[Owasp-board] Regarding Hackademic project

johanna curiel curiel johanna.curiel at owasp.org
Thu Jul 23 14:49:53 UTC 2015


The Project Reviews and assessments is an initiative that exists long
before I joined owasp.

But I guess being a monitoring authority gets discourage with comments like
yours. I heard this before by other review members that left.

Providing criticism is not easy. Accepting critique even more difficult. I
receive multiple emails by members of the community with opinions about how
should we do things or not. I accept them all and try to make improvements
based on their critique.

Like I said and based on the mailing list, I don't take decisions alone and
I have done that based on the assessments done by 3 persons and lately lead
by Timo , not me.
Everything is wide open on that Project Review mailing list.

Like you say , we are in a democracy(for those that leave in a democratic
land), let people decide how they want to waste their time ;-)

Is OWASP money being spent here for a specific mission and we should always
ask ourselves , are we in the right course.

*“To avoid criticism say nothing, do nothing, be nothing.” *
*― Aristotle <http://www.goodreads.com/author/show/2192.Aristotle>*

On Thu, Jul 23, 2015 at 10:36 AM, Konstantinos Papapanagiotou <
Konstantinos at owasp.org> wrote:

> So Johanna all this fuss you are making wasting our valuable volunteer
> time, is it about hackademic or more about the code sprint? Can you be
> clear on that? Because if it's about the code sprint, we've been through
> that so can you please get over it and move on? It's both about sponsoring
> students _and_ improve projects. If other leaders don't have the time to
> mentor they can choose not to participate and I'm really sorry but I can't
> do anything about it.
> as far as the $4500 are concerned I think it's pretty clear now that the
> students get it and not hackademic. And since you imply that the project
> leaders are not being subjective or do not know what's best for their
> project, then maybe we can form a committee like your project tasks force
> where one person can demote projects with a simple email. That would be
> fair, open and democratic.
>
> On Thu, Jul 23, 2015 at 5:19 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> >Why are these projects not participating in any of the org's
>> initiatives?
>> Why is the project leaders not committed or responsive?
>> I'm sure that if a project with so much better codebase and features came
>> to, say, summer code sprint and asked for students then it would receive a
>> number of students and hackademic would eventually fade into obscurity, no?
>>
>> There are many projects with excellent code base Spyros.
>>
>> @Bev, The initiatives should match with the actual needs of
>> the community.
>>
>>  If only 4 projects are benefitting now from the summer of code is
>> because there are no mentors, Project leaders do not have time to
>> participate.
>> Even Timo is the mentor in this initiative for APPsensor ;-P.
>>
>> Timo is not even the leader but wants to help and contribute, just like
>> me.
>>
>> The google summer of code has another goal: *Google Summer of Code is a
>> global program that offers students stipends to write code for open source
>> projects. *
>>
>> Do we want to sponsor students or do we want to improve projects? Is the
>> summer of code the best initiative to improve projects?
>> I honestly doubt it. I don't even want to participate even if Google is
>> paying because after 2 summits I noticed that :
>>
>>    - Some Leaders don't have time. This reflects in the poor mentoring
>>    - Students require a lot of mentoring time in order to be productive
>>    - I don't want to spend my vacation mentoring
>>    - Google has many issues with students abandoning their projects.
>>
>> What kind of initiatives do server our goals directly?
>>
>> 3 students are getting paid for Hackademics,  if they all pass and
>> deliver work(based on what their Project leaders think) at the end, that is
>> USD$4500 ==>3xUSD1500==> USD4500,0
>> Simple math.
>>
>>
>> *OWASP Summer Code Sprint 2015 Is Underway *
>>>>
>>>> The first selection stage of the Summer Code Sprint has finished on
>>>> July 10th and we are proud to announce 8 new university students around the
>>>> world will work on OWASP projects.
>>>>
>>>> *Selected Students are as follows:*
>>>>
>>>
>>
>>> *OWASP OWTF Projects*
>>>>
>>>> *OWASP Hackademic Project*
>>>>
>>>> Viyat Bhalodia
>>>>
>>>> Anirudh Anand
>>>>
>>>> Arun Sori
>>>>
>>>> Minhaz AV
>>>>
>>>> Alexandra Sandulescu
>>>>
>>>> Tapasweni Pathak
>>>>
>>>> *OWASP APPSensor*
>>>>
>>>> *OWASP Seraphimdroid*
>>>>
>>>> Sumanth Damaria
>>>>
>>>> *Kartik Kohli*
>>>>
>>>
>> On Thu, Jul 23, 2015 at 10:01 AM, Bev Corwin <bev.corwin at owasp.org>
>> wrote:
>>
>>> +1 I support Johanna and the Project Committee. I do not think that it
>>> is OWASP's mission to give such special preference and accommodations to
>>> excessively exclusive non-accommodating groups.
>>>
>>> Bev
>>>
>>>
>>> On Thu, Jul 23, 2015 at 9:58 AM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>> In any case you seem to be spending way too much time in finding
>>>> inconsistencies in things I run. I honestly don't care about labels so feel
>>>> free to call hackademic "lab", "incubator" or however you wish. I have to
>>>> say that I'm very surprisde though that a project can be demoted by a
>>>> single person in a single email. That's quite a lot of power in one person
>>>> and not a very democratic way to decide, isn't it?
>>>>
>>>> I'm the leader and I base the decisions on the criteria an opinions of
>>>> my team, not only me.Take the time if you want to read all the work has
>>>> been done by multiple volunteers:
>>>>
>>>> https://www.owasp.org/index.php/Category:OWASP_Project#tab=Project_Assessments
>>>>
>>>> The fact that we want to see improvements and spend time on it should
>>>> be seen as a whole for OWASP , the users and consumers of the projects ,
>>>> not  only for an individual benefit.
>>>>
>>>> And yes, don't worry, I won't waste my time reviewing your project
>>>> anymore.
>>>>
>>>>  This was part of the major review we did last year and after a year ,
>>>> also we conducted a new review lead by Timo.
>>>>
>>>> We can conclude that in our opinion this project does not deserve the
>>>> label it has based on a criteria built by a team not only me.
>>>> Based on the many hours we spend reviewing and building this project.
>>>> And we have provided proof of that.
>>>>
>>>> It seems we spent more time that you on this project ;-P.
>>>>
>>>> Regards
>>>>
>>>> Johanna
>>>>
>>>> On Thu, Jul 23, 2015 at 9:47 AM, Konstantinos Papapanagiotou <
>>>> Konstantinos at owasp.org> wrote:
>>>>
>>>>> Johanna,
>>>>>
>>>>> You should really refrain from telling me what to do and what not to
>>>>> do. This is my personal volunteer time and frankly I'll do as l see
>>>>> best and what's best for owasp and the community.
>>>>>
>>>>> I believe that you've got this all wrong. As usual you make statements
>>>>> out of the blue to give a false impression. Can you point out how exactly
>>>>> $4500 has been spent and by whom?
>>>>>
>>>>> In any case you seem to be spending way too much time in finding
>>>>> inconsistencies in things I run. I honestly don't care about labels so feel
>>>>> free to call hackademic "lab", "incubator" or however you wish. I have to
>>>>> say that I'm very surprisde though that a project can be demoted by a
>>>>> single person in a single email. That's quite a lot of power in one person
>>>>> and not a very democratic way to decide, isn't it?
>>>>>
>>>>> Lastly in what concerns me and I also believe the hackademic
>>>>> project, your involvement is very unproductive. Please stop spending so
>>>>> much time with us and let us move forward with our project as we see best.
>>>>> Unless of course you believe we are somehow  violating owasp ethics
>>>>> or bylaws and this shouldn't even be an owasp project.
>>>>>
>>>>> Kostas
>>>>>
>>>>>
>>>>> On Thursday, July 23, 2015, johanna curiel curiel <
>>>>> johanna.curiel at owasp.org> wrote:
>>>>>
>>>>>> On May Timo did an extensive evaluation
>>>>>>
>>>>>> https://docs.google.com/spreadsheets/d/1LpPBZ1kSnxuQ3I2bCE3aXVKOQXM7HnT4Xxfw5Nv1DKw/edit?usp=sharing
>>>>>>
>>>>>> Also Timo is referring to their comments regarding security:
>>>>>> https://github.com/Hackademic/hackademic/issues/165
>>>>>>
>>>>>> We exchange multiple emails with Spyros and Antonis which are leading
>>>>>> the project ,regarding the status and the findings from Marios and Timo.
>>>>>> All open on the Project Task Force mailing list
>>>>>>
>>>>>> https://groups.google.com/a/owasp.org/forum/?hl=en#!topic/projects-task-force/iKoo1utMwAc
>>>>>>
>>>>>> @Konstantinos, you should be more involved in the actual development
>>>>>> of the project because it seems to us you are not even aware what is
>>>>>> happening.
>>>>>>
>>>>>> No changes were done, I did not receive any feedback further.
>>>>>>
>>>>>> We spent a lot of time reviewing and providing enough opportunities
>>>>>> for improvement, but if their project leaders expect that they need to be
>>>>>> financed every time to make progress in their project, I do not agree with
>>>>>> this attitude.
>>>>>>
>>>>>> Thats the point. We know that none of this funds is spent by their
>>>>>> project leaders directly, but project leaders have responsibilities because
>>>>>> they get opportunities such as attending the Project Summits, which was
>>>>>> also paid from the Project Summit EU.
>>>>>>
>>>>>> We are demoting this project to incubator status.
>>>>>>
>>>>>> USD4500 is now been spent in Hackademics development.
>>>>>>
>>>>>> I hope that something comes out of this and at least improvements are
>>>>>> done.
>>>>>>
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> Johanna
>>>>>>
>>>>>> On Thu, Jul 23, 2015 at 8:45 AM, Timo Goosen <timo.goosen at owasp.org>
>>>>>> wrote:
>>>>>>
>>>>>>> I'd like to see these guys demoted from LAB status. They seem to
>>>>>>> also lack basic knowledge of security from my interaction with them.
>>>>>>>
>>>>>>> I don't support this project and they will not get anymore of my
>>>>>>> time as a volunteer for OWASP.
>>>>>>> ( I don't get or my time as volunteer and neither does Johanna,
>>>>>>> contrary to popular belief.)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Regards.
>>>>>>> Timo
>>>>>>>
>>>>>>> On Thu, Jul 23, 2015 at 2:26 PM, johanna curiel curiel <
>>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>>>
>>>>>>>> And btw I'm not impress by the activity level of this project over
>>>>>>>> the years on the mentioned branch.
>>>>>>>>
>>>>>>>> This is a 'LAB' project which people expect a certain level of
>>>>>>>> maturity. When Timo and Marios did their testing the same conclusion was
>>>>>>>> observed: they lack documentation
>>>>>>>>
>>>>>>>> This project was promoted to LAB before we did a major evaluation
>>>>>>>> in 2014 and honestly compare to other incubators, it lacks many things to
>>>>>>>> be a LAB project.
>>>>>>>>
>>>>>>>> However we did not demoted, we leave it and keep on observing it.
>>>>>>>>
>>>>>>>> My whole point is and also from Timo, that a project should be more
>>>>>>>> responsive regarding the work we do and also their project leaders should
>>>>>>>> keep in mind there are responsibilities regarding this. IF you are only
>>>>>>>> their to receive funds then, we are quite reluctant to believe its
>>>>>>>> credibility
>>>>>>>>
>>>>>>>> [image: Inline image 1]
>>>>>>>>
>>>>>>>> On Thu, Jul 23, 2015 at 8:16 AM, Timo Goosen <timo.goosen at owasp.org
>>>>>>>> > wrote:
>>>>>>>>
>>>>>>>>>
>>>>>>>>> >Also as I've said in the past, there are projects that are almost
>>>>>>>>> identical copies of hackademic that have also received funds even though at
>>>>>>>>> that time they didn't have >one line of code. Why weren't you skeptical
>>>>>>>>> about those projects but on the contrary quite supportive
>>>>>>>>> Can you give a list of these projects?
>>>>>>>>>
>>>>>>>>> Also I'd like to see some feedback on what you guys did with the
>>>>>>>>> funds.
>>>>>>>>> That you guys received.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Regards.
>>>>>>>>> Timo
>>>>>>>>>
>>>>>>>>> On Thu, Jul 23, 2015 at 2:05 PM, Konstantinos Papapanagiotou <
>>>>>>>>> Konstantinos at owasp.org> wrote:
>>>>>>>>>
>>>>>>>>>> Johanna,
>>>>>>>>>>
>>>>>>>>>> Most of our commits are on the 'next' branch:
>>>>>>>>>> https://github.com/Hackademic/hackademic/graphs/commit-activity
>>>>>>>>>>
>>>>>>>>>> I believe that funds were allocated through the agreed,
>>>>>>>>>> transparent procedure for the code sprint. If other projects are in need of
>>>>>>>>>> funds why didn't they apply?
>>>>>>>>>>
>>>>>>>>>> Also as I've said in the past, there are projects that are almost
>>>>>>>>>> identical copies of hackademic that have also received funds even though at
>>>>>>>>>> that time they didn't have one line of code. Why weren't you skeptical
>>>>>>>>>> about those projects but on the contrary quite supportive?
>>>>>>>>>>
>>>>>>>>>> And last but not least, next time you want to make such
>>>>>>>>>> allegations please get in touch with me rather than send emails to the
>>>>>>>>>> board behind my back.
>>>>>>>>>>
>>>>>>>>>> Kostas
>>>>>>>>>>
>>>>>>>>>> On Thu, Jul 23, 2015 at 2:43 PM, johanna curiel curiel <
>>>>>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>>>>>>
>>>>>>>>>>> Dear Task Force members and Board
>>>>>>>>>>>
>>>>>>>>>>> Over the last year, we have had a close look to the Hackademic
>>>>>>>>>>> project.
>>>>>>>>>>>
>>>>>>>>>>> Last year we did a testing during the month of October ,
>>>>>>>>>>> executed by Marios Kourtesis and I. This year, Timo Goosen also did an
>>>>>>>>>>> evaluation on this project during the Project Summit EU.
>>>>>>>>>>>
>>>>>>>>>>> From the evaluations we could conclude the following:
>>>>>>>>>>>
>>>>>>>>>>>    - The project lacks documentation in order for first time
>>>>>>>>>>>    users to install and to build this properly
>>>>>>>>>>>    - The project does not have any developments except during
>>>>>>>>>>>    the Google summer of Code last year. You can see their contributions on
>>>>>>>>>>>    their main development branch here. Basically almost none(see attached
>>>>>>>>>>>    image)
>>>>>>>>>>>       - https://www.openhub.net/p/hackademic
>>>>>>>>>>>    - I requested an update regarding their developments but
>>>>>>>>>>>    never received an answer on this
>>>>>>>>>>>    - Timo Goosen spent quite lot of time during the Summit
>>>>>>>>>>>    working on their project, developing documentation for them which they
>>>>>>>>>>>    never updated their wiki and use it
>>>>>>>>>>>
>>>>>>>>>>> Now this project is getting the sponsorship for the Summer of
>>>>>>>>>>> code when they hardly work on their development and to us it lacks a
>>>>>>>>>>> certain level of maturity and robustness which unfortunately there are
>>>>>>>>>>> other projects in incubator stage that are much better and more mature than
>>>>>>>>>>> this one.
>>>>>>>>>>>
>>>>>>>>>>> I strongly advise the board that before taking major decisions
>>>>>>>>>>> to spend money in activities for projects lacking a clear strcutural
>>>>>>>>>>> development , to take the time and evaluate if the project deserves it.
>>>>>>>>>>>
>>>>>>>>>>> I think there are many other projects that can use that money
>>>>>>>>>>> and have shown committed and responsive project leaders
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Regards
>>>>>>>>>>> Johanna
>>>>>>>>>>>
>>>>>>>>>>> HACKADEMICS activity over the past 2 years:
>>>>>>>>>>> [image: Inline image 1]
>>>>>>>>>>> Johanna
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Owasp-board mailing list
>>>>>>>>>>> Owasp-board at lists.owasp.org
>>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Owasp-board mailing list
>>>>>>>>>> Owasp-board at lists.owasp.org
>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150723/f76881e0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot 2015-07-23 08.20.26.png
Type: image/png
Size: 45571 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150723/f76881e0/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot 2015-07-23 07.38.03.png
Type: image/png
Size: 82965 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150723/f76881e0/attachment-0003.png>


More information about the Owasp-board mailing list