[Owasp-board] OWASP Mailing Lists

Laurence Casey larry.casey at owasp.org
Thu Oct 14 22:35:26 UTC 2010


Mark,

 

The point I am trying to make is that if people want to know what is going
on in the region, they will subscribe to that specific list. It doesn't
matter if you are only reducing the effort on the senders part, subscribers
are getting mail from a list they didn't subscribe to. I am all for the
OPT-IN method.

 

We could have a parent list that sends to the other lists. Originally, that
is what I wanted to do with the OWASP-all list. Only one problem, if people
are on more than one list in the region they will get more than one email.
This will be the same if you did what you are proposing with a private list.

 

Regulations:

http://business.ftc.gov/documents/bus61-can-spam-act-Compliance-Guide-for-Bu
siness

 

It's hard to tell what type of members we lost in the owasp-all practice.
Even if they are not paying member, they could have been. 

 

I would like Kate to jump in on this discussion since she takes the brunt of
blasting from people who are unhappy with receiving emails from a list they
didn't subscribe to. I am opposed to it since its ethically wrong and
ultimately the one who has had to remove those unhappy users.

 

BTW- we have many members  from all over the world who may want to go to
another regions event. Especially Conferences.

 

One more tidbit of information. I've had to remove our OWASP mailing list IP
address from several spam listing services due to the owasp-all list.

 

It appears we both have valid points, but can't agree. So I've cc'd this
discussion to the Board so we can move this to a decision.

(removed Kate from cc because she is on board list already)

 

--Larry

 

 

 

From: Mark Bristow [mailto:mark.bristow at owasp.org] 
Sent: Thursday, October 14, 2010 4:57 PM
To: Laurence Casey
Cc: Kate Hartmann
Subject: Re: OWASP Mailing Lists

 

Larry,

 

I am not saying that the OWASP All list would go away, what we are proposing
is in addition to the OWASP All list.  What it would do however is reduce
traffic on OWASP All, thus reducing the "annoyance" problem.

 

I'm not seing a huge management overhead for this either, as we don't add
chapters all that often and we could even have a (say quarterly, or
semi-annual) review to make sure that everything was up to date in a single
shot.  It would not be critical that they be updated more frequentally than
that.

 

I think creating lists and having people register is counter productive.
You will not reach nearly as many people in the opt-in scenerio.
Additionally, I as an individual member I can already can go out, subscribe
to all the chapter lists I'd like and send out mailings without an issue.
I'm not sure why creating a shortcut to that pain for orginizational gain
would be that troublesome, but I suppose we can do it the hard way instead.
As another example, I can just register US at appsecdc.org to all the domains
and use that as a forwarding shortcut which would achieve the same goal.

 

Also, why cant you just register the individual mailing lists to the new
list instead of culling all the member emails.  As an exmaple add
OWASP-Washington at lists.owasp.org instead of mark.bristow at owasp.org .....

 

I guess I am just not seeing the rub here.  Have we actually lost dues
paying members due to the incredibly small amount of email that goes out to
OWASP-ALL?  Or did you mean list members (who frankly signed up for an OWASP
chapter mailing list anyway).  I'd bet if you simply didn't add the
[OWASP-ALL] Subject tag, no-one would ever even know.

 

I'm also not sure what regulation your talking about here, but I guess I
have my answer that it's technically feasable and we already have similar
scripts to do this for OWASP-ALL.  I suppose I'll have the committee
recomend it to the board and we'll see where it goes.

On Thu, Oct 14, 2010 at 4:47 PM, Laurence Casey <larry.casey at owasp.org>
wrote:

Mark,

 

The OWASP all list would still have to exist, since it's a way to
communicate with everyone. We don't use that list for anything that is
specific to a region. That would put us back to adding people to lists
without their consent. 

 

Did I forget to mention the management of these lists? I use scripts on the
backend to populate the owasp-all list. This would probably be the case for
these lists, but a conf file would have to be maintained to make sure
new/old chapters are added/removed. Only one person is able to do this now
and that would be me. That is until OWASP moves to another mailing list
server.

 

Perhaps a better solution would be to create the lists and allow people from
those regions to subscribe to those lists for new updates. Each chapter can
add the appropriate new list to their chapter page. That would make everyone
happy and opt-in instead of having to opt-out. Again, opt-out would require
them to leave all mailing lists in that region. 

 

Understand that I am all for growing OWASP and providing a simple solution
to your needs, but only if it complies with regulations to and doesn't upset
our members. While this is truly a means to communicate to regional members,
this is not how it is perceived. This is not entirely up to me, the board
may feel it is appropriate. My views are based on what I have seen since the
creation of the owasp-all list and the numerous lost members as a result.

 

--Larry

 

From: Mark Bristow [mailto:mark.bristow at owasp.org] 
Sent: Thursday, October 14, 2010 1:52 PM
To: Laurence Casey
Cc: Kate Hartmann 


Subject: Re: OWASP Mailing Lists

 

Larry,

 

The intent would actually be to reduce the amount of OWASP All emails for
regional conferences and only send them to the people who it actually would
apply to.  This will help reduce OWASP ALL traffic and reduce the amount of
"unimportant" emails that go out about conferences that don't impact people
in that region.  I'm sure that someone will be upset about it the benifits
outweight the risks in the eyes of the Global Conferencs committee.

 

The idea was this would be a limited, controled "list" that can be used,
basically as a replacement for joining and sending it out to all the
individual chapter lists.

 

-Mark

On Thu, Oct 14, 2010 at 11:23 AM, Laurence Casey <larry.casey at owasp.org>
wrote:

Mark,

 

Possible, yes. Easy to maintain, no.

 

I would highly discourage this type of list. People are not happy to get
emails from mailing lists that they didn't subscribe to. EVERY email that
goes out to the owasp-all list results in 3-5 people requesting to be
removed from all lists. Not in a polite way either. This is true even when
the email has instructions on how to remove yourself from that list. I
understand why and how this could be useful, but wouldn't this possibly
segregate the regions to? 

 

--Larry

 

From: Mark Bristow [mailto:mark.bristow at owasp.org] 
Sent: Wednesday, October 13, 2010 3:33 PM
To: Laurence Casey; Kate Hartmann
Subject: OWASP Mailing Lists

 

Larry,

 

Would it be possible to create some new mailing lists that relate to OWASP
geographical areas?  We'd like someting that's controled (like OWASP-ALL)
but that the GCC could use to reach local markets for conferences.  We'd
want one for North America, South America, Europe, Asia, and South Pacific.
We'd want these auto-populated with members from the chapter lists in these
areas.

 

Is this doable?

-- 
Mark Bristow

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
AppSec DC 2010 Organizer - https://www.appsecdc.org
<https://www.appsecdc.org/> 
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu




-- 
Mark Bristow

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
AppSec DC 2010 Organizer - https://www.appsecdc.org
<https://www.appsecdc.org/> 
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu




-- 
Mark Bristow

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
AppSec DC 2010 Organizer - https://www.appsecdc.org
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20101014/c39c2df8/attachment-0002.html>


More information about the Owasp-board mailing list