[Owasp-leaders] Regular OWASP polls

Dinis Cruz dinis.cruz at owasp.org
Wed Jan 8 15:29:17 UTC 2014


Voters should stand by their vote, and if they can be influenced by other
data (like other votes) then that is a different problem. Also sometimes
the end date of a vote might not be very well defined.

Having the list of who voted on what is key to have transparency (and
detect issues like the one I alerted Simon to (the double vote))

I think we need a solution for non @owasp.org emails, so let's see if we
can figure that out (the key is to be able to map an vote with an
recognised owasp identity/person)
On 8 Jan 2014 15:23, "Konstantinos Papapanagiotou" <Konstantinos at owasp.org>
wrote:

> Hiding the results of the poll until it closes also prevents biased votes.
> It's not a matter of openness in my opinion.
>
> Kostas
>
>
> On Wed, Jan 8, 2014 at 5:13 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>
>>  Dear Simon,
>>
>> thank you so much for organising this and setting this up.
>> This is great and I will be looking forward to using this community poll
>> more in the future!
>>
>> And I totally agree with your replies to requests from non-owasp email
>> holders.
>> Nothing is perfect and the tool is as it is and naturally has some
>> technical limitations. In case of public requests, it is fully sufficient
>> to make available simple summary results after the survey is closed. We
>> don't need to make huge investments just to publish partial real-time
>> preliminary update results for the public. In most normal cases, surveys
>> don't even have preliminary status updates at all.
>>
>> All the best, Tobias
>>
>>
>> Ps.: on a technical term, one might also question the requesters argument
>> that an internal member poll for a decision would qualify as "OWASP
>> materials". However, personally I just love openness and transparency and
>> would encourage and embrace if we could post the end summary results of our
>> community surveys somewhere on our website after they are finished.
>> (Without publishing details how each single named individual voted in the
>> poll.)
>>
>>
>>
>>
>> On 08/01/14 14:40, psiinon wrote:
>>
>>    And another problem...
>>
>>  I've been receiving _lots_ of requests to access the form from non OWASP
>> accounts.
>>  I have replied to all of them with a canned response of:
>> I'm afraid this poll is currently only available to people with OWASP
>> email accounts to ensure that only OWASP members / contributors take part.
>>
>> To get an OWASP email address follow the link on
>> https://www.owasp.org/index.php/Owasp.org_email_address
>>
>> Cheers,
>>
>> Simon
>>
>>  However I've just received a reply of:
>> Dear Simon,
>>
>> the main page of the owasp website states "all of our materials are
>> available under a free and open software license". Thus I again ask for
>> these materials.
>>
>>  Best regards,
>> a long-time owasp follower
>>
>>  PS: Thanks, I don't need these information, but I am just surprised
>> that being an all open and free project, you deny access to these
>> informtion? Isn't that ignoring the foundaries of the project?
>>
>>  For now I'm going to stick with the statement I put on
>> https://www.owasp.org/index.php/Polls:
>> Note that only OWASP members can see the 'live' results. A summary of the
>> results will be made public when the poll closes, but the full details will
>> stay restricted to OWASP members to prevent email harvesting.
>>
>>  However I want to let anyone else have a say on this rather than it
>> being just my decision.
>>
>>  Simon
>>
>>
>> On Wed, Jan 8, 2014 at 2:34 PM, psiinon <psiinon at gmail.com> wrote:
>>
>>>    OK, it looks like Google Forms arent _quite_ as good as they
>>> initially seem :(
>>>
>>>  For a start, there is no easy way to prevent anyone from voting
>>> multiple times.
>>>  We can see if anyone does, but thats not always immediately obvious if
>>> there are a lot of responses.
>>>
>>>  The poll owner can edit the spreadsheet to take out 'extra' votes, but
>>> the totals in the summary are _not_ updated :(
>>>
>>>  This means that the summary for the 'RSA' poll is currently wrong - I
>>> removed one 'extra' vote (which may of course have been accidental) and
>>> then removed 2 extra votes that I made while testing to see if I could
>>> easily prevent multiple votes :(
>>>
>>>  If anyone has any straightforward solutions to these 2 issues then
>>> please let me know.
>>>
>>>  Simon
>>>
>>>
>>>  On Tue, Jan 7, 2014 at 9:16 PM, Dennis Groves <dennis.groves at owasp.org>wrote:
>>>
>>>>  I was one of the first to answer the survey, however, let me publicly
>>>> say that this is an awesome idea Psiinon!
>>>> We really should be involving the community much more, and this is a
>>>> great way to do that.
>>>>
>>>>
>>>> On Tue, Jan 7, 2014 at 11:27 AM, Dinis Cruz <dinis.cruz at owasp.org>wrote:
>>>>
>>>>> yeah, keep it @owasp.org domain only since that is also a nice perk
>>>>> for having that email address (and makes the whole process simpler)
>>>>>
>>>>>  Rock & Roll Simon, this is a great evolution :)
>>>>>
>>>>>  Dinis
>>>>>
>>>>>
>>>>> On 7 January 2014 15:48, <nawaid.iqbal at owasp.org> wrote:
>>>>>
>>>>>> I agree with Tobias. People with only owasp.org should only be
>>>>>> allowed to voice their opinion
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> Nawaid
>>>>>> Sent from BlackBerry® on Airtel
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: psiinon <psiinon at gmail.com>
>>>>>> Sender: owasp-leaders-bounces at lists.owasp.org
>>>>>> Date: Tue, 7 Jan 2014 11:55:11
>>>>>> To: Michael Coates<michael.coates at owasp.org>
>>>>>> Cc: Kanwal Singh \(WebMentors\)<kanwalsb at gmail.com>; OWASP Leaders<
>>>>>> owasp-leaders at lists.owasp.org>; Nishant Johar \(EMOBX\)<nj at emobx.com>;
>>>>>> Ravdeep Sodhi<ravdeep.sodhi at ecoretechnos.com>
>>>>>> Subject: Re: [Owasp-leaders] Regular OWASP polls
>>>>>>
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>>
>>>>   --
>>>> Dennis Groves <http://about.me/dennis.groves>, MSc
>>>> Email me, <dennis.groves at owasp.org> or schedule a meeting<http://goo.gl/8sPIy>
>>>> .
>>>>  *This email is licensed under a CC BY-ND 3.0
>>>> <http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB> license.*
>>>> Stand up for your freedom to install free software.<http://www.fsf.org/campaigns/secure-boot/statement>
>>>> Please do not send me Microsoft Office/Apple iWork documents.
>>>> Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!
>>>>
>>>>  <http://www.owasp.org/>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>>
>>> --
>>>  OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>
>>
>>
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140108/155b8d81/attachment-0001.html>


More information about the OWASP-Leaders mailing list