[Owasp-leaders] [Governance] [OWASP ASVS] Obfuscation?

Eoin Keary eoin.keary at owasp.org
Sun Nov 9 00:51:07 UTC 2014

Ah, here we go again. Do we really need to cc the leaders list? Seems the longest email threads are never about appsec anymore.

Sent from my iPhone

> On 8 Nov 2014, at 21:46, Timur 'x' Khrotko (owasp) <timur at owasp.org> wrote:
> The initial letter of this thread contained professional contribution of Mr Heinrich to an important professional discourse, it was formulated in absolutely proper language. The fact that we left that message, the "content" without adequate reaction upsets me. The compliance issue should have gone to a forked thread imo.
> Yvan, I absolutely respect your role of the compliance steward of our community. The aspect you represent is vital for keeping the community in good health.
> But for keeping any king's court in health there must also be a smart person who does not filter his speeches (they called this role fool or clown just to make it acceptable for themselves despite his illegal speeches). Speeches of the "fool" used to convey messages others preferred to keep under the carpet. Christian, please do not take the analogy personally, it is about the function of someone who dare not to filter his speech, and I respect the value of that role. Surely as applicable to OWASP, exercising this role can only be tolerable in very rare cases. This remark of mine about the rare need of unfiltered speech regards the original conflict back to June 18. Even if Christian was very wrong in his accusations then and before, we probably have to tolerate such things happen once a year, since we never know when hidden facts or important opinions pop up this harsh way.
> I agree that if one produces "history of repeated disrespectful behavior" he has to be banned from the community. In my view this measure should only serve two purposes:
> - educating people to behave, 
> - protecting the community from flame wars,
> - but not to isolate professionals from participation in professional discourses and projects imo. 
> Imo we are not a kindergarten to isolate any professional person from our sandbox if his given contribution is of professional nature.
> Regards:
> Timur
>> On Sat, Nov 8, 2014 at 3:50 AM, Yvan Boily <yvanboily at gmail.com> wrote:
>> Technical contributions don't excuse abusive behavior.  Full stop.  If that is up for debate, OWASP might as well throw in the towel.  If there are other people using abusive language or treating others poorly, the leaders should *be* leaders, and call them out on it, and hold them accountable.  If people can't or won't function as a leader, then they should consider the role they are fulfilling in the community... not everyone need be a leader, individual contributors are critical as well.
>>> On Fri, Nov 7, 2014 at 4:49 PM, Achim <achim at owasp.org> wrote:
>>> commenting on Josh's statement:
>>> Am 07.11.2014 23:32, schrieb Josh Sokol:
>>> > To answer Christian's question, the Board received multiple complaints from
>>> > members of the OWASP Foundation accusing him of posting e-mails to the
>>> > OWASP Leaders list containing rude and abusive language and false
>>> > accusations.  We asked our Compliance Officer to review the complaints,
>>> > determine whether they are accurate, and determine whether the posts were
>>> > in conflict with the OWASP Code of Ethics.  The conclusion was that the
>>> > complaints were accurate and the posts were in conflict with the OWASP Code
>>> > of Conduct and the recommendation was for the Board to define appropriate
>>> > measures as a result of his actions and to make an official public
>>> > statement.
>>> This statement is probably not wrong, but it's also just part of the truth.
>>> And hence, without telling more of the true facts, may give a wrong impression
>>> of the case.
>>>   * We all know, that not only Christian used rude and abusive language, but
>>>     also other OWASP members. If in doubt, just go through the mailing list
>>>     archive ;-)
>>>   * It's not worth to nitpick "who was first", there are more than one person
>>>     involved (for whatever reason).
>>>   * If there is a conclusion based on the the Compliance Officer's investigations,
>>>     then the results needs to be made public (at least on various mailing list),
>>>     otherwise members, leaders, whoever will continue to ask. Also, without
>>>     publishing, anything is nearly a myth, sorry.
>>> Said this, I'd really like that everyone calms down, and continue with fair
>>> interaction. Just expressing old opinions again and again does not help to
>>> solve the conflict but adds fuel to the fire.
>>> Calm down and behave like gentlemen.
>>> Hope to see positive wordings in future ...
>>> Ciao
>>> Achim
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> This message may contain confidential information - you should handle it accordingly.
> _______________________________________________
> Governance mailing list
> Governance at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/governance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141109/14c1d770/attachment.html>

More information about the OWASP-Leaders mailing list