[Owasp-board] Regarding Hackademic project

Konstantinos Papapanagiotou Konstantinos at owasp.org
Thu Jul 23 14:36:27 UTC 2015


So Johanna all this fuss you are making wasting our valuable volunteer
time, is it about hackademic or more about the code sprint? Can you be
clear on that? Because if it's about the code sprint, we've been through
that so can you please get over it and move on? It's both about sponsoring
students _and_ improve projects. If other leaders don't have the time to
mentor they can choose not to participate and I'm really sorry but I can't
do anything about it.
as far as the $4500 are concerned I think it's pretty clear now that the
students get it and not hackademic. And since you imply that the project
leaders are not being subjective or do not know what's best for their
project, then maybe we can form a committee like your project tasks force
where one person can demote projects with a simple email. That would be
fair, open and democratic.

On Thu, Jul 23, 2015 at 5:19 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> >Why are these projects not participating in any of the org's initiatives?
> Why is the project leaders not committed or responsive?
> I'm sure that if a project with so much better codebase and features came
> to, say, summer code sprint and asked for students then it would receive a
> number of students and hackademic would eventually fade into obscurity, no?
>
> There are many projects with excellent code base Spyros.
>
> @Bev, The initiatives should match with the actual needs of the community.
>
>  If only 4 projects are benefitting now from the summer of code is because
> there are no mentors, Project leaders do not have time to participate.
> Even Timo is the mentor in this initiative for APPsensor ;-P.
>
> Timo is not even the leader but wants to help and contribute, just like me.
>
> The google summer of code has another goal: *Google Summer of Code is a
> global program that offers students stipends to write code for open source
> projects. *
>
> Do we want to sponsor students or do we want to improve projects? Is the
> summer of code the best initiative to improve projects?
> I honestly doubt it. I don't even want to participate even if Google is
> paying because after 2 summits I noticed that :
>
>    - Some Leaders don't have time. This reflects in the poor mentoring
>    - Students require a lot of mentoring time in order to be productive
>    - I don't want to spend my vacation mentoring
>    - Google has many issues with students abandoning their projects.
>
> What kind of initiatives do server our goals directly?
>
> 3 students are getting paid for Hackademics,  if they all pass and deliver
> work(based on what their Project leaders think) at the end, that is
> USD$4500 ==>3xUSD1500==> USD4500,0
> Simple math.
>
>
> *OWASP Summer Code Sprint 2015 Is Underway *
>>>
>>> The first selection stage of the Summer Code Sprint has finished on
>>> July 10th and we are proud to announce 8 new university students around the
>>> world will work on OWASP projects.
>>>
>>> *Selected Students are as follows:*
>>>
>>
>
>> *OWASP OWTF Projects*
>>>
>>> *OWASP Hackademic Project*
>>>
>>> Viyat Bhalodia
>>>
>>> Anirudh Anand
>>>
>>> Arun Sori
>>>
>>> Minhaz AV
>>>
>>> Alexandra Sandulescu
>>>
>>> Tapasweni Pathak
>>>
>>> *OWASP APPSensor*
>>>
>>> *OWASP Seraphimdroid*
>>>
>>> Sumanth Damaria
>>>
>>> *Kartik Kohli*
>>>
>>
> On Thu, Jul 23, 2015 at 10:01 AM, Bev Corwin <bev.corwin at owasp.org> wrote:
>
>> +1 I support Johanna and the Project Committee. I do not think that it is
>> OWASP's mission to give such special preference and accommodations to
>> excessively exclusive non-accommodating groups.
>>
>> Bev
>>
>>
>> On Thu, Jul 23, 2015 at 9:58 AM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>>> In any case you seem to be spending way too much time in finding
>>> inconsistencies in things I run. I honestly don't care about labels so feel
>>> free to call hackademic "lab", "incubator" or however you wish. I have to
>>> say that I'm very surprisde though that a project can be demoted by a
>>> single person in a single email. That's quite a lot of power in one person
>>> and not a very democratic way to decide, isn't it?
>>>
>>> I'm the leader and I base the decisions on the criteria an opinions of
>>> my team, not only me.Take the time if you want to read all the work has
>>> been done by multiple volunteers:
>>>
>>> https://www.owasp.org/index.php/Category:OWASP_Project#tab=Project_Assessments
>>>
>>> The fact that we want to see improvements and spend time on it should be
>>> seen as a whole for OWASP , the users and consumers of the projects , not
>>>  only for an individual benefit.
>>>
>>> And yes, don't worry, I won't waste my time reviewing your project
>>> anymore.
>>>
>>>  This was part of the major review we did last year and after a year ,
>>> also we conducted a new review lead by Timo.
>>>
>>> We can conclude that in our opinion this project does not deserve the
>>> label it has based on a criteria built by a team not only me.
>>> Based on the many hours we spend reviewing and building this project.
>>> And we have provided proof of that.
>>>
>>> It seems we spent more time that you on this project ;-P.
>>>
>>> Regards
>>>
>>> Johanna
>>>
>>> On Thu, Jul 23, 2015 at 9:47 AM, Konstantinos Papapanagiotou <
>>> Konstantinos at owasp.org> wrote:
>>>
>>>> Johanna,
>>>>
>>>> You should really refrain from telling me what to do and what not to
>>>> do. This is my personal volunteer time and frankly I'll do as l see
>>>> best and what's best for owasp and the community.
>>>>
>>>> I believe that you've got this all wrong. As usual you make statements
>>>> out of the blue to give a false impression. Can you point out how exactly
>>>> $4500 has been spent and by whom?
>>>>
>>>> In any case you seem to be spending way too much time in finding
>>>> inconsistencies in things I run. I honestly don't care about labels so feel
>>>> free to call hackademic "lab", "incubator" or however you wish. I have to
>>>> say that I'm very surprisde though that a project can be demoted by a
>>>> single person in a single email. That's quite a lot of power in one person
>>>> and not a very democratic way to decide, isn't it?
>>>>
>>>> Lastly in what concerns me and I also believe the hackademic
>>>> project, your involvement is very unproductive. Please stop spending so
>>>> much time with us and let us move forward with our project as we see best.
>>>> Unless of course you believe we are somehow  violating owasp ethics or
>>>> bylaws and this shouldn't even be an owasp project.
>>>>
>>>> Kostas
>>>>
>>>>
>>>> On Thursday, July 23, 2015, johanna curiel curiel <
>>>> johanna.curiel at owasp.org> wrote:
>>>>
>>>>> On May Timo did an extensive evaluation
>>>>>
>>>>> https://docs.google.com/spreadsheets/d/1LpPBZ1kSnxuQ3I2bCE3aXVKOQXM7HnT4Xxfw5Nv1DKw/edit?usp=sharing
>>>>>
>>>>> Also Timo is referring to their comments regarding security:
>>>>> https://github.com/Hackademic/hackademic/issues/165
>>>>>
>>>>> We exchange multiple emails with Spyros and Antonis which are leading
>>>>> the project ,regarding the status and the findings from Marios and Timo.
>>>>> All open on the Project Task Force mailing list
>>>>>
>>>>> https://groups.google.com/a/owasp.org/forum/?hl=en#!topic/projects-task-force/iKoo1utMwAc
>>>>>
>>>>> @Konstantinos, you should be more involved in the actual development
>>>>> of the project because it seems to us you are not even aware what is
>>>>> happening.
>>>>>
>>>>> No changes were done, I did not receive any feedback further.
>>>>>
>>>>> We spent a lot of time reviewing and providing enough opportunities
>>>>> for improvement, but if their project leaders expect that they need to be
>>>>> financed every time to make progress in their project, I do not agree with
>>>>> this attitude.
>>>>>
>>>>> Thats the point. We know that none of this funds is spent by their
>>>>> project leaders directly, but project leaders have responsibilities because
>>>>> they get opportunities such as attending the Project Summits, which was
>>>>> also paid from the Project Summit EU.
>>>>>
>>>>> We are demoting this project to incubator status.
>>>>>
>>>>> USD4500 is now been spent in Hackademics development.
>>>>>
>>>>> I hope that something comes out of this and at least improvements are
>>>>> done.
>>>>>
>>>>>
>>>>> Regards
>>>>>
>>>>> Johanna
>>>>>
>>>>> On Thu, Jul 23, 2015 at 8:45 AM, Timo Goosen <timo.goosen at owasp.org>
>>>>> wrote:
>>>>>
>>>>>> I'd like to see these guys demoted from LAB status. They seem to also
>>>>>> lack basic knowledge of security from my interaction with them.
>>>>>>
>>>>>> I don't support this project and they will not get anymore of my time
>>>>>> as a volunteer for OWASP.
>>>>>> ( I don't get or my time as volunteer and neither does Johanna,
>>>>>> contrary to popular belief.)
>>>>>>
>>>>>>
>>>>>>
>>>>>> Regards.
>>>>>> Timo
>>>>>>
>>>>>> On Thu, Jul 23, 2015 at 2:26 PM, johanna curiel curiel <
>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>>
>>>>>>> And btw I'm not impress by the activity level of this project over
>>>>>>> the years on the mentioned branch.
>>>>>>>
>>>>>>> This is a 'LAB' project which people expect a certain level of
>>>>>>> maturity. When Timo and Marios did their testing the same conclusion was
>>>>>>> observed: they lack documentation
>>>>>>>
>>>>>>> This project was promoted to LAB before we did a major evaluation in
>>>>>>> 2014 and honestly compare to other incubators, it lacks many things to be a
>>>>>>> LAB project.
>>>>>>>
>>>>>>> However we did not demoted, we leave it and keep on observing it.
>>>>>>>
>>>>>>> My whole point is and also from Timo, that a project should be more
>>>>>>> responsive regarding the work we do and also their project leaders should
>>>>>>> keep in mind there are responsibilities regarding this. IF you are only
>>>>>>> their to receive funds then, we are quite reluctant to believe its
>>>>>>> credibility
>>>>>>>
>>>>>>> [image: Inline image 1]
>>>>>>>
>>>>>>> On Thu, Jul 23, 2015 at 8:16 AM, Timo Goosen <timo.goosen at owasp.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>> >Also as I've said in the past, there are projects that are almost
>>>>>>>> identical copies of hackademic that have also received funds even though at
>>>>>>>> that time they didn't have >one line of code. Why weren't you skeptical
>>>>>>>> about those projects but on the contrary quite supportive
>>>>>>>> Can you give a list of these projects?
>>>>>>>>
>>>>>>>> Also I'd like to see some feedback on what you guys did with the
>>>>>>>> funds.
>>>>>>>> That you guys received.
>>>>>>>>
>>>>>>>>
>>>>>>>> Regards.
>>>>>>>> Timo
>>>>>>>>
>>>>>>>> On Thu, Jul 23, 2015 at 2:05 PM, Konstantinos Papapanagiotou <
>>>>>>>> Konstantinos at owasp.org> wrote:
>>>>>>>>
>>>>>>>>> Johanna,
>>>>>>>>>
>>>>>>>>> Most of our commits are on the 'next' branch:
>>>>>>>>> https://github.com/Hackademic/hackademic/graphs/commit-activity
>>>>>>>>>
>>>>>>>>> I believe that funds were allocated through the agreed,
>>>>>>>>> transparent procedure for the code sprint. If other projects are in need of
>>>>>>>>> funds why didn't they apply?
>>>>>>>>>
>>>>>>>>> Also as I've said in the past, there are projects that are almost
>>>>>>>>> identical copies of hackademic that have also received funds even though at
>>>>>>>>> that time they didn't have one line of code. Why weren't you skeptical
>>>>>>>>> about those projects but on the contrary quite supportive?
>>>>>>>>>
>>>>>>>>> And last but not least, next time you want to make such
>>>>>>>>> allegations please get in touch with me rather than send emails to the
>>>>>>>>> board behind my back.
>>>>>>>>>
>>>>>>>>> Kostas
>>>>>>>>>
>>>>>>>>> On Thu, Jul 23, 2015 at 2:43 PM, johanna curiel curiel <
>>>>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>>>>>
>>>>>>>>>> Dear Task Force members and Board
>>>>>>>>>>
>>>>>>>>>> Over the last year, we have had a close look to the Hackademic
>>>>>>>>>> project.
>>>>>>>>>>
>>>>>>>>>> Last year we did a testing during the month of October , executed
>>>>>>>>>> by Marios Kourtesis and I. This year, Timo Goosen also did an evaluation on
>>>>>>>>>> this project during the Project Summit EU.
>>>>>>>>>>
>>>>>>>>>> From the evaluations we could conclude the following:
>>>>>>>>>>
>>>>>>>>>>    - The project lacks documentation in order for first time
>>>>>>>>>>    users to install and to build this properly
>>>>>>>>>>    - The project does not have any developments except during
>>>>>>>>>>    the Google summer of Code last year. You can see their contributions on
>>>>>>>>>>    their main development branch here. Basically almost none(see attached
>>>>>>>>>>    image)
>>>>>>>>>>       - https://www.openhub.net/p/hackademic
>>>>>>>>>>    - I requested an update regarding their developments but
>>>>>>>>>>    never received an answer on this
>>>>>>>>>>    - Timo Goosen spent quite lot of time during the Summit
>>>>>>>>>>    working on their project, developing documentation for them which they
>>>>>>>>>>    never updated their wiki and use it
>>>>>>>>>>
>>>>>>>>>> Now this project is getting the sponsorship for the Summer of
>>>>>>>>>> code when they hardly work on their development and to us it lacks a
>>>>>>>>>> certain level of maturity and robustness which unfortunately there are
>>>>>>>>>> other projects in incubator stage that are much better and more mature than
>>>>>>>>>> this one.
>>>>>>>>>>
>>>>>>>>>> I strongly advise the board that before taking major decisions to
>>>>>>>>>> spend money in activities for projects lacking a clear strcutural
>>>>>>>>>> development , to take the time and evaluate if the project deserves it.
>>>>>>>>>>
>>>>>>>>>> I think there are many other projects that can use that money and
>>>>>>>>>> have shown committed and responsive project leaders
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Regards
>>>>>>>>>> Johanna
>>>>>>>>>>
>>>>>>>>>> HACKADEMICS activity over the past 2 years:
>>>>>>>>>> [image: Inline image 1]
>>>>>>>>>> Johanna
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Owasp-board mailing list
>>>>>>>>>> Owasp-board at lists.owasp.org
>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Owasp-board mailing list
>>>>>>>>> Owasp-board at lists.owasp.org
>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150723/6aab42b8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot 2015-07-23 07.38.03.png
Type: image/png
Size: 82965 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150723/6aab42b8/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot 2015-07-23 08.20.26.png
Type: image/png
Size: 45571 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150723/6aab42b8/attachment-0003.png>


More information about the Owasp-board mailing list