[Owasp-board] Regarding Hackademic project-follow up discussion clarifications

Timo Goosen timo.goosen at owasp.org
Fri Jul 24 08:30:55 UTC 2015


We never said that the money from the code sprint come with additional
responsibilities apart those mentioned in the proposal. Who do you think
you are?
>This project is not worth the amount of money spent on it. Who do you
think you are? I'd like to see what all the money allocated to this project
has been spent on.

You ask us to update the wiki but then you completely ignore it in terms
of who the project leaders are. We pointed you the right branch, but you
ignored it. We use github for communication, not the mailing list. If you
took the time to do an actual evaluation you would have noticed that.
> "You ask us to update the wiki but then you completely ignore it in terms
of who the project leaders are"
It doesn't matter who the project leaders are, if they are president Obama
it doesn't even matter. Update your wiki, nobody gets special treatment
here.

>Hackademic has been around for 4-5 years now and we are now seeing an all
time high in contributions from volunteers and people from all over the
>world working on it. And at the very same time you are saying that there
is no activity. This is ridiculous!!!!
Maybe when the project started it was active. But it lacks documentation
and also lacks leaders who take the issues opened on github seriously.

>I've been involved with owasp for more than 10 years now, I've worked with
quite a few project leaders, Paolo and Samantha. They were all supportive
>and helped you get actual work done. You don't care to do that. You only
care to convince everyone about your point of view at any cost.
I don't see how these statements have any relevance here. The discussion is
about hackademic.

>Johanna, I don't want you involved in our project in any way from now on.
I was actually wrong: you re not only unproductive, but destructive. I will
>also personally refrain from volunteering in any activity you are either
leading or participating.
Well we don't want to be involved with it anymore either. This project is a
waste of time and money to me.


Regards.
Timo


On Fri, Jul 24, 2015 at 8:15 AM, Konstantinos Papapanagiotou <
Konstantinos at owasp.org> wrote:

> Johanna,
>
> I've had enough of this. You sent an email, never actually followed up on
> it and then you made your usual false assumptions to create the impression
> you want.
>
> We never said that the money from the code sprint come with additional
> responsibilities apart those mentioned in the proposal. Who do you think
> you are?
>
> You ask us to update the wiki but then you completely ignore it in terms
> of who the project leaders are. We pointed you the right branch, but you
> ignored it. We use github for communication, not the mailing list. If you
> took the time to do an actual evaluation you would have noticed that.
>
> Hackademic has been around for 4-5 years now and we are now seeing an all
> time high in contributions from volunteers and people from all over the
> world working on it. And at the very same time you are saying that there is
> no activity. This is ridiculous!!!!
>
> I've been involved with owasp for more than 10 years now, I've worked with
> quite a few project leaders, Paolo and Samantha. They were all supportive
> and helped you get actual work done. You don't care to do that. You only
> care to convince everyone about your point of view at any cost.
>
> Johanna, I don't want you involved in our project in any way from now on.
> I was actually wrong: you re not only unproductive, but destructive. I will
> also personally refrain from volunteering in any activity you are either
> leading or participating.
>
> Kostas
>
>
> On Thursday, July 23, 2015, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> >You can point out such inconsistencies on a personal or project level
>> before publicly saying that you guys know nothing about security and keep
>> spending money without doing anything.
>>
>> We already did this directly with the project leaders and didn't received
>> an answer. Spyros never answered my questions regarding the new branch or
>> updates:
>>
>> https://groups.google.com/a/owasp.org/forum/?hl=en#!topic/projects-task-force/iKoo1utMwAcT
>>
>> No one took the time to update the wiki or update us with the status.
>>
>> Timo just made an observation on the fact that the documentation he
>> created was not published and never received a concrete answer on that.He
>> gave them the documentation through email.Maybe his reaction was out of
>> frustration he has expressed multiple times to me due to spending time and
>> he felt no appreciation for the efforts he did.
>>
>>  If I didn't contact you directly is because you do not appear to us as
>> leading the project. Spyros and Antonis are doing that from our
>> understanding.
>> See mailing list:
>> http://lists.owasp.org/pipermail/owasp-hackademic-challenges/
>>
>> I think that the problem here is a misconception and misunderstanding of
>> the work and Project classification. I would like to clarify this again.
>> This information has been published on the wiki:
>> https://www.owasp.org/index.php/Category:OWASP_Project#tab=Project_Assessments
>>
>> The higher you are ranked, the more we review , watch and control we do.
>> Projects in incubator phase are more free to have the development they want
>> as long as they keep active within a period of 1 year for code, 2-3 years
>> for documentation. A very low bar, even though many members have expressed
>> that they do not even support this. I think we should consider putting this
>> to a community vote
>>
>> Why is that ? Because the  higher that you rank , the more benefits you
>> get including budget,  financing and participation in initiatives.
>> The fact that USD4,500- can go to your project creates a level of
>> responsibility for deliverables.
>>
>> I'm not accusing the project of doing anything, but the issue here is the
>> status LAB vs activity level does not match.The branch shows no major
>> progress nor wiki or updates or mailing list have a low activity.
>>
>> I'm not saying we should not spend USD12,500 in 4 projects, what I'm
>> saying is that for next time we should evaluate if this activity or any
>> other should be kept when it has not the desired impact on the proposed
>> OWASP mission and goals.
>>
>> That is what any organisation does when investing or spending in a
>> certain activity. Whether to improve it or cancel it.
>>
>> That goes for any initiative.
>>
>> Regards
>>
>> Johanna
>>
>>
>>
>>
>>
>> On Thu, Jul 23, 2015 at 11:10 AM, Konstantinos Papapanagiotou <
>> Konstantinos at owasp.org> wrote:
>>
>>> This has been already discussed openly, voted and decided, a couple of
>>> months ago. Why do we have to come back? Unless you think that you can also
>>> kill an initiative voted by the board with a single email of yours like you
>>> demoted our project.
>>>
>>> Anyway Johanna, I'm in favor of criticism and the reviewing process
>>> because it provides constructive comments. Once more, I have no issues with
>>> calling Hackademic "Lab", "Incubator" or anything that you see fit. You
>>> promoted it to "Lab", you demote it to "incubator". However in this thread
>>> I've seen a lot of comments that are more like libel on a public mailing
>>> list , rather than criticism. You have said that we get money without doing
>>> anything, that there's hardly any work done and someone even said that we
>>> "lack basic knowledge of security". The project might not be mature enough,
>>> might not have all the required elements to be on the "Lab" status, might
>>> have security or other bugs but this is something totally different. You
>>> can point out such inconsistencies on a personal or project level before
>>> publicly saying that you guys know nothing about security and keep spending
>>> money without doing anything.
>>> Frankly Johanna, I expected that at least you, personally, knew the
>>> progress we are making, even if its slow; and you also know me personally
>>> you could have got in touch with me first with all these issues. My take
>>> would have probably been to go back to incubator until we improve. You can
>>> do as you see fit with the project but I do expect an apology on a personal
>>> level for things that have been said.
>>>
>>> Thank you Johanna,
>>> Kostas
>>>
>>>
>>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150724/f97ae10a/attachment.html>


More information about the Owasp-board mailing list