[Owasp-board] OWASP-community

Tobias tobias.gondrom at owasp.org
Tue Feb 25 00:30:33 UTC 2014

Hi Matt,

fyi: Sarah mentioned during our board meeting today about some thoughts,
but these did not correspond with this basic request. And as I explained
we do not need more than a simple mailing-list here. As Sarah did
unfortunately not cc me on her ping to you, I do not know whether that
was before or after our board meeting. Anyway, I will schedule a talk
with her during this week and see whether any alternatives are better
than the basic mailman solution.

Besides that, I definitely agree that we need to have a stable
mailing-list setup for all mailing-lists in any case - whether with or
without one more list being hosted on our servers. Our mailing-lists are
the central nervous system of our community. And they are essential to
our operation.

Best regards, Tobias

Tobias Gondrom
OWASP Global Board Member
OWASP CISO Survey Project Lead
email: tobias.gondrom at owasp.org <mailto:tobias.gondrom at owasp.org>
mobile: +852 56002975
mobile: +44 7521003005
skype: tgondrom
twitter: @tgondrom

On 25/02/14 00:09, Jim Manico wrote:
> Our community is not portal friendly, just warning you all. I still
> back this new list regardless of this portal. The staff does not need
> to be a part of it, the list managers can keep them posted.
> My 2 cents,
> --
> Jim Manico
> @Manicode
> (808) 652-3805
> On Feb 24, 2014, at 4:05 PM, Matt Tesauro <matt.tesauro at owasp.org
> <mailto:matt.tesauro at owasp.org>> wrote:
>> Tobias & Jim, 
>> I suspect the current server can handle the load (outbound is
>> especially problematic) for this new list.  I agree with Tobias that
>> the best way to find out is to just try it and see what happens. [1]
>> *HOWEVER*, I know the full time staff are working on the communities
>> site which is hooked into Salesforce.  I've not worked directly on
>> this (I think its been primarily Kate but check with Sarah for 100%
>> accuracy) and from what I understand, that site (and the features it
>> will bring) will be a much better home for this type of
>> list/communication mechanism.
>> Sarah ping'ed me off this thread to ask me to hold off on this.  From
>> what she told me, she mentioned getting back to the board on Monday
>> with a proposed solution for your request/suggestion.  
>> So, I'm putting this on hold until Monday - I've been busy upgrading
>> the MediaWiki source code to get us up to the latest stable version.
>>  Look for a leaders-list announcement shortly.
>> [1]  TLDR: Mailman may be working OK currently, but its still full of
>> cruft and requires a lot more work to be optimally setup.
>> Just a note for the record, during the Christmas break of 2011,
>> Mailman was migrated to Rackspace's public cloud hosting by the
>> previous OWASP IT person.  By February 2012, that Mallman server was
>> becoming useless due to being buried in SPAM.  I was on the board at
>> the time and negotiated a donation of SPAM filtering service from
>> Barracuda and got access to the Mailman install.  The install was
>> less then optimal with basic things like MX and PTR records missing.
>>  I'm actually surprised that it worked as well as it did.  After
>> getting the SPAM under control, Achim and I worked on getting a much
>> better mail setup. With Achim's help (he knows Sendmail much better
>> then me) we got a much more stable and working Mailman install setup.
>> When the OWASP Connector started being sent is when we noticed the
>> service dying and a mail storm of bounced bad email addresses was
>> taking down Sendmail due to maxing out our connections.  Moving the
>> OWASP Connector off to the third-party service helped alleviate this
>> problem.
>> All that said, there's still many "kustomizations" of Mallman that
>> are undocumented and deviate wildly from the methods suggested by the
>> Mailman admin manual.  I've found a bunch of shell scripts and other
>> kustomizations in my Mailman archaeology explorations on that server
>> but I continue to find unique and atypical settings.  I suspect
>> there's something broken in how Mailman handles bounces (and pruning
>> address that perpetually bounce) but I've not found where those
>> customizations were made.
>> I've focused my work on keeping the service up and working for the
>> community over getting all those edge cases worked out.  I also
>> prioritized getting the wiki fully updated over a clean install of
>> Mailman, though that is my next large project for OWASP IT.
>> So, if I'm uncertain about the capacity of that server it is because
>> it has a far from optimal setup with undocumented diversions from the
>> norm as well as unique customizations.  Once I get a fresh install of
>> Mailman setup and the lists migrated, then I'll be confident in its
>> capacity.
>> HTH.
>> --
>> -- Matt Tesauro
>> OWASP WTE Project Lead
>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>> http://AppSecLive.org - Community and Download site
>> OWASP OpenStack Security Project Lead
>> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>> On Mon, Feb 24, 2014 at 5:05 PM, Tobias <tobias.gondrom at owasp.org
>> <mailto:tobias.gondrom at owasp.org>> wrote:
>>     Hi Jim,
>>     I think we can just try it and see how we can cope with the
>>     volume. And
>>     if things don't perform enough, we can still either improve the
>>     server
>>     or change the system.
>>     I know from other cases that mailman can handle a large number of
>>     users
>>     in a reasonably high volume.
>>     A good example of such a large list is the global IETF mailing-list:
>>     https://www.ietf.org/mailman/listinfo/ietf
>>     If we run into performance problems, I could probably connect
>>     Matt with
>>     their Admin to see how they do it.
>>     Cheers, Tobias
>>     On 24/02/14 16:25, Jim Manico wrote:
>>     > Matt,
>>     >
>>     > We want to start a new email list that anyone (following our
>>     code of
>>     > ethics) can join called owasp-community.
>>     >
>>     > Can mailman handle a large number of users in a high volume list?
>>     >
>>     > Aloha,
>>     > Jim
>>     > _______________________________________________
>>     > Owasp-board mailing list
>>     > Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>     > https://lists.owasp.org/mailman/listinfo/owasp-board
>>     _______________________________________________
>>     Owasp-board mailing list
>>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140225/5760dee2/attachment.html>

More information about the Owasp-board mailing list