[Owasp-leaders] Remote Repositories on SourceForge

Dennis Groves dennis.groves at owasp.org
Fri Jan 6 03:49:44 UTC 2012

To whom it may concern,

I don't believe we can make progress by starting over every time we discover new information that may have led to a possibly different decision and direction; I feel a direction was chosen by thoughtful, intelligent, caring people who were volenteering their time, and who made an honest effort to contribute to the advancement of OWASP.

Job well done, period!


Dennis Groves (http://about.me/dennis.groves), MSc
dennis.groves at gmail.com (mailto:dennis.groves at gmail.com)

On Thursday, 5 January 2012 at 23:54, Christian Heinrich wrote:

> Dennis,
> I believe that OWASP Project Leaders are being mislead considering the
> metadata can be generated for "free" using http://www.ohloh.net/tools
> and http://www.ohloh.net/api/getting_started who support multiple
> popular open source repositories.
> I would like to draw your attention to the following quote that Jason
> Li made within
> https://lists.owasp.org/pipermail/global-projects-committee/2010-July/001369.html:
> "My point was merely that any project for which we don't have the
> source always has the danger of dying with the actions of the project
> leader. By having an official repository for OWASP projects, we can
> ensure that the source is always accessible for anyone and everyone in
> OWASP and elsewhere to use, contribute and reference regardless of the
> state of the project or its leader."
> So while the GPC state that the above isn't their agenda now (as it
> was in the past) then there is no guarantee that it won't be a
> requirement in the future.
> The GPC could have resolved their issue by selecting GitHub, which was
> not a candidate approached in their closed uncompetitive tender and
> also offers free Organizational Accounts for Open Source Projects, and
> then issuing pull requests on the respective SVN or GIT OWASP Project
> repositories.
> I believe that there is significant concern as to how the closed
> uncompetitive tender was executed and the candidates that were
> directly approached without any regard to the greater open source
> community and I am recommending that the OWASP Board proceed with a
> formal inquiry?
> On Thu, Jan 5, 2012 at 11:23 PM, Dennis Groves <dennis.groves at owasp.org (mailto:dennis.groves at owasp.org)> wrote:
> > > On Thursday, 5 January 2012 at 08:22, psiinon wrote:
> > > > previously I got the impression that all of the OWASP projects would be required to migrate to SourceForge, which I think would have been a problem for some projects.
> > >  
> > >  
> > >  
> > >  
> > > I have the same impression, which I think this is a very daft idea, its like requiring people to use a dead horse in whatever they do!?!
> > >  
> > > This is a great way to loose people, projects and years of momentum (I have personally met several projects OWASP has lost because of this). If people are willing to contribute - OWASP needs to get out of the way and let them contribute! OWASP should be greasing the wheels, not putting the breaks on!
> > >  
> > > Further, all the 'cool kids' use github and the like these days - In fact, even the *bitter old men* like myself use git these days… ;-)
> > >  
> > > OWASP really needs to undo this damage, personally, I advise people to do whatever they are comfortable with - just as long as the contribute and grow OWASP. We need to foster and encourage adoption not put up barriers.
> --  
> Regards,
> Christian Heinrich
> http://www.owasp.org/index.php/user:cmlh

More information about the OWASP-Leaders mailing list