[Owasp-leaders] Proposing new guidelines to start code/tool projects
Tobias
tobias.gondrom at owasp.org
Sat Aug 23 18:38:59 UTC 2014
Hi Johanna,
thanks. Yes, now am getting it. ;-)
All fine. Excellent.
Cheers, Tobias
On 23/08/14 19:18, johanna curiel curiel wrote:
> Hi Tobias
>
> Thank you for your feedback, and here my clarifications
>
> >- I assume that does not mandate a specific brand of repository.
> Because I think it is important to allow projects to keep the freedom
> to choose their repository (at the very least between several ones).
> We can monitor any repository . leaders are free to choose anyone as
> long as it's open(meaning read/public access)
>
> 2. Question:
> to section 2 "General rules for all projects:"
> 2.1. And as you write in the second line "commit of wiki update", I am
> not quite sure about what you mean in the first line with a "project
> update"? (I thought a "commit or wiki update" would be a project
> update? *scratch*)
> Yes I mean indeed a commit (repository) or a wiki update (It was a
> typo ;-P)
>
> 2.2. Why did you use one time 90 days and the other time 80 days?
> Could we please use the same number of days for both?
> Another typo, I mean 180 days
>
> 2.3. Maybe I am not getting something and Condition 1 and condition 2
> are intended sequential? (my first read was parallel...)
> Indeed, the first reminder will be send within 90 days if we have seen
> no activity(wiki or commit) and after 180 days a warning
>
> Hope this has clarified the confusion caused by my typo's :)
>
> regards
>
> Johanna
>
>
> On Sat, Aug 23, 2014 at 1:11 PM, Tobias <tobias.gondrom at owasp.org
> <mailto:tobias.gondrom at owasp.org>> wrote:
>
> Johanna,
>
> overall support this structure.
>
> With one question and one clarification:
> 1. Clarification:
> to your point "They need to have a repository even if empty,
> because this will allow us to automate the monitoring of their
> progress" - I assume that does not mandate a specific brand of
> repository. Because I think it is important to allow projects to
> keep the freedom to choose their repository (at the very least
> between several ones).
>
> 2. Question:
> to section 2 "General rules for all projects:"
> 2.1. And as you write in the second line "commit of wiki update",
> I am not quite sure about what you mean in the first line with a
> "project update"? (I thought a "commit or wiki update" would be a
> project update? *scratch*)
> 2.2. Why did you use one time 90 days and the other time 80 days?
> Could we please use the same number of days for both?
> 2.3. Maybe I am not getting something and Condition 1 and
> condition 2 are intended sequential? (my first read was parallel...)
>
> Best wishes, Tobias
>
>
>
>
>
> On 23/08/14 17:46, johanna curiel curiel wrote:
>> Leaders,
>>
>> After hearing your concerns and some ideas from Kait-Disney and
>> the project task force members, I'm proposing the following ,
>> which hopefully will help us reach better guidelines and less
>> empty projects
>>
>> We will allow Incubator projects a 1 year deadline BUT with the
>> following conditions:
>>
>> * They will need a clear deadline proposal roadmap for the next
>> 90 days
>> * We will provide an example on the wiki template of what we
>> expect to see
>> * We will provide a 'Start up kit' cheat sheet with all the
>> goodies(how to get money for project, participate in Google
>> Summer of code program, Winter of Code program, Wiki
>> template, Project summit presentations,Github repository etc)
>> * If they do not present a clear roadmap with deadlines, the
>> project will not be accepted
>> * They need to have a repository even if empty, because this
>> will allow us to automate the monitoring of their progress
>> * The wiki page must be COMPLETE. No empty descriptions or half
>> info there. This will be not accepted.
>>
>>
>> We will create a webbot to track all wiki project pages based on
>> the latest updates and based on that we will create reminders
>> every 90 days about the activity to ALL project leaders (not just
>> incubators).
>>
>> General rules for all projects:
>>
>> * Project leaders will receive 1 reminder if the project hasn't
>> been updated at all in 90 days.
>> * Project leaders will receive 1 warnings if no commit or wiki
>> update has been done in 80 days or if they dont feedback with
>> us about the situation of their project
>> * The third one will be final and the project will be set in
>> the inactive list
>> * Remember you can always revive the project but you will need
>> a roadmap in order to do this.
>>
>>
>> regards
>>
>> Johanna
>>
>>
>>
>> On Thu, Aug 21, 2014 at 11:09 PM, johanna curiel curiel
>> <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>> wrote:
>>
>> Jim and leaders,
>>
>> The idea of the whiteboard is that no one needs to maintain
>> this ;-). Is just a whiteboard with idea-projects hanging
>> there in order for people to join and find contributors to
>> pull off their project. What I'm trying to do is be realistic
>> about the maintenance of project inventory and how OWASP
>> looks to the outsiders. Empty projects looks really bad. Dont
>> expect potential users to go read your roadmap and comeback
>> when you say you are ready.
>>
>> On the other hand, the 90 day issue is, that sometimes an
>> idea takes time to develop, find contributors and the
>> opportunity to work on it.Therefore future project leaders
>> should made use of programs such as Google Summer of Code.
>> Some of the best ideas I have seen have flourished during
>> this program. If you want this into production, project
>> leaders can place their ideas in the Gsoc idea page
>> (https://www.owasp.org/index.php/GSoC2014_Ideas) jump the
>> wagon to get students, apply to develop the 'idea'. OWTF,
>> ZAP, PHPSEC, WEBGOATPHP have made enormous progress during
>> this program, and when we did the call, only 12 projects
>> applied!! So where are the active project leaders even when
>> they had a chance like this to get a student paid for 3
>> months to work on their projects including 500 dollars for
>> their project per student ?
>>
>> >In the past, many project got approved that probably should
>> not have been, but I'm trying to ensure that fully formed
>> project ideas are the ones that make it through.
>> I believe this will definitely help put a minimum entry level.
>>
>> I would like to find a middle ground to have a realistic
>> review process based on our capacity to review projects,allow
>> ideas to develop but also, have better quality for potential
>> users of OWASP projects.I repeat , empty project pages might
>> have been the norm but this really looks bad.
>>
>> regards
>>
>> Johanna
>>
>>
>> On Thu, Aug 21, 2014 at 10:34 PM, johanna curiel curiel
>> <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>>
>> wrote:
>>
>> Hi Kait (Gregory)
>>
>> I agree with you on this and I think that the problem
>> has been this :/ when they submit their project they have
>> an outline of the project and a roadmap/
>> /
>> /
>> If you take a look of those empty projects , their
>> outline is way to vague, not even a clear description
>> of what the project is about is and there is not a clear
>> plan for the roadmap. So we really need to review
>> more careful when allowing an incubators begin. Ideally
>> we should provide a clear example. The 90 days deadline
>> sounds very good to me.
>>
>> The idea of a 90 day puts pressure into it. After 90 days
>> no code, then inactive.
>>
>> regards
>>
>> Johanna
>>
>>
>> On Thu, Aug 21, 2014 at 10:20 PM, Gregory Disney
>> <gregory.disney at owasp.org
>> <mailto:gregory.disney at owasp.org>> wrote:
>>
>> Repost from Kait, because she keeps getting kicked
>> off the leaders list.
>> ==========================================================================================
>> I brought this up with Johanna earlier today in
>> regards to what should be done with new projects.
>>
>> It's my opinion that requiring new projects to have
>> source code written before they can become a project
>> will alienate would be project leaders. For many new
>> projects, when they submit their project they have an
>> outline of the project and a roadmap. This is
>> especially true for documentation projects, which may
>> not have a draft yet at the time they apply.
>>
>> I propose instead that we continue to approve
>> projects that have a flesh out project outline and
>> require that they have progress on the project within
>> 90 days. After 90 days, these new projects should be
>> reviewed for progress. This doesn't have to be an
>> in-depth review, more of a check in with the project
>> leader to see if their repository is posted, if they
>> have source code, or a draft in cases of
>> documentation projects.
>> If after 90 days, there has been no progress on the
>> project, those project should be considered inactive.
>>
>> By making progress a requirement in the first 90
>> days, we can avoid the problem we have now, which is
>> that several projects that enjoy active project
>> status while having never produced anything for the
>> project.
>>
>> Please let me know what you think.
>>
>>
>> On Thu, Aug 21, 2014 at 7:14 PM, Jonathan Marcil
>> <jonathan.marcil at owasp.org
>> <mailto:jonathan.marcil at owasp.org>> wrote:
>>
>> Oh I see, if you want to add another step in the
>> new project adoption
>> life cycle.. well go ahead!
>>
>> Also, if there's no time limit, you'll kill that
>> special motivation of a
>> urge to deliver something. For some people it may
>> actually help motivate
>> them to release. Others will release anyways.
>> Pressure can be good. It
>> can be another period than one year.. maybe 6
>> months I don't know.
>>
>> All that said, I hope you don't plan to move
>> everything to whiteboard by
>> default.. As a project starter, I kind of
>> accepted the rule of "one year
>> or the project is out of incubator" and would not
>> like the rules to
>> change in the middle or having to adhere to
>> another process I won't need
>> in 2 months. Good news about that is that if you
>> apply the one year
>> timeout of the initial agreement, you'll be free
>> of "dead" incubator
>> projects within one year anyways.
>>
>> Thanks!
>>
>> - Jonathan
>>
>>
>> On 2014-08-21 21:52, johanna curiel curiel wrote:
>> > Jonathan and leaders
>> >
>> > I would love to allow idea-projects hang for a
>> year but what I have seen
>> > after reviewing this for almost 2 years, that
>> the project leader looses
>> > pressure to create something in that period and
>> many projects in the end
>> > die like this.
>> >
>> > If we allow idea-projects hang for a year, the
>> amount of work becomes
>> > quite big with all the projects that must be
>> reviewed and managed. This
>> > process has failed twice, with the Global
>> Committee and the technical
>> > advisory board. Setting the bar higher
>> challenges project leaders to
>> > really work on it and not let it hang for a
>> year, in the meanwhile,
>> > people (potential users) of your project, visit
>> the wiki and get
>> > disappointed to see anything on it.
>> >
>> > The idea of the Whiteboard, can allow future
>> project leaders to set this
>> > as an idea-project and get contributors, but
>> the expectations are
>> > different, especially for potential users. They
>> know that this is just
>> > an idea and the project hasn't developed yet.
>> When you are ready to take
>> > it to the next step, then it becomes a tangible
>> project , and once done
>> > that, then the real work begins to keep the
>> project alive and kicking,
>> > but thats much easier to monitor than
>> communicating through email every
>> > time to see if the project is alive and in the
>> meanwhile the wiki page
>> > is outdated and no code has been produced. It
>> damages OWASP reputation.
>> >
>> > We need to develop and design a 'Startup' like
>> program where we provide
>> > training to potential project leaders how to
>> make that idea a
>> > prototype.Just like with 'Accelerators' . Since
>> we work globally, I
>> > think this should be available online (through
>> courser for example) and
>> > have this programs twice a year for example.
>> >
>> > regards
>> >
>> > Johanna
>> >
>> >
>> >
>> >
>> > On Thu, Aug 21, 2014 at 9:30 PM, Jim Manico
>> <jim.manico at owasp.org <mailto:jim.manico at owasp.org>
>> > <mailto:jim.manico at owasp.org
>> <mailto:jim.manico at owasp.org>>> wrote:
>> >
>> > > Last but not least, thank you a lot for
>> your efforts Johanna, you are
>> > keeping the main backbone of OWASP healthy and
>> not anyone has the
>> > courage and toughness to do so.
>> >
>> > +1000
>> >
>> > More positive work and progress around
>> projects bas been done in the
>> > last few months than several years past. We
>> are very lucky to have
>> > your "extreme volunteerism", Johanna.
>> >
>> > PS: +1 On the sandbox idea. Perhaps call it
>> "the whiteboard" instead
>> > of "sandbox" to denote an "IT centric idea"
>> >
>> > Aloha,
>> > --
>> > Jim Manico
>> > @Manicode
>> > (808) 652-3805 <tel:%28808%29%20652-3805>
>> <tel:%28808%29%20652-3805>
>> >
>> > > On Aug 21, 2014, at 8:23 PM, Jonathan Marcil
>> > <jonathan.marcil at owasp.org
>> <mailto:jonathan.marcil at owasp.org>
>> <mailto:jonathan.marcil at owasp.org
>> <mailto:jonathan.marcil at owasp.org>>> wrote:
>> > >
>> > > Last but not least, thank you a lot for
>> your efforts Johanna, you are
>> > > keeping the main backbone of OWASP
>> healthy and not anyone has the
>> > > courage and toughness to do so.
>> >
>> >
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> <mailto:OWASP-Leaders at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140823/93d90273/attachment-0001.html>
More information about the OWASP-Leaders
mailing list