[Owasp-leaders] OWASP Mailing Lists

Luis Enrique Londoño luis.londono at 360sec.com
Thu Mar 5 17:05:48 EST 2009


IMHO, OWASP should be using web related technologies in any viable  
situation, logically, taking security in account.

Regards,

Luis Enrique

On Mar 5, 2009, at 2:59 PM, Tim Bass wrote:

> Actually, I don't care what OWASP IT does.   The list, and how it
> works, speaks for itself.   I have seen the (forum v. email) flame
> wars before and am completely disinterested. Most of the arguments
> will be emotional and people with no forum experience will make wild,
> clueless claims, and the discussion will go no where.
>
> Just go to http://ubuntuforums.org/   and you will see a professional
> forum on vBulletin.
>
> Comparing good running, modern forum software to an email list is like
> comparing a F16 fighter jet to a lawnmower. For example, with
> vBulletin, there is an entire ecosystem of thousands of plugins that
> do everything under the sun  (www.vbulletin.org) from antispam bots to
> slick skins for mobile phones.
>
> I am not going to get into a flame war over this crummy mailing list
> software, ROTFL
>
> This is my last post on the topic.  I have managed an OWASP email list
> and I manage a forum with over 1,000,000 unique visitors a month, and
> their is no comparison, and to get into a tit-for-tat discussion on it
> would be like trying to teach a fish to climb a mountain, LOL
>
> Email discussion lists are antique relics of the IT of yesterday.
>
>
> On Fri, Mar 6, 2009 at 2:45 AM, Arshan Dabirsiaghi
> <arshan.dabirsiaghi at aspectsecurity.com> wrote:
>> I agree with Kevin, for what it's worth. Does anyone else view the  
>> benefits
>> of forum communication as worth making the global switch?
>>
>> Arshan
>> ________________________________
>> From: owasp-leaders-bounces at lists.owasp.org on behalf of Kevin Reiter
>> Sent: Thu 3/5/2009 2:41 PM
>> To: owasp-leaders at lists.owasp.org
>> Subject: Re: [Owasp-leaders] OWASP Mailing Lists
>>
>> Hi Tim,
>>
>> I was basing my comments on my personal experience with other forum
>> software, which is why I used the words "typically" and "can be",  
>> meaning
>> "not in every single case."  I've not seen a forum that allows a  
>> user to
>> receive an e-mail for every single post, including new topics not  
>> previously
>> subscribed to, which is why I stated that observation.  I'm not  
>> trying to
>> start a flamewar over this, and I'm obviously not the expert here  
>> on this -
>> I was just voicing _my_ opinion.
>>
>> ~Kevin
>>
>> On Thu, Mar 5, 2009 at 2:26 PM, Tim Bass <tim.silkroad at gmail.com>  
>> wrote:
>>>
>>> Hi Kevin,
>>>
>>> I gave my opinion.   I manage a large forum with over 3,000,000 page
>>> views a month and over 70,000 registered users and none of your
>>> arguments
>>> are correct, on modern, correctly managed forums. Spam is easier to
>>> manage. There are modern plugins for this.  For folks who have  
>>> mobile,
>>> they
>>> can have email forwarded or the forum can have a mobile skin.   All
>>> modern forum as subscribe in/out functions for new posts, if that is
>>> what
>>> users want.   Bots are easy to manage with simple plugin.
>>>
>>> Obviously, and I am not being caustic, you don't manage a large,
>>> modern, commercial forum.
>>>
>>> Cheers.
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Fri, Mar 6, 2009 at 2:00 AM, Kevin Reiter  
>>> <kevin.reiter at owasp.org>
>>> wrote:
>>>> I disagree about this for a few reasons (and feel free to  
>>>> disagree with
>>>> me
>>>> on this :)
>>>>
>>>> - Forums can be difficult to access/navigate from mobile devices.
>>>> - Forum software requires constant maintenance (patches, version
>>>> upgrades,
>>>> spambot registration preening, etc.) to maintain security for  
>>>> both the
>>>> forum
>>>> application as well as the machine it resides on.
>>>> - Forums typically do not let members know when there are new  
>>>> posts -
>>>> only
>>>> if you're already subscribed to an existing topic.  If you don't  
>>>> login
>>>> and
>>>> check, you're not made aware of any important announcements.
>>>> - Forums are higher targets for automated "sploit bots".
>>>>
>>>> Now, that's not to say that in addition to the mailing lists there
>>>> couldn't
>>>> (or shouldn't) be an official OWASP Forum.  I'm just pointing out  
>>>> that
>>>> replacing the mailing lists with a forum might not be the best  
>>>> idea.
>>>>
>>>> Also, I'm curious to know how you mean, "mailing lists don't scale
>>>> well."
>>>> In what way?  How are they deficient?  How don't they "scale  
>>>> well"?  I'm
>>>> not
>>>> being carcastic, just curious by what you mean as it pertains to  
>>>> the
>>>> OWASP
>>>> lists.
>>>>
>>>>
>>>> ~Kevin
>>>>
>>>> On Thu, Mar 5, 2009 at 1:27 PM, Tim Bass <tim.silkroad at gmail.com>  
>>>> wrote:
>>>>>
>>>>> Dear All,
>>>>>
>>>>> Mailing lists to not scale well.
>>>>>
>>>>> OWASP should consider moving to a modern, professional forum, like
>>>>> vBulletin.
>>>>>
>>>>> The Ubuntu Forums
>>>>> Linux Questions
>>>>> The UNIX and Linux Forums
>>>>>
>>>>> etc.
>>>>>
>>>>> All these busy forums use vB.
>>>>>
>>>>> Email is so "last century" LOL.
>>>>>
>>>>> Cheers.
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>>
>>>> --
>>>> Kevin Reiter
>>>> NJNYMetro OWASP
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the OWASP-Leaders mailing list