[Owasp-leaders] [Owasp-board] Public Comment

psiinon psiinon at gmail.com
Thu Dec 11 18:05:08 UTC 2014

Josh - good point.

I think there are many ways of running free open source projects, and thats
one reason why I dont think this is a board matter.
eg see http://producingoss.com/en/social-infrastructure.html

Bev - why did you think the link was for 'free' and not 'open source'?
The title is "Producing Open Source Software" ;)
However I'm not claiming this is any sort of definitive guide, just
something I've found useful before.

btw all of my assumptions are mine alone - I dont speak for OWASP or anyone
else on this matter :D



On Thu, Dec 11, 2014 at 5:57 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> It's a good point and I've definitely seen examples in the past of where a
> project has made significant decisions in a relative bubble before
> publishing it as an "open" document.  Honestly, I think to some extent that
> boils down to the project leadership/management and how they choose to run
> things.  Not that it makes it right or wrong.  I do agree with Simon in
> that this is not a Board decision though.  If for some reason people felt
> like project leaders are incapable of doing this, or that rules need to be
> put in place to enforce it, then that's something I would look to the
> Project Committee to establish.
> ~josh
> On Thu, Dec 11, 2014 at 11:51 AM, Bev Corwin <bev.corwin at owasp.org> wrote:
>> PS: Your reference was for "free" not "open". Do you have something that
>> would be a good reference for "open"? How about free and open? Thank you!
>> On Thu, Dec 11, 2014 at 12:50 PM, Bev Corwin <bev.corwin at owasp.org>
>> wrote:
>>> Dear Simon,
>>> Thank you. Good info, very much appreciate it. Where are you pulling
>>> your assumptions from? Is there a definition of "open" somewhere that could
>>> be referenced? So many organizations claim to be "open", however, very few
>>> actually "manifest" it well. Would be nice to see some kind of guidelines
>>> somewhere. That would be a board policy issue to recommend such things,
>>> wouldn't it?
>>> Best wishes,
>>> Bev
>>> On Thu, Dec 11, 2014 at 12:36 PM, psiinon <psiinon at gmail.com> wrote:
>>>> I'm not sure this is a board matter, although board members should
>>>> definitely speak up if they disagree :)
>>>> I think this is more a matter of 'good open source
>>>> leadership/management' as it applies to all open source projects and not
>>>> just OWASP ones.
>>>> But its something we can all learn from each other and so I think this
>>>> list is a good place to discuss it.
>>>> Can you explain in a bit more detail which project(s) you are referring
>>>> to, what stage they are at and what you hope to get out of such
>>>> consultations?
>>>> I think the approaches for well established projects are likely to be
>>>> very different from ones that are just starting out.
>>>> There are online resources like this which might help you:
>>>> http://producingoss.com/
>>>> Any others people can recommend?
>>>> Cheers,
>>>> Simon
>>>> On Thu, Dec 11, 2014 at 5:26 PM, Bev Corwin <bev.corwin at owasp.org>
>>>> wrote:
>>>>> Thanks Simon, Yes, that is what I thought as well. Has the board made
>>>>> official recommendations about these things? Are they documented somewhere?
>>>>> As a practice, are there any guidelines for how to best do this in the
>>>>> community? Do we have a mailing list of interested public contributors that
>>>>> we can submit requests for comments to, etc.? Best wishes, Bev
>>>>> On Thu, Dec 11, 2014 at 12:20 PM, psiinon <psiinon at gmail.com> wrote:
>>>>>> Hi Bev,
>>>>>> I'm confused :/
>>>>>> All OWASP projects are open source and should therefore be open for
>>>>>> public comment at all times.
>>>>>> All projects must have public lists that are clearly discoverable via
>>>>>> the project page.
>>>>>> You can ask for specific feedback from other leaders / your users /
>>>>>> the general public at specific times as well of course.
>>>>>> Cheers,
>>>>>> Simon
>>>>>> On Thu, Dec 11, 2014 at 5:05 PM, Bev Corwin <bev.corwin at owasp.org>
>>>>>> wrote:
>>>>>>> Dear OWASP Board and Leaders,
>>>>>>> Is it possible for OWASP projects and initiatives to open up for
>>>>>>> public comment at various stages in our projects and initiatives
>>>>>>> development processes? Do we have any board or leader level
>>>>>>> recommendations, policies / best practices for this kind of thing?
>>>>>>> Best wishes,
>>>>>>> Bev
>>>>>>> _______________________________________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>> --
>>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>> --
>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board

OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141211/33936682/attachment.html>

More information about the OWASP-Leaders mailing list