matt.tesauro at owasp.org
Tue Feb 25 03:59:27 UTC 2014
The list has been created. Tobias is the owner.
-- Matt Tesauro
OWASP WTE Project Lead
http://AppSecLive.org - Community and Download site
OWASP OpenStack Security Project Lead
On Mon, Feb 24, 2014 at 6:32 PM, Sarah Baso <sarah.baso at owasp.org> wrote:
> Matt- you can just go ahead and set this up... We can talk about other
> ideas/solutions separately.
> On Feb 24, 2014, at 4:30 PM, Tobias <tobias.gondrom at owasp.org> wrote:
> Hi Matt,
> fyi: Sarah mentioned during our board meeting today about some thoughts,
> but these did not correspond with this basic request. And as I explained we
> do not need more than a simple mailing-list here. As Sarah did
> unfortunately not cc me on her ping to you, I do not know whether that was
> before or after our board meeting. Anyway, I will schedule a talk with her
> during this week and see whether any alternatives are better than the basic
> mailman solution.
> Besides that, I definitely agree that we need to have a stable
> mailing-list setup for all mailing-lists in any case - whether with or
> without one more list being hosted on our servers. Our mailing-lists are
> the central nervous system of our community. And they are essential to our
> Best regards, Tobias
> Tobias Gondrom
> OWASP Global Board Member
> OWASP CISO Survey Project Lead
> email: tobias.gondrom at owasp.org
> mobile: +852 56002975
> mobile: +44 7521003005
> skype: tgondrom
> twitter: @tgondrom
> On 25/02/14 00:09, Jim Manico wrote:
> Our community is not portal friendly, just warning you all. I still back
> this new list regardless of this portal. The staff does not need to be a
> part of it, the list managers can keep them posted.
> My 2 cents,
> Jim Manico
> (808) 652-3805
> On Feb 24, 2014, at 4:05 PM, Matt Tesauro <matt.tesauro at owasp.org> wrote:
> Tobias & Jim,
> I suspect the current server can handle the load (outbound is especially
> problematic) for this new list. I agree with Tobias that the best way to
> find out is to just try it and see what happens. 
> *HOWEVER*, I know the full time staff are working on the communities
> site which is hooked into Salesforce. I've not worked directly on this (I
> think its been primarily Kate but check with Sarah for 100% accuracy) and
> from what I understand, that site (and the features it will bring) will be
> a much better home for this type of list/communication mechanism.
> Sarah ping'ed me off this thread to ask me to hold off on this. From
> what she told me, she mentioned getting back to the board on Monday with a
> proposed solution for your request/suggestion.
> So, I'm putting this on hold until Monday - I've been busy upgrading the
> MediaWiki source code to get us up to the latest stable version. Look for
> a leaders-list announcement shortly.
>  TLDR: Mailman may be working OK currently, but its still full of
> cruft and requires a lot more work to be optimally setup.
> Just a note for the record, during the Christmas break of 2011, Mailman
> was migrated to Rackspace's public cloud hosting by the previous OWASP IT
> person. By February 2012, that Mallman server was becoming useless due to
> being buried in SPAM. I was on the board at the time and negotiated a
> donation of SPAM filtering service from Barracuda and got access to the
> Mailman install. The install was less then optimal with basic things like
> MX and PTR records missing. I'm actually surprised that it worked as well
> as it did. After getting the SPAM under control, Achim and I worked on
> getting a much better mail setup. With Achim's help (he knows Sendmail much
> better then me) we got a much more stable and working Mailman install setup.
> When the OWASP Connector started being sent is when we noticed the
> service dying and a mail storm of bounced bad email addresses was taking
> down Sendmail due to maxing out our connections. Moving the OWASP
> Connector off to the third-party service helped alleviate this problem.
> All that said, there's still many "kustomizations" of Mallman that are
> undocumented and deviate wildly from the methods suggested by the Mailman
> admin manual. I've found a bunch of shell scripts and other kustomizations
> in my Mailman archaeology explorations on that server but I continue to
> find unique and atypical settings. I suspect there's something broken in
> how Mailman handles bounces (and pruning address that perpetually bounce)
> but I've not found where those customizations were made.
> I've focused my work on keeping the service up and working for the
> community over getting all those edge cases worked out. I also prioritized
> getting the wiki fully updated over a clean install of Mailman, though that
> is my next large project for OWASP IT.
> So, if I'm uncertain about the capacity of that server it is because it
> has a far from optimal setup with undocumented diversions from the norm as
> well as unique customizations. Once I get a fresh install of Mailman setup
> and the lists migrated, then I'll be confident in its capacity.
> -- Matt Tesauro
> OWASP WTE Project Lead
> http://AppSecLive.org - Community and Download site
> OWASP OpenStack Security Project Lead
> On Mon, Feb 24, 2014 at 5:05 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>> Hi Jim,
>> I think we can just try it and see how we can cope with the volume. And
>> if things don't perform enough, we can still either improve the server
>> or change the system.
>> I know from other cases that mailman can handle a large number of users
>> in a reasonably high volume.
>> A good example of such a large list is the global IETF mailing-list:
>> If we run into performance problems, I could probably connect Matt with
>> their Admin to see how they do it.
>> Cheers, Tobias
>> On 24/02/14 16:25, Jim Manico wrote:
>> > Matt,
>> > We want to start a new email list that anyone (following our code of
>> > ethics) can join called owasp-community.
>> > Can mailman handle a large number of users in a high volume list?
>> > Aloha,
>> > Jim
>> > _______________________________________________
>> > Owasp-board mailing list
>> > Owasp-board at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board