[Owasp-leaders] Mailing list -> Forum

Jerry Hoff jerry at owasp.org
Wed Feb 9 07:04:13 EST 2011


Like media wiki?  :)  

The more I think about it, there is going to be significant
authentication issues with using mailing lists + bulletin board.  Is
authentication going to be based on email headers?  No way.

So i think we should start testing a forum.  Maybe not with leaders, but
maybe we start with the projects, see how it works out, then proceed
forward.

Sound reasonable?

Jerry




On 2/9/11 12:32 PM, Jason Li wrote:
> Security is another reason we shied away from phpBB :)
>
> -Jason
>
> On Wed, Feb 9, 2011 at 11:28 AM, Dr. Dirk Wetter
> <dirk.wetter at owasp.org <mailto:dirk.wetter at owasp.org>> wrote:
>
>
>     Are we into a hardening phpBB project or yet another CTF competion
>     ? ;-)
>     SCNR, Dirk
>
>     Jason Li schrieb, Am 02/09/2011 12:21 PM:
>     > We definitely know that email integration is important - this
>     was one of
>     > the primary lessons we learned when we tried to implement forums
>     three
>     > years ago following the last 2008 Summit.
>     >
>     > The difficulty we ran into is that there are very few established
>     > products that support forum mailing list integration. For
>     example, m2f
>     > is a plugin for phpBB that does exactly what we want - but it's very
>     > outdated and doesn't work with the latest version of phpBB - as
>     security
>     > folks, we were remiss to not be using the latest patched version of
>     > phpBB.  Yahoo Groups also provides mailing lists while having online
>     > messages, but like Google Groups, requires a Yahoo account.
>     >
>     > If anyone is aware of an existing product that does online
>     forums and
>     > mailing list integration automatically, please speak up! :)
>     >
>     > I'm sure that we have the technical capability within OWASP to
>     implement
>     > email integration ourselves if necessary.
>     >
>     > -Jason
>     >
>     > On Wed, Feb 9, 2011 at 10:34 AM, Ofer Maor <ofer.maor at owasp.org
>     <mailto:ofer.maor at owasp.org>
>     > <mailto:ofer.maor at owasp.org <mailto:ofer.maor at owasp.org>>> wrote:
>     >
>     >     I Don’t think we need a trial to tell the diff between forum and
>     >     email J
>     >
>     >     Forum is by far more useful for threaded discussions
>     (assuming it’s
>     >     a good forum J), but has an inherent problem of requiring
>     people to
>     >     actively load it. As most of us do OWASP as something in
>     addition to
>     >     their day job, it is obvious this will reduce participation…
>     I have
>     >     a few forums I’m into (hobbies), and I only go on them when
>     I have
>     >     some free time. The OWASP mailing list, I get pushed to the
>     outlook
>     >     and phone which I work on (and I assume it’s similar for
>     many others).
>     >
>     >
>     >
>     >     This can be partially circumvented by using RSS feeds,
>     though still
>     >     – you’ll have to open the forum once u get the feed to
>     reply, making
>     >     it much harder to do “in between” other email related work.
>     >
>     >
>     >
>     >     Ofer.
>     >
>     >
>     >
>     >
>     >
>     >     *From:* owasp-leaders-bounces at lists.owasp.org
>     <mailto:owasp-leaders-bounces at lists.owasp.org>
>     >     <mailto:owasp-leaders-bounces at lists.owasp.org
>     <mailto:owasp-leaders-bounces at lists.owasp.org>>
>     >     [mailto:owasp-leaders-bounces at lists.owasp.org
>     <mailto:owasp-leaders-bounces at lists.owasp.org>
>     >     <mailto:owasp-leaders-bounces at lists.owasp.org
>     <mailto:owasp-leaders-bounces at lists.owasp.org>>] *On Behalf Of *Seba
>     >     *Sent:* Wednesday, February 09, 2011 12:29
>     >     *To:* owasp-leaders
>     >     *Subject:* Re: [Owasp-leaders] Mailing list -> Forum
>     >
>     >
>     >
>     >     unless we give it a good trial run, we will keep running un
>     circles
>     >     here.
>     >
>     >     Let's discuss this on the forum? :-)
>     >
>     >
>     >
>     >     --Seba
>     >
>     >     On Wed, Feb 9, 2011 at 11:14 AM, Ofer Maor
>     <ofer.maor at owasp.org <mailto:ofer.maor at owasp.org>
>     >     <mailto:ofer.maor at owasp.org <mailto:ofer.maor at owasp.org>>>
>     wrote:
>     >
>     >     I'm against forums, unless coupled with email. I read 90% of my
>     >     owasp emails from my phone as they r pushed in. If I'd have to
>     >     actively open a forum I'd likely miss half of what's going on.
>     >
>     >     Ofer.
>     >
>     >     // Sent from my iPhone
>     >
>     >
>     >     On Feb 9, 2011, at 2:23, Jerry Hoff <jerry at owasp.org
>     <mailto:jerry at owasp.org>
>     >     <mailto:jerry at owasp.org <mailto:jerry at owasp.org>>> wrote:
>     >
>     >     > Hi Leaders,
>     >     >
>     >     > I'm writing to put forth an idea that has been floating around
>     >     OWASP for
>     >     > a while, but needs to be implemented. The move from email
>     list ->
>     >     owasp
>     >     > forum.  Although the mailing lists are published, I think
>     the general
>     >     > consensus is that the archives are:
>     >     >
>     >     > 1) hard to find (in some cases you can only access them
>     via forced
>     >     browsing)
>     >     > 2) definitely not user-friendly for searching
>     >     >
>     >     > A move to a forum will build a stronger OWASP community
>     (hopefully),
>     >     > allow for greater transparency among the various chapters,
>     committees
>     >     > and the board, and will give new members a place to come
>     and more
>     >     easily
>     >     > interact with the other members of the OWASP community.  
>     It would
>     >     leave
>     >     > searchable record of all the collective OWASP security
>     wisdom in one
>     >     > place.
>     >     >
>     >     > So does anyone have any strong opinions on the future of
>     >     > forum.owasp.org <http://forum.owasp.org>
>     <http://forum.owasp.org>?  Larry Casey has
>     >     generously offered to set it up, and I
>     >     > think it would be a huge plus for the community.  As
>     Michael Coates
>     >     > suggested, we could then start gradually migrating particular
>     >     volunteer
>     >     > groups as a beta, and if it works out, we can ultimately
>     migrate more
>     >     > mailing lists over to a forum.
>     >     >
>     >     > We can also port the existing mail lists archives into the
>     forum, for
>     >     > historical purposes.
>     >     >
>     >     > This would give a centralized home for all the regional
>     chapters,
>     >     > committees, projects, conferences and the board.
>     >     >
>     >     > So leaders, what say you?
>     >     >
>     >     > Jerry Hoff
>     >     > _______________________________________________
>     >     > OWASP-Leaders mailing list
>     >     > OWASP-Leaders at lists.owasp.org
>     <mailto:OWASP-Leaders at lists.owasp.org>
>     <mailto:OWASP-Leaders at lists.owasp.org
>     <mailto:OWASP-Leaders at lists.owasp.org>>
>     >     > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>     >     _______________________________________________
>     >     OWASP-Leaders mailing list
>     >     OWASP-Leaders at lists.owasp.org
>     <mailto:OWASP-Leaders at lists.owasp.org>
>     <mailto:OWASP-Leaders at lists.owasp.org
>     <mailto:OWASP-Leaders at lists.owasp.org>>
>     >     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>     >
>     >
>     >
>     >
>     >     _______________________________________________
>     >     OWASP-Leaders mailing list
>     >     OWASP-Leaders at lists.owasp.org
>     <mailto:OWASP-Leaders at lists.owasp.org>
>     <mailto:OWASP-Leaders at lists.owasp.org
>     <mailto:OWASP-Leaders at lists.owasp.org>>
>     >     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>     >
>     >
>     >
>     >
>     ------------------------------------------------------------------------
>     >
>     > _______________________________________________
>     > OWASP-Leaders mailing list
>     > OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110209/2f1d0daa/attachment.html 


More information about the OWASP-Leaders mailing list