2015 5:26 AM, "johanna curiel curiel" <
>>>>> johanna.curiel at owasp.org> wrote:
>>>>>
>>>>>> Hi Jason
>>>>>>
>>>>>> I think we need to communicate this clear to the leaders in order for
>>>>>> them to use this. I also think, Jason, you need to communicate the whole
>>>>>> story in order for people to understand about this project.
>>>>>>
>>>>>> I think it was a very good initiative from you, however, as you can
>>>>>> see it requires a lot of work to make it feasible.
>>>>>> Last year I setup around 10 projects but I remembered we had issues
>>>>>> with SVN repositories.  I saw some emails last month regarding access and
>>>>>> renewing the VPS contract that you exchange with Kate and Paul.
>>>>>>
>>>>>> Like I mentioned, I do not have access right now and since last year.
>>>>>> I sent you an email, to Paul and Kate  some week ago, asking if you had
>>>>>> access to this server. You did not answer my email and Paul requested me
>>>>>>  to fill a contact form to check the access with Kate. The access worked
>>>>>> for me through Sarah's account, and when this changed I do not have access
>>>>>>
>>>>>> Do you have access to the server?
>>>>>> I have not use the server since November last year. I also sent you
>>>>>> an email to check if you had access but I did not get a response from
>>>>>> you.And now suddenly you sent this to a mailing list, so I'm kind of
>>>>>> surprise from your reaction.
>>>>>>
>>>>>> We also need to promote this properly if we want leaders to use this.
>>>>>> The project never got at this point because
>>>>>> -Getting a sponsor for vulnerability scanning was an issue for some
>>>>>> board members
>>>>>> -I do not have access to the server after the renewal contract and
>>>>>> the account was changed from Sarah's email to Paul or Kate
>>>>>> - I did not hear  from you regarding access to the server
>>>>>>
>>>>>> At this point as you can see, it involves a lot of work pulling these
>>>>>> kind of projects.
>>>>>>
>>>>>> Could you clarify and let me know if you have access to this server?
>>>>>> You were the admin of the system.
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> Johanna
>>>>>>
>>>>>> regards
>>>>>>
>>>>>> Johanna
>>>>>>
>>>>>> On Sun, Mar 1, 2015 at 8:25 PM, Jason Johnson <
>>>>>> jason.johnson at owasp.org> wrote:
>>>>>>
>>>>>>> Currently we have a VPS that hosts a build server for OWASP and I
>>>>>>> was curious if anyone was using this or if we think it could be used in
>>>>>>> some other manner. Another option is to get rid of it all together and save
>>>>>>> around 75$ a month.
>>>>>>>
>>>>>>> The idea behind it was to allow every project to have a space to
>>>>>>> build there apps or have them scanned for vulnerabilities. Im not sure how
>>>>>>> people feel about it at this point but i'm all for ideas or even
>>>>>>> decommissioning it if we think its not bringing value to our cause?
>>>>>>>
>>>>>>>
>>>>>>> I know Johanna was working on this at some point and it is a huge
>>>>>>> task to take on so let me know if we want to reappropriate this sever for
>>>>>>> something or simple remove it from owasps assets.
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Governance mailing list
>>>>>> Governance at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/governance
>>>>>>
>>>>>>  --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "OWASP Projects Task Force" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to projects-task-force+unsubscribe at owasp.org.
>>>>> To post to this group, send email to projects-task-force at owasp.org.
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CALKUk%2BM4LWay4w-FtcnH2HLTq818Uu18zpvtLd5V8L-LJyJFcg%40mail.gmail.com
>>>>> <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CALKUk%2BM4LWay4w-FtcnH2HLTq818Uu18zpvtLd5V8L-LJyJFcg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>>>
>>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20150302/d2c4696f/attachment.html>


More information about the Governance mailing list