[Owasp-leaders] Proposing new guidelines to start code/tool projects

Tobias tobias.gondrom at owasp.org
Sat Aug 23 18:38:59 UTC 2014


Hi Johanna,

thanks. Yes, now am getting it. ;-)
All fine. Excellent.

Cheers, Tobias


On 23/08/14 19:18, johanna curiel curiel wrote:
> Hi Tobias
>
> Thank you for your feedback, and here my clarifications
>
> >- I assume that does not mandate a specific brand of repository. 
> Because I think it is important to allow projects to keep the freedom 
> to choose their repository (at the very least between several ones).
> We can monitor any repository . leaders are free to choose anyone as 
> long as it's open(meaning read/public access)
>
> 2. Question:
> to section 2 "General rules for all projects:"
> 2.1. And as you write in the second line "commit of wiki update", I am 
> not quite sure about what you mean in the first line with a "project 
> update"?  (I thought a "commit or wiki update" would be a project 
> update? *scratch*)
> Yes I mean indeed a commit (repository) or a wiki update (It was a 
> typo ;-P)
>
> 2.2. Why did you use one time 90 days and the other time 80 days? 
> Could we please use the same number of days for both?
> Another typo, I mean 180 days
>
> 2.3. Maybe I am not getting something and Condition 1 and condition 2 
> are intended sequential? (my first read was parallel...)
> Indeed, the first reminder will be send within 90 days if we have seen 
> no activity(wiki or commit) and after 180 days a warning
>
> Hope this has clarified the confusion caused by my typo's :)
>
> regards
>
> Johanna
>
>
> On Sat, Aug 23, 2014 at 1:11 PM, Tobias <tobias.gondrom at owasp.org 
> <mailto:tobias.gondrom at owasp.org>> wrote:
>
>     Johanna,
>
>     overall support this structure.
>
>     With one question and one clarification:
>     1. Clarification:
>     to your point "They need to have a repository even if empty,
>     because this will allow us to automate the monitoring of their
>     progress" - I assume that does not mandate a specific brand of
>     repository. Because I think it is important to allow projects to
>     keep the freedom to choose their repository (at the very least
>     between several ones).
>
>     2. Question:
>     to section 2 "General rules for all projects:"
>     2.1. And as you write in the second line "commit of wiki update",
>     I am not quite sure about what you mean in the first line with a
>     "project update"?  (I thought a "commit or wiki update" would be a
>     project update? *scratch*)
>     2.2. Why did you use one time 90 days and the other time 80 days?
>     Could we please use the same number of days for both?
>     2.3. Maybe I am not getting something and Condition 1 and
>     condition 2 are intended sequential? (my first read was parallel...)
>
>     Best wishes, Tobias
>
>
>
>
>
>     On 23/08/14 17:46, johanna curiel curiel wrote:
>>     Leaders,
>>
>>     After hearing your concerns and some ideas from Kait-Disney and
>>     the project task force members, I'm proposing the following ,
>>     which hopefully will help us reach better guidelines and less
>>     empty projects
>>
>>     We will allow Incubator projects a 1 year deadline BUT with the
>>     following conditions:
>>
>>       * They will need a clear deadline proposal roadmap for the next
>>         90 days
>>       * We will provide an example on the wiki template of what we
>>         expect to see
>>       * We will provide a 'Start up kit' cheat sheet with all the
>>         goodies(how to get money for project, participate in Google
>>         Summer of code program, Winter of Code program, Wiki
>>         template, Project summit presentations,Github repository etc)
>>       * If they do not present a clear roadmap with deadlines, the
>>         project will not be accepted
>>       * They need to have a repository even if empty, because this
>>         will allow us to automate the monitoring of their progress
>>       * The wiki page must be COMPLETE. No empty descriptions or half
>>         info there. This will be not accepted.
>>
>>
>>     We will create a webbot to track all wiki project pages based on
>>     the latest updates and based on that we will create reminders
>>     every 90 days about the activity to ALL project leaders (not just
>>     incubators).
>>
>>     General rules for all projects:
>>
>>       * Project leaders will receive 1 reminder if the project hasn't
>>         been updated at all in 90 days.
>>       * Project leaders will receive 1 warnings  if no commit or wiki
>>         update has been done in 80 days or if they dont feedback with
>>         us about the situation of their project
>>       * The third one will be final and the project will be set in
>>         the inactive list
>>       * Remember you can always revive the project but you will need
>>         a roadmap in order to do this.
>>
>>
>>     regards
>>
>>     Johanna
>>
>>
>>
>>     On Thu, Aug 21, 2014 at 11:09 PM, johanna curiel curiel
>>     <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>> wrote:
>>
>>         Jim and leaders,
>>
>>         The idea of the whiteboard is that no one needs to maintain
>>         this ;-). Is just a whiteboard with idea-projects hanging
>>         there in order for people to join and find contributors to
>>         pull off their project. What I'm trying to do is be realistic
>>         about the maintenance of project inventory and how OWASP
>>         looks to the outsiders. Empty projects looks really bad. Dont
>>         expect potential users to go read your roadmap and comeback
>>         when you say you are ready.
>>
>>         On the other hand, the 90 day issue is, that sometimes an
>>         idea takes time to develop, find contributors and the
>>         opportunity to work on it.Therefore future project leaders
>>         should made use of programs such as Google Summer of Code.
>>         Some of the best ideas I have seen have flourished during
>>         this program. If you want this into production, project
>>         leaders can place their ideas in the Gsoc idea page
>>         (https://www.owasp.org/index.php/GSoC2014_Ideas) jump the
>>         wagon to get students, apply to develop the 'idea'. OWTF,
>>         ZAP, PHPSEC, WEBGOATPHP have made enormous progress during
>>         this program, and when we did the call, only 12 projects
>>         applied!! So where are the active project leaders even when
>>         they had a chance like this to get a student paid for 3
>>         months to work on their projects including 500 dollars for
>>         their project per student ?
>>
>>         >In the past, many project got approved that probably should
>>         not have been, but I'm trying to ensure that fully formed
>>         project ideas are the ones that make it through.
>>         I believe this will definitely help put a minimum entry level.
>>
>>         I  would like to find a middle ground to have a realistic
>>         review process based on our capacity to review projects,allow
>>         ideas to develop but also, have better quality for potential
>>         users of OWASP projects.I repeat , empty project pages might
>>         have been the norm but this really looks bad.
>>
>>         regards
>>
>>         Johanna
>>
>>
>>         On Thu, Aug 21, 2014 at 10:34 PM, johanna curiel curiel
>>         <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>>
>>         wrote:
>>
>>             Hi Kait (Gregory)
>>
>>             I agree with  you on this and I think that the problem
>>             has been this :/ when they submit their project they have
>>             an outline of the project and a roadmap/
>>             /
>>             /
>>             If you take a look of those empty projects , their
>>             outline is way to vague, not even a clear description
>>             of what the project is about is and there is not a clear
>>             plan for the roadmap. So we really need to review
>>             more careful when allowing an incubators begin. Ideally
>>             we should provide a clear example. The 90 days deadline
>>             sounds very good to me.
>>
>>             The idea of a 90 day puts pressure into it. After 90 days
>>             no code, then inactive.
>>
>>             regards
>>
>>             Johanna
>>
>>
>>             On Thu, Aug 21, 2014 at 10:20 PM, Gregory Disney
>>             <gregory.disney at owasp.org
>>             <mailto:gregory.disney at owasp.org>> wrote:
>>
>>                 Repost from Kait, because she keeps getting kicked
>>                 off the leaders list.
>>                 ==========================================================================================
>>                 I brought this up with Johanna earlier today in
>>                 regards to what should be done with new projects.
>>
>>                 It's my opinion that requiring new projects to have
>>                 source code written before they can become a project
>>                 will alienate would be project leaders. For many new
>>                 projects, when they submit their project they have an
>>                 outline of the project and a roadmap. This is
>>                 especially true for documentation projects, which may
>>                 not have a draft yet at the time they apply.
>>
>>                 I propose instead that we continue to approve
>>                 projects that have a flesh out project outline and
>>                 require that they have progress on the project within
>>                 90 days. After 90 days, these new projects should be
>>                 reviewed for progress. This doesn't have to be an
>>                 in-depth review, more of a check in with the project
>>                 leader to see if their repository is posted, if they
>>                 have source code, or a draft in cases of
>>                 documentation projects.
>>                 If after 90 days, there has been no progress on the
>>                 project, those project should be considered inactive.
>>
>>                 By making progress a requirement in the first 90
>>                 days, we can avoid the problem we have now, which is
>>                 that several projects that enjoy active project
>>                 status while having never produced anything for the
>>                 project.
>>
>>                 Please let me know what you think.
>>
>>
>>                 On Thu, Aug 21, 2014 at 7:14 PM, Jonathan Marcil
>>                 <jonathan.marcil at owasp.org
>>                 <mailto:jonathan.marcil at owasp.org>> wrote:
>>
>>                     Oh I see, if you want to add another step in the
>>                     new project adoption
>>                     life cycle.. well go ahead!
>>
>>                     Also, if there's no time limit, you'll kill that
>>                     special motivation of a
>>                     urge to deliver something. For some people it may
>>                     actually help motivate
>>                     them to release. Others will release anyways.
>>                     Pressure can be good. It
>>                     can be another period than one year.. maybe 6
>>                     months I don't know.
>>
>>                     All that said, I hope you don't plan to move
>>                     everything to whiteboard by
>>                     default.. As a project starter, I kind of
>>                     accepted the rule of "one year
>>                     or the project is out of incubator" and would not
>>                     like the rules to
>>                     change in the middle or having to adhere to
>>                     another process I won't need
>>                     in 2 months. Good news about that is that if you
>>                     apply the one year
>>                     timeout of the initial agreement, you'll be free
>>                     of "dead" incubator
>>                     projects within one year anyways.
>>
>>                     Thanks!
>>
>>                     - Jonathan
>>
>>
>>                     On 2014-08-21 21:52, johanna curiel curiel wrote:
>>                     > Jonathan and leaders
>>                     >
>>                     > I would love to allow idea-projects hang for a
>>                     year but what I have seen
>>                     > after reviewing this for almost 2 years, that
>>                     the project leader looses
>>                     > pressure to create something in that period and
>>                     many projects in the end
>>                     > die like this.
>>                     >
>>                     > If we allow idea-projects hang for a year, the
>>                     amount of work becomes
>>                     > quite big with all the projects that must be
>>                     reviewed and managed. This
>>                     > process has failed twice, with the Global
>>                     Committee and the technical
>>                     > advisory board. Setting the bar higher
>>                     challenges project leaders to
>>                     > really work on it and not let it hang for a
>>                     year, in the meanwhile,
>>                     > people (potential users) of your project, visit
>>                     the wiki and get
>>                     > disappointed to see anything on it.
>>                     >
>>                     > The idea of the Whiteboard, can allow future
>>                     project leaders to set this
>>                     > as an idea-project and get contributors, but
>>                     the expectations are
>>                     > different, especially for potential users. They
>>                     know that this is just
>>                     > an idea and the project hasn't developed yet.
>>                     When you are ready to take
>>                     > it to the next step, then it becomes a tangible
>>                     project , and once done
>>                     > that, then the real work begins to keep the
>>                     project alive and kicking,
>>                     > but thats much easier to monitor than
>>                     communicating through email every
>>                     > time to see if the project is alive and in the
>>                     meanwhile the wiki page
>>                     > is outdated and no code has been produced. It
>>                     damages OWASP reputation.
>>                     >
>>                     > We need to develop and design a 'Startup' like
>>                     program where we provide
>>                     > training to potential project leaders how to
>>                     make that idea a
>>                     > prototype.Just like with 'Accelerators' . Since
>>                     we work globally, I
>>                     > think this should be available online (through
>>                     courser for example) and
>>                     > have this programs twice a year for example.
>>                     >
>>                     > regards
>>                     >
>>                     > Johanna
>>                     >
>>                     >
>>                     >
>>                     >
>>                     > On Thu, Aug 21, 2014 at 9:30 PM, Jim Manico
>>                     <jim.manico at owasp.org <mailto:jim.manico at owasp.org>
>>                     > <mailto:jim.manico at owasp.org
>>                     <mailto:jim.manico at owasp.org>>> wrote:
>>                     >
>>                     >     > Last but not least, thank you a lot for
>>                     your efforts Johanna, you are
>>                     >  keeping the main backbone of OWASP healthy and
>>                     not anyone has the
>>                     >  courage and toughness to do so.
>>                     >
>>                     >     +1000
>>                     >
>>                     >     More positive work and progress around
>>                     projects bas been done in the
>>                     >     last few months than several years past. We
>>                     are very lucky to have
>>                     >     your "extreme volunteerism", Johanna.
>>                     >
>>                     >     PS: +1 On the sandbox idea. Perhaps call it
>>                     "the whiteboard" instead
>>                     >     of "sandbox" to denote an "IT centric idea"
>>                     >
>>                     >  Aloha,
>>                     >     --
>>                     >     Jim Manico
>>                     >  @Manicode
>>                     > (808) 652-3805 <tel:%28808%29%20652-3805>
>>                     <tel:%28808%29%20652-3805>
>>                     >
>>                     >     > On Aug 21, 2014, at 8:23 PM, Jonathan Marcil
>>                     >  <jonathan.marcil at owasp.org
>>                     <mailto:jonathan.marcil at owasp.org>
>>                     <mailto:jonathan.marcil at owasp.org
>>                     <mailto:jonathan.marcil at owasp.org>>> wrote:
>>                     >     >
>>                     >     > Last but not least, thank you a lot for
>>                     your efforts Johanna, you are
>>                     >     > keeping the main backbone of OWASP
>>                     healthy and not anyone has the
>>                     >     > courage and toughness to do so.
>>                     >
>>                     >
>>                     _______________________________________________
>>                     OWASP-Leaders mailing list
>>                     OWASP-Leaders at lists.owasp.org
>>                     <mailto:OWASP-Leaders at lists.owasp.org>
>>                     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>>
>>
>>
>>
>>     _______________________________________________
>>     OWASP-Leaders mailing list
>>     OWASP-Leaders at lists.owasp.org  <mailto:OWASP-Leaders at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140823/93d90273/attachment-0001.html>


More information about the OWASP-Leaders mailing list