Ingo Struck ingo at ingostruck.de
Sun Jul 27 18:33:36 EDT 2003

Hash: SHA1

Hi Mark,

first, sorry that I did not appear this "morning" (your morning, my 
afternoon); but my girlfriend urgently wanted me to spend time with
her... :o)

I guess that I (and most of the other project leaders) are in quite a
similar situation like you. The need to make money takes toll from each
of us and I know that only few people want their personal income be short
of *any* ideational project. 
I remember that you always declined any offer to share the "real costs"
of running OWASP - if that should become a real problem, then be totally
assured that I am willing and able to share that charge.

- From my point of view there clearly has been spent far too much time and 
heart's blood for winding things up.

When I posted the VulnXML announcement to slashdot, I stumbled over
a very illuminative article regarding the leadership of an open source project 
(cf. http://www.peek-a-booty.org/pbhtml/index.php):

"In open source projects it's more like the 95-5 rule.  Open source projects 
are usually run by one or two people doing most of the work.  If you decide 
to lead an open source project, you must be willing and ready to accept 

- From the last two year's experience with OWASP I can definitely sign that.

Maybe we just have to put up with that...
Else moving on could be really disappointing and after all pointless.

> Each project owner / leader needs to drive the fate of individual projects.
Right. If a subproject ('s leader) decides not to do anything and nobody else
can spend time on that, then that project must be either freezed, bought up, 
or dropped. The decision about that is up to the remaining active people.

> I think the biggest initial hold up in us getting back on track today is
> getting the portal online.
I think the biggest hold up in getting on track is people not clearly saying
what they can/will/want to do or not to do (However, I do feel too that the 
relaunch of the portal is some months overdue and that we should try to get 
that job done asap).

The best solution for the few people currently doing anything at all for OWASP
imho is:
- - define what (*and when*) we want to achieve next with a clear priority
   (please, realistic!)
- - assign that with clear dead lines to personally appointed people
- - if those are not able to abide by what they promised, try to take over
  their job

> We now have the new hosting and I know that
> testing and other things are waiting to go when the portal is ready.
Regarding the new hosting, I am still awaiting to get the auth for that
to do the basic setup. For me it seems like it is up to me or you to create
a working server configuration, even though that job has been assigned to
other people.

> In the meantime could you send me your numbers and the best time to call
> you this week about the individual projects and we can start the process.
Well, my number is not a secret, but I know that phone calls across the ocean
are rather expensive - however, feel free to call either of 
	+49 30 39876147 or +49 177 510 25 83
(during CEST daytime of course...)

> Look forward to getting the mojo back.
Personally I do not believe in the power of mojos, but rather in the power of
people... :o)
I think that we can achieve something, even if it means we are doing it 
solitary and with very low backing from other people.

All in all I am really looking forward to some renewed OWASP work...

Kind regards


- -- 
ingo at ingostruck.de
Use PGP: http://ingostruck.de/ingostruck.gpg with fingerprint
C700 9951 E759 1594 0807  5BBF 8508 AF92 19AA 3D24
Version: GnuPG v1.2.0 (GNU/Linux)


More information about the OWASP-Leaders mailing list