[Owasp-board] Proposal for new global OWASP mailing-list "owasp-all"

Matt Tesauro matt.tesauro at owasp.org
Sat Feb 22 06:27:41 UTC 2014

Catching up on emails...

There already is a list called owasp-all on lists.owasp.org.  It was
created previously to use a semi-convoluted process [1] to add every member
of a list in Mailman on lists.owasp.org and add their address to that list.

The lists original purpose was for announcement to all the people who had
an account on lists.owasp.org - posting was (and is) strictly controlled
for obvious reasons.  It was used by the OWASP Connector but the size of
the population of that list was killing our outbound email server.  It
currently has roughly 42,000+ members.  (There are 713 lists on
lists.owasp.org currently, BTW)

So, if you want an way to announce things to the general OWASP population,
Mailman may not be the best thing to do that with.  Perhaps Salesforce
could be used with the paid membership's tracked in there.

No trying to spoil the idea - just trying to lay down the IT landscape for
this conversation.

[1] From my IT archaeological work, I've discovered the process for adding
people to owasp-all is as follows.
Note:  remove-from-all is a "shadow" list which holds people who've
requested to be removed from owasp-all.

Every hour at 6 min after the hour, owasp_parent_list.sh is run which


   dumps remove-from-all list members to a file in /tmp called no_all

   removes all users from owasp-all with remove_members -n -N -a owasp-all

   creates a list of all the mailman members

   get the list of remove-from-all members and takes those out of the list
   of all members with 1+ list membership

   takes the resultant list and re-creates owasp-all

I've got this and a ton of other IT admin related details in Google docs
and shared with the rest of the staff to hedge against the "hit by a bus"

-- Matt Tesauro
OWASP WTE Project Lead
http://AppSecLive.org - Community and Download site
OWASP OpenStack Security Project Lead

On Fri, Feb 14, 2014 at 1:59 PM, Tobias <tobias.gondrom at owasp.org> wrote:

>  Hello,
> == Proposal ==
> (I post this first to the OWASP board list for initial feedback and if the
> idea catches some general support, we can then either just create the
> list and see how things go or propose a discussion of this on the
> leaders-list.)
> *I propose to create a new mailing-list "owasp-all". *
> *Reasoning:* to open global OWASP discussions to the global community,
> beyond the leaders-list.
> Over the last months and years, I noticed that we had a number of
> discussions on the "leaders-list" that should in fact have been open to
> many more of our members and active contributor as well. Like proposing new
> ideas for projects and initiatives or e.g. the discussion about RSA and the
> OWASP security statement.
> Note: The leaders-list will remain very important and essential for all
> project and chapter leadership questions.
> I just like to enable normal OWASP members and contributors to exchange
> ideas and cooperate across chapter boundaries as well. For example it would
> be nice if OWASP members could coordinate worldwide across chapters to
> start projects and initiatives or spontaneously join together for a new
> OWASP initiative. Some of these discussions currently happen informally
> somewhere in the hallway of a conference, or are done on the leaders list
> and then sometimes communicated into the local chapters - or not. Which
> IMHO leaves out the many OWASP members and active contributors, who might
> be interested in joining interesting new projects or starting new
> initiatives or voicing their opinion about what OWASP should do in global
> questions, but who can not participate in the discussion directly because
> they are not chapter leaders or project leaders.
> So my proposal is to create a new mailing-list:
> *Name: "**owasp-all"*
> (or alternative name ideas: "owasp-owasp", "owasp-world", ...)
> *Scope: *
> topics in-scope of this mailing-list are new project and initiative ideas
> that are looking for other fellow contributors and volunteers and news that
> are relevant and valuable for the global OWASP community. Explicitly out of
> scope is everything that can be discussed in a specific project or chapter
> or group of chapters, and topics that are already covered by the scope of
> any other mailing-list like the governance and project lists.
> And as this is a global mailing-list with potentially a lot of
> subscribers, we ask members to be very cautious and conservative in posting
> there and follow the scope definition very carefully. Furthermore, please
> refrain from cross-posting to this mailing-list. And be considerate
> whether you really need to reply to the whole list of thousands of people
> if e.g. you just want to sign up to a new initiative. A direct reply to the
> person who sent the initial message can spare others a lot of email
> traffic.
> *Target group: *
> all OWASP leaders, active contributors and those who are interested in
> joining a project or initiative and don't know yet which one, OWASP
> members, and anyone interested in the global OWASP community.
> *Sign-up: *
> The list is free for anyone to subscribe / unsubscribe.
> At the start, I suggest that the list should be pre-filled with all
> members of the leaders-list and all OWASP members (as per the membership
> list) with the option to unsubscribe like from any other free mailing-list.
> Going forward I propose to add a flag at the membership renewal form (i.e.
> when you pay your membership fee) that you want to be on the global
> "OWASP-all" mailing-list (with the default setting to be "yes").
> And I would appreciate if we could send an email to all chapter
> mailing-lists to inform people there about this new global OWASP community
> mailing-list which is open to everyone.
> Please note that I don't know whether we would need a board vote for this
> mailing-list to be created or could just do it.
> So I err on the side of caution and ask for feedback and possibly a board
> vote for approval.
> All the best,
> Tobias
> Tobias Gondrom
> OWASP Global Board Member
> OWASP CISO Survey Project Lead
> email: tobias.gondrom at owasp.org
> mobile: +852 56002975
> mobile: +44 7521003005
> skype: tgondrom
> twitter: @tgondrom
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140222/da184a30/attachment-0001.html>

More information about the Owasp-board mailing list