[Owasp-leaders] [GPC] Remote Repositories on SourceForge

Jason Li jason.li at owasp.org
Thu Jan 5 07:18:09 UTC 2012


We are using SourceForge as a mechanism to organize our project metadata
and display our library of projects in a consumable fashion. The code
repository functions and other features of SourceForge are *available* to
project leaders, but they are not required to use SourceForge as their code
repository. It is an *option* for project leaders and a choice to be made
by the project leader. My understanding is that the ESAPI project decided
to transition to SourceForge, as is their choice.

Regarding mailing lists, a combination of automated processes and OWASP
staff largely maintain the mailing lists. Management of mailing lists is
not a GPC responsibility. Nonetheless, Kate explains in the very thread you
cite explains the mechanism that creates the leader's list, which explains
your prior predicament.

Regarding selection of SourceForge, as has been previously mentioned, we
had an open RFP for project infrastructure. We evaluated the proposals we
received and chose the best candidate proposal (
http://sl.owasp.org/gpcws-jun11-proceedings#h.4z9gh8ff79fg). There will
always be concerns about decisions and choices made, but organizations
cannot stand perpetually waiting for the fictional perfect solution that
simultaneously solves everything and is amenable to 100% of the audience.
Organizations do the best that they can with what the responses they


On Wed, Jan 4, 2012 at 9:03 PM, Christian Heinrich <
christian.heinrich at owasp.org> wrote:

> GPC,
> To quote the e-mail from the esapi-dev e-mail below - can you please advise
> if Project Leaders are to be burdened in moving their repositories' to
> SourceForge as opposed a GPC resource establishing a remote repository at
> SourceForge which "pulls" at specific intervals i.e. the Project Leader
> maintains their existing repository on Google Code, GitHub, etc?
> If the GPC has the expectation to collapse the existing respositories' on
> Google Code, GitHub, etc, can the GPG outline what "safeguards" they have
> implemented to ensure ongoing community goodwill and avoid other Project
> Leaders enduring similar distress that I experienced when I suddenly lost
> membership to a number of OWASP Mailing Lists without notification or due
> process i.e.
> http://lists.owasp.org/pipermail/owasp-board/2010-July/008706.html?
> How will reduced consumer expectation be managed when the time to perform a
> "svn checkout" (i.e. the latest commit) is now significantly greater with
> "git clone" (i.e. all commits)?
> Also, can the GPC indicate when they intend to address the outstanding
> concerns, i.e.
> http://lists.owasp.org/pipermail/owasp-leaders/2011-November/006380.html,
> of
> their selection of SourceForge?
> -----Original Message-----
> From: esapi-dev-bounces at lists.owasp.org
> [mailto:esapi-dev-bounces at lists.owasp.org] On Behalf Of Chris Schmidt
> Sent: Friday, December 09, 2011 5:24 PM
> To: ESAPI Devs
> Subject: [Esapi-dev] Updates from me
> 2) Project Homepage and Hosting @ SF
> I have all the pieces in place to start migrating ESAPI projects over to
> our
> new home at SourceForge. I have created a new GIT repository to replace our
> subversion repository. This should allow for simpler branching and the
> ability for people to fork and do all kinds of interesting stuff with the
> source. Our existing subversion repository will be retained in a read-only
> state once we cut over for the individual projects.
> --
> Regards,
> Christian Heinrich
> http://www.owasp.org/index.php/user:cmlh
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120105/ef0cf210/attachment-0001.html>

More information about the OWASP-Leaders mailing list