Mark Curphey mark at curphey.com
Sun Jul 27 23:07:25 EDT 2003

comments inline...
----- Original Message ----- 
From: "Ingo Struck" <ingo at ingostruck.de>
To: <owasp-leaders at lists.sourceforge.net>
Sent: Sunday, July 27, 2003 6:33 PM

Hash: SHA1

Hi Mark,

first, sorry that I did not appear this "morning" (your morning, my
afternoon); but my girlfriend urgently wanted me to spend time with
her... :o)

MC>No need for apologies Ingo, mine went to yoga and I got to play with the

I guess that I (and most of the other project leaders) are in quite a
similar situation like you. The need to make money takes toll from each
of us and I know that only few people want their personal income be short
of *any* ideational project.
I remember that you always declined any offer to share the "real costs"
of running OWASP - if that should become a real problem, then be totally
assured that I am willing and able to share that charge.

MC>The money is just one small issue.

- From my point of view there clearly has been spent far too much time and
heart's blood for winding things up.

MC>I totally agree. I was trying to get some reactions ;-)

When I posted the VulnXML announcement to slashdot, I stumbled over
a very illuminative article regarding the leadership of an open source
(cf. http://www.peek-a-booty.org/pbhtml/index.php):

"In open source projects it's more like the 95-5 rule.  Open source projects
are usually run by one or two people doing most of the work.  If you decide
to lead an open source project, you must be willing and ready to accept

- From the last two year's experience with OWASP I can definitely sign that.

Maybe we just have to put up with that...
Else moving on could be really disappointing and after all pointless.

MC> I think thats true. I think the reality is that few people do almost all
of the work
and that people come and go. That said its been that way since the begining
so we shouldn't be
suprised eh ?

> Each project owner / leader needs to drive the fate of individual
Right. If a subproject ('s leader) decides not to do anything and nobody
can spend time on that, then that project must be either freezed, bought up,
or dropped. The decision about that is up to the remaining active people.

> I think the biggest initial hold up in us getting back on track today is
> getting the portal online.
I think the biggest hold up in getting on track is people not clearly saying
what they can/will/want to do or not to do (However, I do feel too that the
relaunch of the portal is some months overdue and that we should try to get
that job done asap).

The best solution for the few people currently doing anything at all for
imho is:
- - define what (*and when*) we want to achieve next with a clear priority
   (please, realistic!)
- - assign that with clear dead lines to personally appointed people
- - if those are not able to abide by what they promised, try to take over
  their job

MC>Agreed, this is what I will do this this week when I speak to everyone.

> We now have the new hosting and I know that
> testing and other things are waiting to go when the portal is ready.
Regarding the new hosting, I am still awaiting to get the auth for that
to do the basic setup. For me it seems like it is up to me or you to create
a working server configuration, even though that job has been assigned to
other people.

MC> I am sorry I thought I sent that over via PGP. I'll resend now.

> In the meantime could you send me your numbers and the best time to call
> you this week about the individual projects and we can start the process.
Well, my number is not a secret, but I know that phone calls across the
are rather expensive - however, feel free to call either of
+49 30 39876147 or +49 177 510 25 83
(during CEST daytime of course...)

> Look forward to getting the mojo back.
Personally I do not believe in the power of mojos, but rather in the power
people... :o)
I think that we can achieve something, even if it means we are doing it
solitary and with very low backing from other people.

All in all I am really looking forward to some renewed OWASP work...

MC>Me too. This is simply a great bunch of core people that I have learnt
soo much from and
enjoyed everytime I spent workingf with them.

I am ready to go !

Kind regards


- -- 
ingo at ingostruck.de
Use PGP: http://ingostruck.de/ingostruck.gpg with fingerprint
C700 9951 E759 1594 0807  5BBF 8508 AF92 19AA 3D24
Version: GnuPG v1.2.0 (GNU/Linux)


This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
Owasp-leaders mailing list
Owasp-leaders at lists.sourceforge.net

More information about the OWASP-Leaders mailing list