[Owasp-leaders] Mailing list -> Forum

Jerry Hoff jerry at owasp.org
Wed Feb 9 07:16:14 EST 2011

Hi everyone,

I agree with Larry's points (my summary):

- We can definitely implement a system (like on the mailing list) were we require or strongly encourage real names. 
- time efficiency is improved since you subscribe only to the threads you are interested in
- new posts pushed out over email - log in to respond.
- branching / following a thread would be improved
- i like the idea of icons for users + some kind of link to bio
- search-able forum history - old threads can be revived with context & decrease in duplicate questions (hopefully)
- legality should not be an issue - the server is hosted in the US, and is no different than the millions of other installed forums on the web.  Not sure what the issue would be here.


On 2/9/11 12:50 PM, Laurence Casey wrote:
> I would like to respond to all of the points below, because they are all
> good points. See below (-->).
> --Larry
> I use Google in those cases. How about providing a good designed search
> function on owasp.org?
> --> Using Google to search the mailman achieves does make it easier,
> agree. In using Google, we are forcing people to disengage from our
> content for searches, while forums will keep them local with built in
> search. Not sure people actually search archives, so this probably
> shouldn't be a determining factor. 
>> A move to a forum will build a stronger OWASP community (hopefully), 
>> allow for greater transparency among the various chapters, committees 
>> and the board, and will give new members a place to come and more
> easily
>> interact with the other members of the OWASP community.   It would
> leave
>> searchable record of all the collective OWASP security wisdom in one 
>> place.
>>> The searchable record is always there supposed the list(s) in question
> has the archives publicly available and the search bots find them.
> --> Relying on bots to build out search list while we could have the
> ability built in would offer more efficient searches. 
>> So does anyone have any strong opinions on the future of 
>> forum.owasp.org?  Larry Casey has generously offered to set it up, and
>> I think it would be a huge plus for the community.  As Michael Coates 
>> suggested, we could then start gradually migrating particular 
>> volunteer groups as a beta, and if it works out, we can ultimately 
>> migrate more mailing lists over to a forum.
>>> You're really rushing into this? If you really intend to do this,
> please design it properly, see below.
>>> Call me an old fart but I am not really in favor of forums.
> --> This has been on the table for a couple years now. I even went as
> far as to setup a forum for testing. Since it was not widely announced,
> that is most likely why it didn't take off. I would disagree that we are
> rushing. 
> There are several catches:
> * it's less personal, unless you strongly encourage people to
>   use their real names and list them also in the posting.
> --> Totally agree that it is less personal, if we could force usernames
> to real names with an approval process this could help reduce that
> perception.
> * it requires users to change their reading behavior. E-mails
>   are pushed out, forums are working in pull mode. (some
>   people don't use rss feeds).
> --> Forums do have the ability to email individual or complete sub forum
> posts. You would only need to go to the forum to post replies.
> * you need to reload the page in order to follow a discussion
>   (ok, you can have e.g. a piece of script doing this for you but it's
>   not KISS). Well, or send notifications out which you need
>   to do anyway.
> --> To me this is a plus. You don't have to wait for an email to come
> through. It would actually be easier to see posts in order. Mailing
> lists have the tendency of becoming branched and out of order.
> * the ratio of text vs. graphics (i.e. signal to noise) is worse
> --> This is actually great. We could have icons for different members
> (OWASP Follower, OWASP Member, Corporate Member,...). Nothing wrong with
> having a little art while you read.
> * some people do like the idea to read what's going on with any client
>   while on the road, also a mobile client. Those devices have no a 24''
>   inch display, so pure text is the right thing(TM) here.
> --> Having threads emailed to you will resolve this problem as mentioned
> above.
> * Forums I know provide less sort functionality as opposed to mailman
>   archives, e.g. in terms of discussion threads, time, people and so on.
>   The only thing with mailman is that you need to tune mailman though
>   to get the right archiving options, e.g. low traffic lists and
>   one month archiving doesn't make sense.
> --> Forums offer more functionality! No tuning in mailmain is going to
> offer the same level.
> * for sure you can pretty much loose the overview if you look at a forum
> as
>   opposed to e-mails which you have in your folder. This is IMO also
>   true if for most forums with their crappy threaded viewing options
>   compared to mailman archives.
> --> Not sure what forum threading you are talking about. I have seen
> some real bad threading, but that is not what I am seeing in the
> software I had setup a couple years ago.
> * in some countries there are legal restrictions. E.g. in Germany there
>   were some rulings from different courts saying that the owner has
>   legal responsibility for what people are writing, in a forum. There
> are
>   lawyers around who make their living by money sending owners of a
> forums
>   cease-and-desist orders because people posted links to "illegal
> sites",
>   insulting others, criticizing products and so on and so forth.
> --> This is something a lawyer would have to chime in on, but since
> OWASP is a US based non-profit I think this wouldn't be a problem. How
> does this differ from a publically searchable mailing list? Forums offer
> the ability to moderate risky content on the fly. Mailman requires back
> end work to moderate content. Over the past year alone, I have been
> asked to remove personal information, which could easily be done by
> moderators. This empowers the leaders.
>   I know it sucks badly and I don't know whether this also applies to
> the
>   owasp-germany list if it would be a forum as it is hosted in the
>   US. Currently though the 4 maintainers of this list are all Germans.
>   Personally I do not want to be held legally responsible for postings.
>   This would need to be checked by a lawyer. Also for other countries.
>   Maybe the machine translation helps shedding light on this:
> http://translate.google.com/translate?hl=en&ie=UTF-8&sl=auto&tl=en&u=htt
> p://de.wikipedia.org/wiki/Forenhaftung&prev=_t
>   (note the last paragraph about US courts)
> * Security, usability: One more account, one more password. Not
> everybody
>   is using on every device a password manager.
> --> Not sure it's possible, but I would be looking to integrate with
> Wiki for accounts. Even if this is not possible, accounts are part of
> conducting business online. I use password safe which is most likely the
> same way others work. 
>> We can also port the existing mail lists archives into the forum, for 
>> historical purposes.
>> This would give a centralized home for all the regional chapters, 
>> committees, projects, conferences and the board.
>> So leaders, what say you?
> Please keep mailman. As the archives are 100% text you could as well
> pour them in any web based forum.
> And if you still want a forum: pipe the postings also to the e-mail
> subscribers as I and maybe others still prefer e-mails.
> --> Porting all of the archives to the forum and removing the existing
> mailman archives would be the plan. 
> Dirk
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list