[Owasp-leaders] OWASP Mailing Lists

Michael MENEFEE mmenefee at gmail.com
Thu Mar 5 17:14:16 EST 2009


Luis makes an interesting point. And a good one at that. I can say  
that from the local chapter perspective having an online forum tied  
into the main OWASP site would drive more participation and give back  
a sense of anonymity to users shy from posting questions and engaging  
in communication via email.

I think it makes sense to explore the issue

Mike Menefee
North Carolina chapter leader


On Mar 5, 2009, at 5:05 PM, Luis Enrique Londoño <luis.londono at 360sec.co 
m> wrote:

> IMHO, OWASP should be using web related technologies in any viable
> situation, logically, taking security in account.
>
> Regards,
>
> Luis Enrique
>
> On Mar 5, 2009, at 2:59 PM, Tim Bass wrote:
>
>> Actually, I don't care what OWASP IT does.   The list, and how it
>> works, speaks for itself.   I have seen the (forum v. email) flame
>> wars before and am completely disinterested. Most of the arguments
>> will be emotional and people with no forum experience will make wild,
>> clueless claims, and the discussion will go no where.
>>
>> Just go to http://ubuntuforums.org/   and you will see a professional
>> forum on vBulletin.
>>
>> Comparing good running, modern forum software to an email list is  
>> like
>> comparing a F16 fighter jet to a lawnmower. For example, with
>> vBulletin, there is an entire ecosystem of thousands of plugins that
>> do everything under the sun  (www.vbulletin.org) from antispam bots  
>> to
>> slick skins for mobile phones.
>>
>> I am not going to get into a flame war over this crummy mailing list
>> software, ROTFL
>>
>> This is my last post on the topic.  I have managed an OWASP email  
>> list
>> and I manage a forum with over 1,000,000 unique visitors a month, and
>> their is no comparison, and to get into a tit-for-tat discussion on  
>> it
>> would be like trying to teach a fish to climb a mountain, LOL
>>
>> Email discussion lists are antique relics of the IT of yesterday.
>>
>>
>> On Fri, Mar 6, 2009 at 2:45 AM, Arshan Dabirsiaghi
>> <arshan.dabirsiaghi at aspectsecurity.com> wrote:
>>> I agree with Kevin, for what it's worth. Does anyone else view the
>>> benefits
>>> of forum communication as worth making the global switch?
>>>
>>> Arshan
>>> ________________________________
>>> From: owasp-leaders-bounces at lists.owasp.org on behalf of Kevin  
>>> Reiter
>>> Sent: Thu 3/5/2009 2:41 PM
>>> To: owasp-leaders at lists.owasp.org
>>> Subject: Re: [Owasp-leaders] OWASP Mailing Lists
>>>
>>> Hi Tim,
>>>
>>> I was basing my comments on my personal experience with other forum
>>> software, which is why I used the words "typically" and "can be",
>>> meaning
>>> "not in every single case."  I've not seen a forum that allows a
>>> user to
>>> receive an e-mail for every single post, including new topics not
>>> previously
>>> subscribed to, which is why I stated that observation.  I'm not
>>> trying to
>>> start a flamewar over this, and I'm obviously not the expert here
>>> on this -
>>> I was just voicing _my_ opinion.
>>>
>>> ~Kevin
>>>
>>> On Thu, Mar 5, 2009 at 2:26 PM, Tim Bass <tim.silkroad at gmail.com>
>>> wrote:
>>>>
>>>> Hi Kevin,
>>>>
>>>> I gave my opinion.   I manage a large forum with over 3,000,000  
>>>> page
>>>> views a month and over 70,000 registered users and none of your
>>>> arguments
>>>> are correct, on modern, correctly managed forums. Spam is easier to
>>>> manage. There are modern plugins for this.  For folks who have
>>>> mobile,
>>>> they
>>>> can have email forwarded or the forum can have a mobile skin.   All
>>>> modern forum as subscribe in/out functions for new posts, if that  
>>>> is
>>>> what
>>>> users want.   Bots are easy to manage with simple plugin.
>>>>
>>>> Obviously, and I am not being caustic, you don't manage a large,
>>>> modern, commercial forum.
>>>>
>>>> Cheers.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Fri, Mar 6, 2009 at 2:00 AM, Kevin Reiter
>>>> <kevin.reiter at owasp.org>
>>>> wrote:
>>>>> I disagree about this for a few reasons (and feel free to
>>>>> disagree with
>>>>> me
>>>>> on this :)
>>>>>
>>>>> - Forums can be difficult to access/navigate from mobile devices.
>>>>> - Forum software requires constant maintenance (patches, version
>>>>> upgrades,
>>>>> spambot registration preening, etc.) to maintain security for
>>>>> both the
>>>>> forum
>>>>> application as well as the machine it resides on.
>>>>> - Forums typically do not let members know when there are new
>>>>> posts -
>>>>> only
>>>>> if you're already subscribed to an existing topic.  If you don't
>>>>> login
>>>>> and
>>>>> check, you're not made aware of any important announcements.
>>>>> - Forums are higher targets for automated "sploit bots".
>>>>>
>>>>> Now, that's not to say that in addition to the mailing lists there
>>>>> couldn't
>>>>> (or shouldn't) be an official OWASP Forum.  I'm just pointing out
>>>>> that
>>>>> replacing the mailing lists with a forum might not be the best
>>>>> idea.
>>>>>
>>>>> Also, I'm curious to know how you mean, "mailing lists don't scale
>>>>> well."
>>>>> In what way?  How are they deficient?  How don't they "scale
>>>>> well"?  I'm
>>>>> not
>>>>> being carcastic, just curious by what you mean as it pertains to
>>>>> the
>>>>> OWASP
>>>>> lists.
>>>>>
>>>>>
>>>>> ~Kevin
>>>>>
>>>>> On Thu, Mar 5, 2009 at 1:27 PM, Tim Bass <tim.silkroad at gmail.com>
>>>>> wrote:
>>>>>>
>>>>>> Dear All,
>>>>>>
>>>>>> Mailing lists to not scale well.
>>>>>>
>>>>>> OWASP should consider moving to a modern, professional forum,  
>>>>>> like
>>>>>> vBulletin.
>>>>>>
>>>>>> The Ubuntu Forums
>>>>>> Linux Questions
>>>>>> The UNIX and Linux Forums
>>>>>>
>>>>>> etc.
>>>>>>
>>>>>> All these busy forums use vB.
>>>>>>
>>>>>> Email is so "last century" LOL.
>>>>>>
>>>>>> Cheers.
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Kevin Reiter
>>>>> NJNYMetro OWASP
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list