[Owasp-leaders] Regular OWASP polls

psiinon psiinon at gmail.com
Wed Jan 8 16:07:11 UTC 2014


This is easy for me to do, but contradicts the statement I made on
https://www.owasp.org/index.php/Polls : "Note that only OWASP members can
see the 'live' results. A summary of the results will be made public when
the poll closes, but the full details will stay restricted to OWASP members
to prevent email harvesting."

I'm fine with the voting details (and therefore email addresses) being
publicly visible - is everyone else?

Simon


On Wed, Jan 8, 2014 at 4:02 PM, Dinis Cruz <dinis.cruz at owasp.org> wrote:

> One more note on the non @owasp.org email holders, they should be able to
> see the results and votes
>
> Which means that the only limitation that is mapped to an @owasp.orgidentity is to be able to vote. This means that votes are not done and
> accessible behind closed doors (in this case having an @owasp.org email),
> ie there is open and transparent access to anybody with internet access.
> On 8 Jan 2014 15:31, "Dinis Cruz" <dinis.cruz at owasp.org> wrote:
>
>> Simon, what about using twitter to vote? (Allow non @owasp.org email
>> holders to vote using their twitter feed (which we can map back to an owasp
>> leader's account ))
>> On 8 Jan 2014 15:28, "psiinon" <psiinon at gmail.com> wrote:
>>
>>> Thats true.
>>> Except when people like me tweet about them
>>> https://twitter.com/psiinon/status/420609431047397376
>>> Ooops ;)
>>>
>>>
>>> On Wed, Jan 8, 2014 at 3:19 PM, Konstantinos Papapanagiotou <
>>> Konstantinos at owasp.org> wrote:
>>>
>>>> Hiding the results of the poll until it closes also prevents biased
>>>> votes. It's not a matter of openness in my opinion.
>>>>
>>>> Kostas
>>>>
>>>>
>>>> On Wed, Jan 8, 2014 at 5:13 PM, Tobias <tobias.gondrom at owasp.org>wrote:
>>>>
>>>>>  Dear Simon,
>>>>>
>>>>> thank you so much for organising this and setting this up.
>>>>> This is great and I will be looking forward to using this community
>>>>> poll more in the future!
>>>>>
>>>>> And I totally agree with your replies to requests from non-owasp email
>>>>> holders.
>>>>> Nothing is perfect and the tool is as it is and naturally has some
>>>>> technical limitations. In case of public requests, it is fully sufficient
>>>>> to make available simple summary results after the survey is closed. We
>>>>> don't need to make huge investments just to publish partial real-time
>>>>> preliminary update results for the public. In most normal cases, surveys
>>>>> don't even have preliminary status updates at all.
>>>>>
>>>>> All the best, Tobias
>>>>>
>>>>>
>>>>> Ps.: on a technical term, one might also question the requesters
>>>>> argument that an internal member poll for a decision would qualify as
>>>>> "OWASP materials". However, personally I just love openness and
>>>>> transparency and would encourage and embrace if we could post the end
>>>>> summary results of our community surveys somewhere on our website after
>>>>> they are finished. (Without publishing details how each single named
>>>>> individual voted in the poll.)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 08/01/14 14:40, psiinon wrote:
>>>>>
>>>>>    And another problem...
>>>>>
>>>>>  I've been receiving _lots_ of requests to access the form from non
>>>>> OWASP accounts.
>>>>>  I have replied to all of them with a canned response of:
>>>>> I'm afraid this poll is currently only available to people with OWASP
>>>>> email accounts to ensure that only OWASP members / contributors take part.
>>>>>
>>>>> To get an OWASP email address follow the link on
>>>>> https://www.owasp.org/index.php/Owasp.org_email_address
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Simon
>>>>>
>>>>>  However I've just received a reply of:
>>>>> Dear Simon,
>>>>>
>>>>> the main page of the owasp website states "all of our materials are
>>>>> available under a free and open software license". Thus I again ask for
>>>>> these materials.
>>>>>
>>>>>  Best regards,
>>>>> a long-time owasp follower
>>>>>
>>>>>  PS: Thanks, I don't need these information, but I am just surprised
>>>>> that being an all open and free project, you deny access to these
>>>>> informtion? Isn't that ignoring the foundaries of the project?
>>>>>
>>>>>  For now I'm going to stick with the statement I put on
>>>>> https://www.owasp.org/index.php/Polls:
>>>>> Note that only OWASP members can see the 'live' results. A summary of
>>>>> the results will be made public when the poll closes, but the full details
>>>>> will stay restricted to OWASP members to prevent email harvesting.
>>>>>
>>>>>  However I want to let anyone else have a say on this rather than it
>>>>> being just my decision.
>>>>>
>>>>>  Simon
>>>>>
>>>>>
>>>>> On Wed, Jan 8, 2014 at 2:34 PM, psiinon <psiinon at gmail.com> wrote:
>>>>>
>>>>>>    OK, it looks like Google Forms arent _quite_ as good as they
>>>>>> initially seem :(
>>>>>>
>>>>>>  For a start, there is no easy way to prevent anyone from voting
>>>>>> multiple times.
>>>>>>  We can see if anyone does, but thats not always immediately obvious
>>>>>> if there are a lot of responses.
>>>>>>
>>>>>>  The poll owner can edit the spreadsheet to take out 'extra' votes,
>>>>>> but the totals in the summary are _not_ updated :(
>>>>>>
>>>>>>  This means that the summary for the 'RSA' poll is currently wrong -
>>>>>> I removed one 'extra' vote (which may of course have been accidental) and
>>>>>> then removed 2 extra votes that I made while testing to see if I could
>>>>>> easily prevent multiple votes :(
>>>>>>
>>>>>>  If anyone has any straightforward solutions to these 2 issues then
>>>>>> please let me know.
>>>>>>
>>>>>>  Simon
>>>>>>
>>>>>>
>>>>>>  On Tue, Jan 7, 2014 at 9:16 PM, Dennis Groves <
>>>>>> dennis.groves at owasp.org> wrote:
>>>>>>
>>>>>>>  I was one of the first to answer the survey, however, let me
>>>>>>> publicly say that this is an awesome idea Psiinon!
>>>>>>> We really should be involving the community much more, and this is a
>>>>>>> great way to do that.
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Jan 7, 2014 at 11:27 AM, Dinis Cruz <dinis.cruz at owasp.org>wrote:
>>>>>>>
>>>>>>>> yeah, keep it @owasp.org domain only since that is also a nice
>>>>>>>> perk for having that email address (and makes the whole process simpler)
>>>>>>>>
>>>>>>>>  Rock & Roll Simon, this is a great evolution :)
>>>>>>>>
>>>>>>>>  Dinis
>>>>>>>>
>>>>>>>>
>>>>>>>> On 7 January 2014 15:48, <nawaid.iqbal at owasp.org> wrote:
>>>>>>>>
>>>>>>>>> I agree with Tobias. People with only owasp.org should only be
>>>>>>>>> allowed to voice their opinion
>>>>>>>>>
>>>>>>>>> Regards
>>>>>>>>>
>>>>>>>>> Nawaid
>>>>>>>>> Sent from BlackBerry® on Airtel
>>>>>>>>>
>>>>>>>>> -----Original Message-----
>>>>>>>>> From: psiinon <psiinon at gmail.com>
>>>>>>>>> Sender: owasp-leaders-bounces at lists.owasp.org
>>>>>>>>> Date: Tue, 7 Jan 2014 11:55:11
>>>>>>>>> To: Michael Coates<michael.coates at owasp.org>
>>>>>>>>> Cc: Kanwal Singh \(WebMentors\)<kanwalsb at gmail.com>; OWASP
>>>>>>>>> Leaders<owasp-leaders at lists.owasp.org>; Nishant Johar \(EMOBX\)<
>>>>>>>>> nj at emobx.com>; Ravdeep Sodhi<ravdeep.sodhi at ecoretechnos.com>
>>>>>>>>> Subject: Re: [Owasp-leaders] Regular OWASP polls
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> OWASP-Leaders mailing list
>>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> OWASP-Leaders mailing list
>>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> OWASP-Leaders mailing list
>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>   --
>>>>>>> Dennis Groves <http://about.me/dennis.groves>, MSc
>>>>>>> Email me, <dennis.groves at owasp.org> or schedule a meeting<http://goo.gl/8sPIy>
>>>>>>> .
>>>>>>>  *This email is licensed under a CC BY-ND 3.0
>>>>>>> <http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB> license.*
>>>>>>> Stand up for your freedom to install free software.<http://www.fsf.org/campaigns/secure-boot/statement>
>>>>>>> Please do not send me Microsoft Office/Apple iWork documents.
>>>>>>> Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!
>>>>>>>
>>>>>>>  <http://www.owasp.org/>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>  OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>>
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>


-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140108/bcd1249f/attachment-0001.html>


More information about the OWASP-Leaders mailing list