[Owasp-leaders] Proposing new guidelines to start code/tool projects

Gregory Disney gregory.disney at owasp.org
Fri Aug 22 02:59:14 UTC 2014

Repost for Kait.
I've been cracking down on new project submissions since I've taken them
over. If a project comes through and doesn't have a clear project
description, deliverables and a roadmap, I won't approve the project.

So rather than just letting any project through, I try to ensure the
project leader has a solid idea and direction before setting up the
project. If those projects don't meet the criteria, I reach out to the
project leader to provide more information. This has helped weed out the
projects that would fall into the create and forget category, because more
often than not, the project leader never responds and I reject the project.

In the past, many project got approved that probably should not have been,
but I'm trying to ensure that fully formed project ideas are the ones that
make it through.

On Thu, Aug 21, 2014 at 7:34 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Hi Kait (Gregory)
> I agree with  you on this and I think that the problem has been this : * when
> they submit their project they have an outline of the project and a roadmap*
> If you take a look of those empty projects , their outline is way to
> vague, not even a clear description of what the project is about is and
> there is not a clear plan for the roadmap. So we really need to review
> more careful when allowing an incubators begin. Ideally we should provide a
> clear example. The 90 days deadline sounds very good to me.
> The idea of a 90 day puts pressure into it. After 90 days no code, then
> inactive.
> regards
> Johanna
> On Thu, Aug 21, 2014 at 10:20 PM, Gregory Disney <gregory.disney at owasp.org
> > wrote:
>> Repost from Kait, because she keeps getting kicked off the leaders list.
>> ==========================================================================================
>> I brought this up with Johanna earlier today in regards to what should be
>> done with new projects.
>> It's my opinion that requiring new projects to have source code written
>> before they can become a project will alienate would be project leaders.
>> For many new projects, when they submit their project they have an outline
>> of the project and a roadmap. This is especially true for documentation
>> projects, which may not have a draft yet at the time they apply.
>> I propose instead that we continue to approve projects that have a flesh
>> out project outline and require that they have progress on the project
>> within 90 days. After 90 days, these new projects should be reviewed for
>> progress. This doesn't have to be an in-depth review, more of a check in
>> with the project leader to see if their repository is posted, if they have
>> source code, or a draft in cases of documentation projects.
>> If after 90 days, there has been no progress on the project, those
>> project should be considered inactive.
>> By making progress a requirement in the first 90 days, we can avoid the
>> problem we have now, which is that several projects that enjoy active
>> project status while having never produced anything for the project.
>> Please let me know what you think.
>> On Thu, Aug 21, 2014 at 7:14 PM, Jonathan Marcil <
>> jonathan.marcil at owasp.org> wrote:
>>> Oh I see, if you want to add another step in the new project adoption
>>> life cycle.. well go ahead!
>>> Also, if there's no time limit, you'll kill that special motivation of a
>>> urge to deliver something. For some people it may actually help motivate
>>> them to release. Others will release anyways. Pressure can be good. It
>>> can be another period than one year.. maybe 6 months I don't know.
>>> All that said, I hope you don't plan to move everything to whiteboard by
>>> default.. As a project starter, I kind of accepted the rule of "one year
>>> or the project is out of incubator" and would not like the rules to
>>> change in the middle or having to adhere to another process I won't need
>>> in 2 months. Good news about that is that if you apply the one year
>>> timeout of the initial agreement, you'll be free of "dead" incubator
>>> projects within one year anyways.
>>> Thanks!
>>> - Jonathan
>>> On 2014-08-21 21:52, johanna curiel curiel wrote:
>>> > Jonathan and leaders
>>> >
>>> > I would love to allow idea-projects hang for a year but what I have
>>> seen
>>> > after reviewing this for almost 2 years, that the project leader looses
>>> > pressure to create something in that period and many projects in the
>>> end
>>> > die like this.
>>> >
>>> > If we allow idea-projects hang for a year, the amount of work becomes
>>> > quite big with all the projects that must be reviewed and managed. This
>>> > process has failed twice, with the Global Committee and the technical
>>> > advisory board. Setting the bar higher challenges project leaders to
>>> > really work on it and not let it hang for a year, in the meanwhile,
>>> > people (potential users) of your project, visit the wiki and  get
>>> > disappointed to see anything on it.
>>> >
>>> > The idea of the Whiteboard, can allow future project leaders to set
>>> this
>>> > as an idea-project and get contributors, but the expectations are
>>> > different, especially for potential users. They know that this is just
>>> > an idea and the project hasn't developed yet. When you are ready to
>>> take
>>> > it to the next step, then it becomes a tangible project , and once done
>>> > that, then the real work begins to keep the project alive and kicking,
>>> > but thats much easier to monitor than communicating through email every
>>> > time to see if the project is alive and in the meanwhile the wiki page
>>> > is outdated and no code has been produced. It damages OWASP reputation.
>>> >
>>> > We need to develop and design a 'Startup' like program where we provide
>>> > training to potential project leaders how to make that idea a
>>> > prototype.Just like with 'Accelerators' . Since we work globally, I
>>> > think this should be available online (through courser for example) and
>>> > have this programs twice a year for example.
>>> >
>>> > regards
>>> >
>>> > Johanna
>>> >
>>> >
>>> >
>>> >
>>> > On Thu, Aug 21, 2014 at 9:30 PM, Jim Manico <jim.manico at owasp.org
>>> > <mailto:jim.manico at owasp.org>> wrote:
>>> >
>>> >     > Last but not least, thank you a lot for your efforts Johanna,
>>> you are
>>> >     keeping the main backbone of OWASP healthy and not anyone has the
>>> >     courage and toughness to do so.
>>> >
>>> >     +1000
>>> >
>>> >     More positive work and progress around projects bas been done in
>>> the
>>> >     last few months than several years past. We are very lucky to have
>>> >     your "extreme volunteerism", Johanna.
>>> >
>>> >     PS: +1 On the sandbox idea. Perhaps call it "the whiteboard"
>>> instead
>>> >     of "sandbox" to denote an "IT centric idea"
>>> >
>>> >     Aloha,
>>> >     --
>>> >     Jim Manico
>>> >     @Manicode
>>> >     (808) 652-3805 <tel:%28808%29%20652-3805>
>>> >
>>> >     > On Aug 21, 2014, at 8:23 PM, Jonathan Marcil
>>> >     <jonathan.marcil at owasp.org <mailto:jonathan.marcil at owasp.org>>
>>> wrote:
>>> >     >
>>> >     > Last but not least, thank you a lot for your efforts Johanna,
>>> you are
>>> >     > keeping the main backbone of OWASP healthy and not anyone has the
>>> >     > courage and toughness to do so.
>>> >
>>> >
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140821/3473eac3/attachment.html>

More information about the OWASP-Leaders mailing list