[Owasp-leaders] My expectation is that nobody is reading my @owasp.org emails

Timur 'x' Khrotko (owasp) timur at owasp.org
Tue Jul 1 15:35:54 UTC 2014


As far as I know, there is no support/feature in Gapps for proxy email
addresses or technical users.

a) You can create normal users, treat them as technical on your logical
level, switch off all other services than email. But you apparently won't
be able to reroute their mail to another @owasp.org account, so reading
their mail will be client side headache ever. And of course there are all
the risks of phantom/logical user accounts.

b) You can associate the technical user/label as alias with one specific
account. (That user can create a rule to forward all mail addressed to that
alias to other users, if needed.) In this case owasp will not be able to
accumulate the mail addressed to that technical address separately. User
will be able to send mail on behalf of the alias.

c) You can create technical users as groups, and manage their membership.
Even with single member in a group this solution is the less hackish and
the most straight manageable. (Though the initial setup of such group is
10+ minutes of configuration and review.)

d) There may be a feature or a gapps app that solves all this properly.

In our company we use the 'c' method for technical accounts (eg.
santa at cloudbreaker.co)).

PS1: We use the 'c' method for forwarding our ex-colleagues mail as well
(after a few months or a year of their leaving).

PS2: I also propose to resolve the case of Samantha's @owasp.org email
address the same way, by routing her email to her private address. Ok, it
is not a solution for the problem, but some sort of reinstitution of
courtesy.

PSS. Dinis, on your original question, whether or not it is technically
possible to read your mail without you noticing it. Yes. In the Gapps admin
console admins can set up email routing (read forking) for any account
individually. Just tested it on myself.)) (the target address can not be
google's or gapps.)

PSSS: Gapps have full featured groups (aka mailing lists) facility, we may
consider to use it instead of the mailman server, probably, at some future
point.


On Tue, Jul 1, 2014 at 4:34 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> Sounds perfectly reasonable to me.  Can someone take the task of working
> with Sarah to come up with those e-mail addresses and update any references
> that point to individuals rather than the proxy e-mail address?  The staff
> could certainly use some volunteer assistance to make this happen.
>
> ~josh
>
>
> On Tue, Jul 1, 2014 at 9:18 AM, Achim <achim at owasp.org> wrote:
>
>>
>>
>> Am 01.07.2014 15:44, schrieb Josh Sokol:
>> > To say that OWASP's Human Resources processes are immature is an
>> > understatement.  But, to Eoin's point, HR is not the responsibility of
>> the
>> > Board of Directors, but rather, the Executive Director and the
>> Operations
>> > Team.  As with most things at OWASP, as a volunteer, if you see a
>> problem
>> > with the way things are done and have ideas for improvement, you are
>> > welcome to put forth a plan to fix it.
>>
>> Ok, you want a plan:
>>
>> First I'd highly appreciate if we setup a list of e-mail addresses for
>> technical use, like contact at owasp.org, project-staff at owasp.org, and many
>> more.
>>
>> Then assign these to the apropriate persons. Then there's hopefully no
>> longer
>> the need to disable/bann someone's e-mail adress from OWASP.
>>
>> This makes things easy:
>>   * the technical e-mail address can remain on all websites
>>   * if the human behind that address changes, for whatever reason, just
>> the
>>     assignment to the technical e-mail address needs to be chanched
>>   * post the list of these addresses at owasp.org
>>
>> Does this sound reasonable?
>> Achim
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>

-- 
Email us to enforce secure link with your mail servers (domain).
This message may contain confidential information - you should handle it 
accordingly.
Ez a levél bizalmas információt tartalmazhat, és ekként kezelendő.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140701/18cfd7ca/attachment-0001.html>


More information about the OWASP-Leaders mailing list