[Owasp-board] OWASP-community

Matt Tesauro matt.tesauro at owasp.org
Tue Feb 25 03:59:27 UTC 2014


The list has been created.  Tobias is the owner.

https://lists.owasp.org/mailman/listinfo/owasp-community


--
-- Matt Tesauro
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site
OWASP OpenStack Security Project Lead
https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project


On Mon, Feb 24, 2014 at 6:32 PM, Sarah Baso <sarah.baso at owasp.org> wrote:

> Matt- you can just go ahead and set this up... We can talk about other
> ideas/solutions separately.
>
> Thanks,
>
> Sarah
>
> On Feb 24, 2014, at 4:30 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>
> Hi Matt,
>
> fyi: Sarah mentioned during our board meeting today about some thoughts,
> but these did not correspond with this basic request. And as I explained we
> do not need more than a simple mailing-list here. As Sarah did
> unfortunately not cc me on her ping to you, I do not know whether that was
> before or after our board meeting. Anyway, I will schedule a talk with her
> during this week and see whether any alternatives are better than the basic
> mailman solution.
>
> Besides that, I definitely agree that we need to have a stable
> mailing-list setup for all mailing-lists in any case - whether with or
> without one more list being hosted on our servers. Our mailing-lists are
> the central nervous system of our community. And they are essential to our
> operation.
>
> Best regards, Tobias
>
>
> Tobias Gondrom
> OWASP Global Board Member
> OWASP CISO Survey Project Lead
> email: tobias.gondrom at owasp.org
> mobile: +852 56002975
> mobile: +44 7521003005
> skype: tgondrom
> twitter: @tgondrom
>
>
>
> On 25/02/14 00:09, Jim Manico wrote:
>
> Our community is not portal friendly, just warning you all. I still back
> this new list regardless of this portal. The staff does not need to be a
> part of it, the list managers can keep them posted.
>
>  My 2 cents,
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On Feb 24, 2014, at 4:05 PM, Matt Tesauro <matt.tesauro at owasp.org> wrote:
>
>   Tobias & Jim,
>
>  I suspect the current server can handle the load (outbound is especially
> problematic) for this new list.  I agree with Tobias that the best way to
> find out is to just try it and see what happens. [1]
>
>  *HOWEVER*, I know the full time staff are working on the communities
> site which is hooked into Salesforce.  I've not worked directly on this (I
> think its been primarily Kate but check with Sarah for 100% accuracy) and
> from what I understand, that site (and the features it will bring) will be
> a much better home for this type of list/communication mechanism.
>
>  Sarah ping'ed me off this thread to ask me to hold off on this.  From
> what she told me, she mentioned getting back to the board on Monday with a
> proposed solution for your request/suggestion.
>
>  So, I'm putting this on hold until Monday - I've been busy upgrading the
> MediaWiki source code to get us up to the latest stable version.  Look for
> a leaders-list announcement shortly.
>
>  [1]  TLDR: Mailman may be working OK currently, but its still full of
> cruft and requires a lot more work to be optimally setup.
>
>  Just a note for the record, during the Christmas break of 2011, Mailman
> was migrated to Rackspace's public cloud hosting by the previous OWASP IT
> person.  By February 2012, that Mallman server was becoming useless due to
> being buried in SPAM.  I was on the board at the time and negotiated a
> donation of SPAM filtering service from Barracuda and got access to the
> Mailman install.  The install was less then optimal with basic things like
> MX and PTR records missing.  I'm actually surprised that it worked as well
> as it did.  After getting the SPAM under control, Achim and I worked on
> getting a much better mail setup. With Achim's help (he knows Sendmail much
> better then me) we got a much more stable and working Mailman install setup.
>
>  When the OWASP Connector started being sent is when we noticed the
> service dying and a mail storm of bounced bad email addresses was taking
> down Sendmail due to maxing out our connections.  Moving the OWASP
> Connector off to the third-party service helped alleviate this problem.
>
>  All that said, there's still many "kustomizations" of Mallman that are
> undocumented and deviate wildly from the methods suggested by the Mailman
> admin manual.  I've found a bunch of shell scripts and other kustomizations
> in my Mailman archaeology explorations on that server but I continue to
> find unique and atypical settings.  I suspect there's something broken in
> how Mailman handles bounces (and pruning address that perpetually bounce)
> but I've not found where those customizations were made.
>
>  I've focused my work on keeping the service up and working for the
> community over getting all those edge cases worked out.  I also prioritized
> getting the wiki fully updated over a clean install of Mailman, though that
> is my next large project for OWASP IT.
>
>  So, if I'm uncertain about the capacity of that server it is because it
> has a far from optimal setup with undocumented diversions from the norm as
> well as unique customizations.  Once I get a fresh install of Mailman setup
> and the lists migrated, then I'll be confident in its capacity.
>
>  HTH.
>
>
> --
> -- Matt Tesauro
> OWASP WTE Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
> OWASP OpenStack Security Project Lead
> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>
>
> On Mon, Feb 24, 2014 at 5:05 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>
>> Hi Jim,
>>
>> I think we can just try it and see how we can cope with the volume. And
>> if things don't perform enough, we can still either improve the server
>> or change the system.
>>
>> I know from other cases that mailman can handle a large number of users
>> in a reasonably high volume.
>> A good example of such a large list is the global IETF mailing-list:
>> https://www.ietf.org/mailman/listinfo/ietf
>> If we run into performance problems, I could probably connect Matt with
>> their Admin to see how they do it.
>>
>> Cheers, Tobias
>>
>>
>> On 24/02/14 16:25, Jim Manico wrote:
>> > Matt,
>> >
>> > We want to start a new email list that anyone (following our code of
>> > ethics) can join called owasp-community.
>> >
>> > Can mailman handle a large number of users in a high volume list?
>> >
>> > Aloha,
>> > Jim
>> > _______________________________________________
>> > Owasp-board mailing list
>> > Owasp-board at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140224/50635572/attachment.html>


More information about the Owasp-board mailing list