[Owasp-board] Discussion on Proposal 4

Josh Sokol josh.sokol at owasp.org
Wed Oct 14 00:29:41 UTC 2015


Noreen has already provided context around what is an "Active leader".
This can be eaily written into the Leader Handbooks for clarity.  I will
add a section for "as defined in the handbooks", but this seems like a
silly reason to hold up a vote.

~josh
On Oct 13, 2015 4:09 AM, "Fabio Cerullo" <fcerullo at owasp.org> wrote:

> Same principle as before… there is no clear definition of ‘active leader’
> so I would vote NO.
>
>
> Fabio Cerullo
> Global Board Member
> OWASP Foundation
> https://www.owasp.org
>
> On 13 Oct 2015, at 3:04 a.m., Matt Konda <matt.konda at owasp.org> wrote:
>
> I vote yes for #4.
>
> Josh and Jim also voted yes.  I registered Andrew as a no based on the
> chain.
>
> It is not clear whether others are prepared to vote.  This does not yet
> have enough votes to succeed.
>
> Matt
>
>
> On Fri, Oct 9, 2015 at 4:47 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>
>> Andrew, perhaps you are confusing this proposal with proposal 3 which
>> states that "*All accounts belonging to active chapters and projects, as
>> defined in the Chapter and Project Handbooks respectively, with balances
>> less than $500, will be brought to $500 beginning January 1, 2016 as long
>> as there are at least two active leaders at that time.*"  This proposal
>> only applies to *NEW* projects and chapters.  I'm not sure about new
>> projects in 2015, but there were 28 new chapters in 2015 which would equate
>> to $14k under this proposal, if it were in place this year.  Think of this
>> as "kickstarter" funding to get them moving.  If they don't want it, or
>> cannot use it, then they can always donate it back.
>>
>> ~josh
>>
>> On Fri, Oct 9, 2015 at 3:52 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>
>>> Tobias,
>>>
>>> I have read all of the conversation and discussion carefully an I voted
>>> YES on all 11 of these proposals.
>>>
>>> - Jim
>>>
>>>
>>> On 10/9/15 10:49 PM, Tobias wrote:
>>>
>>> As our mailing-list got a bit swamped, this might have got lost in the
>>> hundred voting emails, do we have any further discussion elements on this
>>> one?
>>> And if people like vote on this, can they please confirm that they have
>>> at least acknowledged this discussion when casting their vote?
>>> Thanks, Tobias
>>>
>>>
>>> On 09/10/15 14:29, Andrew van der Stock wrote:
>>>
>>> At the moment, and I would love to hear from the large project leaders
>>> here too, is that prior to this initiative, it was too hard for projects to
>>> spend money on anything really useful.
>>>
>>> I worked with Sam and applied for DHS grants expecting to be able to
>>> take some time off to work on the Developer Guide. The brouhaha was so much
>>> that I never felt I could use the granted DHS grant money granted
>>> specifically for us to work on the Developer Guide to work on the Developer
>>> Guide. In the end, I used some of the funds to go AppSec USA 2013 to try
>>> and build some community, but was put into a really small room, and I ended
>>> up speaking to 10 folks who already knew about the Dev Guide. I got more
>>> out of the Project Summit than I did out of my talk.
>>>
>>> I don't want to get stuck into the past problems as we're trying to
>>> solve a general problem here, but giving new projects $500 when it's really
>>> hard for them to spend that money on anything useful is ... another form of
>>> ring fencing.
>>>
>>> I am prepared to be proven wrong, but I would hate for $500 * 130 = $65k
>>> to be so thinly spread that no one project can't do anything useful with
>>> it, but all projects as a whole have $65k less than they do today. This is
>>> the problem with the entire Community Engagement Funding, which unless you
>>> knew it existed, also doesn't get spent. You've already used CEF as an
>>> example of projects not spending money in previous go arounds on this
>>> topic.
>>>
>>> My view right now is not to vote yes on this one until we have a really
>>> good discussion about eliminating barriers for projects to spend their
>>> funds. This might need to be done later with a second proposal to work out
>>> a perpetual project summit budget, or alternative ideas such as VPS credits
>>> with our labs solution.
>>>
>>> thanks
>>> Andrew
>>>
>>>
>>> On Fri, Oct 9, 2015 at 1:10 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>>
>>>> Here is the current text for proposal 4:
>>>>
>>>> *Upon creation of a new project or chapter, as long as they have at
>>>> least two leaders they will be allocated a $500 budget to begin with.*
>>>>
>>>> *Tobias:*
>>>> COMMENT: I have been thinking a bit more on Michael's comment last
>>>> night to reward activity. And I think some reward mechanism for chapter
>>>> activity and project status would be right. IMO we should be consistent and
>>>> apply the same criteria for "active" as we did in proposal 3.
>>>>
>>>> *Josh:*
>>>> I disagree here.  The biggest struggle for new chapter and project
>>>> leaders is getting funding.  We need to eliminate that struggle.
>>>> Obviously, chapters and projects are still subject to requirements and
>>>> approval by our ops team, as they are today, and that should weed out any
>>>> issues.  Also, think about the current value of being an OWASP chapter or
>>>> project leader.  If our goal is to attract more of these types of people to
>>>> OWASP, then $500 seems like a pretty small amount in the grand scheme of
>>>> things to incentivize them to do so.
>>>>
>>>> *Tobias:*
>>>> Noted. I can see your point.
>>>> But, we may have a different perception on the requirements and
>>>> approval process by the ops team to create a new chapter/project. In my
>>>> understanding, today, the barrier to setting up a chapter or project is
>>>> intentionally very very low. Close to zero. Basically anyone can do it with
>>>> close to zero evidence. So, I am here a bit more on the side of caution. My
>>>> concern is to manage the potential risk of abuse. Call it "fiduciary ...".
>>>> I trust our community, but independent of trust, we also are responsible
>>>> (and legally obliged) to put sufficient controls in place before releasing
>>>> charity funds. With an active chapter or project there are at least some
>>>> community review controls in place. I am concerned that we would not fulfil
>>>> our fiduciary duty of protecting foundation money against fraud risks if we
>>>> assign money immediately without the need for the chapter/project to be
>>>> active. That is the reason why I proposed this alternative.
>>>>
>>>> Do you and others think I am overprotective?
>>>>
>>>> It would be helpful for me to hear some further board members' opinion
>>>> on that before moving to a vote.
>>>>
>>>> (On a note: Thinking about it, another way to achieve a higher minimum
>>>> control of expenses for new projects could be to add some extra review for
>>>> a new chapter/project expense (e.g. by the ops team, or maybe an active
>>>> neighbour chapter) before we sign-off on expenses.)
>>>>
>>>> *Josh:*
>>>> The barrier may be low, but it is definitely not zero.  Noreen provided
>>>> a bit of insight into her process for vetting chapter leaders at the Leader
>>>> Sessions at AppSec.  She looks at resumes, loosely looks for associated
>>>> references, etc.  We also have qualifications around the locations for new
>>>> Chapters.  I'm not as familiar as the process for Projects, but ultimately
>>>> I don't think any of that matters much.  Putting money in an account is no
>>>> different than what happens today.  What matters are the controls around
>>>> how that money gets spent.  Personally, I think you are being too
>>>> overprotective here and we have controls in place to address your concern,
>>>> but I'm open to the opinions of others.
>>>>
>>>> ~josh
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>> --
>>> Jim Manico
>>> Global Board Member
>>> OWASP Foundationhttps://www.owasp.org
>>>
>>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20151013/b10604a4/attachment.html>


More information about the Owasp-board mailing list