<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">+1<br>
      It's definitely good to err on the save side when it comes to
      avoiding potential conflicts of interest. <br>
      All the best, Tobias<br>
      <br>
      <br>
      On 10/10/13 21:20, Eoin Keary wrote:<br>
    </div>
    <blockquote
      cite="mid:E67B73C0-6A66-4399-BC70-B1E87B6B017D@owasp.org"
      type="cite">
      <meta http-equiv="content-type" content="text/html;
        charset=ISO-8859-1">
      <div>+1<br>
        <br>
        Eoin Keary
        <div>Owasp Global Board</div>
        <div>+353 87 977 2988</div>
        <div><br>
        </div>
      </div>
      <div><br>
        On 9 Oct 2013, at 10:01, psiinon <<a moz-do-not-send="true"
          href="mailto:psiinon@gmail.com">psiinon@gmail.com</a>>
        wrote:<br>
        <br>
      </div>
      <blockquote type="cite">
        <div>
          <div dir="ltr">
            <div>
              <div>
                <div>
                  <div>Andrew,<br>
                    <br>
                  </div>
                  I agree - we should have this discussion - I've
                  changed the title so we can use this thread for it if
                  anyone else wants to chip in.<br>
                  <br>
                </div>
                I also agree that we should be able to pay people to
                work on OWASP projects.<br>
              </div>
              However we should have checks and balances to ensure that
              a 'rogue' leader doesnt contrive to appropriate donated
              money without contributing a suitable amount of effort.<br>
            </div>
            <div>Hopefully thats extremely unlikely, but we should aim
              to be seen as whiter than white.<br>
            </div>
            <div><br>
            </div>
            <div>Note that we have actually started down this route -
              see Abraham's OWTF CFP: <a moz-do-not-send="true"
                href="http://blog.7-a.org/2013/09/owasp-owtf-cfp-funds-contest.html">http://blog.7-a.org/2013/09/owasp-owtf-cfp-funds-contest.html</a><br>
              <br>
            </div>
            <div>Abraham - have you had any responses to this?<br>
            </div>
            <div><br>
            </div>
            Cheers,<br>
            <br>
            Simon<br>
            <div class="gmail_extra"><br>
              <br>
              <div class="gmail_quote">On Wed, Oct 9, 2013 at 2:17 AM,
                vanderaj vanderaj <span dir="ltr"><<a
                    moz-do-not-send="true"
                    href="mailto:vanderaj@owasp.org" target="_blank">vanderaj@owasp.org</a>></span>
                wrote:<br>
                <blockquote class="gmail_quote" style="margin:0px 0px
                  0px 0.8ex;border-left:1px solid
                  rgb(204,204,204);padding-left:1ex">
                  <div dir="ltr">This is an excellent discussion. 
                    <div><br>
                    </div>
                    <div>However, although it is fine to have this
                      discussion, I think there is "what can (project
                      leaders)|(or the project)|(or OWASP) spend raised
                      sponsorship money on". </div>
                    <div><br>
                    </div>
                    <div>I've made it perfectly plain over many years
                      that for whatever reason, I don't get time off to
                      do my work at OWASP, so sponsorship for me is
                      about taking a sabbatical to work on projects. The
                      idea that the only people who can get paid for
                      OWASP projects are not the people writing them is
                      insane. Our project is big enough to support a few
                      key individuals to get things really moving, a la
                      Linux Foundation and their fellowships. </div>
                    <div><br>
                    </div>
                    <div>I'd like for "how can projects spend their
                      money" to be a separate question to the proposed
                      model question. </div>
                    <div><br>
                    </div>
                    <div>thanks,</div>
                    <div>Andrew </div>
                  </div>
                  <div class="gmail_extra">
                    <br>
                    <br>
                    <div class="gmail_quote">
                      <div>
                        <div class="h5">On Wed, Oct 9, 2013 at 5:02 AM,
                          Michael Coates <span dir="ltr"><<a
                              moz-do-not-send="true"
                              href="mailto:michael.coates@owasp.org"
                              target="_blank">michael.coates@owasp.org</a>></span>
                          wrote:<br>
                        </div>
                      </div>
                      <blockquote class="gmail_quote" style="margin:0px
                        0px 0px 0.8ex;border-left:1px solid
                        rgb(204,204,204);padding-left:1ex">
                        <div>
                          <div class="h5">
                            <div dir="ltr">
                              <div>
                                <div>Leaders,<br>
                                  <br>
                                </div>
                                <div><u><b>TLDR -</b></u> We want
                                  leaders to debate various project
                                  sponsorship models (update as
                                  necessary) and vote on the one they
                                  support in the upcoming annual
                                  elections (Oct 14 -25). <br>
                                  <br>
                                  <a moz-do-not-send="true"
                                    href="https://www.owasp.org/index.php/Governance/ProjectSponsorship"
                                    target="_blank">https://www.owasp.org/index.php/Governance/ProjectSponsorship</a><br>
                                  <br>
                                  <br>
                                </div>
                                <div><u><b>More Info</b></u><br>
                                </div>
                                <div><br>
                                </div>
                                Project sponsorship and branding is an
                                item that we've been working on at the
                                board for quite some time. Through
                                discussion we've realized there is not a
                                single right model for OWASP. Instead
                                there is a spectrum of approaches
                                (decentralized decisions on branding vs
                                centralized, logos or no logos, project
                                sponsorship or foundation sponsorship
                                etc). Each of these items have their own
                                positives and negatives.<br>
                                <br>
                              </div>
                              <div>However, one thing is clear. For
                                OWASP to scale and grow we need to pick
                                an approach and document it. This way
                                everyone understands what the rules are,
                                how to bring in new contributors and how
                                to correctly acknowledge supporters
                                & contributors.<br>
                                <br>
                              </div>
                              <div>We'd like the OWASP community to cast
                                a vote for the model they believe is
                                best for OWASP. Before we vote on the
                                issue we also want our community to help
                                identify considerations for each model.
                                What are the positives and negatives? Is
                                there another approach that we should
                                consider? Is there something we're not
                                considering?<br>
                                <br>
                              </div>
                              <div>The 3 approaches are listed here in
                                the wiki<br>
                                <a moz-do-not-send="true"
                                  href="https://www.owasp.org/index.php/Governance/ProjectSponsorship"
                                  target="_blank">https://www.owasp.org/index.php/Governance/ProjectSponsorship</a><br>
                                <br>
                              </div>
                              <div>Please update and add additional
                                considerations. Please don't remove
                                existing text. Instead use the comment
                                section at the bottom to explain areas
                                you may disagree with.<br>
                                <br>
                                <br>
                              </div>
                              <div>Thanks!<br>
                              </div>
                              <div><br clear="all">
                                <div>
                                  <div>
                                    <div>
                                      <div dir="ltr"><br>
                                        --<br>
                                        Michael Coates | OWASP | @_mwc<br>
                                        <br>
                                      </div>
                                    </div>
                                  </div>
                                </div>
                              </div>
                            </div>
                            <br>
                          </div>
                        </div>
                        _______________________________________________<br>
                        OWASP-Leaders mailing list<br>
                        <a moz-do-not-send="true"
                          href="mailto:OWASP-Leaders@lists.owasp.org"
                          target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                        <a moz-do-not-send="true"
                          href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                          target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                        <br>
                      </blockquote>
                    </div>
                    <br>
                  </div>
                  <br>
                  _______________________________________________<br>
                  OWASP-Leaders mailing list<br>
                  <a moz-do-not-send="true"
                    href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a><br>
                  <a moz-do-not-send="true"
                    href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                    target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                  <br>
                </blockquote>
              </div>
              <br>
              <br clear="all">
              <br>
              -- <br>
              <a moz-do-not-send="true"
                href="https://www.owasp.org/index.php/ZAP"
                target="_blank">OWASP ZAP</a> Project leader<br>
            </div>
          </div>
        </div>
      </blockquote>
      <blockquote type="cite">
        <div><span>_______________________________________________</span><br>
          <span>OWASP-Leaders mailing list</span><br>
          <span><a moz-do-not-send="true"
              href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a></span><br>
          <span><a moz-do-not-send="true"
              href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a></span><br>
        </div>
      </blockquote>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OWASP-Leaders mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a>
<a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>