[Owasp-leaders] Mailing list -> Forum

Jerry Hoff jerry at owasp.org
Wed Feb 9 14:32:10 EST 2011


>>I am not sure whether I should take offence to the 1990's style
comment or not :)

Absolutely no offense intended sir! :)

I think the consensus we came up with was to provide a forum which is
fully integrated into the mailing list.  There will be a security issue
in the fact that authentication will be based on email headers, but we
are working to come up with a solution for that.

I think browser based software does have an entry hurdle (i guess) but
there is an equal, if not greater, hurdle for mailing lists. 

>>Collaboration is obviously a completely different issue, but if that
was the case OWASP Could easily use the Google Apps infrastructure and
they would even end up with their very own Jabber network

This is proving to be a problem, as there is apparently vehement
disagreement with many OWASP'ers who don't want to have a google ID. 
Otherwise we would simply use a google group in lieu for setting up our
own forum.

>>but getting rid of (or making people choose between) the mailing list
just sounds foolish to me.

Fair enough, but the solution that is being proposed is a forum +
mailing list integration.  The only debate on this has been if we can
post from the mailing list to the forum.  There is a security risk there
of mail header forgery, but we can either 1) overcome this with a
technical solution (randomized email addresses) or 2) accept the risk
and move on. 

It may also be a bit foolish to continue with an exclusive mailing list,
and therefore exclude the participation of untold numbers of people who
prefer forums to mailing lists. 

I am hoping the forum + mailing list integration would be a reasonable
compromise. 

Thoughts?

Jerry



On 2/9/11 4:37 PM, David wrote:
> <snip>
>> I know Larry Casey and Jason Li have plans concerning project hosting,
>> and a bunch of other goodies.  It's really a matter of getting people to
>> use these tools.  forum.owasp.org was up for 6 months and apparently it
>> didn't work out last year.  But once we get weened off the 1990's style
>> mailing list, we can definitely progress forward.  I was thinking a
>> forum is a good first step, but just the first step.  :)
>>
> Hello Jerry.
>
> I am not sure whether I should take offence to the 1990's style comment
> or not :)
> I think the Mailing list is perfectly suited for what we are doing with
> it. If archiving and retrieving information is truly an issue, then I am
> sure third party open source software exists to take care of that problem.
>
> As you mentioned before, browser based software has an entry hurdle.
> Most of us are very happy and familiar with our email clients. We have
> our beloved filters, we know where stuff goes and threading works about
> 100%  better in an email client than on any forum software I have seen.
>
> Collaboration is obviously a completely different issue, but if that was
> the case OWASP Could easily use the Google Apps infrastructure and they
> would even end up with their very own Jabber network.
>
> So in all honesty, a forum might be a good thing to supplement some of
> the longer running discussions and sticky information, but getting rid
> of (or making people choose between) the mailing list just sounds
> foolish to me.
> Thank you
>
> David
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the OWASP-Leaders mailing list