[Owasp-leaders] OWASP Mailing Lists

Marcin Wielgoszewski marcin at owasp.org
Thu Mar 5 16:26:38 EST 2009


Sure..  there could be thousands of plugins to do anything include feeding
your dog, but not only do we have to uphold the security of MediaWiki, but
vBulletin software as well.  Thanks for bringing this up though, as it would
make the attack surface of OWASP go through the roof.

*** Currently seeking individuals willing to code review vBulletin and any
modules Tim would like so he can skin vBulletin for viewing on his mobile
phone...  this is NOT a paid position ***

So in conclusion, please think of OWASP IT.

My $.02,
-Marcin


On Thu, Mar 5, 2009 at 2:59 PM, Tim Bass <tim.silkroad at gmail.com> wrote:

> Actually, I don't care what OWASP IT does.   The list, and how it
> works, speaks for itself.   I have seen the (forum v. email) flame
> wars before and am completely disinterested. Most of the arguments
> will be emotional and people with no forum experience will make wild,
> clueless claims, and the discussion will go no where.
>
> Just go to http://ubuntuforums.org/   and you will see a professional
> forum on vBulletin.
>
> Comparing good running, modern forum software to an email list is like
> comparing a F16 fighter jet to a lawnmower. For example, with
> vBulletin, there is an entire ecosystem of thousands of plugins that
> do everything under the sun  (www.vbulletin.org) from antispam bots to
> slick skins for mobile phones.
>
> I am not going to get into a flame war over this crummy mailing list
> software, ROTFL
>
> This is my last post on the topic.  I have managed an OWASP email list
> and I manage a forum with over 1,000,000 unique visitors a month, and
> their is no comparison, and to get into a tit-for-tat discussion on it
> would be like trying to teach a fish to climb a mountain, LOL
>
> Email discussion lists are antique relics of the IT of yesterday.
>
>
> On Fri, Mar 6, 2009 at 2:45 AM, Arshan Dabirsiaghi
> <arshan.dabirsiaghi at aspectsecurity.com> wrote:
> > I agree with Kevin, for what it's worth. Does anyone else view the
> benefits
> > of forum communication as worth making the global switch?
> >
> > Arshan
> > ________________________________
> > From: owasp-leaders-bounces at lists.owasp.org on behalf of Kevin Reiter
> > Sent: Thu 3/5/2009 2:41 PM
> > To: owasp-leaders at lists.owasp.org
> > Subject: Re: [Owasp-leaders] OWASP Mailing Lists
> >
> > Hi Tim,
> >
> > I was basing my comments on my personal experience with other forum
> > software, which is why I used the words "typically" and "can be", meaning
> > "not in every single case."  I've not seen a forum that allows a user to
> > receive an e-mail for every single post, including new topics not
> previously
> > subscribed to, which is why I stated that observation.  I'm not trying to
> > start a flamewar over this, and I'm obviously not the expert here on this
> -
> > I was just voicing _my_ opinion.
> >
> > ~Kevin
> >
> > On Thu, Mar 5, 2009 at 2:26 PM, Tim Bass <tim.silkroad at gmail.com> wrote:
> >>
> >> Hi Kevin,
> >>
> >> I gave my opinion.   I manage a large forum with over 3,000,000 page
> >> views a month and over 70,000 registered users and none of your
> >> arguments
> >> are correct, on modern, correctly managed forums. Spam is easier to
> >> manage. There are modern plugins for this.  For folks who have mobile,
> >> they
> >> can have email forwarded or the forum can have a mobile skin.   All
> >> modern forum as subscribe in/out functions for new posts, if that is
> >> what
> >> users want.   Bots are easy to manage with simple plugin.
> >>
> >> Obviously, and I am not being caustic, you don't manage a large,
> >> modern, commercial forum.
> >>
> >> Cheers.
> >>
> >>
> >>
> >>
> >>
> >>
> >> On Fri, Mar 6, 2009 at 2:00 AM, Kevin Reiter <kevin.reiter at owasp.org>
> >> wrote:
> >> > I disagree about this for a few reasons (and feel free to disagree
> with
> >> > me
> >> > on this :)
> >> >
> >> > - Forums can be difficult to access/navigate from mobile devices.
> >> > - Forum software requires constant maintenance (patches, version
> >> > upgrades,
> >> > spambot registration preening, etc.) to maintain security for both the
> >> > forum
> >> > application as well as the machine it resides on.
> >> > - Forums typically do not let members know when there are new posts -
> >> > only
> >> > if you're already subscribed to an existing topic.  If you don't login
> >> > and
> >> > check, you're not made aware of any important announcements.
> >> > - Forums are higher targets for automated "sploit bots".
> >> >
> >> > Now, that's not to say that in addition to the mailing lists there
> >> > couldn't
> >> > (or shouldn't) be an official OWASP Forum.  I'm just pointing out that
> >> > replacing the mailing lists with a forum might not be the best idea.
> >> >
> >> > Also, I'm curious to know how you mean, "mailing lists don't scale
> >> > well."
> >> > In what way?  How are they deficient?  How don't they "scale well"?
> I'm
> >> > not
> >> > being carcastic, just curious by what you mean as it pertains to the
> >> > OWASP
> >> > lists.
> >> >
> >> >
> >> > ~Kevin
> >> >
> >> > On Thu, Mar 5, 2009 at 1:27 PM, Tim Bass <tim.silkroad at gmail.com>
> wrote:
> >> >>
> >> >> Dear All,
> >> >>
> >> >> Mailing lists to not scale well.
> >> >>
> >> >> OWASP should consider moving to a modern, professional forum, like
> >> >> vBulletin.
> >> >>
> >> >> The Ubuntu Forums
> >> >> Linux Questions
> >> >> The UNIX and Linux Forums
> >> >>
> >> >> etc.
> >> >>
> >> >> All these busy forums use vB.
> >> >>
> >> >> Email is so "last century" LOL.
> >> >>
> >> >> Cheers.
> >> >> _______________________________________________
> >> >> OWASP-Leaders mailing list
> >> >> OWASP-Leaders at lists.owasp.org
> >> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >> >
> >> >
> >> >
> >> > --
> >> > Kevin Reiter
> >> > NJNYMetro OWASP
> >> >
> >> > _______________________________________________
> >> > OWASP-Leaders mailing list
> >> > OWASP-Leaders at lists.owasp.org
> >> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >> >
> >> >
> >> _______________________________________________
> >> OWASP-Leaders mailing list
> >> OWASP-Leaders at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> >
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090305/e8add47c/attachment.html 


More information about the OWASP-Leaders mailing list