[Owasp-leaders] Owasp at GitHub.com

Matt Tesauro mtesauro at gmail.com
Mon Jan 23 15:52:02 UTC 2012


You raise a point the board is aware of - the tricky thing is finding the
balance between open and easy experimentation and sustainable systems.

For what I'd call our "core" services (e.g. Quickbook, our payroll service,
etc) we've started collecting them and escrowing admin passwords and/or
creating multiple admins.  We're trying to avoid any "hit by a bus"
problems - that is any key person could be unavailable suddenly and
operations would be able to continue.  Next are things like the social
sites (Twitter, Linked In, ...)

However, one of the cool things about OWASP is the freedom to experiment.
 From my recollection, the GitHub account was setup to check out how it
works and possibly start a OWASP repo there.  It was never an "official" or
mandatory thing and from what I recall, it wasn't even an Global Project
Committee initiative.  All of which is just fine.  The trick comes when the
community wants to embrace an experiment and move it from something the
community is checking out to a "real" OWASP thing.

I know the GPC has done lots of work on the process of transitioning a
project from an experimental status to a more production ready status.
 Perhaps we need to look at that process as a skeleton for external
services migrating from an experiment to more permanent.

Unfortunately, in finding the right gap between too much and too little
process, things will fall through the cracks.  This appears to be one of

Dinis:  I'd suggest you reach out to GitHub directly and see what they can
do.  If having a current board member helps convince them you're legit, let
me know and I'll gladly make the request on your behalf.


-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://AppSecLive.org - Community and Download site

On Sun, Jan 22, 2012 at 10:20 AM, Rex Booth <rex.booth at owasp.org> wrote:

> Perhaps we need a policy that all admin accounts for such services
> (twitter, LinkedIn, etc) are maintained by Kate and team.
> On Jan 22, 2012, at 10:00 AM, Matt Tesauro <matt.tesauro at owasp.org> wrote:
> As I recall, Yiannis set that up.
> -- Matt's phone
> On Jan 22, 2012 7:27 AM, "dinis cruz" <dinis.cruz at owasp.org> wrote:
>> Hey, who manages the Owasp account at GitHub?
>> Can you add my DinisCruz account to it? I want to help out.
>> Thx
>> Dinis Cruz
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120123/6cbec6ec/attachment.html>

More information about the OWASP-Leaders mailing list