[Owasp-leaders] Rackspace, Migration, Stepping down
jim.manico at owasp.org
Wed Aug 17 20:17:25 EDT 2011
First of all, Larry is awesome. I consider him a personal friend and have
reached out to support him when I can.
Second, haven't we been paying Aspect for some of Larry's services? I've
seen bills come in from Aspect for Larry. I'm just confused between what
OWASP pays Larry directly, what Larry volunteers, and what we pay to Aspect
for Larry's time. To my knowledge this has never been made clear to the
Third, I'm sorry that is "pains you" when folks state when the site goes
down, but it's also pains the European and other non-US communities who are
trying to edit content. When folks state the site is down, which happens on
a regular basis, it's not to attack Larry or anyone else, it's to provide
Fourth, there are many capable designers all over the world (with great
skill) who could feed several families on 50$USD/hr. It's shameful that you
only compare Larry's rate to US resources. OWASP is a global community,
right? If we put out RFP's worldwide you would be shocked to see what kind
of full time resources we could leverage at rates much lower than 50$USD/hr.
Larry is awesome and I'm grateful for his service regardless of his
compensation. But I think it's critical that you tell "the rest of the
story" before you literally try to shame the entire OWASP international
On Aug 17, 2011, at 6:54 PM, Jason Li <jason.li at owasp.org> wrote:
Last month there was a huge uproar about the need for OWASP to respect its
I would like to bring to the community's attention a situation that has
existed for far too long, where one of our greatest contributors has not
been given due respect. In fact, I find that far too often, he is
disrespected in the community.
Larry Casey has contributed an enormous amount to the success of OWASP -
contributions that go largely unnoticed until something goes wrong.
There is a lot of confusion over his role at OWASP and I would like to share
the facts as far I know them.
Larry has spent the last several years serving as the *volunteer*
administrator of OWASP's infrastructure. While OWASP has paid for the
hardware, the bandwidth, etc, the actual task of administrating has been
largely performed on a volunteer basis.
Every time the OWASP site is down, it pains me to see the rapid flux of
messages to the Leader's List saying "OWASP Site is Down" followed by the
inevitable floods of "Me too!" "Me three!" " Me five hundred
thousand!". Larry has abandoned personal events and plans in the past to
attend to these outages as soon as possible - and we are not paying him to
OWASP has paid Larry directly for graphic design work in the past - but in
terms of basic system administrative tasks, Larry has selflessly devoted
countless hours of his time to keeping OWASP alive and well.
When was the last time you've heard of a Board member, a Committee member, a
project leader or a chapter leader dropping whatever they were doing to
attend to something for OWASP?
And yet we as a community somehow *expect* this of Larry.
It is no wonder that he has been trying to step down since ***JULY 2009*** (
In that time, many people have raised their hand to volunteer to help. In
fact, Larry invested some significant time setting up the supporting
infrastructure to properly segregate and delegate administrative privileges
for those folks. But no one has actually committed to following through when
the going gets tough.
And I don't blame them!
We are all volunteers here at OWASP - I certainly don't want my phone
ringing at 3AM on a Saturday with a message from the community complaining
that the web site is down. I certainly don't want messages in my mailbox
from random leaders impatiently asking when this will be setup, or that will
be finished, or this can be done. I certainly don't want to bear the brunt
of criticism while receiving none of the praise associated with
administering the OWASP website and infrastructure.
It's easy to be a volunteer systems administrator when there's nothing going
wrong --- it all practically runs itself!
But when things do go wrong, through no fault of anyone, Larry has been the
*only* volunteer willing to take the task by the reigns and work the grind
to make sure the site goes back up in a *timely* manner (believe it or not,
our uptime is actually *very* good because outages are infrequent and
attended to quickly).
It is because Larry loves OWASP that he continues to do the job behind the
scenes despite his expressed desire NOT to be saddled with the
*responsibility* that comes with being a systems administrator.
Larry is one of the few people at OWASP that I feel truly understands that
being an OWASP leader comes with a *responsibility*. While other leaders
miss meetings and skip deadlines, Larry has always executed the
*responsibility* of maintaining our infrastructure. We leaders can only hope
to follow that example in our roles.
I feel we are grossly underestimating the value that Larry has provided in
terms of systems administration. I question whether we can find a volunteer
that is willing to *commit* to the same level, responding to outages in a
timely manner even in the middle of personal events.
For that level of service, we probably need to pay someone. In fact, we
probably should have been paying Larry all along for the emergency
administration services he provides.
I see that several leaders have exclaimed their desire to see Larry continue
on in his role. I too would be sad to see Larry go. We at OWASP have done a
*terrible* job of showing Larry the respect he deserves and I am truly sorry
that he feels the need to move on.
I hope that as a community, we can determine a way to properly recognize
Larry for his contributions and show him the respect he deserves - whether
that respect is through compensating him fairly for his contributions that
go far beyond what we can expect of a volunteer, or by simply respecting his
wish to step aside.
On Wed, Aug 17, 2011 at 6:12 PM, Laurence Casey <larry.casey at owasp.org>wrote:
> ** **
> I would like to thank everyone who I’ve net over the years both in person
> and via email only. It has come the time for me to move on to other
> projects. ****
> ** **
> The contract is just about done for Rackspace, so here is the plan.****
> ** **
> **1. **Migrate OWASP’s wiki to the new hosted environment.****
> **2. **Migrate OWASP’s Ads to the new hosted environment.****
> **3. **Migrate OWASP Rugged Code to the new hosted environment.****
> **4. **Migrate OWASP’s email list content to the new hosted
> environment. ****
> ** **
> Once OWASP is relocated to its new home, OWASP will need to find another
> administrator to manage the new infrastructure. If somebody wants to step
> forward now and help with the move, that would be the best time to set
> things up the way you want. ****
> ** **
> Thank again for the opportunity to be a part of this great organization.**
> ** **
> --Larry Casey****
> ** **
> ** **
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
Committees-chairs mailing list
Committees-chairs at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders