[Owasp-board] Getting it all out in the open

Josh Sokol josh.sokol at owasp.org
Tue Feb 18 04:44:42 UTC 2014


The ">" characters that you see on the mailing list archive (assuming you
meant http://lists.owasp.org/pipermail/owasp-board/2014-February/013107.html)
are from an HTML e-mail in Google where that was quoted text being
translated to pure text for the mailing list archive.  They have nothing to
do with me being unreasonable.

The no direct reference to you was intentional so that the inquiry does not
continue to haunt you as it has in the past.  New people will be unable to
associate it with you and people who are already familiar will only see the
replacement text.  I believe that, knowing how search engines function,
this is a completely reasonable step for this statement.

Sounds like, based on your "reasonable interpretation" above, we can
reasonably assume that you quickly glanced over this e-mail, hearing only
what you wanted to hear, responding before you had a chance to read it in
it's entirety, never seeking clarification from me, and also missing the
part where I also said:

On top of the above, it is clear that Christian feels that the Inquiry has
affected his ability to work as well as his general state of well being.
If this is true, then it is in direct contradiction to the OWASP Code of
Ethics where we state that OWASP members should not intentionally injure or
impugn the professional reputation of our colleagues.  I don't think that
it is rational for us to question whether this is or is not true, and
therefore feel like our best course of action is to assume that it is and
work to correct the situation.  My proposal is to remove the Google Hacking
Inquiry document and any reference documentation as well that is on the
OWASP public website.  In it's stead, I would like to place the following

This part was not in ">" characters and it clearly referenced your name
before calling out that the text following was the replacement text.   I
don't think it gets much clearer than that.

My role here is to obtain the evidence from you that I need in order to
make a decision on your request for reinstatement.  As part of this, I have
come to the conclusion that the Google Hacking Inquiry no longer serves the
purpose that it was originally intended and I was seeking a consensus from
the Board in order to have it removed.  To my knowledge, I am not required
to consult with you before I consult with the Board on any topic.

As for you saying that my e-mail lacked prioritization and was confusing in
order to create bias, I'm afraid you may have again fallen victim to the
HTML vs plain text conundrum I mentioned above.  See where it says "*
Google Hacking Inquiry *"?  That was where the message was structured to
highlight the paragraph where I specifically made statements about the
Google Hacking Inquiry and it was bolded and underlined.  See where it says
"* Request for Reinstatement *"?  That's where I made statements about your
request for reinstatement.  I don't write e-mails that are slapped together
with random links and are not well thought out in advance.  That said, if
there are others monitoring the Board list who felt that my e-mail was
unreasonably formatted, lacked prioritization, or attempted to create a
bias, I would be more than willing to accept that feedback and will work to
do better next time.  You will not hurt my feelings in the slightest.

I agree that Tobias has done a fantastic job so far as well and am glad
that you feel that he has aided in highlighting the nuances that weren't
clarified or highlighted by me.  The OWASP Board, like any other team,
consists of people from many different backgrounds and abilities.  Hearing
that Tobias has helped to fill in the gaps that I may have left behind is a
testament to good teamwork and I am grateful to him for the assistance that
he has been able to provide us.


On Mon, Feb 17, 2014 at 9:51 PM, Christian Heinrich <
christian.heinrich at cmlh.id.au> wrote:

> Josh,
> That is not how a reasonable person who interpret their viewing of
> http://lists.owasp.org/pipermail/owasp-board/2014-February/013171.html,
> specifically:
>    1. The use of ">" characters indicates as a series of quoted lines [1]
>    from a e-mail related to a separate discussion about the OWASP Code of
>    Ethics that is unknown to me.
>    2. You made no direct reference to me in this statement at all so a
>    reasonable person would assumed it was a quotation from the wiki page
>    related to the Code of Ethics [2].
> This reasonable interpretation is supported by my response:
>    - "*It is too late for OWASP to attempt to wipe the slate clean*" i.e.
>    I can't see any "placeholder" text
>    - "*and furthermore the Google Hacking Inquiry is recoverable*" i.e. I
>    believe your solution is to delete wiki page and PDF which is correlated
>    from my recent e-mail sent about three hours ago.
>    - The lack of any knowledge of placeholder text is further supported
>    with my statement "*I would recommend that the OWASP Board consult
>    with their PR Agent as to wording of the replacement text of the OWASP
>    Google Hacking Inquiry that is reasonable for all involved*." to quote
>    one of my future e-mails [3]
> The core issue is that you have *not* consulted with me prior to
> approaching the OWASP Board i.e. "*Let me be absolutely clear that this
> is not what Christian requested,*" compounded by the length of this
> e-mail which lacks any form of prioritisation of the various issues that
> are you attempting to thinking out aloud in order to create bias.
> I would like to thank Tobias for the existence of "placeholder text" to my
> attention.  He has been fundamental in highlighting nuances that aren't
> clarified or highlighted by you Josh.
> [1] http://en.wikipedia.org/wiki/Posting_style#Quoted_line_prefix
> [2]
> https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Code_of_Ethics
> [3] http://lists.owasp.org/pipermail/owasp-board/2014-February/013198.html
> On Tue, Feb 18, 2014 at 1:33 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
> > Actually, even though I may not have provided this replacement text to
> you
> > directly, you clearly were aware of it's existence per the following
> text:
> >
> > "I would appreciate if you could publish this to the OWASP Board Mailing
> > List and I am responding to
> > http://lists.owasp.org/pipermail/owasp-board/2014-February/013107.htmlonly
> > (I haven't read the entire thread)."
> >
> > http://lists.owasp.org/pipermail/owasp-board/2014-February/013171.html
> >
> > In fact, you responded to the text saying "It is too late for OWASP to
> > attempt to wipe the slate clean and furthermore the Google Hacking
> Inquiry
> > is recoverable" and asked me to forward it on your behalf, which I did,
> to
> > the rest of the OWASP Board:
> >
> > ~josh
> >
> >
> > On Mon, Feb 17, 2014 at 7:53 PM, Josh Sokol <josh.sokol at owasp.org>
> wrote:
> >>
> >> Christian,
> >>
> >> As you had responded to other messages posted on the OWASP Board mailing
> >> list, I assumed you were reading what was posted there.  I made no
> attempts
> >> to hide this and there was quite the discussion following it.  Feel
> free to
> >> read it here:
> >>
> >> http://lists.owasp.org/pipermail/owasp-board/2014-February/013107.html
> >>
> >> I've mentioned the replacement text in our communications (probably not
> >> specifying the exact text as I wrongly made the assumption that you had
> >> already read it) so I'm surprised that you're surprised by it and that
> you
> >> didn't ask me for clarification on what I was talking about before this.
> >> For ease of access, the proposed replacement text is as follows:
> >>
> >> Recently, information has been brought to our attention which allows the
> >> current
> >> OWASP Board to revisit OWASP's position on the Google Hacking Inquiry
> >> that was undertaken in July of 2010.  The OWASP Code of Ethics
> >>  states that we should not intentionally injure or impugn the
> >> professional reputation of colleagues and, upon consideration, we feel
> >> that perpetuating the inquiry results would do just that.  As such, we
> >> feel that it is in the best interests of the OWASP Foundation and all
> >> concerned parties to wipe the slate clean by removing the details of the
> >>  inquiry from our public records at this time.  We feel sincerely sorry
> >> for any damages that this inquiry may have caused to any of the parties
> >> involved.
> --
> Regards,
> Christian Heinrich
> http://cmlh.id.au/contact
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140217/ceeb91b9/attachment-0001.html>

More information about the Owasp-board mailing list