[Owasp-board] Regarding Hackademic project-follow up discussion clarifications

Timo Goosen timo.goosen at owasp.org
Fri Jul 24 08:16:06 UTC 2015

>You can point out such inconsistencies on a personal or project level
before publicly saying that you guys know nothing about security and keep
spending money without doing anything.
I've tried being nice. I'm not gonna take back what I said. I'm not new to
the Open Source community and this is not how you run an open source
project. This project lacks transparency and also you guys don't react well
to people trying to help you, you react even worse to criticism. I do think
you guys are wasting money and I also think you are ungrateful.


On Thu, Jul 23, 2015 at 6:59 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> >You can point out such inconsistencies on a personal or project level
> before publicly saying that you guys know nothing about security and keep
> spending money without doing anything.
> We already did this directly with the project leaders and didn't received
> an answer. Spyros never answered my questions regarding the new branch or
> updates:
> https://groups.google.com/a/owasp.org/forum/?hl=en#!topic/projects-task-force/iKoo1utMwAcT
> No one took the time to update the wiki or update us with the status.
> Timo just made an observation on the fact that the documentation he
> created was not published and never received a concrete answer on that.He
> gave them the documentation through email.Maybe his reaction was out of
> frustration he has expressed multiple times to me due to spending time and
> he felt no appreciation for the efforts he did.
>  If I didn't contact you directly is because you do not appear to us as
> leading the project. Spyros and Antonis are doing that from our
> understanding.
> See mailing list:
> http://lists.owasp.org/pipermail/owasp-hackademic-challenges/
> I think that the problem here is a misconception and misunderstanding of
> the work and Project classification. I would like to clarify this again.
> This information has been published on the wiki:
> https://www.owasp.org/index.php/Category:OWASP_Project#tab=Project_Assessments
> The higher you are ranked, the more we review , watch and control we do.
> Projects in incubator phase are more free to have the development they want
> as long as they keep active within a period of 1 year for code, 2-3 years
> for documentation. A very low bar, even though many members have expressed
> that they do not even support this. I think we should consider putting this
> to a community vote
> Why is that ? Because the  higher that you rank , the more benefits you
> get including budget,  financing and participation in initiatives.
> The fact that USD4,500- can go to your project creates a level of
> responsibility for deliverables.
> I'm not accusing the project of doing anything, but the issue here is the
> status LAB vs activity level does not match.The branch shows no major
> progress nor wiki or updates or mailing list have a low activity.
> I'm not saying we should not spend USD12,500 in 4 projects, what I'm
> saying is that for next time we should evaluate if this activity or any
> other should be kept when it has not the desired impact on the proposed
> OWASP mission and goals.
> That is what any organisation does when investing or spending in a certain
> activity. Whether to improve it or cancel it.
> That goes for any initiative.
> Regards
> Johanna
> On Thu, Jul 23, 2015 at 11:10 AM, Konstantinos Papapanagiotou <
> Konstantinos at owasp.org> wrote:
>> This has been already discussed openly, voted and decided, a couple of
>> months ago. Why do we have to come back? Unless you think that you can also
>> kill an initiative voted by the board with a single email of yours like you
>> demoted our project.
>> Anyway Johanna, I'm in favor of criticism and the reviewing process
>> because it provides constructive comments. Once more, I have no issues with
>> calling Hackademic "Lab", "Incubator" or anything that you see fit. You
>> promoted it to "Lab", you demote it to "incubator". However in this thread
>> I've seen a lot of comments that are more like libel on a public mailing
>> list , rather than criticism. You have said that we get money without doing
>> anything, that there's hardly any work done and someone even said that we
>> "lack basic knowledge of security". The project might not be mature enough,
>> might not have all the required elements to be on the "Lab" status, might
>> have security or other bugs but this is something totally different. You
>> can point out such inconsistencies on a personal or project level before
>> publicly saying that you guys know nothing about security and keep spending
>> money without doing anything.
>> Frankly Johanna, I expected that at least you, personally, knew the
>> progress we are making, even if its slow; and you also know me personally
>> you could have got in touch with me first with all these issues. My take
>> would have probably been to go back to incubator until we improve. You can
>> do as you see fit with the project but I do expect an apology on a personal
>> level for things that have been said.
>> Thank you Johanna,
>> Kostas
>  --
> You received this message because you are subscribed to the Google Groups
> "OWASP Projects Task Force" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to projects-task-force+unsubscribe at owasp.org.
> To post to this group, send email to projects-task-force at owasp.org.
> To view this discussion on the web visit
> https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_1nO4ktH%2BdVOy60WhurFd-rf4zhMS%2BOH8necshirVf%2BAA%40mail.gmail.com
> <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_1nO4ktH%2BdVOy60WhurFd-rf4zhMS%2BOH8necshirVf%2BAA%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150724/71080b0a/attachment-0001.html>

More information about the Owasp-board mailing list