[Owasp-leaders] Mailing list -> Forum

Dr. Dirk Wetter dirk.wetter at owasp.org
Wed Feb 9 04:42:08 EST 2011

Hi Jerry,

Jerry Hoff schrieb, Am 02/09/2011 03:23 AM:
> Hi Leaders,
> I'm writing to put forth an idea that has been floating around OWASP for
> a while, but needs to be implemented. The move from email list -> owasp
> forum.  Although the mailing lists are published, I think the general
> consensus is that the archives are:
> 1) hard to find (in some cases you can only access them via forced browsing)
> 2) definitely not user-friendly for searching

I use Google in those cases. How about providing a good designed search
function on owasp.org?

> A move to a forum will build a stronger OWASP community (hopefully),
> allow for greater transparency among the various chapters, committees
> and the board, and will give new members a place to come and more easily
> interact with the other members of the OWASP community.   It would leave
> searchable record of all the collective OWASP security wisdom in one
> place. 

The searchable record is always there supposed the list(s) in question
has the archives publicly available and the search bots find them.

> So does anyone have any strong opinions on the future of
> forum.owasp.org?  Larry Casey has generously offered to set it up, and I
> think it would be a huge plus for the community.  As Michael Coates
> suggested, we could then start gradually migrating particular volunteer
> groups as a beta, and if it works out, we can ultimately migrate more
> mailing lists over to a forum. 

You're really rushing into this? If you really intend to do this,
please design it properly, see below.

Call me an old fart but I am not really in favor of forums.

There are several catches:

* it's less personal, unless you strongly encourage people to
  use their real names and list them also in the posting.

* it requires users to change their reading behavior. E-mails
  are pushed out, forums are working in pull mode. (some
  people don't use rss feeds).

* you need to reload the page in order to follow a discussion
  (ok, you can have e.g. a piece of script doing this for you but it's
  not KISS). Well, or send notifications out which you need
  to do anyway.

* the ratio of text vs. graphics (i.e. signal to noise) is worse

* some people do like the idea to read what's going on with any client
  while on the road, also a mobile client. Those devices have no a 24''
  inch display, so pure text is the right thing(TM) here.

* Forums I know provide less sort functionality as opposed to mailman
  archives, e.g. in terms of discussion threads, time, people and so on.
  The only thing with mailman is that you need to tune mailman though
  to get the right archiving options, e.g. low traffic lists and
  one month archiving doesn't make sense.

* for sure you can pretty much loose the overview if you look at a forum as
  opposed to e-mails which you have in your folder. This is IMO also
  true if for most forums with their crappy threaded viewing options
  compared to mailman archives.

* in some countries there are legal restrictions. E.g. in Germany there
  were some rulings from different courts saying that the owner has
  legal responsibility for what people are writing, in a forum. There are
  lawyers around who make their living by money sending owners of a forums
  cease-and-desist orders because people posted links to "illegal sites",
  insulting others, criticizing products and so on and so forth.

  I know it sucks badly and I don't know whether this also applies to the
  owasp-germany list if it would be a forum as it is hosted in the
  US. Currently though the 4 maintainers of this list are all Germans.
  Personally I do not want to be held legally responsible for postings.
  This would need to be checked by a lawyer. Also for other countries.

  Maybe the machine translation helps shedding light on this:
  (note the last paragraph about US courts)

* Security, usability: One more account, one more password. Not everybody
  is using on every device a password manager.

> We can also port the existing mail lists archives into the forum, for
> historical purposes. 
> This would give a centralized home for all the regional chapters,
> committees, projects, conferences and the board.
> So leaders, what say you?

Please keep mailman. As the archives are 100% text you could as well
pour them in any web based forum.

And if you still want a forum: pipe the postings also to the e-mail
subscribers as I and maybe others still prefer e-mails.


More information about the OWASP-Leaders mailing list