[Owasp-leaders] OWASP Mailing Lists

Adam Muntner adam.muntner at quietmove.com
Thu Mar 5 16:36:00 EST 2009


I support moving to a mailing list to a message board, in particular a free
hosted solution such as Yahoo or Google groups. It's successful for a lot of
other projects, and will offload a lot of work from OWASP IT.


On Thu, Mar 5, 2009 at 2:26 PM, Marcin Wielgoszewski <marcin at owasp.org>wrote:

> Sure..  there could be thousands of plugins to do anything include feeding
> your dog, but not only do we have to uphold the security of MediaWiki, but
> vBulletin software as well.  Thanks for bringing this up though, as it would
> make the attack surface of OWASP go through the roof.
>
> *** Currently seeking individuals willing to code review vBulletin and any
> modules Tim would like so he can skin vBulletin for viewing on his mobile
> phone...  this is NOT a paid position ***
>
> So in conclusion, please think of OWASP IT.
>
> My $.02,
> -Marcin
>
>
>
> On Thu, Mar 5, 2009 at 2:59 PM, Tim Bass <tim.silkroad at gmail.com> wrote:
>
>> Actually, I don't care what OWASP IT does.   The list, and how it
>> works, speaks for itself.   I have seen the (forum v. email) flame
>> wars before and am completely disinterested. Most of the arguments
>> will be emotional and people with no forum experience will make wild,
>> clueless claims, and the discussion will go no where.
>>
>> Just go to http://ubuntuforums.org/   and you will see a professional
>> forum on vBulletin.
>>
>> Comparing good running, modern forum software to an email list is like
>> comparing a F16 fighter jet to a lawnmower. For example, with
>> vBulletin, there is an entire ecosystem of thousands of plugins that
>> do everything under the sun  (www.vbulletin.org) from antispam bots to
>> slick skins for mobile phones.
>>
>> I am not going to get into a flame war over this crummy mailing list
>> software, ROTFL
>>
>> This is my last post on the topic.  I have managed an OWASP email list
>> and I manage a forum with over 1,000,000 unique visitors a month, and
>> their is no comparison, and to get into a tit-for-tat discussion on it
>> would be like trying to teach a fish to climb a mountain, LOL
>>
>> Email discussion lists are antique relics of the IT of yesterday.
>>
>>
>> On Fri, Mar 6, 2009 at 2:45 AM, Arshan Dabirsiaghi
>> <arshan.dabirsiaghi at aspectsecurity.com> wrote:
>> > I agree with Kevin, for what it's worth. Does anyone else view the
>> benefits
>> > of forum communication as worth making the global switch?
>> >
>> > Arshan
>> > ________________________________
>> > From: owasp-leaders-bounces at lists.owasp.org on behalf of Kevin Reiter
>> > Sent: Thu 3/5/2009 2:41 PM
>> > To: owasp-leaders at lists.owasp.org
>> > Subject: Re: [Owasp-leaders] OWASP Mailing Lists
>> >
>> > Hi Tim,
>> >
>> > I was basing my comments on my personal experience with other forum
>> > software, which is why I used the words "typically" and "can be",
>> meaning
>> > "not in every single case."  I've not seen a forum that allows a user to
>> > receive an e-mail for every single post, including new topics not
>> previously
>> > subscribed to, which is why I stated that observation.  I'm not trying
>> to
>> > start a flamewar over this, and I'm obviously not the expert here on
>> this -
>> > I was just voicing _my_ opinion.
>> >
>> > ~Kevin
>> >
>> > On Thu, Mar 5, 2009 at 2:26 PM, Tim Bass <tim.silkroad at gmail.com>
>> wrote:
>> >>
>> >> Hi Kevin,
>> >>
>> >> I gave my opinion.   I manage a large forum with over 3,000,000 page
>> >> views a month and over 70,000 registered users and none of your
>> >> arguments
>> >> are correct, on modern, correctly managed forums. Spam is easier to
>> >> manage. There are modern plugins for this.  For folks who have mobile,
>> >> they
>> >> can have email forwarded or the forum can have a mobile skin.   All
>> >> modern forum as subscribe in/out functions for new posts, if that is
>> >> what
>> >> users want.   Bots are easy to manage with simple plugin.
>> >>
>> >> Obviously, and I am not being caustic, you don't manage a large,
>> >> modern, commercial forum.
>> >>
>> >> Cheers.
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> On Fri, Mar 6, 2009 at 2:00 AM, Kevin Reiter <kevin.reiter at owasp.org>
>> >> wrote:
>> >> > I disagree about this for a few reasons (and feel free to disagree
>> with
>> >> > me
>> >> > on this :)
>> >> >
>> >> > - Forums can be difficult to access/navigate from mobile devices.
>> >> > - Forum software requires constant maintenance (patches, version
>> >> > upgrades,
>> >> > spambot registration preening, etc.) to maintain security for both
>> the
>> >> > forum
>> >> > application as well as the machine it resides on.
>> >> > - Forums typically do not let members know when there are new posts -
>> >> > only
>> >> > if you're already subscribed to an existing topic.  If you don't
>> login
>> >> > and
>> >> > check, you're not made aware of any important announcements.
>> >> > - Forums are higher targets for automated "sploit bots".
>> >> >
>> >> > Now, that's not to say that in addition to the mailing lists there
>> >> > couldn't
>> >> > (or shouldn't) be an official OWASP Forum.  I'm just pointing out
>> that
>> >> > replacing the mailing lists with a forum might not be the best idea.
>> >> >
>> >> > Also, I'm curious to know how you mean, "mailing lists don't scale
>> >> > well."
>> >> > In what way?  How are they deficient?  How don't they "scale well"?
>> I'm
>> >> > not
>> >> > being carcastic, just curious by what you mean as it pertains to the
>> >> > OWASP
>> >> > lists.
>> >> >
>> >> >
>> >> > ~Kevin
>> >> >
>> >> > On Thu, Mar 5, 2009 at 1:27 PM, Tim Bass <tim.silkroad at gmail.com>
>> wrote:
>> >> >>
>> >> >> Dear All,
>> >> >>
>> >> >> Mailing lists to not scale well.
>> >> >>
>> >> >> OWASP should consider moving to a modern, professional forum, like
>> >> >> vBulletin.
>> >> >>
>> >> >> The Ubuntu Forums
>> >> >> Linux Questions
>> >> >> The UNIX and Linux Forums
>> >> >>
>> >> >> etc.
>> >> >>
>> >> >> All these busy forums use vB.
>> >> >>
>> >> >> Email is so "last century" LOL.
>> >> >>
>> >> >> Cheers.
>> >> >> _______________________________________________
>> >> >> OWASP-Leaders mailing list
>> >> >> OWASP-Leaders at lists.owasp.org
>> >> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > Kevin Reiter
>> >> > NJNYMetro OWASP
>> >> >
>> >> > _______________________________________________
>> >> > OWASP-Leaders mailing list
>> >> > OWASP-Leaders at lists.owasp.org
>> >> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >> >
>> >> >
>> >> _______________________________________________
>> >> OWASP-Leaders mailing list
>> >> OWASP-Leaders at lists.owasp.org
>> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >
>> > _______________________________________________
>> > OWASP-Leaders mailing list
>> > OWASP-Leaders at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >
>> >
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Adam Muntner, CISSP
Managing Partner
QuietMove, Inc.
(602)793-5969
http://www.quietmove.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090305/dcb7640d/attachment.html 


More information about the OWASP-Leaders mailing list