[Owasp-leaders] Project stats

Matt Tesauro matt.tesauro at owasp.org
Tue Jun 7 19:00:28 UTC 2016

+1 Achim

The OWASP WTE project tracks the LTS releases of Ubuntu - that means I
create a new VM + release very infrequently.  There's loads of activity
when Ubuntu releases a new LTS - like right now.  But between those times,
I only do updates to specific tools/packages when they create new
releases.  When one of the tools I package releases a new version is
something I ZERO control over.  I'd not like to be 'graded' on something I
have no control over.

Whatever system we finalize, we have to make sure its robust _and_ flexible
enough to match the diverse projects we have.

<Matt 2 cents>

I prefer to classify projects into 4 categories:
(1) Documentation
(2) Code / Tools
(3) Other (non-code, non-doc.)
(4) An umbrella projects that holds 2+ of the (1) to (3) types above.

So that project leaders don't feel obligated to force their project into
one of the two most frequent project types if their idea isn't (1) or (2).

So perhaps provide a value for each of many measurements that are possible
for projects and leaders have to get X of Y points to move from incubator
to lab.  That could be 2 measures combined or the sum of 15 measurements.
It needs to let project leaders choose what makes sense for their project.
Its the difference between a fixed menu and a buffet.  I don't think we'll
come up with a menu that fits all projects but we can work on filling up a
buffet to meet today's project needs and keep adding/removing items as the
project inventory (and our ability to measure it) changes over time.

</Matt's 2 cents>

-- Matt Tesauro
OWASP AppSec Pipeline Lead
OWASP WTE Project Lead
http://AppSecLive.org <http://appseclive.org/> - Community and Download site

On Tue, Jun 7, 2016 at 1:45 PM, Achim <achim at owasp.org> wrote:

> On 07.06.2016 20:06, Sean Auriti wrote:
> > Date of last activity will be useful to determine inactive projects.
> hmm, same ideas and continous discussions about such measures.
> There're a couple of projects, mainly documentaion or papers, which are
> rarely updated for very, very good reason.
> Please *first* think about how to rate such a measure before using it
> to "qualify" a project.
> Just measure without a proper definition how it will be used is a scary
> thing. Please don't do it again.
> Just my 2 pence
> Achim
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160607/0104be5b/attachment-0001.html>

More information about the OWASP-Leaders mailing list