<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#ffffff">
    Like media wiki?  :)   <br>
    <br>
    The more I think about it, there is going to be significant
    authentication issues with using mailing lists + bulletin board.  Is
    authentication going to be based on email headers?  No way. <br>
    <br>
    So i think we should start testing a forum.  Maybe not with leaders,
    but maybe we start with the projects, see how it works out, then
    proceed forward.<br>
    <br>
    Sound reasonable?<br>
    <br>
    Jerry<br>
    <br>
    <br>
    <br>
    <br>
    On 2/9/11 12:32 PM, Jason Li wrote:
    <blockquote
      cite="mid:AANLkTim-8LX43=UPznS=T4Zy4ROvGOTW9c_X_sqO4rT-@mail.gmail.com"
      type="cite">Security is another reason we shied away from phpBB :)
      <div><br>
      </div>
      <div>-Jason<br>
        <br>
        <div class="gmail_quote">On Wed, Feb 9, 2011 at 11:28 AM, Dr.
          Dirk Wetter <span dir="ltr">&lt;<a moz-do-not-send="true"
              href="mailto:dirk.wetter@owasp.org">dirk.wetter@owasp.org</a>&gt;</span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
            0.8ex; border-left: 1px solid rgb(204, 204, 204);
            padding-left: 1ex;"><br>
            Are we into a hardening phpBB project or yet another CTF
            competion ? ;-)<br>
            SCNR, Dirk<br>
            <br>
            Jason Li schrieb, Am 02/09/2011 12:21 PM:<br>
            <div class="im">&gt; We definitely know that email
              integration is important - this was one of<br>
              &gt; the primary lessons we learned when we tried to
              implement forums three<br>
              &gt; years ago following the last 2008 Summit.<br>
              &gt;<br>
              &gt; The difficulty we ran into is that there are very few
              established<br>
              &gt; products that support forum mailing list integration.
              For example, m2f<br>
              &gt; is a plugin for phpBB that does exactly what we want
              - but it's very<br>
              &gt; outdated and doesn't work with the latest version of
              phpBB - as security<br>
              &gt; folks, we were remiss to not be using the latest
              patched version of<br>
              &gt; phpBB.  Yahoo Groups also provides mailing lists
              while having online<br>
              &gt; messages, but like Google Groups, requires a Yahoo
              account.<br>
              &gt;<br>
              &gt; If anyone is aware of an existing product that does
              online forums and<br>
              &gt; mailing list integration automatically, please speak
              up! :)<br>
              &gt;<br>
              &gt; I'm sure that we have the technical capability within
              OWASP to implement<br>
              &gt; email integration ourselves if necessary.<br>
              &gt;<br>
              &gt; -Jason<br>
              &gt;<br>
              &gt; On Wed, Feb 9, 2011 at 10:34 AM, Ofer Maor &lt;<a
                moz-do-not-send="true" href="mailto:ofer.maor@owasp.org">ofer.maor@owasp.org</a><br>
            </div>
            <div>
              <div class="h5">&gt; &lt;mailto:<a moz-do-not-send="true"
                  href="mailto:ofer.maor@owasp.org">ofer.maor@owasp.org</a>&gt;&gt;
                wrote:<br>
                &gt;<br>
                &gt;     I Don’t think we need a trial to tell the diff
                between forum and<br>
                &gt;     email J<br>
                &gt;<br>
                &gt;     Forum is by far more useful for threaded
                discussions (assuming it’s<br>
                &gt;     a good forum J), but has an inherent problem of
                requiring people to<br>
                &gt;     actively load it. As most of us do OWASP as
                something in addition to<br>
                &gt;     their day job, it is obvious this will reduce
                participation… I have<br>
                &gt;     a few forums I’m into (hobbies), and I only go
                on them when I have<br>
                &gt;     some free time. The OWASP mailing list, I get
                pushed to the outlook<br>
                &gt;     and phone which I work on (and I assume it’s
                similar for many others).<br>
                &gt;<br>
                &gt;<br>
                &gt;<br>
                &gt;     This can be partially circumvented by using RSS
                feeds, though still<br>
                &gt;     – you’ll have to open the forum once u get the
                feed to reply, making<br>
                &gt;     it much harder to do “in between” other email
                related work.<br>
                &gt;<br>
                &gt;<br>
                &gt;<br>
                &gt;     Ofer.<br>
                &gt;<br>
                &gt;<br>
                &gt;<br>
                &gt;<br>
                &gt;<br>
                &gt;     *From:* <a moz-do-not-send="true"
                  href="mailto:owasp-leaders-bounces@lists.owasp.org">owasp-leaders-bounces@lists.owasp.org</a><br>
                &gt;     &lt;mailto:<a moz-do-not-send="true"
                  href="mailto:owasp-leaders-bounces@lists.owasp.org">owasp-leaders-bounces@lists.owasp.org</a>&gt;<br>
                &gt;     [mailto:<a moz-do-not-send="true"
                  href="mailto:owasp-leaders-bounces@lists.owasp.org">owasp-leaders-bounces@lists.owasp.org</a><br>
                &gt;     &lt;mailto:<a moz-do-not-send="true"
                  href="mailto:owasp-leaders-bounces@lists.owasp.org">owasp-leaders-bounces@lists.owasp.org</a>&gt;]
                *On Behalf Of *Seba<br>
                &gt;     *Sent:* Wednesday, February 09, 2011 12:29<br>
                &gt;     *To:* owasp-leaders<br>
                &gt;     *Subject:* Re: [Owasp-leaders] Mailing list
                -&gt; Forum<br>
                &gt;<br>
                &gt;<br>
                &gt;<br>
                &gt;     unless we give it a good trial run, we will
                keep running un circles<br>
                &gt;     here.<br>
                &gt;<br>
                &gt;     Let's discuss this on the forum? :-)<br>
                &gt;<br>
                &gt;<br>
                &gt;<br>
                &gt;     --Seba<br>
                &gt;<br>
                &gt;     On Wed, Feb 9, 2011 at 11:14 AM, Ofer Maor &lt;<a
                  moz-do-not-send="true"
                  href="mailto:ofer.maor@owasp.org">ofer.maor@owasp.org</a><br>
              </div>
            </div>
            <div class="im">&gt;     &lt;mailto:<a
                moz-do-not-send="true" href="mailto:ofer.maor@owasp.org">ofer.maor@owasp.org</a>&gt;&gt;
              wrote:<br>
              &gt;<br>
              &gt;     I'm against forums, unless coupled with email. I
              read 90% of my<br>
              &gt;     owasp emails from my phone as they r pushed in.
              If I'd have to<br>
              &gt;     actively open a forum I'd likely miss half of
              what's going on.<br>
              &gt;<br>
              &gt;     Ofer.<br>
              &gt;<br>
              &gt;     // Sent from my iPhone<br>
              &gt;<br>
              &gt;<br>
              &gt;     On Feb 9, 2011, at 2:23, Jerry Hoff &lt;<a
                moz-do-not-send="true" href="mailto:jerry@owasp.org">jerry@owasp.org</a><br>
            </div>
            <div class="im">&gt;     &lt;mailto:<a
                moz-do-not-send="true" href="mailto:jerry@owasp.org">jerry@owasp.org</a>&gt;&gt;
              wrote:<br>
              &gt;<br>
              &gt;     &gt; Hi Leaders,<br>
              &gt;     &gt;<br>
              &gt;     &gt; I'm writing to put forth an idea that has
              been floating around<br>
              &gt;     OWASP for<br>
              &gt;     &gt; a while, but needs to be implemented. The
              move from email list -&gt;<br>
              &gt;     owasp<br>
              &gt;     &gt; forum.  Although the mailing lists are
              published, I think the general<br>
              &gt;     &gt; consensus is that the archives are:<br>
              &gt;     &gt;<br>
              &gt;     &gt; 1) hard to find (in some cases you can only
              access them via forced<br>
              &gt;     browsing)<br>
              &gt;     &gt; 2) definitely not user-friendly for
              searching<br>
              &gt;     &gt;<br>
              &gt;     &gt; A move to a forum will build a stronger
              OWASP community (hopefully),<br>
              &gt;     &gt; allow for greater transparency among the
              various chapters, committees<br>
              &gt;     &gt; and the board, and will give new members a
              place to come and more<br>
              &gt;     easily<br>
              &gt;     &gt; interact with the other members of the OWASP
              community.   It would<br>
              &gt;     leave<br>
              &gt;     &gt; searchable record of all the collective
              OWASP security wisdom in one<br>
              &gt;     &gt; place.<br>
              &gt;     &gt;<br>
              &gt;     &gt; So does anyone have any strong opinions on
              the future of<br>
            </div>
            &gt;     &gt; <a moz-do-not-send="true"
              href="http://forum.owasp.org" target="_blank">forum.owasp.org</a>
            &lt;<a moz-do-not-send="true" href="http://forum.owasp.org"
              target="_blank">http://forum.owasp.org</a>&gt;?  Larry
            Casey has<br>
            <div class="im">&gt;     generously offered to set it up,
              and I<br>
              &gt;     &gt; think it would be a huge plus for the
              community.  As Michael Coates<br>
              &gt;     &gt; suggested, we could then start gradually
              migrating particular<br>
              &gt;     volunteer<br>
              &gt;     &gt; groups as a beta, and if it works out, we
              can ultimately migrate more<br>
              &gt;     &gt; mailing lists over to a forum.<br>
              &gt;     &gt;<br>
              &gt;     &gt; We can also port the existing mail lists
              archives into the forum, for<br>
              &gt;     &gt; historical purposes.<br>
              &gt;     &gt;<br>
              &gt;     &gt; This would give a centralized home for all
              the regional chapters,<br>
              &gt;     &gt; committees, projects, conferences and the
              board.<br>
              &gt;     &gt;<br>
              &gt;     &gt; So leaders, what say you?<br>
              &gt;     &gt;<br>
              &gt;     &gt; Jerry Hoff<br>
              &gt;     &gt;
              _______________________________________________<br>
              &gt;     &gt; OWASP-Leaders mailing list<br>
            </div>
            &gt;     &gt; <a moz-do-not-send="true"
              href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a>
            &lt;mailto:<a moz-do-not-send="true"
              href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a>&gt;<br>
            <div class="im">&gt;     &gt; <a moz-do-not-send="true"
                href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
              &gt;     _______________________________________________<br>
              &gt;     OWASP-Leaders mailing list<br>
            </div>
            &gt;     <a moz-do-not-send="true"
              href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a>
            &lt;mailto:<a moz-do-not-send="true"
              href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a>&gt;<br>
            <div class="im">&gt;     <a moz-do-not-send="true"
                href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
              &gt;<br>
              &gt;<br>
              &gt;<br>
              &gt;<br>
              &gt;     _______________________________________________<br>
              &gt;     OWASP-Leaders mailing list<br>
            </div>
            &gt;     <a moz-do-not-send="true"
              href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a>
            &lt;mailto:<a moz-do-not-send="true"
              href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a>&gt;<br>
            <div>
              <div class="h5">&gt;     <a moz-do-not-send="true"
                  href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                  target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                &gt;<br>
                &gt;<br>
                &gt;<br>
                &gt;
                ------------------------------------------------------------------------<br>
                &gt;<br>
                &gt; _______________________________________________<br>
                &gt; OWASP-Leaders mailing list<br>
                &gt; <a moz-do-not-send="true"
                  href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a><br>
                &gt; <a moz-do-not-send="true"
                  href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                  target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                <br>
                _______________________________________________<br>
                OWASP-Leaders mailing list<br>
                <a moz-do-not-send="true"
                  href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a><br>
                <a moz-do-not-send="true"
                  href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                  target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
      <pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
OWASP-Leaders mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a>
<a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>