[Owasp-leaders] [GPC] Remote Repositories on SourceForge

psiinon psiinon at gmail.com
Thu Jan 5 08:22:20 UTC 2012


 Hi Jason,

That sounds like a good compromise - previously I got the impression that
all of the OWASP projects would be required to migrate to SourceForge,
which I think would have been a problem for some projects.

How is the new infrastructure progressing?
Do you have a timeline for when it will start becoming available?

I'm guessing the plans dont currently include the management of project
extensions (app store / market place)?
Is this something that might be included in the future?

Cheers,

Simon

-- 
Vote for ZAP as the Toolsmith Tool of The
Year<http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html>


On Thu, Jan 5, 2012 at 7:18 AM, Jason Li <jason.li at owasp.org> wrote:

> Christian,
>
> We are using SourceForge as a mechanism to organize our project metadata
> and display our library of projects in a consumable fashion. The code
> repository functions and other features of SourceForge are *available* to
> project leaders, but they are not required to use SourceForge as their code
> repository. It is an *option* for project leaders and a choice to be made
> by the project leader. My understanding is that the ESAPI project decided
> to transition to SourceForge, as is their choice.
>
> Regarding mailing lists, a combination of automated processes and OWASP
> staff largely maintain the mailing lists. Management of mailing lists is
> not a GPC responsibility. Nonetheless, Kate explains in the very thread you
> cite explains the mechanism that creates the leader's list, which explains
> your prior predicament.
>
> Regarding selection of SourceForge, as has been previously mentioned, we
> had an open RFP for project infrastructure. We evaluated the proposals we
> received and chose the best candidate proposal (
> http://sl.owasp.org/gpcws-jun11-proceedings#h.4z9gh8ff79fg). There will
> always be concerns about decisions and choices made, but organizations
> cannot stand perpetually waiting for the fictional perfect solution that
> simultaneously solves everything and is amenable to 100% of the audience.
> Organizations do the best that they can with what the responses they
> receive.
>
> -Jason
>
> On Wed, Jan 4, 2012 at 9:03 PM, Christian Heinrich <
> christian.heinrich at owasp.org> wrote:
>
>> GPC,
>>
>> To quote the e-mail from the esapi-dev e-mail below - can you please
>> advise
>> if Project Leaders are to be burdened in moving their repositories' to
>> SourceForge as opposed a GPC resource establishing a remote repository at
>> SourceForge which "pulls" at specific intervals i.e. the Project Leader
>> maintains their existing repository on Google Code, GitHub, etc?
>>
>> If the GPC has the expectation to collapse the existing respositories' on
>> Google Code, GitHub, etc, can the GPG outline what "safeguards" they have
>> implemented to ensure ongoing community goodwill and avoid other Project
>> Leaders enduring similar distress that I experienced when I suddenly lost
>> membership to a number of OWASP Mailing Lists without notification or due
>> process i.e.
>> http://lists.owasp.org/pipermail/owasp-board/2010-July/008706.html?
>>
>> How will reduced consumer expectation be managed when the time to perform
>> a
>> "svn checkout" (i.e. the latest commit) is now significantly greater with
>> "git clone" (i.e. all commits)?
>>
>> Also, can the GPC indicate when they intend to address the outstanding
>> concerns, i.e.
>> http://lists.owasp.org/pipermail/owasp-leaders/2011-November/006380.html,
>> of
>> their selection of SourceForge?
>>
>> -----Original Message-----
>> From: esapi-dev-bounces at lists.owasp.org
>> [mailto:esapi-dev-bounces at lists.owasp.org] On Behalf Of Chris Schmidt
>> Sent: Friday, December 09, 2011 5:24 PM
>> To: ESAPI Devs
>> Subject: [Esapi-dev] Updates from me
>>
>> 2) Project Homepage and Hosting @ SF
>>
>> I have all the pieces in place to start migrating ESAPI projects over to
>> our
>> new home at SourceForge. I have created a new GIT repository to replace
>> our
>> subversion repository. This should allow for simpler branching and the
>> ability for people to fork and do all kinds of interesting stuff with the
>> source. Our existing subversion repository will be retained in a read-only
>> state once we cut over for the individual projects.
>>
>>
>> --
>> Regards,
>> Christian Heinrich
>> http://www.owasp.org/index.php/user:cmlh
>>
>> _______________________________________________
>> Global-projects-committee mailing list
>> Global-projects-committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120105/43afa056/attachment.html>


More information about the OWASP-Leaders mailing list