[Owasp-board] Proposal for new global OWASP mailing-list "owasp-all"

Tobias tobias.gondrom at owasp.org
Fri Feb 14 22:03:20 UTC 2014

Agree with the opt-in.
I like when people vote with their feet. ;-)
(And makes the board vote unnecessary.)

To answer your question:
I do not desire a list "only for announcements made by staff or leaders".

What I like for owasp-all:
Ideally, this would be like an open market place for OWASP project ideas
and opinions on major global OWASP topics. And ideally, after very few
emails have been exchanged on a topic there, the discussion should move
towards a newly spawned initiative, a project, ...
But I would also see some OWASP news there, like info about a new
project or initiative, info about a new major release. Stuff that would
likely be beneficial or of interest for the wide majority of the
community or which would benefit from new volunteers. (as a rough
guideline, I would expect at maximum one announcement email per active
project per 1-2 years).
Other topics to post there would be info on AppSecs and CFP for AppSecs.

On the technology side: I would favor a simple standard "mailman" list,
like we have it for most of our current lists.

Regarding topics:
Maybe to give you a feel, let me give a few specific examples:
When I look at the leaders-list over the last 4 weeks, some the
following subjects I would have preferred to see on an owasp-all list:
- OWASP is Hiring!
- Looking for iGoat help!
- AppSec Europe 2014 - Call For Papers, Call For Presentations and Call
For Trainings is OPEN!
- Re: OWASP Statement on the Security of the Internet (at least one
email with the link to the community poll)
- OWASP Java Encoder 1.1.1 released!  (?)
- Slides about OWASP    
(maybe - not sure on the last two?)

... plus/minus one or two.

And going forward e.g. after we finished the initial discussion on the
leaders list, we could post to owasp-all the call for volunteers for
Wiki Currators.

Does that give a clearer idea of what would be in-scope?

I appreciate that it may be a little tricky to get the scope right from
the beginning. So we will have to experiment a little with it and see
how much info people like. And another idea I have is to ask for
feedback or do a survey after 3-6 months and ask the subscribers which
topics they found worthwhile to be posted and which not. That can give
us some idea to improve.

What do you think?

Just my 5cents, Tobias

On 14/02/14 21:09, Tom Brennan - OWASP wrote:
> Ditto with josh on this opt-in
> Owasp newsletters have been better
> Owasp blog has been more active
> Owasp leaders list has been timid
> Owasp linkedin has been littered with spam posts
> Owasp Facebook very few
> Ning?? Not sure what metrics we have with that
> A point of discussion is "member Owasp all" (managed by membership
> /community paid staff reconciled and updated quarterly) 
> Do you desire announcements or discussions?
> or 
> anyone-world just a list serve for anyone to join etc both have value
> and we should have both but are different in context
> Tobias what are you thinking here to be clear?
> Also note group admin using google groups or mailman listserve.  
> Re board vote - no that's a unnecessary hurdle, experiment let's see
> are 3 months it's either working really well or has lost the spark -
>  community will self level the model you champion.
> On Feb 14, 2014, at 3:06 PM, Josh Sokol <josh.sokol at owasp.org
> <mailto:josh.sokol at owasp.org>> wrote:
>> I support the idea of creating an open list for everyone to use but
>> feel that it should be opt-in rather than opt-out.  I'm fine if that
>> means offering a check box at the time of membership purchase and
>> renewal.
>> On Feb 14, 2014 2:00 PM, "Tobias" <tobias.gondrom at owasp.org
>> <mailto:tobias.gondrom at owasp.org>> wrote:
>>     Hello,
>>     == Proposal ==
>>     (I post this first to the OWASP board list for initial feedback
>>     and if the idea catches some general support, we can then either
>>     just create the list and see how things go or propose a
>>     discussion of this on the leaders-list.)
>>     *I propose to create a new mailing-list "owasp-all". *
>>     *Reasoning:* to open global OWASP discussions to the global
>>     community, beyond the leaders-list.
>>     Over the last months and years, I noticed that we had a number of
>>     discussions on the "leaders-list" that should in fact have been
>>     open to many more of our members and active contributor as well.
>>     Like proposing new ideas for projects and initiatives or e.g. the
>>     discussion about RSA and the OWASP security statement.
>>     Note: The leaders-list will remain very important and essential
>>     for all project and chapter leadership questions.
>>     I just like to enable normal OWASP members and contributors to
>>     exchange ideas and cooperate across chapter boundaries as well.
>>     For example it would be nice if OWASP members could coordinate
>>     worldwide across chapters to start projects and initiatives or
>>     spontaneously join together for a new OWASP initiative. Some of
>>     these discussions currently happen informally somewhere in the
>>     hallway of a conference, or are done on the leaders list and then
>>     sometimes communicated into the local chapters - or not. Which
>>     IMHO leaves out the many OWASP members and active contributors,
>>     who might be interested in joining interesting new projects or
>>     starting new initiatives or voicing their opinion about what
>>     OWASP should do in global questions, but who can not participate
>>     in the discussion directly because they are not chapter leaders
>>     or project leaders.
>>     So my proposal is to create a new mailing-list:
>>     *Name: "**owasp-all"*
>>     (or alternative name ideas: "owasp-owasp", "owasp-world", ...)
>>     *Scope: **
>>     *topics in-scope of this mailing-list are new project and
>>     initiative ideas that are looking for other fellow contributors
>>     and volunteers and news that are relevant and valuable for the
>>     global OWASP community. Explicitly out of scope is everything
>>     that can be discussed in a specific project or chapter or group
>>     of chapters, and topics that are already covered by the scope of
>>     any other mailing-list like the governance and project lists.
>>     And as this is a global mailing-list with potentially a lot of
>>     subscribers, we ask members to be very cautious and conservative
>>     in posting there and follow the scope definition very carefully.
>>     Furthermore, please refrain from cross-posting to this
>>     mailing-list. And be considerate whether you really need to reply
>>     to the whole list of thousands of people if e.g. you just want to
>>     sign up to a new initiative. A direct reply to the person who
>>     sent the initial message can spare others a lot of email traffic.
>>     *Target group: **
>>     *all OWASP leaders, active contributors and those who are
>>     interested in joining a project or initiative and don't know yet
>>     which one, OWASP members, and anyone interested in the global
>>     OWASP community.
>>     *Sign-up: **
>>     *The list is free for anyone to subscribe / unsubscribe.
>>     At the start, I suggest that the list should be pre-filled with
>>     all members of the leaders-list and all OWASP members (as per the
>>     membership list) with the option to unsubscribe like from any
>>     other free mailing-list.
>>     Going forward I propose to add a flag at the membership renewal
>>     form (i.e. when you pay your membership fee) that you want to be
>>     on the global "OWASP-all" mailing-list (with the default setting
>>     to be "yes").
>>     And I would appreciate if we could send an email to all chapter
>>     mailing-lists to inform people there about this new global OWASP
>>     community mailing-list which is open to everyone.
>>     Please note that I don't know whether we would need a board vote
>>     for this mailing-list to be created or could just do it.
>>     So I err on the side of caution and ask for feedback and possibly
>>     a board vote for approval.
>>     All the best,
>>     Tobias
>>     Tobias Gondrom
>>     OWASP Global Board Member
>>     OWASP CISO Survey Project Lead
>>     email: tobias.gondrom at owasp.org <mailto:tobias.gondrom at owasp.org>
>>     mobile: +852 56002975 <tel:%2B852%2056002975>
>>     mobile: +44 7521003005 <tel:%2B44%207521003005>
>>     skype: tgondrom
>>     twitter: @tgondrom
>>     _______________________________________________
>>     Owasp-board mailing list
>>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-board
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140214/fd13b9a0/attachment-0001.html>

More information about the Owasp-board mailing list