[Owasp-board] Regarding Hackademic project-follow up discussion clarifications

Matt Konda matt.konda at owasp.org
Fri Jul 24 13:22:19 UTC 2015


Timo, Kostas and Johanna,

Let's short-circuit this discussion.  I don't believe further email on this
topic is going to advance the discussion or create measurable activity in a
positive way.

I will reach out to each of you independently and try to understand your
specific concerns in this case and see if we can establish any actual
things that need to get done or changed and work through that.

Most importantly, thank you all for your consistent work and contributions.
Keep up the great work!

Matt


On Fri, Jul 24, 2015 at 8:04 AM, Timo Goosen <timo.goosen at owasp.org> wrote:

> The project leaders don't respond to things we send them to do,update etc.
> The project activity that this project supposedly has is not visible on
> github or openhub.
>
> Regards.
> Timo
>
> On Fri, Jul 24, 2015 at 11:42 AM, Konstantinos Papapanagiotou <
> Konstantinos at owasp.org> wrote:
>
>> Lack transparency?!! How is that?!
>>
>> On Fri, Jul 24, 2015 at 11:16 AM, Timo Goosen <timo.goosen at owasp.org>
>> wrote:
>>
>>> >You can point out such inconsistencies on a personal or project level
>>> before publicly saying that you guys know nothing about security and keep
>>> spending money without doing anything.
>>> I've tried being nice. I'm not gonna take back what I said. I'm not new
>>> to the Open Source community and this is not how you run an open source
>>> project. This project lacks transparency and also you guys don't react well
>>> to people trying to help you, you react even worse to criticism. I do think
>>> you guys are wasting money and I also think you are ungrateful.
>>>
>>> Regards.
>>> Timo
>>>
>>>
>>> On Thu, Jul 23, 2015 at 6:59 PM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>> >You can point out such inconsistencies on a personal or project level
>>>> before publicly saying that you guys know nothing about security and keep
>>>> spending money without doing anything.
>>>>
>>>> We already did this directly with the project leaders and didn't
>>>> received an answer. Spyros never answered my questions regarding the new
>>>> branch or updates:
>>>>
>>>> https://groups.google.com/a/owasp.org/forum/?hl=en#!topic/projects-task-force/iKoo1utMwAcT
>>>>
>>>> No one took the time to update the wiki or update us with the status.
>>>>
>>>> Timo just made an observation on the fact that the documentation he
>>>> created was not published and never received a concrete answer on that.He
>>>> gave them the documentation through email.Maybe his reaction was out of
>>>> frustration he has expressed multiple times to me due to spending time and
>>>> he felt no appreciation for the efforts he did.
>>>>
>>>>  If I didn't contact you directly is because you do not appear to us as
>>>> leading the project. Spyros and Antonis are doing that from our
>>>> understanding.
>>>> See mailing list:
>>>> http://lists.owasp.org/pipermail/owasp-hackademic-challenges/
>>>>
>>>> I think that the problem here is a misconception and misunderstanding
>>>> of the work and Project classification. I would like to clarify this again.
>>>> This information has been published on the wiki:
>>>> https://www.owasp.org/index.php/Category:OWASP_Project#tab=Project_Assessments
>>>>
>>>> The higher you are ranked, the more we review , watch and control we
>>>> do. Projects in incubator phase are more free to have the development they
>>>> want as long as they keep active within a period of 1 year for code, 2-3
>>>> years for documentation. A very low bar, even though many members have
>>>> expressed that they do not even support this. I think we should consider
>>>> putting this to a community vote
>>>>
>>>> Why is that ? Because the  higher that you rank , the more benefits you
>>>> get including budget,  financing and participation in initiatives.
>>>> The fact that USD4,500- can go to your project creates a level of
>>>> responsibility for deliverables.
>>>>
>>>> I'm not accusing the project of doing anything, but the issue here is
>>>> the status LAB vs activity level does not match.The branch shows no major
>>>> progress nor wiki or updates or mailing list have a low activity.
>>>>
>>>> I'm not saying we should not spend USD12,500 in 4 projects, what I'm
>>>> saying is that for next time we should evaluate if this activity or any
>>>> other should be kept when it has not the desired impact on the proposed
>>>> OWASP mission and goals.
>>>>
>>>> That is what any organisation does when investing or spending in a
>>>> certain activity. Whether to improve it or cancel it.
>>>>
>>>> That goes for any initiative.
>>>>
>>>> Regards
>>>>
>>>> Johanna
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Thu, Jul 23, 2015 at 11:10 AM, Konstantinos Papapanagiotou <
>>>> Konstantinos at owasp.org> wrote:
>>>>
>>>>> This has been already discussed openly, voted and decided, a couple of
>>>>> months ago. Why do we have to come back? Unless you think that you can also
>>>>> kill an initiative voted by the board with a single email of yours like you
>>>>> demoted our project.
>>>>>
>>>>> Anyway Johanna, I'm in favor of criticism and the reviewing process
>>>>> because it provides constructive comments. Once more, I have no issues with
>>>>> calling Hackademic "Lab", "Incubator" or anything that you see fit. You
>>>>> promoted it to "Lab", you demote it to "incubator". However in this thread
>>>>> I've seen a lot of comments that are more like libel on a public mailing
>>>>> list , rather than criticism. You have said that we get money without doing
>>>>> anything, that there's hardly any work done and someone even said that we
>>>>> "lack basic knowledge of security". The project might not be mature enough,
>>>>> might not have all the required elements to be on the "Lab" status, might
>>>>> have security or other bugs but this is something totally different. You
>>>>> can point out such inconsistencies on a personal or project level before
>>>>> publicly saying that you guys know nothing about security and keep spending
>>>>> money without doing anything.
>>>>> Frankly Johanna, I expected that at least you, personally, knew the
>>>>> progress we are making, even if its slow; and you also know me personally
>>>>> you could have got in touch with me first with all these issues. My take
>>>>> would have probably been to go back to incubator until we improve. You can
>>>>> do as you see fit with the project but I do expect an apology on a personal
>>>>> level for things that have been said.
>>>>>
>>>>> Thank you Johanna,
>>>>> Kostas
>>>>>
>>>>>
>>>>  --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "OWASP Projects Task Force" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to projects-task-force+unsubscribe at owasp.org.
>>>> To post to this group, send email to projects-task-force at owasp.org.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_1nO4ktH%2BdVOy60WhurFd-rf4zhMS%2BOH8necshirVf%2BAA%40mail.gmail.com
>>>> <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_1nO4ktH%2BdVOy60WhurFd-rf4zhMS%2BOH8necshirVf%2BAA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>
>>>
>>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150724/4e736ad2/attachment.html>


More information about the Owasp-board mailing list