[Owasp-infrastructure] [Owasp-board] Duplicate Mailing lists (Respond by Aug 1st)

Tom Brennan tomb at owasp.org
Wed Jul 27 18:40:13 EDT 2011

The goal has always been to get off of hosting a dedicated system for mailing list management of a mailman 2.1.8 in the closet.  GoogleGroups can solve out issue for management of both mailing lists for local chapters providing access to the chapter leaders for admin via the @owasp.org email domain as well as other non chapter mailing lists such as projects and leaders.  


Recent updates also include the ability to leverage them with public non-owasp accounts too.


You have ADMIN access Jason to the GoogleApps for OWASP Foundation seems you have extra cycles -- your welcome to take on that internal project that although is not as sexy as say... "flagship efforts" is clearly critical there are several backoffice projects that need that energy. 

On Jul 27, 2011, at 5:10 PM, Jason Li wrote:

> Larry/Kate/Board/Committee Chairs,
> Several people (myself included) have made the mistake recently of sending to the owasp-leaders at owasp.org Google Group instead of the owasp-leaders at lists.owasp.org Mailman list.
> I'm sure this has been happening for quite some time as Google helpfully populates addresses from the organization user list.
> In fact, a look at the "OWASP Leaders" Google Group shows messages dating back to September 2010!
> This Google Group is not the email address that everyone expects to use for the "Leaders List". Moreover, I don't believe it accurately represents the leaders, as membership to the the Google Group is extended only to (and automatically to) anyone with an @owasp.org accounts. While *most* leaders have @owasp.org accounts, to my knowledge, not necessarily *all* leaders have @owasp.org accounts. In fact, under the current OWASP Membership policy, my understanding is that all paid members have @owasp.org accounts, so we will be catching "non-leaders" with these emails to the Google Group.
> My recollection is that the OWASP Google Groups were compiled originally by Larry as a potential replacement for mailman shortly after we migrated to Google Apps infrastructure. However, we realized that Google App accounts are required to access the web portion. Google Accounts are not available everywhere in the world and as an international organization, that's a severely limiting factor.
> As a result, my understanding was that we never rolled out and migrated to these Google groups.
> Nonetheless, they remain active and the email addresses are "live", open and available.
> The vast majority of these lists have never been used. Based on the confusion and activity, my guess that the vast majority of any activity on these groups is "by accident".
> There are a few lists that are seem to be intentionally used instead of mailman and do not follow the standard "owasp-XXX" mailing list convention:
> * The Board uses the "OWASP" Google Groups (https://groups.google.com/a/owasp.org/group/owasp/)
> * The Connections Committee uses the "Press" Google Group (https://groups.google.com/a/owasp.org/group/press)
> * The GPC uses the "Projects" Google Group (https://groups.google.com/a/owasp.org/group/projects)
> * The Summit planning team also used a number of groups ("summit-*") before and during the event for operational purposes
> These separate groups make sense as a means to contact specific groups without having to be subscribed to a mailing list while still conducting the conversation in a way that is archived and open. It also insulates the population of the entire mailing list from having to deal with every such request to that group.  So it makes sense for groups explicitly deciding to do this (as the Board, Connections Committee, and GPC have done)
> However, for all the mailing lists and groups that are *not* aware of this service, I believe that continuing to have "two" parallel mailing lists is extremely confusing and can potentially fracture the dialogue in the community.
> I would like to remove these groups to avoid future confusion - but before acting, I'd like to understand if I'm missing a piece of the puzzle.
> My plan would be as follows:
> - Examine each OWASP Google Group
> - If Google Group has no messages and is clearly not in use, remove the email alias
> - If the Google Group has messages and is in use, determine if usage is accidental or intentional
> --- For accidental usage, close the group and redirect the email alias to the corresponding Mailman list
> --- For intentional usage, ensure that the group knows the distinction and publicize the result
> If I hear no comments from the group, I'm going to proceed with my plan of action slowly but surely starting August 1st.
> -Jason
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-infrastructure/attachments/20110727/154c8567/attachment.html 

More information about the Owasp-infrastructure mailing list