[Owasp-board] [Owasp-leaders] Public Comment

Bev Corwin bev.corwin at owasp.org
Thu Dec 11 20:28:50 UTC 2014


Thanks Josh, Doesn't the board have "oversight" and "compliance"
responsibilities to the OWASP Community? Best wishes, Bev

On Thu, Dec 11, 2014 at 12:57 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> It's a good point and I've definitely seen examples in the past of where a
> project has made significant decisions in a relative bubble before
> publishing it as an "open" document.  Honestly, I think to some extent that
> boils down to the project leadership/management and how they choose to run
> things.  Not that it makes it right or wrong.  I do agree with Simon in
> that this is not a Board decision though.  If for some reason people felt
> like project leaders are incapable of doing this, or that rules need to be
> put in place to enforce it, then that's something I would look to the
> Project Committee to establish.
>
> ~josh
>
> On Thu, Dec 11, 2014 at 11:51 AM, Bev Corwin <bev.corwin at owasp.org> wrote:
>
>> PS: Your reference was for "free" not "open". Do you have something that
>> would be a good reference for "open"? How about free and open? Thank you!
>>
>> On Thu, Dec 11, 2014 at 12:50 PM, Bev Corwin <bev.corwin at owasp.org>
>> wrote:
>>
>>> Dear Simon,
>>>
>>> Thank you. Good info, very much appreciate it. Where are you pulling
>>> your assumptions from? Is there a definition of "open" somewhere that could
>>> be referenced? So many organizations claim to be "open", however, very few
>>> actually "manifest" it well. Would be nice to see some kind of guidelines
>>> somewhere. That would be a board policy issue to recommend such things,
>>> wouldn't it?
>>>
>>> Best wishes,
>>> Bev
>>>
>>>
>>> On Thu, Dec 11, 2014 at 12:36 PM, psiinon <psiinon at gmail.com> wrote:
>>>
>>>> I'm not sure this is a board matter, although board members should
>>>> definitely speak up if they disagree :)
>>>> I think this is more a matter of 'good open source
>>>> leadership/management' as it applies to all open source projects and not
>>>> just OWASP ones.
>>>> But its something we can all learn from each other and so I think this
>>>> list is a good place to discuss it.
>>>>
>>>> Can you explain in a bit more detail which project(s) you are referring
>>>> to, what stage they are at and what you hope to get out of such
>>>> consultations?
>>>> I think the approaches for well established projects are likely to be
>>>> very different from ones that are just starting out.
>>>>
>>>> There are online resources like this which might help you:
>>>> http://producingoss.com/
>>>>
>>>> Any others people can recommend?
>>>>
>>>> Cheers,
>>>>
>>>> Simon
>>>>
>>>> On Thu, Dec 11, 2014 at 5:26 PM, Bev Corwin <bev.corwin at owasp.org>
>>>> wrote:
>>>>
>>>>> Thanks Simon, Yes, that is what I thought as well. Has the board made
>>>>> official recommendations about these things? Are they documented somewhere?
>>>>> As a practice, are there any guidelines for how to best do this in the
>>>>> community? Do we have a mailing list of interested public contributors that
>>>>> we can submit requests for comments to, etc.? Best wishes, Bev
>>>>>
>>>>> On Thu, Dec 11, 2014 at 12:20 PM, psiinon <psiinon at gmail.com> wrote:
>>>>>
>>>>>> Hi Bev,
>>>>>>
>>>>>> I'm confused :/
>>>>>> All OWASP projects are open source and should therefore be open for
>>>>>> public comment at all times.
>>>>>> All projects must have public lists that are clearly discoverable via
>>>>>> the project page.
>>>>>> You can ask for specific feedback from other leaders / your users /
>>>>>> the general public at specific times as well of course.
>>>>>>
>>>>>> Cheers,
>>>>>>
>>>>>> Simon
>>>>>>
>>>>>> On Thu, Dec 11, 2014 at 5:05 PM, Bev Corwin <bev.corwin at owasp.org>
>>>>>> wrote:
>>>>>>
>>>>>>> Dear OWASP Board and Leaders,
>>>>>>>
>>>>>>> Is it possible for OWASP projects and initiatives to open up for
>>>>>>> public comment at various stages in our projects and initiatives
>>>>>>> development processes? Do we have any board or leader level
>>>>>>> recommendations, policies / best practices for this kind of thing?
>>>>>>>
>>>>>>> Best wishes,
>>>>>>> Bev
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>
>>>
>>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20141211/1cc2a449/attachment.html>


More information about the Owasp-board mailing list