[Owasp-board] [Global_conference_committee] Amendments to the recently approved GCC Governance Document (was: vote thread)

dinis cruz dinis.cruz at owasp.org
Sun Dec 19 06:17:06 UTC 2010


The example John mentions below is a good example where there might be a
need to have a couple side conversations (i.e. outside the mailing lists).
We at the Summit Team (CCed) have also resorted to that technique for the
reasons I will mention below

A couple caveats:

   - *There should never be the premisse that those conversations are made
   'behind' someones back*, *and with the understanding being that the
   affected person should NEVER be aware of that conversation*. Using the
   example below, It will be OK for John to have that thread without Mark, BUT
   it would NOT be OK for them to hide (or lie) to Mark about it (I know that
   there is a subtle difference, but it is an important one (also remember that
   eventually those emails will be forwarded (or leaked) to the affected
   parties))
   - *There are topics (or problems) that there is an 'distracting' factor
   that occurs from having those topics talked at a wider audience *(i.e.
   mailing list). At the Summit we had a great example which was the change of
   venue. For most of the Summit activities (and team) that change had very
   little impact, BUT when we started having the 'we need to change the venue'
   conversation in the main Summit list, there was a considerable loss of
   energy, with most people involved in the Summit taking a 'lets wait for that
   to be finalized' mode, and that costs us about 1 or 2 weeks of planning
   (when we moved the thread to a 'private' thread (just Sarah, Lorna, Jason,
   me and the travel agency) the Summit regained its energy and the rest of the
   team moved on to key tasks like creating the Working Sessions and inviting
   the participants (for reference, the new venue is much better and we are
   still down to this day, fine tuning the Hotel/Venue/Travel-Agency model, but
   most of the Summit team is not aware of that (going back to the previous
   point, we would be happy to share those emails with any interrest party))
   - *At OWASP, everybody should ALWAYS have the understanding that
   EVERYTHING is OPEN! Every email sent; every post; every comment; should be
   ON THE RECORD unless there is an EXPLICT caveat attached.* There are very
   few topics at OWASP that should ever require any meaningful level of
   privacy/non-disclosure, and those are so far in between that we just need to
   handle them with the appropriate care
   - So I support the use of 'separate threads' (or if you want you could
   called them 'private emails') for *efficiency* and *practically.* Sometimes
   it is just better to bounce a couple ideas with like-minded OWASP Leaders so
   that the reasoning and arguments can be fine tuned
      - There is also a very practical problem (which most of us have a lot
      of the time) which is *'humm.. can I forward this email? or add a
      couple people this thread?'  *(which happens when somebody emails you
      directly and you want to include others in the thread). There is also the
      problem of the email 'reply' trails that could leak 'private'
emails (i.e.
      by the Nth reply, the number of recipients goes wide, but the
original (more
      private) email is still at the bottom)
         - Note that I barely manage the emails I get, imagine the mess that
         is to track which ones are public or private :)

I'm really happy that we are finally tacking this issues, and I think the
time is coming for the Committees take the power and responsibility they/you
deserve :)

My view is that the Board's role is to deal with issues like the one
described in this (and the previous) email, and leave the operational
actions to the Committees

NOTE: that my comments in these email are personal and I'm not acting on
behalf of the board here. If you want to see when I'm talking 'officially'
as a board member, look at my email signature (it should say 'OWASP Board
Member' and in this case it is empty :) )

Dinis Cruz



On 18 December 2010 18:29, John Wilander <john.wilander at owasp.org> wrote:

> I don't think secret votes are the prime thing. The ability to bring up
> sensitive questions to discussion is.
>
> Example: I've been concerned about the GCC's decision to let _current_
> regional AppSecs keep their AppSec names whereas new regional OWASP
> conferences cannot use the protected AppSec label. This is a clear conflict
> of interest for Mark since he really wants to keep his AppSec DC brand
> (understandable) but might stir up arguments in the community down the road.
>
> I would like to discuss such questions free from conflicts of interest to
> be able to do my best for OWASP. Then my vote, should there be one, can and
> should be open and on the record.
>
> Regards, John
>
>
> Skickat från min iPhone
>
> 18 dec 2010 kl. 19:14 skrev dinis cruz <dinis.cruz at owasp.org>:
>
> > Can you think of the scenarious where you would need a 'secret vote'?
> >
> > Dinis Cruz
> >
> > On 18 Dec 2010, at 16:16, Lucas Ferreira <lucas.ferreira at owasp.org>
> > wrote:
> >
> >> Regarding the need to step aside during calls, maybe secret votes
> >> could be a solution. In the case more than one committee member
> >> requires, we should implement secret votes. Some may argue that this
> >> goes against the required openess, but I secret votes may be important
> >> in some accasions.
> >>
> >> Regards,
> >>
> >> Lucas
> >>
> >> On Friday, December 17, 2010, Mark Bristow <mark.bristow at owasp.org>
> >> wrote:
> >>> John,
> >>> Inline comments below.
> >>> FYI All, Looped in the GCC list.
> >>>
> >>>
> >>> On Fri, Dec 17, 2010 at 10:39 AM, John Wilander <
> john.wilander at owasp.org
> >>>> wrote:
> >>>
> >>> 2010/12/17 Mark Bristow <mark.bristow at owasp.org>
> >>>
> >>>
> >>>
> >>>
> >>> So john, some inline comments to your comments below.
> >>> Also, do you approve the doc as is and want to put up separate
> >>> changes, or is this a reject?  If so, we'll re-open for discussion.
> >>>
> >>>
> >>>
> >>>
> >>> I approve as long as we can discuss and get changes in there
> >>> eventually.
> >>> Doing it now,  Looped in the main GCC list.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> I like Mark but I still think we should have a max on how many
> >>> years (in a row) you can be chair. My suggestion is three years.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> Fine by me.  If I got elected for 2011, would make it my last year.
> >>> To be clear – I think you're doing a great job and I'm not challen
> >>> ging you. But I think it's healthy to have a max. Would be good fo
> >>> r the OWASP Board too. People tend to deliver their best if they k
> >>> now the timeframe for their engagement and there's a natural succe
> >>> ssion when people know there has to be a new leader/chair chosen.
> >>> Look at American presidents vs Swedish ever-prime ministers. I muc
> >>> h prefer the American "you get two terms max".
> >>>
> >>>
> >>> A) feel free to challenge meB) I agree, some term limits are
> >>> healthy to keep things fresh.  I agree on the board comment but
> >>> that's for the new Governance working session that I just found out
> >>> I'm in......
> >>>
> >>> C) I don't think that Lifetime MAXes are necessary, but i"m good
> >>> with only 3 consecutive years.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> We need to comment that scheduling of the meetings have to take
> >>> into consideration the different time zones we're in. I constantly
> >>> have trouble attending OWASP phone calls because they're in odd
> >>> time of the day or night. If I have a Skype meeting until 1 am I
> >>> will not do a good job the day after. Mark has been good in
> >>> scheduling so far but we should have a sentence about not only
> >>> fitting for instance US time zones. I suspect any Asian GCC members
> >>> will have a lot to say about this.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> Since a GCC member can be kicked out if not attending enough
> >>> meetings the scheduling is important.
> >>> I think that "Meetings will be scheduled based on the availability
> >>> of the majority of the members" settles this somewhat.  This forces
> >>> some type of "polling" in order to set the meeting date time.  Much
> >>> like I use Doodle now for scheduling.
> >>>
> >>>
> >>>
> >>>
> >>> Yeah. As long as we don't end up in the GCC always having a
> >>> majority of people in certain time zones so the majority of members
> >>> constantly prefer that time zone.
> >>>
> >>>
> >>> This is an entirely separate problem.  I'd love to have more people
> >>> from europe, asia and south america on the committee but
> >>> unfortunately we haven't had many takers to date.  I think that we
> >>> as a committee should not accept additional members from the US
> >>> unless one resigns.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> Add a sentence about the GCC member(s) with conflicting interests
> >>> to temporarily leave the meeting during discussion. This is
> >>> important if we want to have an open and effective committee. For
> >>> instance – if AppSec in Stockholm would have produced a loss and t
> >>> he GCC wanted to discuss this you would have asked me questions fi
> >>> rst and then discussed privately for 10 minutes without me hearing.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> Recusal is not a bad idea, however since our meetings are open to
> >>> anyone to join it would be odd for the GCC member to have to leave
> >>> when anyone in OWASP is welcome to stay.
> >>>
> >>>
> >>>
> >>>
> >>> I wouldn't mind. As a formal member I understand that people will
> >>> need to discuss freely for the committee to reach the right decision.
> >>>
> >>>
> >>> I just feel this is counter to "openness".  It's a tough call,
> >>> because if I wasn't a GCC member, and I knew the GCC was taking
> >>> something up important to me, I'd be on the call anyway to argue my
> >>> case if needed.  However I find that I'm better with mental
> >>> compartmentalization than most.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> I don't it'll be a problem but gas prices vary a lot around the
> >>> globe. For instance gas is USD 7 per gallon in Sweden. So we might
> >>> want to say something about adjusting for local gas prices.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> Do you have an internationally recognized index we can throw in here?
> >>> :D. No, but just a note on proving by receipt what your fuel costs
> >>> were per km/mile would be fine. Then we can default to the amount
> >>> you have there.
> >>>
> >>>
> >>> Well, on tho the 2011 plan vote so we can ask the board for funds
> >>> for this to matter ;)
> >>>
> >>>
> >>>
> >>>
> >>>   /John
> >>> --
> >>> John Wilander, https://twitter.com/johnwilander
> >>> Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
> >>> <http://owaspsweden.blogspot.com>Co-organizer Global Summit,
> http://www.owasp.org/index.php/Summit_2011
> >>> <http://www.owasp.org/index.php/Summit_2011>Conf Comm,
> http://www.owasp.org/index.php/Global_Conferences_Committee
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> Mark Bristow
> >>> (703) 596-5175
> >>> mark.bristow at owasp.org
> >>>
> >>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> >>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> >>> AppSec DC Organizer - https://www.appsecdc.org
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> Mark Bristow
> >>> (703) 596-5175
> >>> mark.bristow at owasp.org
> >>>
> >>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> >>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> >>> AppSec DC Organizer - https://www.appsecdc.org
> >>>
> >>>
> >>
> >> --
> >> Homo sapiens non urinat in ventum.
> >> _______________________________________________
> >> Global_conference_committee mailing list
> >> Global_conference_committee at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/global_conference_committee
> > _______________________________________________
> > Global_conference_committee mailing list
> > Global_conference_committee at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/global_conference_committee
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20101219/2ea5b3a8/attachment-0002.html>


More information about the Owasp-board mailing list