[Owasp-leaders] Proposing new guidelines to start code/tool projects

Jonathan Marcil jonathan.marcil at owasp.org
Fri Aug 22 01:21:58 UTC 2014

I think incubator are compatible with being empty for a certain amount
of time.

After this it should be set to inactive or even deleted (to avoid people
just starting projects to have a wiki entry for life).

I'm running an incubator project that has 0 lines of whatsoever of code
but we are doing meetings to make it progress and try to assemble a team
and see the way we gonna produce our first deliverable.

However I strongly agree that if we didn't make nothing out for one
year, we should be kicked off. We should have a sense of pressure and I
should go see my co-leader next month to say: Hey if we don't push
anything in November (our one year milestone) we are getting kicked of

I think the way you are doing it with Kait (poking project and sees
who's answering) is a good way of really purging the incubator that are
going nowhere and just pollute our project pool.

Last but not least, thank you a lot for your efforts Johanna, you are
keeping the main backbone of OWASP healthy and not anyone has the
courage and toughness to do so.


- Jonathan

On 2014-08-21 17:14, Josh Sokol wrote:
> I like the idea.  One thing to keep in mind though is that this may
> force us to change the definition of an "incubator" project as the
> current definition gives a project leader in this stage one year to
> produce a draft or development release
> (https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects). 
> The problem is that while we say we're going to go back and remove the
> ones who don't accomplish this, I'm not sure if we ever really have done
> that in the past and so they linger on and on...
> ~josh
> On Thu, Aug 21, 2014 at 12:30 PM, johanna curiel curiel
> <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>> wrote:
>     Leaders
>     After reviewing the entire list of code and tool projects , from
>     incubator to labs and flagship I have observed a main issue: Many
>     projects start without a single line of code, a binary or executable
>     version of a program.
>     This really creates an 'empty' list of projects(more than 50
>     projects were empty) that never launched or released a single line
>     of code.
>     At OWASP we don't have an army of volunteers or paid staff to keep
>     up monitoring and maintain this, therefore I'm proposing a new
>     guideline to solve this issue. Anyone who wishes to start a
>     project(tool/code) must have at least:
>     -An open source repository
>     -At least some code written
>     The bar is low to allow development, but I think that any code/tool
>     project must have at least this in order to be consider incubator.
>     Let me know your thoughts and we can add this to the guidelines
>     Regards
>     Johanna
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list