[Owasp_project_leader_list] OWASP Project Audits

Achim achim at owasp.org
Tue Apr 22 23:05:40 UTC 2014


Am 22.04.2014 20:00, schrieb psiinon:
> I vote for a relatively aggressive approach to demoting projects.
> No apparent code changes, releases or home page edits in the last 12
> months? Email leader saying demotion is immanent. No response to email in
> one month? Demote.
> 1 email explaining why the project is still alive: keep alive for now..
>
> That should weed out a load of the deadwood!
>
> Obviously promoting projects requires a bit more effort, but ask the
> leaders to justify promotion as they have a vested interest in making it
> so, and that reduces the load on the reviewers.
>
> Cheers,
>
> Simon


are projects going bad, do they have a "use before" stamp?

I don't see a reason to remove projects just because they are not updated.

So I'd suggest that the marker "incative" is something additional without
the meaning bad/old/outdated/insecure.
Even if something is inactive, it can be alive!

(i.e. I use 30 year old software day by day, no reason to change it;-)

Just my 2 pence
Achim




More information about the Owasp_project_leader_list mailing list