[Owasp-leaders] Proposing new guidelines to start code/tool projects

Tobias tobias.gondrom at owasp.org
Sat Aug 23 17:11:24 UTC 2014


Johanna,

overall support this structure.

With one question and one clarification:
1. Clarification:
to your point "They need to have a repository even if empty, because 
this will allow us to automate the monitoring of their progress" - I 
assume that does not mandate a specific brand of repository. Because I 
think it is important to allow projects to keep the freedom to choose 
their repository (at the very least between several ones).

2. Question:
to section 2 "General rules for all projects:"
2.1. And as you write in the second line "commit of wiki update", I am 
not quite sure about what you mean in the first line with a "project 
update"?  (I thought a "commit or wiki update" would be a project 
update? *scratch*)
2.2. Why did you use one time 90 days and the other time 80 days? Could 
we please use the same number of days for both?
2.3. Maybe I am not getting something and Condition 1 and condition 2 
are intended sequential? (my first read was parallel...)

Best wishes, Tobias




On 23/08/14 17:46, johanna curiel curiel wrote:
> Leaders,
>
> After hearing your concerns and some ideas from Kait-Disney and the 
> project task force members, I'm proposing the following , which 
> hopefully will help us reach better guidelines and less empty projects
>
> We will allow Incubator projects a 1 year deadline BUT with the 
> following conditions:
>
>   * They will need a clear deadline proposal roadmap for the next 90 days
>   * We will provide an example on the wiki template of what we expect
>     to see
>   * We will provide a 'Start up kit' cheat sheet with all the
>     goodies(how to get money for project, participate in Google Summer
>     of code program, Winter of Code program, Wiki template, Project
>     summit presentations,Github repository etc)
>   * If they do not present a clear roadmap with deadlines, the project
>     will not be accepted
>   * They need to have a repository even if empty, because this will
>     allow us to automate the monitoring of their progress
>   * The wiki page must be COMPLETE. No empty descriptions or half info
>     there. This will be not accepted.
>
>
> We will create a webbot to track all wiki project pages based on the 
> latest updates and based on that we will create reminders every 90 
> days about the activity to ALL project leaders (not just incubators).
>
> General rules for all projects:
>
>   * Project leaders will receive 1 reminder if the project hasn't been
>     updated at all in 90 days.
>   * Project leaders will receive 1 warnings  if no commit or wiki
>     update has been done in 80 days or if they dont feedback with us
>     about the situation of their project
>   * The third one will be final and the project will be set in the
>     inactive list
>   * Remember you can always revive the project but you will need a
>     roadmap in order to do this.
>
>
> regards
>
> Johanna
>
>
>
> On Thu, Aug 21, 2014 at 11:09 PM, johanna curiel curiel 
> <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>> wrote:
>
>     Jim and leaders,
>
>     The idea of the whiteboard is that no one needs to maintain this
>     ;-). Is just a whiteboard with idea-projects hanging there in
>     order for people to join and find contributors to pull off their
>     project. What I'm trying to do is be realistic about the
>     maintenance of project inventory and how OWASP looks to the
>     outsiders. Empty projects looks really bad. Dont expect potential
>     users to go read your roadmap and comeback when you say you are ready.
>
>     On the other hand, the 90 day issue is, that sometimes an idea
>     takes time to develop, find contributors and the opportunity to
>     work on it.Therefore future project leaders should made use of
>     programs such as Google Summer of Code. Some of the best ideas I
>     have seen have flourished during this program. If you want this
>     into production, project leaders can place their ideas in the Gsoc
>     idea page (https://www.owasp.org/index.php/GSoC2014_Ideas) jump
>     the wagon to get students, apply to develop the 'idea'. OWTF, ZAP,
>     PHPSEC, WEBGOATPHP have made enormous progress during this
>     program, and when we did the call, only 12 projects applied!! So
>     where are the active project leaders even when they had a chance
>     like this to get a student paid for 3 months to work on their
>     projects including 500 dollars for their project per student ?
>
>     >In the past, many project got approved that probably should not
>     have been, but I'm trying to ensure that fully formed project
>     ideas are the ones that make it through.
>     I believe this will definitely help put a minimum entry level.
>
>     I  would like to find a middle ground to have a realistic review
>     process based on our capacity to review projects,allow ideas to
>     develop but also, have better quality for potential users of OWASP
>     projects.I repeat , empty project pages might have been the norm
>     but this really looks bad.
>
>     regards
>
>     Johanna
>
>
>     On Thu, Aug 21, 2014 at 10:34 PM, johanna curiel curiel
>     <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>> wrote:
>
>         Hi Kait (Gregory)
>
>         I agree with  you on this and I think that the problem has
>         been this :/ when they submit their project they have an
>         outline of the project and a roadmap/
>         /
>         /
>         If you take a look of those empty projects , their outline is
>         way to vague, not even a clear description of what the project
>         is about is and there is not a clear plan for the roadmap. So
>         we really need to review more careful when allowing an
>         incubators begin. Ideally we should provide a clear example.
>         The 90 days deadline sounds very good to me.
>
>         The idea of a 90 day puts pressure into it. After 90 days no
>         code, then inactive.
>
>         regards
>
>         Johanna
>
>
>         On Thu, Aug 21, 2014 at 10:20 PM, Gregory Disney
>         <gregory.disney at owasp.org <mailto:gregory.disney at owasp.org>>
>         wrote:
>
>             Repost from Kait, because she keeps getting kicked off the
>             leaders list.
>             ==========================================================================================
>             I brought this up with Johanna earlier today in regards to
>             what should be done with new projects.
>
>             It's my opinion that requiring new projects to have source
>             code written before they can become a project will
>             alienate would be project leaders. For many new projects,
>             when they submit their project they have an outline of the
>             project and a roadmap. This is especially true for
>             documentation projects, which may not have a draft yet at
>             the time they apply.
>
>             I propose instead that we continue to approve projects
>             that have a flesh out project outline and require that
>             they have progress on the project within 90 days. After 90
>             days, these new projects should be reviewed for progress.
>             This doesn't have to be an in-depth review, more of a
>             check in with the project leader to see if their
>             repository is posted, if they have source code, or a draft
>             in cases of documentation projects.
>             If after 90 days, there has been no progress on the
>             project, those project should be considered inactive.
>
>             By making progress a requirement in the first 90 days, we
>             can avoid the problem we have now, which is that several
>             projects that enjoy active project status while having
>             never produced anything for the project.
>
>             Please let me know what you think.
>
>
>             On Thu, Aug 21, 2014 at 7:14 PM, Jonathan Marcil
>             <jonathan.marcil at owasp.org
>             <mailto:jonathan.marcil at owasp.org>> wrote:
>
>                 Oh I see, if you want to add another step in the new
>                 project adoption
>                 life cycle.. well go ahead!
>
>                 Also, if there's no time limit, you'll kill that
>                 special motivation of a
>                 urge to deliver something. For some people it may
>                 actually help motivate
>                 them to release. Others will release anyways. Pressure
>                 can be good. It
>                 can be another period than one year.. maybe 6 months I
>                 don't know.
>
>                 All that said, I hope you don't plan to move
>                 everything to whiteboard by
>                 default.. As a project starter, I kind of accepted the
>                 rule of "one year
>                 or the project is out of incubator" and would not like
>                 the rules to
>                 change in the middle or having to adhere to another
>                 process I won't need
>                 in 2 months. Good news about that is that if you apply
>                 the one year
>                 timeout of the initial agreement, you'll be free of
>                 "dead" incubator
>                 projects within one year anyways.
>
>                 Thanks!
>
>                 - Jonathan
>
>
>                 On 2014-08-21 21:52, johanna curiel curiel wrote:
>                 > Jonathan and leaders
>                 >
>                 > I would love to allow idea-projects hang for a year
>                 but what I have seen
>                 > after reviewing this for almost 2 years, that the
>                 project leader looses
>                 > pressure to create something in that period and many
>                 projects in the end
>                 > die like this.
>                 >
>                 > If we allow idea-projects hang for a year, the
>                 amount of work becomes
>                 > quite big with all the projects that must be
>                 reviewed and managed. This
>                 > process has failed twice, with the Global Committee
>                 and the technical
>                 > advisory board. Setting the bar higher challenges
>                 project leaders to
>                 > really work on it and not let it hang for a year, in
>                 the meanwhile,
>                 > people (potential users) of your project, visit the
>                 wiki and  get
>                 > disappointed to see anything on it.
>                 >
>                 > The idea of the Whiteboard, can allow future project
>                 leaders to set this
>                 > as an idea-project and get contributors, but the
>                 expectations are
>                 > different, especially for potential users. They know
>                 that this is just
>                 > an idea and the project hasn't developed yet. When
>                 you are ready to take
>                 > it to the next step, then it becomes a tangible
>                 project , and once done
>                 > that, then the real work begins to keep the project
>                 alive and kicking,
>                 > but thats much easier to monitor than communicating
>                 through email every
>                 > time to see if the project is alive and in the
>                 meanwhile the wiki page
>                 > is outdated and no code has been produced. It
>                 damages OWASP reputation.
>                 >
>                 > We need to develop and design a 'Startup' like
>                 program where we provide
>                 > training to potential project leaders how to make
>                 that idea a
>                 > prototype.Just like with 'Accelerators' . Since we
>                 work globally, I
>                 > think this should be available online (through
>                 courser for example) and
>                 > have this programs twice a year for example.
>                 >
>                 > regards
>                 >
>                 > Johanna
>                 >
>                 >
>                 >
>                 >
>                 > On Thu, Aug 21, 2014 at 9:30 PM, Jim Manico
>                 <jim.manico at owasp.org <mailto:jim.manico at owasp.org>
>                 > <mailto:jim.manico at owasp.org
>                 <mailto:jim.manico at owasp.org>>> wrote:
>                 >
>                 >     > Last but not least, thank you a lot for your
>                 efforts Johanna, you are
>                 >     keeping the main backbone of OWASP healthy and
>                 not anyone has the
>                 >     courage and toughness to do so.
>                 >
>                 >     +1000
>                 >
>                 >     More positive work and progress around projects
>                 bas been done in the
>                 >     last few months than several years past. We are
>                 very lucky to have
>                 >     your "extreme volunteerism", Johanna.
>                 >
>                 >     PS: +1 On the sandbox idea. Perhaps call it "the
>                 whiteboard" instead
>                 >     of "sandbox" to denote an "IT centric idea"
>                 >
>                 >     Aloha,
>                 >     --
>                 >     Jim Manico
>                 >     @Manicode
>                 > (808) 652-3805 <tel:%28808%29%20652-3805>
>                 <tel:%28808%29%20652-3805>
>                 >
>                 >     > On Aug 21, 2014, at 8:23 PM, Jonathan Marcil
>                 >     <jonathan.marcil at owasp.org
>                 <mailto:jonathan.marcil at owasp.org>
>                 <mailto:jonathan.marcil at owasp.org
>                 <mailto:jonathan.marcil at owasp.org>>> wrote:
>                 >     >
>                 >     > Last but not least, thank you a lot for your
>                 efforts Johanna, you are
>                 >     > keeping the main backbone of OWASP healthy and
>                 not anyone has the
>                 >     > courage and toughness to do so.
>                 >
>                 >
>                 _______________________________________________
>                 OWASP-Leaders mailing list
>                 OWASP-Leaders at lists.owasp.org
>                 <mailto:OWASP-Leaders at lists.owasp.org>
>                 https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140823/4d39d237/attachment-0001.html>


More information about the OWASP-Leaders mailing list