[Owasp-leaders] Publishing project

Owasp johanna.curiel at owasp.org
Sat Oct 4 20:44:44 UTC 2014


Hi Nikola,
The project task force has being working on reviewing projects periodically and when projects wish to get an assesment to graduate. Owasp is indeed a decentralize organization, however we have implemented a basic monitoring process to see how projects are doing at health and quality level. As mentioned by Simon, you as the project leader are the sole owner of it and all the work related to publishing, releasing in completely in your hands.

 Releasing under OWASP brand meets basically , following the guidelines described on the project leader handbook  such as vendor neutrality for example, but always keep in mind, is your project and you are the one pulling the show.

Take also a look of the following wiki page 

https://www.owasp.org/index.php/Category:OWASP_Project#tab=Project_Assessments

If you need assistance about specific information, please feel free to contact us directly

Regards

Johanna Curiel
Team lead project review




> On Oct 4, 2014, at 6:37 PM, Nikola Milosevic <nikola.milosevic at owasp.org> wrote:
> 
> Ok thank you. I just thought that there may be some review, but apparently that is not related to publishing a version and has to be applied separately. Which it may make quite a lot of sense if it was the review, while I believe it is too much resource consuming to perform that for every project and every version.
> 
> Pozdrav/Best regards,
>  
> Nikola Milošević
> OWASP Seraphimdroid project leader
> nikola.milosevic at owasp.org
> OWASP - Open Web Application Security Project
> OWASP Seraphimdroid Project
> 
>> On Sat, Oct 4, 2014 at 1:07 PM, Fabio Cerullo <fcerullo at owasp.org> wrote:
>> Nikola
>> 
>> Does the project follow the rules set in the OWASP Project Handbook?
>> 
>> https://www.owasp.org/index.php/OWASP_2014_Project_Handbook
>> 
>> If so, please go ahead and publish the app.
>> 
>> Thanks for your contributions and delighted to know Google Summer of Code helped crafting the first version of Seraphimdroid.
>> 
>> Fabio
>> 
>> 
>>> On Saturday, October 4, 2014, psiinon <psiinon at gmail.com> wrote:
>>> Hi Nikola,
>>> 
>>> OWASP is an extremely decentralized organization: as a project leader you can and should do whatever you think is necessary for your project (including releasing it) without asking for permission.
>>> So go for it :)
>>> 
>>> My take on it is that OWASP projects are open source projects that have aligned themselves with OWASP.
>>> OWASP has accepted your project as one that is appropriate and suitable for the organization.
>>> 
>>> You can do anything you like with your project, including removing it from OWASP.
>>> OWASP can likewise decide that your project is no longer suitable and also remove it from OWASP. Its not a common occurrence, but it can happen.
>>> OWASP cannot remove you as project leader from your project - it does not have that 'right'.
>>> 
>>> If you are about to do something that you think is potentially controversial then I'd recommend asking for advice and feedback from fellow leaders, either on this list or specific individuals you trust.
>>> Or you can decide that its easier to ask for forgiveness rather than permission ;)
>>> 
>>> If you are seen to be leading your project badly then 'normal' open source conventions apply: you with find it increasingly hard to attract and retain both contributors and users.
>>> And your project could be forked by anyone else, OWASP member or not.
>>> In theory this fork could in time be accepted as an OWASP project.
>>> 
>>> OK, that was all off topic ;)
>>> 
>>> A slightly more relevant topic is how to publicize your releases.
>>> I would definitely recommend posting again to this list.
>>> However I'm not sure on how suitable this list is for publicizing _every_ release.
>>> I tend to post about 'major' ZAP releases here, but not bugfix releases.I do the same on BugTraq.
>>> I always tweet about every release, and its always worth posting to ToolsWatch.org.
>>> I always used to post to http://freecode.com/ but thats no longer being maintained :(
>>> Can anyone else recommend any other good options?
>>> 
>>> Cheers,
>>> 
>>> Simon
>>> 
>>> 
>>>> On Sat, Oct 4, 2014 at 10:07 AM, Nikola Milosevic <nikola.milosevic at owasp.org> wrote:
>>>> Hello Leaders,
>>>> 
>>>> I would like to ask a simple question. Is there any procedure about publishing OWASP projects for the first time?
>>>> 
>>>> During the Google Summer of Code, we kinda crafted the first version on OWASP  (https://www.owasp.org/index.php/OWASP_SeraphimDroid_Project), which is android project focused on user privacy mainly, but also has some security and educational aspects. I would like to publish current version on Google play. May I just do it or should someone approve it?
>>>> 
>>>> 
>>>> Pozdrav/Best regards,
>>>>  
>>>> Nikola Milošević
>>>> OWASP Seraphimdroid project leader
>>>> nikola.milosevic at owasp.org
>>>> OWASP - Open Web Application Security Project
>>>> OWASP Seraphimdroid Project
>>>> 
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> 
>>> 
>>> 
>>> 
>>> -- 
>>> OWASP ZAP Project leader
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141004/1832a7c0/attachment.html>


More information about the OWASP-Leaders mailing list