[Owasp-leaders] [Owasp-board] Public Comment

Bev Corwin bev.corwin at owasp.org
Thu Dec 11 20:27:51 UTC 2014


Hi Simon,

Thank you. Good to know.

I read the sub title, too: Producing Open Source Software - How to Run a
Successful Free Software Project. "Open Source Software" "Free Software
Project".

How does the OWASP Board know that the Project Committee, projects and
initiatives are actually "open" and "free"? Do they audit them?

Best wishes,
Bev


On Thu, Dec 11, 2014 at 1:05 PM, psiinon <psiinon at gmail.com> wrote:

> Josh - good point.
>
> I think there are many ways of running free open source projects, and
> thats one reason why I dont think this is a board matter.
> eg see http://producingoss.com/en/social-infrastructure.html
>
> Bev - why did you think the link was for 'free' and not 'open source'?
> The title is "Producing Open Source Software" ;)
> However I'm not claiming this is any sort of definitive guide, just
> something I've found useful before.
>
> btw all of my assumptions are mine alone - I dont speak for OWASP or
> anyone else on this matter :D
>
> Cheers,
>
> Simon
>
>
> On Thu, Dec 11, 2014 at 5:57 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>
>> It's a good point and I've definitely seen examples in the past of where
>> a project has made significant decisions in a relative bubble before
>> publishing it as an "open" document.  Honestly, I think to some extent that
>> boils down to the project leadership/management and how they choose to run
>> things.  Not that it makes it right or wrong.  I do agree with Simon in
>> that this is not a Board decision though.  If for some reason people felt
>> like project leaders are incapable of doing this, or that rules need to be
>> put in place to enforce it, then that's something I would look to the
>> Project Committee to establish.
>>
>> ~josh
>>
>> On Thu, Dec 11, 2014 at 11:51 AM, Bev Corwin <bev.corwin at owasp.org>
>> wrote:
>>
>>> PS: Your reference was for "free" not "open". Do you have something that
>>> would be a good reference for "open"? How about free and open? Thank you!
>>>
>>> On Thu, Dec 11, 2014 at 12:50 PM, Bev Corwin <bev.corwin at owasp.org>
>>> wrote:
>>>
>>>> Dear Simon,
>>>>
>>>> Thank you. Good info, very much appreciate it. Where are you pulling
>>>> your assumptions from? Is there a definition of "open" somewhere that could
>>>> be referenced? So many organizations claim to be "open", however, very few
>>>> actually "manifest" it well. Would be nice to see some kind of guidelines
>>>> somewhere. That would be a board policy issue to recommend such things,
>>>> wouldn't it?
>>>>
>>>> Best wishes,
>>>> Bev
>>>>
>>>>
>>>> On Thu, Dec 11, 2014 at 12:36 PM, psiinon <psiinon at gmail.com> wrote:
>>>>
>>>>> I'm not sure this is a board matter, although board members should
>>>>> definitely speak up if they disagree :)
>>>>> I think this is more a matter of 'good open source
>>>>> leadership/management' as it applies to all open source projects and not
>>>>> just OWASP ones.
>>>>> But its something we can all learn from each other and so I think this
>>>>> list is a good place to discuss it.
>>>>>
>>>>> Can you explain in a bit more detail which project(s) you are
>>>>> referring to, what stage they are at and what you hope to get out of such
>>>>> consultations?
>>>>> I think the approaches for well established projects are likely to be
>>>>> very different from ones that are just starting out.
>>>>>
>>>>> There are online resources like this which might help you:
>>>>> http://producingoss.com/
>>>>>
>>>>> Any others people can recommend?
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Simon
>>>>>
>>>>> On Thu, Dec 11, 2014 at 5:26 PM, Bev Corwin <bev.corwin at owasp.org>
>>>>> wrote:
>>>>>
>>>>>> Thanks Simon, Yes, that is what I thought as well. Has the board made
>>>>>> official recommendations about these things? Are they documented somewhere?
>>>>>> As a practice, are there any guidelines for how to best do this in the
>>>>>> community? Do we have a mailing list of interested public contributors that
>>>>>> we can submit requests for comments to, etc.? Best wishes, Bev
>>>>>>
>>>>>> On Thu, Dec 11, 2014 at 12:20 PM, psiinon <psiinon at gmail.com> wrote:
>>>>>>
>>>>>>> Hi Bev,
>>>>>>>
>>>>>>> I'm confused :/
>>>>>>> All OWASP projects are open source and should therefore be open for
>>>>>>> public comment at all times.
>>>>>>> All projects must have public lists that are clearly discoverable
>>>>>>> via the project page.
>>>>>>> You can ask for specific feedback from other leaders / your users /
>>>>>>> the general public at specific times as well of course.
>>>>>>>
>>>>>>> Cheers,
>>>>>>>
>>>>>>> Simon
>>>>>>>
>>>>>>> On Thu, Dec 11, 2014 at 5:05 PM, Bev Corwin <bev.corwin at owasp.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Dear OWASP Board and Leaders,
>>>>>>>>
>>>>>>>> Is it possible for OWASP projects and initiatives to open up for
>>>>>>>> public comment at various stages in our projects and initiatives
>>>>>>>> development processes? Do we have any board or leader level
>>>>>>>> recommendations, policies / best practices for this kind of thing?
>>>>>>>>
>>>>>>>> Best wishes,
>>>>>>>> Bev
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> OWASP-Leaders mailing list
>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141211/cafb1e34/attachment.html>


More information about the OWASP-Leaders mailing list