[Owasp-board] Let's stand together against DCMA and similar laws

Josh Sokol josh.sokol at owasp.org
Thu Aug 11 21:28:55 UTC 2016


I agree with the intent behind Kevin's e-mail and would support a Board
discussion alongside Andrew and Tom.

I also agree that it is reasonable to give Board members a day or so (at
least) to respond.  We've all got day jobs, familys, and need to sleep in
addition to our role as OWASP Board members.

~josh

On Thu, Aug 11, 2016 at 4:21 PM, Tiffany Long <tiffany.long at owasp.org>
wrote:

> Hey Johanna, I don't want any confusion so I copied the emai and will
> answer in line in red, this way it is easy to follow on all email  systems.
>
>
> Hi Tiffany
>
> In answer to the steps described:
>
> *>>The first step* is for the group of you asking for the committee to
> write a proposal
> We have set this proposal as a wiki page here:
> https://www.owasp.org/index.php/Committee_DMCA1201
> This is fine, but unfortunately it does not follow the requirements
> outlined by the Committees 2.0 document.  The document says:
>
> *"At any point in time, a community member may propose a new committee via
> the OWASP Leaders List stating their rationale and desired scope for
> creating a new committee. , ..."*
>
> This is why I explained that the proposal must A) follow this procedure
> and not be a wiki page and B) cautioned y'all to consider widening the
> scope of the committee. The Committees 2.0 process was set forth to
> ensure that OWASP follows our Core Values
> <https://tracking.cirrusinsight.com/31d051c7-d0ce-4703-8a9d-6c31bdb5a856/owasp-org-index-php-about-the-open-web-application-security-project> in
> order to achieve our Core Purpose
> <https://tracking.cirrusinsight.com/31d051c7-d0ce-4703-8a9d-6c31bdb5a856/owasp-org-index-php-about-the-open-web-application-security-project1>.
> Not following the rules put forth violates our values of being an Open and
> Global organization. Selectively enforcing them clouds
> our transparency and makes future Innovation more difficult.
>
> The core value of Innovation is also why I suggested the purpose of
> the committee be broader.  There will be other actions that the committee
> will wish to take, the committee could put OWASP in a leadership position
> with regards to DRM and Privacy in the security space.
>
> *>>The second step* is to submit it to the leaders' list for discussion.
> This is happening right now as we write
> The goal is not only this action but:
> The major purpose to *support and protect Researchers Who Investigate
> Browsers.*
> Now this action is asking t OWASP board to sign as an organisation and not
> just individual members.
> We don't know if any other actions against researchers that will happen
> in the future and in which form , but then, we will define those actions
> when they happen. Right now is to sign the signatories as OWASP
> organization.
> Unfortunately, there is no clear proposal here. The closest thing is a
> wiki page that has not been suggested at the top of the conversation and
> therefore there are a number of people currently excluded form the
> conversation.  The proposal should be a stand alone conversation and
> contained in the very first email.  The subject line should clearly note
> that the conversation is about the forming of a new committee.  Remember,
> everything we do must be determined by our core values.  We must ensure
> Openness and that is done by following the established guidelines.
>
> The goal is listed as
> <https://tracking.cirrusinsight.com/31d051c7-d0ce-4703-8a9d-6c31bdb5a856/owasp-org-index-php-committee-dmca1201>
> "*Have OWASP as an organisation, not just individuals, officially support
> to protect researchers by being part of the signatories as an organization.*"
>  Once again, the goal to have OWASP sign on to this support document
> is laudatory, but  Privacy and DRM is a much larger topic and I am sure
> OWASP should say much more on it.  Therefore I would strongly suggest that
> a healthy and effective committee would have a larger mission than this one
> action item. Once this is achieved the committee would no longer exist
> if the scope is defined so narrowly. Why go throught this process every
> time we want OWASP to act when a standing committee could do it all much
> faster?
>
> >>This conversation must take long enough for membership to take part.
> No limit is listed on the Committees 2.0 document, but it HAS to be longer
> that 24 hours to accommodate our global membership.
>
> Agree, in the committee creation wiki document it mentions 7 days. We can
> try to keep alive the conversion and allow other members to participate
> until the board meeting on the 23rd.
>
> Actually, the only part of the process that MUST take 7 days is the call
> for members.  You have the freedom to set reasonable boundaries around this
> conversation.  I would argue that 3 days or until the conversation peters
> out is a pretty accessible answer.
>
> *" If no conflict
> <https://tracking.cirrusinsight.com/31d051c7-d0ce-4703-8a9d-6c31bdb5a856/owasp-org-index-php-governance-owasp-committees>
> is determined to exist, the Board will initiate a public call for OWASP
> members interested in committee membership, via the OWASP Community mailing
> list, with a seven day time window."*
>
>
> *>>The third step* is to submit to the board.
> I think we will do this once the 7 days have passed or wait the next Board
> meeting which gives us plenty of time
> Next OWASP meeting is August 23rd, and this is the moment we will submit
> the proposal of approving the committee including proving an official
> letter as an Organisation agains the DMCA act.
>
> You may wait should you choose to.   You asked if it could get through
> more quickly; that is possible as well.
>
> Importantly here, you are only requesting that the board create a
> committee.  That means that the committee does not yet exist to present the
> board with a letter.  That letter must come THROUGH the committee AFTER the
> call for members.  The reason for these rules is to give the community time
> to gather behind the effort and to prevent particular members
> from haring off to do something the community does not agree with.  You
> yourself have called for such controls in the past 2 months, it is
> important that we follow the guidelines set forth by the organization.
>
>
> *>>The forth step* is for the board (probably through me) to release a
> call for committee members.
> I think this is already happening right now. You can help us set out the
> word by releasing a call and social media, so people can join, but so far
> only *OWASP paying members *can actually be part of the committee. As
> supporters in case the person is not an OWASP member, they can set their
> name under the Supporter section of the wiki page
> https://www.owasp.org/index.php/Committee_DMCA1201#Supporters
>
> No, this is not happening.  A call for committee members can only happen
> after the board approves the committee.  These steps
> <https://tracking.cirrusinsight.com/31d051c7-d0ce-4703-8a9d-6c31bdb5a856/owasp-org-index-php-governance-owasp-committees1>
> have been delineated for a reason and as such should be followed until
> changed.  Otherwise any small part of the group could determine changes to
> the organization without comment from the rest of the community. These
> steps cannot take place when only one part of the world is awake, and they
> cannot take place simultaneously.
>
> I totally understand that this is exciting and greatly wanted, but the
> actions to put something in motion that has a ton of high-visibility
> support must be exactly the same we want to take place for actions that
> have very little support in the community.  This is how we adhere to our
> core value of radical transparency. Transparent rules have been set forth,
> they must be followed.
>
> This is why I broke the process down for this thread so that it is clear
> and easy to do.  I want to facilitate this, but we must follow the
> guidelines.
>
>
> If this 'call for committee' members requires at least 5 OWASP members and
> we already have 5 which is the minimum.Bsed on this we can actually submit
> a proposal.
>
> First, The call for committee members has not gone out yet, it goes out
> through the board likely by way of the community manager.  This is to
> ensure that everyone has a chance and that the call is impartial. We have a
> transparent process, we need to stick to it rather than reinventing the
> wheel in such a way that transparency is compromised.
>
> Second, before the committee can submit anything it has to MEET and all
> members have to have a chance to be there.  So far the global community has
> not even had the chance to ponder a new committee.
>
> Of course the more members that want to join the better, but I hope we do
> make this too bureaucratic otherwise we loose momentum with regards the
> DMCA signatories.
>
> I think the most important thing is that OWASP remain true to our core
> values and focus on protecting our transparency.  This whole process can be
> completed in 2.5 weeks easily.  Forming a committee that has the ability to
> put forth policy and activism suggestions for the foreseeable future is far
> more important that the small possibility of missing one opportunity.  If
> this goal is truly worthy of putting all of our collective might behind,
> doing it the correct and transparent way is the only real choice.
> Attempting to re-litigate the rules over and over until they are changed
> will only take time from the process and alienate supporters.
>
> Committees wield real power and have the opportunity to speak for
> thousands of OWASPers.  I do not think that 2 weeks much to ask form
> effective, supported committees.
> Running ahead, with no clear goal and not following the process that was
> voted into existence by the board will only alienate many in our community
> and undermine future efficacy.
>
> For example, a committee not only has the right to ask OWASP to be
> signatories, but to direct press releases and draft the responses to future
> advocacy activities.
>
>
> Tiffany Long
> Community Manager
>
> On Thu, Aug 11, 2016 at 1:15 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> Hi Tiffany
>>
>> In answer to the steps described:
>>
>> *>>The first step* is for the group of you asking for the committee to
>> write a proposal
>> We have set this proposal as a wiki page here:
>> https://www.owasp.org/index.php/Committee_DMCA1201
>>
>> *>>The second step* is to submit it to the leaders' list for discussion.
>> This is happening right now as we write
>> The goal is not only this action but:
>> The major purpose to *support and protect Researchers Who Investigate
>> Browsers.*
>> Now this action is asking t OWASP board to sign as an organisation and
>> not just individual members.
>> We don't know if any other actions against researchers that will happen
>> in the future and in which form , but then, we will define those actions
>> when they happen. Right now is to sign the signatories as OWASP
>> organization.
>>
>> >>This conversation must take long enough for membership to take part.
>> No limit is listed on the Committees 2.0 document, but it HAS to be longer
>> that 24 hours to accommodate our global membership.
>>
>> Agree, in the committee creation wiki document it mentions 7 days. We can
>> try to keep alive the conversion and allow other members to participate
>> until the board meeting on the 23rd.
>>
>>
>> *>>The third step* is to submit to the board.
>> I think we will do this once the 7 days have passed or wait the next
>> Board meeting which gives us plenty of time
>> Next OWASP meeting is August 23rd, and this is the moment we will submit
>> the proposal of approving the committee including proving an official
>> letter as an Organisation agains the DMCA act.
>>
>> *>>The forth step* is for the board (probably through me) to release a
>> call for committee members.
>> I think this is already happening right now. You can help us set out the
>> word by releasing a call and social media, so people can join, but so far
>> only *OWASP paying members *can actually be part of the committee. As
>> supporters in case the person is not an OWASP member, they can set their
>> name under the Supporter section of the wiki page
>> https://www.owasp.org/index.php/Committee_DMCA1201#Supporters
>>
>>
>> If this 'call for committee' members requires at least 5 OWASP members
>> and we already have 5 which is the minimum.Bsed on this we can actually
>> submit a proposal.
>>
>> Of course the more members that want to join the better, but I hope we do
>> make this too bureaucratic otherwise we loose momentum with regards the
>> DMCA signatories.
>>
>>
>>
>> On Thu, Aug 11, 2016 at 3:43 PM, Kevin W. Wall <kevin.w.wall at gmail.com>
>> wrote:
>>
>>> Tiffany,
>>>
>>> I think Johanna was referring to this link:
>>> https://www.owasp.org/index.php/Committee_DMCA1201
>>>
>>> -kevin
>>> --
>>> Blog: http://off-the-wall-security.blogspot.com/.   | Twitter:
>>> @KevinWWall
>>> NSA: All your crypto bit are belong to us.
>>>
>>
>>
>>
>> --
>> Johanna Curiel
>> OWASP Volunteer
>>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20160811/51ccd08e/attachment-0001.html>


More information about the Owasp-board mailing list