[Owasp-leaders] Mailing list -> Forum

Jason Li jason.li at owasp.org
Wed Feb 9 06:45:08 EST 2011


I personally think that would be a great OWASP outreach project!

Be warned though that m2f hasn't seen activity since 2009.

-Jason


On Wed, Feb 9, 2011 at 11:35 AM, psiinon <psiinon at gmail.com> wrote:

> I'm not a fan of reinventing the wheel, unless there are very good reasons
> ;)
> Rather than implementing something new, couldnt we work with the phpBB
> and m2f developers to upgrade and harden these projects?
>
> Psiinon
>
> On Wed, Feb 9, 2011 at 11:32 AM, Jason Li <jason.li at owasp.org> wrote:
> > Security is another reason we shied away from phpBB :)
> > -Jason
> >
> > On Wed, Feb 9, 2011 at 11:28 AM, Dr. Dirk Wetter <dirk.wetter at owasp.org>
> > wrote:
> >>
> >> Are we into a hardening phpBB project or yet another CTF competion ? ;-)
> >> SCNR, Dirk
> >>
> >> Jason Li schrieb, Am 02/09/2011 12:21 PM:
> >> > We definitely know that email integration is important - this was one
> of
> >> > the primary lessons we learned when we tried to implement forums three
> >> > years ago following the last 2008 Summit.
> >> >
> >> > The difficulty we ran into is that there are very few established
> >> > products that support forum mailing list integration. For example, m2f
> >> > is a plugin for phpBB that does exactly what we want - but it's very
> >> > outdated and doesn't work with the latest version of phpBB - as
> security
> >> > folks, we were remiss to not be using the latest patched version of
> >> > phpBB.  Yahoo Groups also provides mailing lists while having online
> >> > messages, but like Google Groups, requires a Yahoo account.
> >> >
> >> > If anyone is aware of an existing product that does online forums and
> >> > mailing list integration automatically, please speak up! :)
> >> >
> >> > I'm sure that we have the technical capability within OWASP to
> implement
> >> > email integration ourselves if necessary.
> >> >
> >> > -Jason
> >> >
> >> > On Wed, Feb 9, 2011 at 10:34 AM, Ofer Maor <ofer.maor at owasp.org
> >> > <mailto:ofer.maor at owasp.org>> wrote:
> >> >
> >> >     I Don’t think we need a trial to tell the diff between forum and
> >> >     email J
> >> >
> >> >     Forum is by far more useful for threaded discussions (assuming
> it’s
> >> >     a good forum J), but has an inherent problem of requiring people
> to
> >> >     actively load it. As most of us do OWASP as something in addition
> to
> >> >     their day job, it is obvious this will reduce participation… I
> have
> >> >     a few forums I’m into (hobbies), and I only go on them when I have
> >> >     some free time. The OWASP mailing list, I get pushed to the
> outlook
> >> >     and phone which I work on (and I assume it’s similar for many
> >> > others).
> >> >
> >> >
> >> >
> >> >     This can be partially circumvented by using RSS feeds, though
> still
> >> >     – you’ll have to open the forum once u get the feed to reply,
> making
> >> >     it much harder to do “in between” other email related work.
> >> >
> >> >
> >> >
> >> >     Ofer.
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >     *From:* owasp-leaders-bounces at lists.owasp.org
> >> >     <mailto:owasp-leaders-bounces at lists.owasp.org>
> >> >     [mailto:owasp-leaders-bounces at lists.owasp.org
> >> >     <mailto:owasp-leaders-bounces at lists.owasp.org>] *On Behalf Of
> *Seba
> >> >     *Sent:* Wednesday, February 09, 2011 12:29
> >> >     *To:* owasp-leaders
> >> >     *Subject:* Re: [Owasp-leaders] Mailing list -> Forum
> >> >
> >> >
> >> >
> >> >     unless we give it a good trial run, we will keep running un
> circles
> >> >     here.
> >> >
> >> >     Let's discuss this on the forum? :-)
> >> >
> >> >
> >> >
> >> >     --Seba
> >> >
> >> >     On Wed, Feb 9, 2011 at 11:14 AM, Ofer Maor <ofer.maor at owasp.org
> >> >     <mailto:ofer.maor at owasp.org>> wrote:
> >> >
> >> >     I'm against forums, unless coupled with email. I read 90% of my
> >> >     owasp emails from my phone as they r pushed in. If I'd have to
> >> >     actively open a forum I'd likely miss half of what's going on.
> >> >
> >> >     Ofer.
> >> >
> >> >     // Sent from my iPhone
> >> >
> >> >
> >> >     On Feb 9, 2011, at 2:23, Jerry Hoff <jerry at owasp.org
> >> >     <mailto:jerry at owasp.org>> wrote:
> >> >
> >> >     > Hi Leaders,
> >> >     >
> >> >     > I'm writing to put forth an idea that has been floating around
> >> >     OWASP for
> >> >     > a while, but needs to be implemented. The move from email list
> ->
> >> >     owasp
> >> >     > forum.  Although the mailing lists are published, I think the
> >> > general
> >> >     > consensus is that the archives are:
> >> >     >
> >> >     > 1) hard to find (in some cases you can only access them via
> forced
> >> >     browsing)
> >> >     > 2) definitely not user-friendly for searching
> >> >     >
> >> >     > A move to a forum will build a stronger OWASP community
> >> > (hopefully),
> >> >     > allow for greater transparency among the various chapters,
> >> > committees
> >> >     > and the board, and will give new members a place to come and
> more
> >> >     easily
> >> >     > interact with the other members of the OWASP community.   It
> would
> >> >     leave
> >> >     > searchable record of all the collective OWASP security wisdom in
> >> > one
> >> >     > place.
> >> >     >
> >> >     > So does anyone have any strong opinions on the future of
> >> >     > forum.owasp.org <http://forum.owasp.org>?  Larry Casey has
> >> >     generously offered to set it up, and I
> >> >     > think it would be a huge plus for the community.  As Michael
> >> > Coates
> >> >     > suggested, we could then start gradually migrating particular
> >> >     volunteer
> >> >     > groups as a beta, and if it works out, we can ultimately migrate
> >> > more
> >> >     > mailing lists over to a forum.
> >> >     >
> >> >     > We can also port the existing mail lists archives into the
> forum,
> >> > for
> >> >     > historical purposes.
> >> >     >
> >> >     > This would give a centralized home for all the regional
> chapters,
> >> >     > committees, projects, conferences and the board.
> >> >     >
> >> >     > So leaders, what say you?
> >> >     >
> >> >     > Jerry Hoff
> >> >     > _______________________________________________
> >> >     > OWASP-Leaders mailing list
> >> >     > OWASP-Leaders at lists.owasp.org
> >> > <mailto:OWASP-Leaders at lists.owasp.org>
> >> >     > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >> >     _______________________________________________
> >> >     OWASP-Leaders mailing list
> >> >     OWASP-Leaders at lists.owasp.org <mailto:
> OWASP-Leaders at lists.owasp.org>
> >> >     https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >> >
> >> >
> >> >
> >> >
> >> >     _______________________________________________
> >> >     OWASP-Leaders mailing list
> >> >     OWASP-Leaders at lists.owasp.org <mailto:
> OWASP-Leaders at lists.owasp.org>
> >> >     https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >> >
> >> >
> >> >
> >> >
> ------------------------------------------------------------------------
> >> >
> >> > _______________________________________________
> >> > OWASP-Leaders mailing list
> >> > OWASP-Leaders at lists.owasp.org
> >> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>
> >> _______________________________________________
> >> OWASP-Leaders mailing list
> >> OWASP-Leaders at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> >
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110209/52fd1f47/attachment.html 


More information about the OWASP-Leaders mailing list