[Owasp-board] Let's stand together against DCMA and similar laws

johanna curiel curiel johanna.curiel at owasp.org
Thu Aug 11 23:47:47 UTC 2016


Just to clarify

I support Kevin's proposal which is too get OWASP sign as an organization
against this act.

At the moment this is getting a little complex for me to understand and
proceed with all these emails and steps.

@Kevin: It seems there are certain steps to be followed for the creating of
the committee which at this point are a little confusing to me, but I think
as I stated later if you want to push this , please let me know, I'll
follow your lead ;-)

@Tifanny: At this point this is getting too bureaucratic for me and
honestly I doing have much time to follow up this entirely , so far I'll
not continue pushing this.


I think the entire purpose is to get things done such as Getting OWASP sign
as an organization, but if forming a committee as proposed here is not
enough I'll will not continue with the paper work ;-), Maybe someone else
wants to take the lead?

I have no time to follow up this process which at this moment I don't
understand entirely.

I'll keep things simple and I will sign as an individual supporter.



best regards

Johanna

On Thu, Aug 11, 2016 at 5:28 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> I agree with the intent behind Kevin's e-mail and would support a Board
> discussion alongside Andrew and Tom.
>
> I also agree that it is reasonable to give Board members a day or so (at
> least) to respond.  We've all got day jobs, familys, and need to sleep in
> addition to our role as OWASP Board members.
>
> ~josh
>
> On Thu, Aug 11, 2016 at 4:21 PM, Tiffany Long <tiffany.long at owasp.org>
> wrote:
>
>> Hey Johanna, I don't want any confusion so I copied the emai and will
>> answer in line in red, this way it is easy to follow on all email  systems.
>>
>>
>> Hi Tiffany
>>
>> In answer to the steps described:
>>
>> *>>The first step* is for the group of you asking for the committee to
>> write a proposal
>> We have set this proposal as a wiki page here:
>> https://www.owasp.org/index.php/Committee_DMCA1201
>> This is fine, but unfortunately it does not follow the requirements
>> outlined by the Committees 2.0 document.  The document says:
>>
>> *"At any point in time, a community member may propose a new committee
>> via the OWASP Leaders List stating their rationale and desired scope for
>> creating a new committee. , ..."*
>>
>> This is why I explained that the proposal must A) follow this procedure
>> and not be a wiki page and B) cautioned y'all to consider widening the
>> scope of the committee. The Committees 2.0 process was set forth to
>> ensure that OWASP follows our Core Values
>> <https://tracking.cirrusinsight.com/31d051c7-d0ce-4703-8a9d-6c31bdb5a856/owasp-org-index-php-about-the-open-web-application-security-project> in
>> order to achieve our Core Purpose
>> <https://tracking.cirrusinsight.com/31d051c7-d0ce-4703-8a9d-6c31bdb5a856/owasp-org-index-php-about-the-open-web-application-security-project1>.
>> Not following the rules put forth violates our values of being an Open and
>> Global organization. Selectively enforcing them clouds
>> our transparency and makes future Innovation more difficult.
>>
>> The core value of Innovation is also why I suggested the purpose of
>> the committee be broader.  There will be other actions that the committee
>> will wish to take, the committee could put OWASP in a leadership position
>> with regards to DRM and Privacy in the security space.
>>
>> *>>The second step* is to submit it to the leaders' list for discussion.
>> This is happening right now as we write
>> The goal is not only this action but:
>> The major purpose to *support and protect Researchers Who Investigate
>> Browsers.*
>> Now this action is asking t OWASP board to sign as an organisation and
>> not just individual members.
>> We don't know if any other actions against researchers that will happen
>> in the future and in which form , but then, we will define those actions
>> when they happen. Right now is to sign the signatories as OWASP
>> organization.
>> Unfortunately, there is no clear proposal here. The closest thing is a
>> wiki page that has not been suggested at the top of the conversation and
>> therefore there are a number of people currently excluded form the
>> conversation.  The proposal should be a stand alone conversation and
>> contained in the very first email.  The subject line should clearly note
>> that the conversation is about the forming of a new committee.  Remember,
>> everything we do must be determined by our core values.  We must ensure
>> Openness and that is done by following the established guidelines.
>>
>> The goal is listed as
>> <https://tracking.cirrusinsight.com/31d051c7-d0ce-4703-8a9d-6c31bdb5a856/owasp-org-index-php-committee-dmca1201>
>> "*Have OWASP as an organisation, not just individuals, officially
>> support to protect researchers by being part of the signatories as an
>> organization.*"  Once again, the goal to have OWASP sign on to this
>> support document is laudatory, but  Privacy and DRM is a much larger topic
>> and I am sure OWASP should say much more on it.  Therefore I would strongly
>> suggest that a healthy and effective committee would have a larger mission
>> than this one action item. Once this is achieved the committee would no
>> longer exist if the scope is defined so narrowly. Why go throught this
>> process every time we want OWASP to act when a standing committee could do
>> it all much faster?
>>
>> >>This conversation must take long enough for membership to take part.
>> No limit is listed on the Committees 2.0 document, but it HAS to be longer
>> that 24 hours to accommodate our global membership.
>>
>> Agree, in the committee creation wiki document it mentions 7 days. We can
>> try to keep alive the conversion and allow other members to participate
>> until the board meeting on the 23rd.
>>
>> Actually, the only part of the process that MUST take 7 days is the call
>> for members.  You have the freedom to set reasonable boundaries around this
>> conversation.  I would argue that 3 days or until the conversation peters
>> out is a pretty accessible answer.
>>
>> *" If no conflict
>> <https://tracking.cirrusinsight.com/31d051c7-d0ce-4703-8a9d-6c31bdb5a856/owasp-org-index-php-governance-owasp-committees>
>> is determined to exist, the Board will initiate a public call for OWASP
>> members interested in committee membership, via the OWASP Community mailing
>> list, with a seven day time window."*
>>
>>
>> *>>The third step* is to submit to the board.
>> I think we will do this once the 7 days have passed or wait the next
>> Board meeting which gives us plenty of time
>> Next OWASP meeting is August 23rd, and this is the moment we will submit
>> the proposal of approving the committee including proving an official
>> letter as an Organisation agains the DMCA act.
>>
>> You may wait should you choose to.   You asked if it could get through
>> more quickly; that is possible as well.
>>
>> Importantly here, you are only requesting that the board create a
>> committee.  That means that the committee does not yet exist to present the
>> board with a letter.  That letter must come THROUGH the committee AFTER the
>> call for members.  The reason for these rules is to give the community time
>> to gather behind the effort and to prevent particular members
>> from haring off to do something the community does not agree with.  You
>> yourself have called for such controls in the past 2 months, it is
>> important that we follow the guidelines set forth by the organization.
>>
>>
>> *>>The forth step* is for the board (probably through me) to release a
>> call for committee members.
>> I think this is already happening right now. You can help us set out the
>> word by releasing a call and social media, so people can join, but so far
>> only *OWASP paying members *can actually be part of the committee. As
>> supporters in case the person is not an OWASP member, they can set their
>> name under the Supporter section of the wiki page
>> https://www.owasp.org/index.php/Committee_DMCA1201#Supporters
>>
>> No, this is not happening.  A call for committee members can only happen
>> after the board approves the committee.  These steps
>> <https://tracking.cirrusinsight.com/31d051c7-d0ce-4703-8a9d-6c31bdb5a856/owasp-org-index-php-governance-owasp-committees1>
>> have been delineated for a reason and as such should be followed until
>> changed.  Otherwise any small part of the group could determine changes to
>> the organization without comment from the rest of the community. These
>> steps cannot take place when only one part of the world is awake, and they
>> cannot take place simultaneously.
>>
>> I totally understand that this is exciting and greatly wanted, but the
>> actions to put something in motion that has a ton of high-visibility
>> support must be exactly the same we want to take place for actions that
>> have very little support in the community.  This is how we adhere to our
>> core value of radical transparency. Transparent rules have been set forth,
>> they must be followed.
>>
>> This is why I broke the process down for this thread so that it is clear
>> and easy to do.  I want to facilitate this, but we must follow the
>> guidelines.
>>
>>
>> If this 'call for committee' members requires at least 5 OWASP members
>> and we already have 5 which is the minimum.Bsed on this we can actually
>> submit a proposal.
>>
>> First, The call for committee members has not gone out yet, it goes out
>> through the board likely by way of the community manager.  This is to
>> ensure that everyone has a chance and that the call is impartial. We have a
>> transparent process, we need to stick to it rather than reinventing the
>> wheel in such a way that transparency is compromised.
>>
>> Second, before the committee can submit anything it has to MEET and all
>> members have to have a chance to be there.  So far the global community has
>> not even had the chance to ponder a new committee.
>>
>> Of course the more members that want to join the better, but I hope we do
>> make this too bureaucratic otherwise we loose momentum with regards the
>> DMCA signatories.
>>
>> I think the most important thing is that OWASP remain true to our core
>> values and focus on protecting our transparency.  This whole process can be
>> completed in 2.5 weeks easily.  Forming a committee that has the ability to
>> put forth policy and activism suggestions for the foreseeable future is far
>> more important that the small possibility of missing one opportunity.  If
>> this goal is truly worthy of putting all of our collective might behind,
>> doing it the correct and transparent way is the only real choice.
>> Attempting to re-litigate the rules over and over until they are changed
>> will only take time from the process and alienate supporters.
>>
>> Committees wield real power and have the opportunity to speak for
>> thousands of OWASPers.  I do not think that 2 weeks much to ask form
>> effective, supported committees.
>> Running ahead, with no clear goal and not following the process that was
>> voted into existence by the board will only alienate many in our community
>> and undermine future efficacy.
>>
>> For example, a committee not only has the right to ask OWASP to be
>> signatories, but to direct press releases and draft the responses to future
>> advocacy activities.
>>
>>
>> Tiffany Long
>> Community Manager
>>
>> On Thu, Aug 11, 2016 at 1:15 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>>> Hi Tiffany
>>>
>>> In answer to the steps described:
>>>
>>> *>>The first step* is for the group of you asking for the committee to
>>> write a proposal
>>> We have set this proposal as a wiki page here:
>>> https://www.owasp.org/index.php/Committee_DMCA1201
>>>
>>> *>>The second step* is to submit it to the leaders' list for discussion.
>>> This is happening right now as we write
>>> The goal is not only this action but:
>>> The major purpose to *support and protect Researchers Who Investigate
>>> Browsers.*
>>> Now this action is asking t OWASP board to sign as an organisation and
>>> not just individual members.
>>> We don't know if any other actions against researchers that will happen
>>> in the future and in which form , but then, we will define those actions
>>> when they happen. Right now is to sign the signatories as OWASP
>>> organization.
>>>
>>> >>This conversation must take long enough for membership to take part.
>>> No limit is listed on the Committees 2.0 document, but it HAS to be longer
>>> that 24 hours to accommodate our global membership.
>>>
>>> Agree, in the committee creation wiki document it mentions 7 days. We
>>> can try to keep alive the conversion and allow other members to participate
>>> until the board meeting on the 23rd.
>>>
>>>
>>> *>>The third step* is to submit to the board.
>>> I think we will do this once the 7 days have passed or wait the next
>>> Board meeting which gives us plenty of time
>>> Next OWASP meeting is August 23rd, and this is the moment we will submit
>>> the proposal of approving the committee including proving an official
>>> letter as an Organisation agains the DMCA act.
>>>
>>> *>>The forth step* is for the board (probably through me) to release a
>>> call for committee members.
>>> I think this is already happening right now. You can help us set out the
>>> word by releasing a call and social media, so people can join, but so far
>>> only *OWASP paying members *can actually be part of the committee. As
>>> supporters in case the person is not an OWASP member, they can set their
>>> name under the Supporter section of the wiki page
>>> https://www.owasp.org/index.php/Committee_DMCA1201#Supporters
>>>
>>>
>>> If this 'call for committee' members requires at least 5 OWASP members
>>> and we already have 5 which is the minimum.Bsed on this we can actually
>>> submit a proposal.
>>>
>>> Of course the more members that want to join the better, but I hope we
>>> do make this too bureaucratic otherwise we loose momentum with regards the
>>> DMCA signatories.
>>>
>>>
>>>
>>> On Thu, Aug 11, 2016 at 3:43 PM, Kevin W. Wall <kevin.w.wall at gmail.com>
>>> wrote:
>>>
>>>> Tiffany,
>>>>
>>>> I think Johanna was referring to this link:
>>>> https://www.owasp.org/index.php/Committee_DMCA1201
>>>>
>>>> -kevin
>>>> --
>>>> Blog: http://off-the-wall-security.blogspot.com/.   | Twitter:
>>>> @KevinWWall
>>>> NSA: All your crypto bit are belong to us.
>>>>
>>>
>>>
>>>
>>> --
>>> Johanna Curiel
>>> OWASP Volunteer
>>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>


-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20160811/48a8f479/attachment-0001.html>


More information about the Owasp-board mailing list