<div dir="ltr">Hi Tobias<div><br></div><div>Thank you for your feedback, and here my clarifications</div><div><br></div><div>><span style="font-family:arial,sans-serif;font-size:13px">- I assume that does not mandate a specific brand of repository. Because I think it is important to allow projects to keep the freedom to choose their repository (at the very least between several ones).</span><span style="font-family:arial,sans-serif;font-size:13px"> </span></div>
<div><font face="arial, sans-serif">We can monitor any repository . leaders are free to choose anyone as long as it's open(meaning read/public access)</font></div><div><font face="arial, sans-serif"><br></font></div><div>
<span style="font-family:arial,sans-serif;font-size:13px">2. Question: </span><br style="font-family:arial,sans-serif;font-size:13px"><span style="font-family:arial,sans-serif;font-size:13px">to section 2 "General rules for all projects:"</span><br style="font-family:arial,sans-serif;font-size:13px">
<span style="font-family:arial,sans-serif;font-size:13px">2.1. And as you write in the second line "commit of wiki update", I am not quite sure about what you mean in the first line with a "project update"?  (I thought a "commit or wiki update" would be a project update? *scratch*)</span></div>
<div>Yes I mean indeed a commit (repository) or a wiki update (It was a typo ;-P)</div><div><br><span style="font-family:arial,sans-serif;font-size:13px">2.2. Why did you use one time 90 days and the other time 80 days? Could we please use the same number of days for both? </span></div>
<div>Another typo, I mean 180 days</div><div><br><span style="font-family:arial,sans-serif;font-size:13px">2.3. Maybe I am not getting something and Condition 1 and condition 2 are intended sequential? (my first read was parallel...) </span><br style="font-family:arial,sans-serif;font-size:13px">
</div><div><span style="font-family:arial,sans-serif;font-size:13px">Indeed, the first reminder will be send within 90 days if we have seen no activity(wiki or commit) and after 180 days a warning</span></div><div><span style="font-family:arial,sans-serif;font-size:13px"><br>
</span></div><div><span style="font-family:arial,sans-serif;font-size:13px">Hope this has clarified the confusion caused by my typo's :)</span></div><div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px">regards</span></div><div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:13px">Johanna</span></div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Aug 23, 2014 at 1:11 PM, Tobias <span dir="ltr"><<a href="mailto:tobias.gondrom@owasp.org" target="_blank">tobias.gondrom@owasp.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    <div>Johanna, <br>
      <br>
      overall support this structure. <br>
      <br>
      With one question and one clarification: <br>
      1. Clarification: <br>
      to your point "They need to have a repository even if empty,
      because this will allow us to automate the monitoring of their
      progress" - I assume that does not mandate a specific brand of
      repository. Because I think it is important to allow projects to
      keep the freedom to choose their repository (at the very least
      between several ones). <br>
      <br>
      2. Question: <br>
      to section 2 "General rules for all projects:"<br>
      2.1. And as you write in the second line "commit of wiki update",
      I am not quite sure about what you mean in the first line with a
      "project update"?  (I thought a "commit or wiki update" would be a
      project update? *scratch*)<br>
      2.2. Why did you use one time 90 days and the other time 80 days?
      Could we please use the same number of days for both? <br>
      2.3. Maybe I am not getting something and Condition 1 and
      condition 2 are intended sequential? (my first read was
      parallel...) <br>
      <br>
      Best wishes, Tobias<div><div class="h5"><br>
      <br>
      <br>
      <br>
      <br>
      On 23/08/14 17:46, johanna curiel curiel wrote:<br>
    </div></div></div><div><div class="h5">
    <blockquote type="cite">
      <div dir="ltr">Leaders,
        <div><br>
        </div>
        <div>After hearing your concerns and some ideas from Kait-Disney
          and the project task force members, I'm proposing the
          following , which hopefully will help us reach better
          guidelines and less empty projects</div>
        <div><br>
        </div>
        <div>We will allow Incubator projects a 1 year deadline BUT with
          the following conditions:</div>
        <div>
          <ul>
            <li>They will need a clear deadline proposal roadmap for the
              next 90 days<br>
            </li>
            <li>We will provide an example on the wiki template of what
              we expect to see<br>
            </li>
            <li>We will provide a 'Start up kit' cheat sheet with all
              the goodies(how to get money for project, participate in
              Google Summer of code program, Winter of Code program,
              Wiki template, Project summit presentations,Github
              repository etc)</li>
            <li>If they do not present a clear roadmap with deadlines,
              the project will not be accepted<br>
            </li>
            <li>They need to have a repository even if empty, because
              this will allow us to automate the monitoring of their
              progress<br>
            </li>
            <li>The wiki page must be COMPLETE. No empty descriptions or
              half info there. This will be not accepted.</li>
          </ul>
          <div><br>
          </div>
          We will create a webbot to track all wiki project pages based
          on the latest updates and based on that we will create
          reminders every 90 days about the activity to ALL project
          leaders (not just incubators).</div>
        <div><br>
        </div>
        <div>General rules for all projects:</div>
        <div>
          <ul>
            <li>Project leaders will receive 1 reminder if the project
              hasn't been updated at all in 90 days.<br>
            </li>
            <li>Project leaders will receive 1 warnings  if no commit or
              wiki update has been done in 80 days or if they dont
              feedback with us about the situation of their project<br>
            </li>
            <li>The third one will be final and the project will be set
              in the inactive list</li>
            <li>Remember you can always revive the project but you will
              need a roadmap in order to do this.</li>
          </ul>
        </div>
        <div><br>
        </div>
        <div>
          regards</div>
        <div><br>
        </div>
        <div>Johanna</div>
        <div><br>
        </div>
      </div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On Thu, Aug 21, 2014 at 11:09 PM,
          johanna curiel curiel <span dir="ltr"><<a href="mailto:johanna.curiel@owasp.org" target="_blank">johanna.curiel@owasp.org</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">Jim and leaders,
              <div><br>
              </div>
              <div>The idea of the whiteboard is that no one needs to
                maintain this ;-). Is just a whiteboard with
                idea-projects hanging there in order for people to join
                and find contributors to pull off their project. What
                I'm trying to do is be realistic about the maintenance
                of project inventory and how OWASP looks to the
                outsiders. Empty projects looks really bad. Dont expect
                potential users to go read your roadmap and comeback
                when you say you are ready.</div>
              <div><br>
              </div>
              <div>On the other hand, the 90 day issue is, that
                sometimes an idea takes time to develop, find
                contributors and the opportunity to work on it.Therefore
                future project leaders should made use of programs such
                as Google Summer of Code. Some of the best ideas I have
                seen have flourished during this program. If you want
                this into production, project leaders can place their
                ideas in the Gsoc idea page (<a href="https://www.owasp.org/index.php/GSoC2014_Ideas" target="_blank">https://www.owasp.org/index.php/GSoC2014_Ideas</a>)
                jump the wagon to get students, apply to develop the
                'idea'. OWTF, ZAP, PHPSEC, WEBGOATPHP have made enormous
                progress during this program, and when we did the call,
                only 12 projects applied!! So where are the active
                project leaders even when they had a chance like this to
                get a student paid for 3 months to work on their
                projects including 500 dollars for their project per
                student ?</div>
              <div>
                <div><br>
                </div>
                <div>><span style="font-family:arial,sans-serif;font-size:13px">In
                    the past, many project got approved that probably
                    should not have been, but I'm trying to ensure that
                    fully formed project ideas are the ones that make it
                    through.</span></div>
              </div>
              <div><font face="arial, sans-serif">I believe this
                  will definitely help put a minimum entry level.</font></div>
              <div><br>
              </div>
              <div>I  would like to find a middle ground to have a
                realistic review process based on our capacity to review
                projects,allow ideas to develop but also, have better
                quality for potential users of OWASP projects.I repeat ,
                empty project pages might have been the norm but this
                really looks bad.</div>
              <div><br>
              </div>
              <div>regards</div>
              <span><font color="#888888">
                  <div><br>
                  </div>
                  <div>Johanna</div>
                </font></span></div>
            <div>
              <div>
                <div class="gmail_extra"><br>
                  <br>
                  <div class="gmail_quote">
                    On Thu, Aug 21, 2014 at 10:34 PM, johanna curiel
                    curiel <span dir="ltr"><<a href="mailto:johanna.curiel@owasp.org" target="_blank">johanna.curiel@owasp.org</a>></span>
                    wrote:<br>
                    <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                      <div dir="ltr">Hi Kait (Gregory)
                        <div><br>
                        </div>
                        <div>I agree with  you on this and I think that
                          the problem has been this :<span style="font-family:arial,sans-serif;font-size:13px"> </span><span style="font-family:arial,sans-serif;font-size:13px"><i> when they submit
                              their project they have an outline of the
                              project and a roadmap</i></span></div>
                        <div><span style="font-family:arial,sans-serif;font-size:13px"><i><br>
                            </i></span></div>
                        <div><font face="arial, sans-serif">If you take
                            a look of those empty projects , their
                            outline is way to vague, not even a clear
                            description of what the project is about is
                            and there is not a clear plan for the
                            roadmap. So we really need to review
                            more careful when allowing an incubators
                            begin. Ideally we should provide a clear
                            example. The 90 days deadline sounds very
                            good to me.</font></div>
                        <div><font face="arial, sans-serif"><br>
                          </font></div>
                        <div><font face="arial, sans-serif">The idea of
                            a 90 day puts pressure into it. After 90
                            days no code, then inactive.</font></div>
                        <div><font face="arial, sans-serif"><br>
                          </font></div>
                        <div><font face="arial, sans-serif">regards</font></div>
                        <span><font color="#888888">
                            <div><font face="arial, sans-serif"><br>
                              </font></div>
                            <div><font face="arial, sans-serif">Johanna</font></div>
                          </font></span></div>
                      <div>
                        <div>
                          <div class="gmail_extra"><br>
                            <br>
                            <div class="gmail_quote">
                              On Thu, Aug 21, 2014 at 10:20 PM, Gregory
                              Disney <span dir="ltr"><<a href="mailto:gregory.disney@owasp.org" target="_blank">gregory.disney@owasp.org</a>></span>
                              wrote:<br>
                              <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                <div dir="ltr">Repost from Kait, because
                                  she keeps getting kicked off the
                                  leaders list.
                                  <div>==========================================================================================<br>
                                    <div><span style="font-family:arial,sans-serif;font-size:13px">I
                                        brought this up with Johanna
                                        earlier today in regards to what
                                        should be done with new
                                        projects. </span>
                                      <div style="font-family:arial,sans-serif;font-size:13px">
                                        <br>
                                      </div>
                                      <div style="font-family:arial,sans-serif;font-size:13px">It's
                                        my opinion that requiring new
                                        projects to have source code
                                        written before they can become a
                                        project will alienate would be
                                        project leaders. For many new
                                        projects, when they submit their
                                        project they have an outline of
                                        the project and a roadmap. This
                                        is especially true for
                                        documentation projects, which
                                        may not have a draft yet at the
                                        time they apply. </div>
                                      <div style="font-family:arial,sans-serif;font-size:13px"><br>
                                      </div>
                                      <div style="font-family:arial,sans-serif;font-size:13px">I
                                        propose instead that we continue
                                        to approve projects that have a
                                        flesh out project outline and
                                        require that they have progress
                                        on the project within 90 days.
                                        After 90 days, these new
                                        projects should be reviewed for
                                        progress. This doesn't have to
                                        be an in-depth review, more of a
                                        check in with the project leader
                                        to see if their repository is
                                        posted, if they have source
                                        code, or a draft in cases of
                                        documentation projects. </div>
                                      <div style="font-family:arial,sans-serif;font-size:13px">If
                                        after 90 days, there has been no
                                        progress on the project, those
                                        project should be considered
                                        inactive. <br>
                                      </div>
                                      <div style="font-family:arial,sans-serif;font-size:13px">
                                        <br>
                                      </div>
                                      <div style="font-family:arial,sans-serif;font-size:13px">By
                                        making progress a requirement in
                                        the first 90 days, we can avoid
                                        the problem we have now, which
                                        is that several projects that
                                        enjoy active project status
                                        while having never produced
                                        anything for the project. </div>
                                      <div style="font-family:arial,sans-serif;font-size:13px"><br>
                                      </div>
                                      <div style="font-family:arial,sans-serif;font-size:13px">Please
                                        let me know what you think.</div>
                                      <div style="font-family:arial,sans-serif;font-size:13px">
                                        <div><img src="https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif"></div>
                                      </div>
                                    </div>
                                  </div>
                                </div>
                                <div class="gmail_extra"><br>
                                  <br>
                                  <div class="gmail_quote">
                                    <div>
                                      <div>On Thu, Aug 21, 2014 at 7:14
                                        PM, Jonathan Marcil <span dir="ltr"><<a href="mailto:jonathan.marcil@owasp.org" target="_blank">jonathan.marcil@owasp.org</a>></span>
                                        wrote:<br>
                                      </div>
                                    </div>
                                    <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                      <div>
                                        <div>Oh I see, if you want to
                                          add another step in the new
                                          project adoption<br>
                                          life cycle.. well go ahead!<br>
                                          <br>
                                          Also, if there's no time
                                          limit, you'll kill that
                                          special motivation of a<br>
                                          urge to deliver something. For
                                          some people it may actually
                                          help motivate<br>
                                          them to release. Others will
                                          release anyways. Pressure can
                                          be good. It<br>
                                          can be another period than one
                                          year.. maybe 6 months I don't
                                          know.<br>
                                          <br>
                                          All that said, I hope you
                                          don't plan to move everything
                                          to whiteboard by<br>
                                          default.. As a project
                                          starter, I kind of accepted
                                          the rule of "one year<br>
                                          or the project is out of
                                          incubator" and would not like
                                          the rules to<br>
                                          change in the middle or having
                                          to adhere to another process I
                                          won't need<br>
                                          in 2 months. Good news about
                                          that is that if you apply the
                                          one year<br>
                                          timeout of the initial
                                          agreement, you'll be free of
                                          "dead" incubator<br>
                                          projects within one year
                                          anyways.<br>
                                          <br>
                                          Thanks!<br>
                                          <br>
                                          - Jonathan<br>
                                          <div>
                                            <div><br>
                                              <br>
                                              On 2014-08-21 21:52,
                                              johanna curiel curiel
                                              wrote:<br>
                                              > Jonathan and leaders<br>
                                              ><br>
                                              > I would love to allow
                                              idea-projects hang for a
                                              year but what I have seen<br>
                                              > after reviewing this
                                              for almost 2 years, that
                                              the project leader looses<br>
                                              > pressure to create
                                              something in that period
                                              and many projects in the
                                              end<br>
                                              > die like this.<br>
                                              ><br>
                                              > If we allow
                                              idea-projects hang for a
                                              year, the amount of work
                                              becomes<br>
                                              > quite big with all
                                              the projects that must be
                                              reviewed and managed. This<br>
                                              > process has failed
                                              twice, with the Global
                                              Committee and the
                                              technical<br>
                                              > advisory board.
                                              Setting the bar higher
                                              challenges project leaders
                                              to<br>
                                              > really work on it and
                                              not let it hang for a
                                              year, in the meanwhile,<br>
                                              > people (potential
                                              users) of your project,
                                              visit the wiki and  get<br>
                                              > disappointed to see
                                              anything on it.<br>
                                              ><br>
                                              > The idea of the
                                              Whiteboard, can allow
                                              future project leaders to
                                              set this<br>
                                              > as an idea-project
                                              and get contributors, but
                                              the expectations are<br>
                                              > different, especially
                                              for potential users. They
                                              know that this is just<br>
                                              > an idea and the
                                              project hasn't developed
                                              yet. When you are ready to
                                              take<br>
                                              > it to the next step,
                                              then it becomes a tangible
                                              project , and once done<br>
                                              > that, then the real
                                              work begins to keep the
                                              project alive and kicking,<br>
                                              > but thats much easier
                                              to monitor than
                                              communicating through
                                              email every<br>
                                              > time to see if the
                                              project is alive and in
                                              the meanwhile the wiki
                                              page<br>
                                              > is outdated and no
                                              code has been produced. It
                                              damages OWASP reputation.<br>
                                              ><br>
                                              > We need to develop
                                              and design a 'Startup'
                                              like program where we
                                              provide<br>
                                              > training to potential
                                              project leaders how to
                                              make that idea a<br>
                                              > prototype.Just like
                                              with 'Accelerators' .
                                              Since we work globally, I<br>
                                              > think this should be
                                              available online (through
                                              courser for example) and<br>
                                              > have this programs
                                              twice a year for example.<br>
                                              ><br>
                                              > regards<br>
                                              ><br>
                                              > Johanna<br>
                                              ><br>
                                              ><br>
                                              ><br>
                                              ><br>
                                              > On Thu, Aug 21, 2014
                                              at 9:30 PM, Jim Manico
                                              <<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a><br>
                                            </div>
                                          </div>
                                          <div>> <mailto:<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>>>
                                            wrote:<br>
                                            ><br>
                                            >     > Last but not
                                            least, thank you a lot for
                                            your efforts Johanna, you
                                            are<br>
                                            >     keeping the main
                                            backbone of OWASP healthy
                                            and not anyone has the<br>
                                            >     courage and
                                            toughness to do so.<br>
                                            ><br>
                                            >     +1000<br>
                                            ><br>
                                            >     More positive work
                                            and progress around projects
                                            bas been done in the<br>
                                            >     last few months
                                            than several years past. We
                                            are very lucky to have<br>
                                            >     your "extreme
                                            volunteerism", Johanna.<br>
                                            ><br>
                                            >     PS: +1 On the
                                            sandbox idea. Perhaps call
                                            it "the whiteboard" instead<br>
                                            >     of "sandbox" to
                                            denote an "IT centric idea"<br>
                                            ><br>
                                            >     Aloha,<br>
                                            >     --<br>
                                            >     Jim Manico<br>
                                            >     @Manicode<br>
                                          </div>
                                          >     <a href="tel:%28808%29%20652-3805" value="+18086523805" target="_blank">(808)
                                            652-3805</a>
                                          <tel:%28808%29%20652-3805><br>
                                          <div>><br>
                                            >     > On Aug 21,
                                            2014, at 8:23 PM, Jonathan
                                            Marcil<br>
                                          </div>
                                          <div>>     <<a href="mailto:jonathan.marcil@owasp.org" target="_blank">jonathan.marcil@owasp.org</a>
                                            <mailto:<a href="mailto:jonathan.marcil@owasp.org" target="_blank">jonathan.marcil@owasp.org</a>>>
                                            wrote:<br>
                                            >     ><br>
                                            >     > Last but not
                                            least, thank you a lot for
                                            your efforts Johanna, you
                                            are<br>
                                            >     > keeping the
                                            main backbone of OWASP
                                            healthy and not anyone has
                                            the<br>
                                            >     > courage and
                                            toughness to do so.<br>
                                            ><br>
                                            ><br>
                                          </div>
                                        </div>
                                      </div>
                                      <div>
                                        <div>
                                          <div>_______________________________________________<br>
                                            OWASP-Leaders mailing list<br>
                                            <a href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                                            <a href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                                          </div>
                                        </div>
                                      </div>
                                    </blockquote>
                                  </div>
                                  <br>
                                </div>
                              </blockquote>
                            </div>
                            <br>
                          </div>
                        </div>
                      </div>
                    </blockquote>
                  </div>
                  <br>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
OWASP-Leaders mailing list
<a href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
    </blockquote>
    <br>
  </div></div></div>

</blockquote></div><br></div>