[Owasp-board] Fwd: [owasp-antisamy] AntiSamy Java library: internationalcharacters / issue 121

Jim Manico jim.manico at owasp.org
Tue Mar 20 17:25:32 UTC 2012

It took •three months• for you to respond, Jason. There is no excuse for
that kind of treatment of the OWASP community, especially ones bearing
patches. Especially for projects supposedly co-run by our "project
committee chair". In my opinion its a symptom of a deeper disease.

I do not expect either you to agree with me, or even take additional
action. I said my peace and I am now moving on.

Jim Manico
(808) 652-3805

On Mar 20, 2012, at 5:56 PM, Jason Li <jason.li at owasp.org> wrote:


You're talking about issues that are slightly out of context of the
AntiSamy project and fixated on the notion of flagship status.

Projects are driven by leaders and it should not be the goal or desire of
the GPC or the Board to be managing minutiae like change control.
Ironically, projects is an area where I support your federalist/states
rights perspective of OWASP - we have to be cognizant of what we're doing
to *support* projects versus *impose* on projects.

Remember that all project leaders are volunteers - just because a patch
hasn't been accepted doesn't mean a project leader is ignoring the issue OR
is somehow "undeserving" of the "benefit" of OWASP (which btw, the tangible
concrete benefit that any given project *currently* gets at OWASP is
negligible). Do we need to find a way to address user concerns? Yes. But
trying to "force" or "escalate" a volunteer to do something is not

I want to reply with more detail and context but I honestly don't have time
to so that this week and I don't want you to keep fanning flames on this
thread in the meantime. I promise to respond to this thread to clarify what
flagship is, what the reasonable limits of OWASP are, and then we can have
a responsible, measured conversation about projects.


On Mar 20, 2012, at 11:32 AM, Jim Manico <jim.manico at owasp.org> wrote:

It still took three months for him to respond. As a flagship OWASP project
(that includes our project chair as a co-lead) I'm still very concerned
that it took so long for a simple acknowledgement of a (very good)

Perhaps we should add one-week turnaround time for support as core criteria
needed to maintain "flagship project status".

Jim Manico
(808) 652-3805

On Mar 20, 2012, at 3:08 PM, Dave Wichers <dave.wichers at owasp.org> wrote:


Arshan is in communication with Sean and this is being worked.


*From:* owasp-board-bounces at lists.owasp.org [mailto:
owasp-board-bounces at lists.owasp.org] *On Behalf Of *Jim Manico
*Sent:* Monday, March 19, 2012 6:00 PM
*To:* OWASP Foundation Board List; ssullivan at gilt.com
*Subject:* [Owasp-board] Fwd: [owasp-antisamy] AntiSamy Java library:
internationalcharacters / issue 121

Sean Sullivan has been •begging• to the OWASP AntiSamy project to even
acknowledge his patch and contribution, see below. He first submitted this
Dec 2011 and has gotten no response from Jason Li or Arshan D.

Since we claim AntiSamy to be a "flagship project" I cry foul and ask the
board to step in.


Jim Manico

(808) 652-3805

*From:* Sean Sullivan <ssullivan at gilt.com>
*Date:* March 19, 2012 10:43:45 PM GMT+01:00
*To:* Owasp-antisamy at lists.owasp.org
*Subject:* *Re: [owasp-antisamy] AntiSamy Java library:
internationalcharacters / issue 121*

Is there anything I can do to help resolve issue #121?


On Tue, Mar 6, 2012 at 9:00 AM, Sean Sullivan <ssullivan at gilt.com> wrote:


I just looked at Subversion trunk and noticed that my patch (issue # 121)
is still pending:



Is there anything I can do to help?


On Wed, Feb 22, 2012 at 5:17 PM, Arshan Dabirsiaghi <
arshan.dabirsiaghi at aspectsecurity.com> wrote:

Sorry for the delay; the patch looks good. It will probably be in HEAD in a
few days after I do some testing and get it into the next minor release,
which I hope to make in the next month or two. We just brought a new little
AntiSamy into the world, so time has been tight.



*From:* owasp-antisamy-bounces at lists.owasp.org [mailto:
owasp-antisamy-bounces at lists.owasp.org] *On Behalf Of *Sean Sullivan
*Sent:* Wednesday, February 22, 2012 2:29 PM
*To:* Owasp-antisamy at lists.owasp.org
*Subject:* Re: [owasp-antisamy] AntiSamy Java library:
internationalcharacters / issue 121


Is there anything I can do to help get this patch accepted?


On Fri, Feb 17, 2012 at 4:21 PM, Sean Sullivan <ssullivan at gilt.com> wrote:

In December 2011, I submitted a patch for AntiSamy's Java library:


The issue's status has not changed since I submitted it.  Is there anything
I can do to help get this patch accepted?


Owasp-antisamy mailing list
Owasp-antisamy at lists.owasp.org

Owasp-board mailing list
Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20120320/75e6bf3b/attachment.html>

More information about the Owasp-board mailing list