Website Migration Update
84 views
Skip to first unread message
Harold Blankenship
Oct 18, 2019, 10:34:42 AM10/18/19
to Leaders
Hello, Leaders,
The website migration is underway, with nearly all repositories having been created already. Not everyone has been added to your respective repositories; that is an on-going process. We now have a general document detailing the content in your repository at https://www2.owasp.org/migration
A nice-to-accomplish goal would be to get the chapters and projects migrated in the next 30 days.
Regards,
Harold L. Blankenship
OWASP Foundation
Director of Technology and Projects
Steve Springett
Oct 18, 2019, 11:53:14 AM10/18/19
to Leaders, Harold Blankenship
Harold,
Can we get newer SVG logos (without bitmap data) for project classification, builders, breakers, defenders, and the type of project (tool, doc project). Currently, all projects would have to add these assets to their own site. Thats a lot of unnecessary duplication of images. The existing images are also low-res bitmaps, so on a nice new site like this, they don't look the best.
—Steve
--
You received this message because you are subscribed to the Google Groups "Leaders" group.
To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com.
Azzeddine Ramrami
Oct 18, 2019, 12:21:31 PM10/18/19
to Harold Blankenship, Leaders
Thanks for sharing this information.
In the chapter map there is no Morocco chapter!!!!
How can I help you for this migration?
Regards
Azzeddine RAMRAMI
--
Sherif Mansour
Oct 18, 2019, 12:34:44 PM10/18/19
to Azzeddine Ramrami, Harold Blankenship, Harold Blankenship, Leaders
Thanks Harold,
Also worth noting you can download your wiki pages into XML using the owasp.org -->Special pages --> export page
Then there are a few tools that converts wiki xml into markdown (pandocs for example but there are a few others). Note: this will not download any flies (like slides, images) on the site so those need to be downloaded manually or via a script.
The OWASP London page was really long - we have slides and schedules of talks from 2008 - so we used https://github.com/outofcontrol/mediawiki-to-gfm to translate the xml to markdown to make life easier on the first pass then we made some manual edits.
@Harold Blankenship quick question... what about the other none project/chapter pages - a lot of that info is also valuable, how do we add them to the new gitpages site? How do we create a new git pages page that isn't a chapter or a project page?
-Sherif
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL4seLE9LvA9Ro09WZEOasrSySBb%2Bs%3DfNQPuHdmb3ApP3HNruA%40mail.gmail.com.
--
Sherif Mansour OWASP Global Board Member & OWASP London Chapter Leader
Site: https://www.owasp.org/index.php/London
Email: sherif....@owasp.org Follow OWASP London Chapter on Twitter: @owasplondon "Like" us on Facebook: https://www.facebook.com/OWASPLondon Subscribe to our (lightweight) mailing list: https://lists.owasp.org/mailman/listinfo/owasp-london
Steve Springett
Oct 18, 2019, 12:59:48 PM10/18/19
to Harold Blankenship, Harold Blankenship, Leaders, Azzeddine Ramrami, Sherif Mansour
Also, can you let us know when we have access to our repos? I have changes to push but don’t have the permission to do so.
Thanks,
—Steve
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CAMJg_pvJfP93y5BXZY_82rQE0n6YqGq%3DB2vVSL83pN0uWfwAgA%40mail.gmail.com.
Bjoern Kimminich
Oct 18, 2019, 1:49:49 PM10/18/19
to lea...@owasp.org, Sherif Mansour, Azzeddine Ramrami, Harold Blankenship, Harold Blankenship, Leaders
Hi all,
just a general recommendation, not aimed at any chapter or project in specific:
Take the chance to review, clean up and update your content rather than just pasting all your old Wiki pages over into the new website. This is probably the best opportunity and reason for some serious housekeeping. The Wiki suffered not only from its ugliness but rather a lot more from content duplicates, lack of updates and other quality issues. Let's improve that while we update the technology stack.
Also I'd still strongly vote for not migrating any content for which no owner/leader is taking care right now. Dead projects should not clutter the new website again right away...
Cheers,
Bjoern
just a general recommendation, not aimed at any chapter or project in specific:
Take the chance to review, clean up and update your content rather than just pasting all your old Wiki pages over into the new website. This is probably the best opportunity and reason for some serious housekeeping. The Wiki suffered not only from its ugliness but rather a lot more from content duplicates, lack of updates and other quality issues. Let's improve that while we update the technology stack.
Also I'd still strongly vote for not migrating any content for which no owner/leader is taking care right now. Dead projects should not clutter the new website again right away...
Cheers,
Bjoern
Sherif Mansour
Oct 18, 2019, 3:56:23 PM10/18/19
to Bjoern Kimminich, Azzeddine Ramrami, Harold Blankenship, Harold Blankenship, lea...@owasp.org
+1
Even for London the reason we automating the initial load is we tend to keep the content updating, and even then as part of the migration we made a tab for our past events.
I would say that - it is still important that we keep a backup of all the old sites content somewhere, you never know what might come in handy or important, but that’s maybe the hoarder in me (looks at all the clutter in my house... it IS the hoarder in me!).
-Sherif
Azzeddine Ramrami
Oct 18, 2019, 4:19:33 PM10/18/19
to Sherif Mansour, Bjoern Kimminich, Harold Blankenship, Harold Blankenship, Leaders
Thanks Sherif for these valuables tips.
When can I migrate my chapter datas?
Cordialement/Regards/Mit freundlichen Grüßen/Cordiali saluti/Saludos/تحية خالصة |
Azzedine Ramrami OWASP Morocco Chapter OWASP AppSec Africa President IBM Security - Senior Security & Network Architect Data & Application Security, Cogntive Security, IoT/OT/ICS/SCADA Security & SIEM Certified Mile2 CPTE/CPTC/CDFE/CSWAE and EC-Council C|EH OWASP Morocco Leader/OWASP AppSec Africa President IBM Security Global Speaker |
| Phone: +33 1 58 75 18 17 | Mobile: +33 6 65 48 90 04 / +33 6 10 25 93 15 E-mail: azzedine...@fr.ibm.com azzeddin...@owasp.org | ||
![Timur 'x' Khrotko [owasp]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjW9ErdkbMezf5HXZSC9Sqj5kxVq9jEmxBFJkKgzodFsAyyujI4U=s40-c)
Timur 'x' Khrotko [owasp]
Oct 18, 2019, 6:02:55 PM10/18/19
to Harold Blankenship, Azzeddine Ramrami, Bjoern Kimminich, Harold Blankenship, Leaders, Sherif Mansour
* actually there are trendy nowadays pseudo-cms solutions like GatsbyJS which could use the original wiki as content source for the legacy pages. See:
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL4seLF1MWpTCec8cvx86f0epJmpxzrLv4PS0QQ3a59kn%2Bc_%3DQ%40mail.gmail.com.
This message may contain confidential information - you should handle it accordingly.
Achim
Oct 18, 2019, 7:00:20 PM10/18/19
to Bjoern Kimminich, lea...@owasp.org
Am 18.10.19 um 19:49 schrieb Bjoern Kimminich:
> Dead projects should not clutte ...
hmm, please define clearly how to classify a "dead project".
Note: not updated since a couple of months does not qualify to be dead!
Think about some documentation projects for example.
Ciao
Achim
> Dead projects should not clutte ...
hmm, please define clearly how to classify a "dead project".
Note: not updated since a couple of months does not qualify to be dead!
Think about some documentation projects for example.
Ciao
Achim
Bjoern Kimminich
Oct 18, 2019, 8:59:13 PM10/18/19
to Achim, lea...@owasp.org
"Dead" for me would be no updates in 1+ years and the designated leader(s) not performing the website migration by the end of this year. Something like that... And I'm totally fine with putting all that into some special Archive section later, it just shouldn't be shown alongside active projects any more. This would help get rid of many "started but never followed up upon" Incubators...
Achim
Oct 19, 2019, 4:36:39 AM10/19/19
to Bjoern Kimminich, lea...@owasp.org
Am 19.10.19 um 02:59 schrieb Bjoern Kimminich:
docs are not "dead" because they are not updated.
No update <> outdated
Otherwise we would not have Gaußsche Normalverteilung, Newton's Gravity,
Goethe's Faust, Homer's Odysseus, and many more ;-)
> "Dead" for me would be no updates in 1+ years and the designated leader(s) not performing the website migration by the end of this year. Something like that... And I'm totally fine with putting all that into some special Archive section later, it just shouldn't be shown alongside active projects any more. This would help get rid of many "started but never followed up upon" Incubators...
I'd disagree to such a process because OWASP has documentation projects. And such
docs are not "dead" because they are not updated.
No update <> outdated
Otherwise we would not have Gaußsche Normalverteilung, Newton's Gravity,
Goethe's Faust, Homer's Odysseus, and many more ;-)
Bjoern Kimminich
Oct 19, 2019, 5:01:47 AM10/19/19
to Achim, lea...@owasp.org
I'm aware of those docs projects, which is why I suggested as definition of "dead":
- Not updated for a long time
*AND*
- No activity from designated leader
If the leader of a documentation project which saw no updates for years actively (!) migrates his/her project Wiki to the new website, I wouldn't consider it "dead".
TL;DR: When I say "dead" I mean basically the next stage after "inactive"... (◔‿◔)
- Not updated for a long time
*AND*
- No activity from designated leader
If the leader of a documentation project which saw no updates for years actively (!) migrates his/her project Wiki to the new website, I wouldn't consider it "dead".
TL;DR: When I say "dead" I mean basically the next stage after "inactive"... (◔‿◔)
Dirk Wetter
Oct 19, 2019, 8:19:44 AM10/19/19
to lea...@owasp.org, di...@owasp.org
Hi,
On 10/18/19 6:34 PM, Sherif Mansour wrote:
> Thanks Harold,
>
> Also worth noting you can download your wiki pages into XML using the owasp.org <http://owasp.org> -->Special pages --> export page
Suggestions that while copying the text based content the owner should take care will probably not catching everything.
Talks e.g. and other documents might not be referenced in the wiki but on external sites.
Cheers, Dirk
[1] 5k documents in 5,5 years: https://www.owasp.org/index.php?title=Special:ListFiles&limit=5000&ilsearch=&user= . Can't
tell which ones aren't referenced in the wiki.
> The OWASP London page was really long - we have slides and schedules of talks from 2008 - so we used https://github.com/outofcontrol/mediawiki-to-gfm to translate the xml to markdown to make life easier on the first pass then we made some manual edits.
>
> @Harold Blankenship <mailto:harold.bl...@owasp.org> quick question... what about the other none project/chapter pages - a lot of that info is also valuable, how do we add them to the new gitpages site? How do we create a new git pages page that isn't a chapter or a project page?
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL4seLE9LvA9Ro09WZEOasrSySBb%2Bs%3DfNQPuHdmb3ApP3HNruA%40mail.gmail.com <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL4seLE9LvA9Ro09WZEOasrSySBb%2Bs%3DfNQPuHdmb3ApP3HNruA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> Follow OWASP London Chapter on Twitter: @owasplondon <https://twitter.com/OWASPLondon>
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CAMJg_pvJfP93y5BXZY_82rQE0n6YqGq%3DB2vVSL83pN0uWfwAgA%40mail.gmail.com <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAMJg_pvJfP93y5BXZY_82rQE0n6YqGq%3DB2vVSL83pN0uWfwAgA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
OWASP Volunteer
Send me encrypted mails (Key ID 0xD0A74569)
On 10/18/19 6:34 PM, Sherif Mansour wrote:
> Thanks Harold,
>
> Then there are a few tools that converts wiki xml into markdown (pandocs for example but there are a few others). Note: this will not download any flies (like slides, images) on the site so those need to be downloaded manually or via a script.
I suppose there's quite some uploaded content under Special:Files [1]. How is that supposed to be treated?
Suggestions that while copying the text based content the owner should take care will probably not catching everything.
Talks e.g. and other documents might not be referenced in the wiki but on external sites.
Cheers, Dirk
[1] 5k documents in 5,5 years: https://www.owasp.org/index.php?title=Special:ListFiles&limit=5000&ilsearch=&user= . Can't
tell which ones aren't referenced in the wiki.
> The OWASP London page was really long - we have slides and schedules of talks from 2008 - so we used https://github.com/outofcontrol/mediawiki-to-gfm to translate the xml to markdown to make life easier on the first pass then we made some manual edits.
>
>
> -Sherif
>
>
>
> On Fri, Oct 18, 2019 at 5:21 PM Azzeddine Ramrami <azzeddin...@owasp.org <mailto:azzeddin...@owasp.org>> wrote:
>
> Thanks for sharing this information.
> In the chapter map there is no Morocco chapter!!!!
>
> How can I help you for this migration?
> Regards
> Azzeddine RAMRAMI
>
> -Sherif
>
>
>
> On Fri, Oct 18, 2019 at 5:21 PM Azzeddine Ramrami <azzeddin...@owasp.org <mailto:azzeddin...@owasp.org>> wrote:
>
> Thanks for sharing this information.
> In the chapter map there is no Morocco chapter!!!!
>
> How can I help you for this migration?
> Regards
> Azzeddine RAMRAMI
>
> Le ven. 18 oct. 2019 à 16:34, Harold Blankenship <harold.bl...@owasp.com <mailto:harold.bl...@owasp.com>> a écrit :
>
> Hello, Leaders,
>
> The website migration is underway, with nearly all repositories having been created already. Not everyone has been added to your respective repositories; that is an on-going process. We now have a general document detailing the content in your repository at https://www2.owasp.org/migration
>
> A nice-to-accomplish goal would be to get the chapters and projects migrated in the next 30 days.
>
> Regards,
>
> Harold L. Blankenship
>
> OWASP Foundation
>
> Director of Technology and Projects
>
> --
> You received this message because you are subscribed to the Google Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org <mailto:leaders+u...@owasp.org>.
>
> Hello, Leaders,
>
> The website migration is underway, with nearly all repositories having been created already. Not everyone has been added to your respective repositories; that is an on-going process. We now have a general document detailing the content in your repository at https://www2.owasp.org/migration
>
> A nice-to-accomplish goal would be to get the chapters and projects migrated in the next 30 days.
>
> Regards,
>
> Harold L. Blankenship
>
> OWASP Foundation
>
> Director of Technology and Projects
>
> --
> You received this message because you are subscribed to the Google Groups "Leaders" group.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
>
> --
> You received this message because you are subscribed to the Google Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org <mailto:leaders+u...@owasp.org>.
> --
> You received this message because you are subscribed to the Google Groups "Leaders" group.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL4seLE9LvA9Ro09WZEOasrSySBb%2Bs%3DfNQPuHdmb3ApP3HNruA%40mail.gmail.com <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL4seLE9LvA9Ro09WZEOasrSySBb%2Bs%3DfNQPuHdmb3ApP3HNruA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
>
>
>
> --
>
> Sherif Mansour
> OWASP Global Board Member & OWASP London Chapter Leader
> Site: https://www.owasp.org/index.php/London
> Email: sherif....@owasp.org <mailto:sherif....@owasp.org>
>
>
> --
>
> Sherif Mansour
> OWASP Global Board Member & OWASP London Chapter Leader
> Site: https://www.owasp.org/index.php/London
> Follow OWASP London Chapter on Twitter: @owasplondon <https://twitter.com/OWASPLondon>
> "Like" us on Facebook: https://www.facebook.com/OWASPLondon
> Subscribe to our (lightweight) mailing list: https://lists.owasp.org/mailman/listinfo/owasp-london
>
> Consider giving back, and supporting the open source community by becoming a member <https://www.owasp.org/index.php/Membership> or making a donation <https://www.owasp.org/index.php/Donate> today!
> Subscribe to our (lightweight) mailing list: https://lists.owasp.org/mailman/listinfo/owasp-london
>
>
> --
> You received this message because you are subscribed to the Google Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org <mailto:leaders+u...@owasp.org>.
> --
> You received this message because you are subscribed to the Google Groups "Leaders" group.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CAMJg_pvJfP93y5BXZY_82rQE0n6YqGq%3DB2vVSL83pN0uWfwAgA%40mail.gmail.com <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAMJg_pvJfP93y5BXZY_82rQE0n6YqGq%3DB2vVSL83pN0uWfwAgA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
OWASP Volunteer
Send me encrypted mails (Key ID 0xD0A74569)
Achim
Oct 19, 2019, 5:06:15 PM10/19/19
to Harold Blankenship, Leaders
Hi Harold,
is this a subect for owasp-wik...@lists.owasp.org ?
Or does this list no longer exist?
Ciao
Achim
Am 18.10.19 um 16:34 schrieb Harold Blankenship:
is this a subect for owasp-wik...@lists.owasp.org ?
Or does this list no longer exist?
Ciao
Achim
Am 18.10.19 um 16:34 schrieb Harold Blankenship:
Achim
Oct 19, 2019, 5:42:33 PM10/19/19
to Bjoern Kimminich, lea...@owasp.org
IMHO, this is a bad definition for a "dead" project.
It's not the responsibility of admins, leaders, staff to declare a project dead
for the community if the community still may use it, even if it is rarely used.
This applies to tools and docs.
Just think about how many tools and docs you use yourself every minute which have
not been changed/updated since ages.
Please get rid of the update illusion/mania and think practical.
IMHO it's far better to flag projects as "incative" as it has been done in past,
adding a "last change" date.
What's wrong with that?
However, there may be other attributes to be used to qualify a project as "dead",
but that's another discussion ...
Ciao
Achim
Am 19.10.19 um 11:01 schrieb Bjoern Kimminich:
for whatever reason, totally independent of the quality of the project.
Also, what is "long time": minutes, years, ages?
It's not the responsibility of admins, leaders, staff to declare a project dead
for the community if the community still may use it, even if it is rarely used.
This applies to tools and docs.
Just think about how many tools and docs you use yourself every minute which have
not been changed/updated since ages.
Please get rid of the update illusion/mania and think practical.
IMHO it's far better to flag projects as "incative" as it has been done in past,
adding a "last change" date.
What's wrong with that?
However, there may be other attributes to be used to qualify a project as "dead",
but that's another discussion ...
Ciao
Achim
Am 19.10.19 um 11:01 schrieb Bjoern Kimminich:
> I'm aware of those docs projects, which is why I suggested as definition of "dead":
>
> - Not updated for a long time
> *AND*
> - No activity from designated leader
consequently this results in a project being dead if a leader is unresponsive
>
> - Not updated for a long time
> *AND*
> - No activity from designated leader
for whatever reason, totally independent of the quality of the project.
Also, what is "long time": minutes, years, ages?
Bjoern Kimminich
Oct 19, 2019, 6:18:03 PM10/19/19
to Achim, lea...@owasp.org
Okay,maybe we have different assumptions what "dead" means... Let's try that again:
* A project that sees no updates for a long time I'd flag "inactive"
* A project for which no leader feels responsible to do maintenance work (like website migration) I'd flag "abandoned" but "inactive" works as well here. It's just a different level of inactivity in the end.
If both of the above come together, that's my definition of "dead" but I never suggested to delete those or let them silently vanish with the Wiki. But: I wouldn't want to have them on the same visibility level as "active" and "taken care of" projects. They belong into an archive section of some sort in my opinion. Again,only if both inactive and abandoned!
I don't find it delusional or maniac to demand either activity by its contributors or at least caretaking by its leader(s) to be allowed to remain in OWASP's front-page project inventory.
Also, to clarify, my concern are not the once and probably still valuable Flagship or Lab projects from long ago to remain visible. It's the many Incubator projects that were never more than someones idea which never was seriously followed up upon. Nobody will miss those going into some darker archive section, I presume. Especially when nobody steps forward to take care of their websites in the first place.
Cheers,
Bjoern
* A project that sees no updates for a long time I'd flag "inactive"
* A project for which no leader feels responsible to do maintenance work (like website migration) I'd flag "abandoned" but "inactive" works as well here. It's just a different level of inactivity in the end.
If both of the above come together, that's my definition of "dead" but I never suggested to delete those or let them silently vanish with the Wiki. But: I wouldn't want to have them on the same visibility level as "active" and "taken care of" projects. They belong into an archive section of some sort in my opinion. Again,only if both inactive and abandoned!
I don't find it delusional or maniac to demand either activity by its contributors or at least caretaking by its leader(s) to be allowed to remain in OWASP's front-page project inventory.
Also, to clarify, my concern are not the once and probably still valuable Flagship or Lab projects from long ago to remain visible. It's the many Incubator projects that were never more than someones idea which never was seriously followed up upon. Nobody will miss those going into some darker archive section, I presume. Especially when nobody steps forward to take care of their websites in the first place.
Cheers,
Bjoern
Anant Shrivastava
Oct 20, 2019, 2:22:12 AM10/20/19
to lea...@owasp.org
Hi Harold,
Now sure who decided on the url structure but the current URL Structure
is no where good for anything
https://www2.owasp.org/www-project-mobile-security-testing-guide
https://www2.owasp.org/www-chapter-bhopal/
Can we get them changed to something like
https://www2.owasp.org/chapter-bhopal/
https://www2.owasp.org/project-mobile-security-testing-guide
www in url's is not serving any purpose and also its making url longer
to remember or be used directly.
Can i request others to give opinion if this url structure would be good
and @Harold can we have these changes in url structure.
-Anant
Now sure who decided on the url structure but the current URL Structure
is no where good for anything
https://www2.owasp.org/www-project-mobile-security-testing-guide
https://www2.owasp.org/www-chapter-bhopal/
Can we get them changed to something like
https://www2.owasp.org/chapter-bhopal/
https://www2.owasp.org/project-mobile-security-testing-guide
www in url's is not serving any purpose and also its making url longer
to remember or be used directly.
Can i request others to give opinion if this url structure would be good
and @Harold can we have these changes in url structure.
-Anant
Azzeddine Ramrami
Oct 20, 2019, 2:26:58 AM10/20/19
to Anant Shrivastava, Leaders
+1
I agree with you. Good points.
Regards
Azzeddine RAMRAMI
To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/82bd010c-3831-31c4-0527-6de2461d58cd%40owasp.org.
Timur 'x' Khrotko [owasp]
Oct 20, 2019, 9:16:24 AM10/20/19
to Azzeddine Ramrami, Anant Shrivastava, Leaders
I guess it'll easily be fixed in some Jekyll or what configs.
The root cause I guess is the unfeature of Github that there is no structure in your repos and the only option to structure them is structured naming of repos which is a ridiculously dumb approach over 11 repos.
That's why Gitlab is better for such set of repos as the OWASP's.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL4seLHfi-ypZSNvfZPpa9qH-cXis620WF8OLimfonNXhHuDLg%40mail.gmail.com.
Paulo Silva
Oct 21, 2019, 12:46:37 PM10/21/19
to Leaders
Sorry to jump in a bit late but, based on several "architectural" questions in
this thread, I would like to ask whether you considered tracking the website
stuff together with the projects (like a monorepo)?
I am not aware of previous discussions about this matter but, following this
approach, no additional repositories would be necessary (bye-bye `www-`
prefix):
* less bootstrap work creating and maintaining new repos, ownership,
permissions, ...
* less crowded OWASP GitHub page/handle (`www-*` repos are now on first page
and from now on they will appear on searches)
* standard repo `README.md` files as we have today the Project page template
* project leaders would take advantage of having the `README.md` file to keep
"Current Release", "Last Reviewed Release", ... automatically synced with
GitHub releases
* easier content updates based on project changes: today Project Leaders need
to keep content updated in two different tools, and from now on they will
have the same effort but in two different repositories
I am afraid I am late to volunteer myself to test the suggested approach,
still...
Cheers,
Paulo A. Silva
this thread, I would like to ask whether you considered tracking the website
stuff together with the projects (like a monorepo)?
I am not aware of previous discussions about this matter but, following this
approach, no additional repositories would be necessary (bye-bye `www-`
prefix):
* less bootstrap work creating and maintaining new repos, ownership,
permissions, ...
* less crowded OWASP GitHub page/handle (`www-*` repos are now on first page
and from now on they will appear on searches)
* standard repo `README.md` files as we have today the Project page template
* project leaders would take advantage of having the `README.md` file to keep
"Current Release", "Last Reviewed Release", ... automatically synced with
GitHub releases
* easier content updates based on project changes: today Project Leaders need
to keep content updated in two different tools, and from now on they will
have the same effort but in two different repositories
I am afraid I am late to volunteer myself to test the suggested approach,
still...
Cheers,
Paulo A. Silva
> <mailto:leaders+unsubscribe@owasp.org>.
> To view this discussion on the web visit
> https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups "Leaders" group.
To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/82bd010c-3831-31c4-0527-6de2461d58cd%40owasp.org.
Steve Springett
Oct 21, 2019, 1:08:43 PM10/21/19
to Leaders, Paulo Silva
I also echo some of your concerns. Related to one of them, I submitted a PR (which has been merged) for common images used across all projects.
Previously, all projects would have to check in builders, breakers, defenders, and project type images into their own repo. This resulted in a lot of duplication. They were also low-res vectors which didn’t look all that great with the new design. Now projects can simply use these common images instead of duplicating them in their respective repos.
-Steve
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/ae89db67-a22f-4b70-b4e6-464a6c3a89ab%40owasp.org.
Timur 'x' Khrotko [owasp]
Oct 21, 2019, 1:20:31 PM10/21/19
to Steve Springett, Leaders, Paulo Silva
Not to interfere with the excellent points of Paulo! And Steve's point.
May I suggest that it's not yet late to rethink this new website content architecture and parsing thing!
a) The www- repos flood the main owasp account and that will definitely harm the usability of the owasp GitHub. Without any reason, since these repos can well live elsewhere.
b) In 2020 choosing Jekyll doesn't seem like the best. There are many new platforms like GatsbyJS already widely used. Like:
c) The current design is not totally mobile friendly.
> <mailto:leaders+u...@owasp.org>.
> To view this discussion on the web visit
> https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups "Leaders" group.
To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/82bd010c-3831-31c4-0527-6de2461d58cd%40owasp.org.
--
You received this message because you are subscribed to the Google Groups "Leaders" group.
To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL4seLHfi-ypZSNvfZPpa9qH-cXis620WF8OLimfonNXhHuDLg%40mail.gmail.com.
This message may contain confidential information - you should handle it accordingly.
--
You received this message because you are subscribed to the Google Groups "Leaders" group.
To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/ae89db67-a22f-4b70-b4e6-464a6c3a89ab%40owasp.org.
--
You received this message because you are subscribed to the Google Groups "Leaders" group.
To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/4762cdd7-1e9c-458c-836c-8329d63b0dfe%40Spark.
Mike McCamon
Oct 21, 2019, 5:08:35 PM10/21/19
to Leaders
Harold and I made that call - and I was the one who suggested it. I can understand from one project's or chapter's view how this naming convention might not be optimal but please know we gave this a lot of thought. It came down to (1) maintenance, (2) longevity, and (3) namespace collision issues.
Our organization over time could have as many as 1,000 repos in the future since every chapter and project has their own (that was done BTW to get credential management under control). In this new future if we needed to apply changes to every chapter page - or for that matter find a chapter page - that is public facing on the website it was determined we needed a naming convention.
So yes we prepended "www-" for any repo that would be used as part of the website - so as to not confuse a project repo and the public facing website content. Then we added "project-", "chapter-", "event-" so it would be easy to find similar items. I had wanted to add continent to chapters as in "www-chapter-na-venice" so we did't confuse it with "www-chapter-eu-venice" and so we could automate grouping of cities on meta pages but I had pushed Harold to the limit.
Another reason for the www- is that we will have a policy repo, one for committees and in the future likely more - so adding www- allows us to completely group all web content into one logical naming convention.
It's a minor inconvenience for now, but I hope everyone can agree the organizational benefits outweigh a small learning curve.
> <mailto:leaders+unsubscribe@owasp.org>.
Christian Folini
Oct 21, 2019, 5:21:26 PM10/21/19
to Mike McCamon, Leaders
Thank you for explaining this, Mike.
You have a point and it makes sense in this context. Even if it's ugly.
Kind regards,
Christian Folini, CRS project
> > > <mailto:leaders+u...@owasp.org>.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org.
You have a point and it makes sense in this context. Even if it's ugly.
Kind regards,
Christian Folini, CRS project
> > > To view this discussion on the web visit
> > >
> > https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com
> > > <
> > https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> >
> >
>
> > >
> > https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com
> > > <
> > https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> >
> >
>
> --
> You received this message because you are subscribed to the Google Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org.
> You received this message because you are subscribed to the Google Groups "Leaders" group.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org.
Tiana Chandler
Oct 21, 2019, 5:42:14 PM10/21/19
to Mike McCamon, Leaders
Mike, that makes sense.
Will we still be able to use our DNS alias, such that “austin.owasp.org” will redirect to the new URL for the Austin chapter page? If so, then I really am not worried about it since it is easy to tell folks to use our alias.
Thanks,
Tiana Chandler
OWASP Austin Chapter Leader
Consider giving back and supporting the open source community by becoming an OWASP Member today!
On Oct 21, 2019, at 4:08 PM, Mike McCamon <mike.m...@owasp.com> wrote:
To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org.
Anant Shrivastava
Oct 21, 2019, 11:46:38 PM10/21/19
to lea...@owasp.org
How can other chapters get such alias's. If every chapter/project has
aliases this is a non issue (can this be made standard) but if i have to
explain why my chapters url always have a www- when we are living in an
era when we dont even use www. as a primary subdomain it will get into
ackward conversations specially when we claim to be web application
related project.
having chapter- or project- pro policy- will still serve the purpose but
remove that ugliness from the url. Just to be clear we are not worried
about github repo naming conventions but we are worried coz it
translates into a URL with non required charaters.
-Anant
On 22/10/19 3:12 am, Tiana Chandler wrote:
> Mike, that makes sense.
>
> Will we still be able to use our DNS alias, such that “austin.owasp.org”
> will redirect to the new URL for the Austin chapter page? If so, then I
> really am not worried about it since it is easy to tell folks to use our
> alias.
>
> Thanks,
>
> Tiana Chandler
> OWASP Austin Chapter Leader
>
> *Consider giving back and supporting the open source community by
> becoming an OWASP Member
> <https://www.owasp.org/index.php/Membership> today!*
>> <https://www2.owasp.org/www-project-mobile-security-testing-guide>
>> https://www2.owasp.org/www-chapter-bhopal/
>> https://www2.owasp.org/project-mobile-security-testing-guide
>> <mailto:leaders%2Bunsu...@owasp.org>
>> > <mailto:leaders+u...@owasp.org
>> <mailto:leaders%2Bunsu...@owasp.org>>.
>> <https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org?utm_medium=email&utm_source=footer>.
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/54407DD8-CB3A-4884-B979-5DD0A7512907%40owasp.org?utm_medium=email&utm_source=footer>.
aliases this is a non issue (can this be made standard) but if i have to
explain why my chapters url always have a www- when we are living in an
era when we dont even use www. as a primary subdomain it will get into
ackward conversations specially when we claim to be web application
related project.
having chapter- or project- pro policy- will still serve the purpose but
remove that ugliness from the url. Just to be clear we are not worried
about github repo naming conventions but we are worried coz it
translates into a URL with non required charaters.
-Anant
On 22/10/19 3:12 am, Tiana Chandler wrote:
> Mike, that makes sense.
>
> Will we still be able to use our DNS alias, such that “austin.owasp.org”
> will redirect to the new URL for the Austin chapter page? If so, then I
> really am not worried about it since it is easy to tell folks to use our
> alias.
>
> Thanks,
>
> Tiana Chandler
> OWASP Austin Chapter Leader
>
> becoming an OWASP Member
> <https://www.owasp.org/index.php/Membership> today!*
>> https://www2.owasp.org/www-chapter-bhopal/
>> <https://www2.owasp.org/www-chapter-bhopal/>
>>
>> Can we get them changed to something like
>>
>> https://www2.owasp.org/chapter-bhopal/
>> <https://www2.owasp.org/chapter-bhopal/>
>>
>> Can we get them changed to something like
>>
>> https://www2.owasp.org/chapter-bhopal/
>> https://www2.owasp.org/project-mobile-security-testing-guide
>> > <mailto:leaders+u...@owasp.org
>> <mailto:leaders%2Bunsu...@owasp.org>>.
>> > To view this discussion on the web visit
>> >
>> https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com
>> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com>
>>
>> >
>> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer
>> >
>> https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com
>> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com>
>>
>> >
>> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>>.
>>
>>
>> --
>> You received this message because you are subscribed to the Google
>> Groups "Leaders" group.
>> To unsubscribe from this group and stop receiving emails from it, send
>> an email to leaders+u...@owasp.org
>> <mailto:leaders+u...@owasp.org>.
>>
>>
>> --
>> You received this message because you are subscribed to the Google
>> Groups "Leaders" group.
>> To unsubscribe from this group and stop receiving emails from it, send
>> an email to leaders+u...@owasp.org
>> To view this discussion on the web visit
>> https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org
>> <https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org?utm_medium=email&utm_source=footer>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to leaders+u...@owasp.org
> <mailto:leaders+u...@owasp.org>.
> --
> You received this message because you are subscribed to the Google
> Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to leaders+u...@owasp.org
> To view this discussion on the web visit
> https://groups.google.com/a/owasp.org/d/msgid/leaders/54407DD8-CB3A-4884-B979-5DD0A7512907%40owasp.org
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/54407DD8-CB3A-4884-B979-5DD0A7512907%40owasp.org?utm_medium=email&utm_source=footer>.
Sherif Mansour
Oct 22, 2019, 5:47:11 AM10/22/19
to Anant Shrivastava, lea...@owasp.org
I actually had another question in that vein to Mike & Harold - on of the Boards requirements for this site is we do not lose Traffic as part of this site’s migration process. One item of great concern are URLs which are known, embedded in standards, web references on blogs, everywhere really. So moving away from the current URL scheme to this can be tricky if we do not do the routing carefully.
It would be good to get the plan for this to provide constructive feedback. Additionally I wasn’t aware that this will be the nee websites URL patterns. Its quite an eye sore TBH.
-Sherif
To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/07667ffe-c554-3b02-0323-570902fed22a%40owasp.org.
Sherif Mansour OWASP Global Board Member & OWASP London Chapter Leader
Site: https://www.owasp.org/index.php/London
Email: sherif....@owasp.org
Follow OWASP London Chapter on Twitter: @owasplondon "Like" us on Facebook: https://www.facebook.com/OWASPLondon
Subscribe to our (lightweight) mailing list: https://lists.owasp.org/mailman/listinfo/owasp-london
Bjoern Kimminich
Oct 22, 2019, 5:54:53 AM10/22/19
to Sherif Mansour, Anant Shrivastava, Leaders
+1 ... while something like this 👇 is okay as an initial workaround, I'd really like to have it become a proper 301 redirect ...
Actually the possibility of this kind of thing happening was why I registered https://owasp-juice.shop and distribute only that URL now as the project's landing page.
Cheers,
Björn
Sherif Mansour
Oct 22, 2019, 6:16:23 AM10/22/19
to Bjoern Kimminich, Anant Shrivastava, Leaders
It would be nice if the same repo can be used for both the project page and your landing page using the same MD file etcs...
Bjoern Kimminich
Oct 22, 2019, 6:28:51 AM10/22/19
to Sherif Mansour, Anant Shrivastava, Leaders
My landing page is also just a redirect to
https://www2.owasp.org/www-project-juice-shop (and previously to the Wiki) ... ;-)
Sherif Mansour
Oct 22, 2019, 6:40:01 AM10/22/19
to Bjoern Kimminich, Anant Shrivastava, Leaders
Cool - wonder if its a design pattern we should recommend etc..
Rick M
Oct 22, 2019, 7:59:10 AM10/22/19
to Leaders
If the URLs are bugging people that much is it not possible to deploy the content to a URL that's a different value from the repo name?
Ex: Could https://github.com/OWASP/www-project-testing deploy as https://www2.owasp.org/project-testing or https://www2.owasp.org/testing-guide instead of "https://www2.owasp.org/www-project-testing/" as it is now?
Anant Shrivastava
Oct 22, 2019, 8:07:34 AM10/22/19
to lea...@owasp.org
Agreed this could indeed be a good solution and i was about to suggest
but then i looked at the current configuration.
currently the configuration is a straight forward CNAME mapping of
www2.owasp.org to owasp.github.io causing all sub projects to be
directly available at relevent url's. If we are to temper with the url
structure we need either
1. A server sitting in between doing url filtering / parsing
2. Different names of repositories.
however all this could be mooted if every chapter / every project get
their own subdomain and those point to these repositories. (again this
would not be as simple as a CNAME mapping there will have to be a server
side component involved)
-Anant
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/061244ab-e51c-40e5-8c89-747ac1a0a327%40owasp.org?utm_medium=email&utm_source=footer>.
but then i looked at the current configuration.
currently the configuration is a straight forward CNAME mapping of
www2.owasp.org to owasp.github.io causing all sub projects to be
directly available at relevent url's. If we are to temper with the url
structure we need either
1. A server sitting in between doing url filtering / parsing
2. Different names of repositories.
however all this could be mooted if every chapter / every project get
their own subdomain and those point to these repositories. (again this
would not be as simple as a CNAME mapping there will have to be a server
side component involved)
-Anant
> --
> You received this message because you are subscribed to the Google
> Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to leaders+u...@owasp.org
> <mailto:leaders+u...@owasp.org>.
> To view this discussion on the web visit
> https://groups.google.com/a/owasp.org/d/msgid/leaders/061244ab-e51c-40e5-8c89-747ac1a0a327%40owasp.org
> You received this message because you are subscribed to the Google
> Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to leaders+u...@owasp.org
> <mailto:leaders+u...@owasp.org>.
> To view this discussion on the web visit
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/061244ab-e51c-40e5-8c89-747ac1a0a327%40owasp.org?utm_medium=email&utm_source=footer>.
Timur 'x' Khrotko [owasp]
Oct 22, 2019, 8:40:23 AM10/22/19
to Anant Shrivastava, lea...@owasp.org
🤦♂️ so the leading web specialists organization goes public with a web solution of ill architecture and based on antiquated web mechanics. Meanwhile industry goes garsbyjs and mdx.
That's how we plan to attract and win back the public. 😄
To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/8e1cd33c-16cb-659e-456e-fd67ccd042e4%40owasp.org.
--
Dirk Wetter
Oct 22, 2019, 9:36:14 AM10/22/19
to lea...@owasp.org, di...@owasp.org
Hi,
thanks Mike and Harold. But what is the problem with
- project
\_A
\_B
- chapter
\A
\B
-event
\A
\B
That is not as flat and a tree like structure makes more sense to me. One then e.g. can then even subdivide chapters per
country and for projects there could be also a structure, like defender, breaker, builder, ciso. Events per year and/or
per country. (www seems to me redundant/~2000ish. No offense, intended :-) ).
The thing is that if we start with a not a defined structure we might end up in a decade with a mess as with the
wiki.
Cheers, Dirk
On 10/21/19 11:08 PM, Mike McCamon wrote:
> Harold and I made that call - and I was the one who suggested it. I can understand from one project's or chapter's view how this naming convention might not be optimal but please know we gave this a lot of thought. It came down to (1) maintenance, (2) longevity, and (3) namespace collision issues.
>
> Our organization over time could have as many as 1,000 repos in the future since every chapter and project has their own (that was done BTW to get credential management under control). In this new future if we needed to apply changes to every chapter page - or for that matter find a chapter page - that is public facing on the website it was determined we needed a naming convention.
>
> So yes we prepended "www-" for any repo that would be used as part of the website - so as to not confuse a project repo and the public facing website content. Then we added "project-", "chapter-", "event-" so it would be easy to find similar items. I had wanted to add continent to chapters as in "www-chapter-na-venice" so we did't confuse it with "www-chapter-eu-venice" and so we could automate grouping of cities on meta pages but I had pushed Harold to the limit.
>
> Another reason for the www- is that we will have a policy repo, one for committees and in the future likely more - so adding www- allows us to completely group all web content into one logical naming convention.
>
> It's a minor inconvenience for now, but I hope everyone can agree the organizational benefits outweigh a small learning curve.
>
>
> On Sunday, October 20, 2019 at 1:22:12 AM UTC-5, Anant Shrivastava wrote:
>
> Hi Harold,
>
> Now sure who decided on the url structure but the current URL Structure
> is no where good for anything
>
> https://www2.owasp.org/www-project-mobile-security-testing-guide <https://www2.owasp.org/www-project-mobile-security-testing-guide>
> https://www2.owasp.org/www-chapter-bhopal/ <https://www2.owasp.org/www-chapter-bhopal/>
> https://www2.owasp.org/project-mobile-security-testing-guide <https://www2.owasp.org/project-mobile-security-testing-guide>
> > <mailto:leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org>>.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org <https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org?utm_medium=email&utm_source=footer>.
--
thanks Mike and Harold. But what is the problem with
- project
\_A
\_B
- chapter
\A
\B
-event
\A
\B
That is not as flat and a tree like structure makes more sense to me. One then e.g. can then even subdivide chapters per
country and for projects there could be also a structure, like defender, breaker, builder, ciso. Events per year and/or
per country. (www seems to me redundant/~2000ish. No offense, intended :-) ).
The thing is that if we start with a not a defined structure we might end up in a decade with a mess as with the
wiki.
Cheers, Dirk
On 10/21/19 11:08 PM, Mike McCamon wrote:
> Harold and I made that call - and I was the one who suggested it. I can understand from one project's or chapter's view how this naming convention might not be optimal but please know we gave this a lot of thought. It came down to (1) maintenance, (2) longevity, and (3) namespace collision issues.
>
> Our organization over time could have as many as 1,000 repos in the future since every chapter and project has their own (that was done BTW to get credential management under control). In this new future if we needed to apply changes to every chapter page - or for that matter find a chapter page - that is public facing on the website it was determined we needed a naming convention.
>
> So yes we prepended "www-" for any repo that would be used as part of the website - so as to not confuse a project repo and the public facing website content. Then we added "project-", "chapter-", "event-" so it would be easy to find similar items. I had wanted to add continent to chapters as in "www-chapter-na-venice" so we did't confuse it with "www-chapter-eu-venice" and so we could automate grouping of cities on meta pages but I had pushed Harold to the limit.
>
> Another reason for the www- is that we will have a policy repo, one for committees and in the future likely more - so adding www- allows us to completely group all web content into one logical naming convention.
>
> It's a minor inconvenience for now, but I hope everyone can agree the organizational benefits outweigh a small learning curve.
>
>
> On Sunday, October 20, 2019 at 1:22:12 AM UTC-5, Anant Shrivastava wrote:
>
> Hi Harold,
>
> Now sure who decided on the url structure but the current URL Structure
> is no where good for anything
>
> https://www2.owasp.org/www-chapter-bhopal/ <https://www2.owasp.org/www-chapter-bhopal/>
>
> Can we get them changed to something like
>
> https://www2.owasp.org/chapter-bhopal/ <https://www2.owasp.org/chapter-bhopal/>
> Can we get them changed to something like
>
> https://www2.owasp.org/project-mobile-security-testing-guide <https://www2.owasp.org/project-mobile-security-testing-guide>
>
> www in url's is not serving any purpose and also its making url longer
> to remember or be used directly.
>
> Can i request others to give opinion if this url structure would be good
> and @Harold can we have these changes in url structure.
>
> -Anant
>
> On 18/10/19 8:04 pm, Harold Blankenship wrote:
> > Hello, Leaders,
> >
> > The website migration is underway, with nearly all repositories having
> > been created already. Not everyone has been added to your respective
> > repositories; that is an on-going process. We now have a general
> > document detailing the content in your
> > repository at https://www2.owasp.org/migration <https://www2.owasp.org/migration>
> www in url's is not serving any purpose and also its making url longer
> to remember or be used directly.
>
> Can i request others to give opinion if this url structure would be good
> and @Harold can we have these changes in url structure.
>
> -Anant
>
> On 18/10/19 8:04 pm, Harold Blankenship wrote:
> > Hello, Leaders,
> >
> > The website migration is underway, with nearly all repositories having
> > been created already. Not everyone has been added to your respective
> > repositories; that is an on-going process. We now have a general
> > document detailing the content in your
> >
> > A nice-to-accomplish goal would be to get the chapters and projects
> > migrated in the next 30 days.
> >
> > Regards,
> >
> > Harold L. Blankenship
> >
> > OWASP Foundation
> >
> > Director of Technology and Projects
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Leaders" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> > an email to leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org>
> > A nice-to-accomplish goal would be to get the chapters and projects
> > migrated in the next 30 days.
> >
> > Regards,
> >
> > Harold L. Blankenship
> >
> > OWASP Foundation
> >
> > Director of Technology and Projects
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Leaders" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> > <mailto:leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org>>.
> > To view this discussion on the web visit
> > https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com>
> > <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>>.
>
>
> --
> You received this message because you are subscribed to the Google Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org <mailto:leaders+u...@owasp.org>.
> You received this message because you are subscribed to the Google Groups "Leaders" group.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org <https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org?utm_medium=email&utm_source=footer>.
--
Timur 'x' Khrotko [owasp]
Oct 22, 2019, 10:08:42 AM10/22/19
to Dirk Wetter, lea...@owasp.org
That doesn't work with GitHub which is ridiculously flat. That would work with GitLab, what you suggest Dirk!
That's why I'm saying that it's not late yet to redesign the architecture and mechanics.
And yes www- looks like a hack and is a hack. So it's a PR problem. Our audience will see that we don't care.
The benchmark today is GatsbyJS, MDX and AST-based content mutations. I'm not saying let's do that but something similarly contemporary which can stay with owasp for another decade.
Was there any call for proposal to the leaders to collect their suggestions regarding the new web implementation? Why we are trying to fix a design flaw now?
To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/fed3c65c-2ea8-974a-20be-1ddcb6bb2441%40owasp.org.
Anant Shrivastava
Oct 22, 2019, 10:34:35 AM10/22/19
to lea...@owasp.org
we are trying to fix things coz we only got to know that's the plan when
the plan was made public.
-Anant
On 22/10/19 7:38 pm, Timur 'x' Khrotko [owasp] wrote:
> That doesn't work with GitHub which is ridiculously flat. That would
> work with GitLab, what you suggest Dirk!
>
> That's why I'm saying that it's not late yet to redesign the
> architecture and mechanics.
>
> And yes www- looks like a hack and is a hack. So it's a PR problem. Our
> audience will see that we don't care.
>
> The benchmark today is GatsbyJS, MDX and AST-based content mutations.
> I'm not saying let's do that but something similarly contemporary which
> can stay with owasp for another decade.
>
> Was there any call for proposal to the leaders to collect their
> suggestions regarding the new web implementation? Why we are trying to
> fix a design flaw now?
>
>
> On 2019. Oct 22., Tue at 15:36, Dirk Wetter <di...@owasp.org
> <mailto:leaders%2Bunsu...@owasp.org
> <mailto:leaders%252Buns...@owasp.org>>
> > > <mailto:leaders+u...@owasp.org
> <mailto:leaders%2Bunsu...@owasp.org>
> <mailto:leaders%2Bunsu...@owasp.org
> <mailto:leaders%252Buns...@owasp.org>>>.
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CABgY9HwMVasq8faMR%2BQdfxXGxmCHbAB%3DrAh-%2Bh97KsLUvksGNA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
the plan was made public.
-Anant
On 22/10/19 7:38 pm, Timur 'x' Khrotko [owasp] wrote:
> That doesn't work with GitHub which is ridiculously flat. That would
> work with GitLab, what you suggest Dirk!
>
> That's why I'm saying that it's not late yet to redesign the
> architecture and mechanics.
>
> And yes www- looks like a hack and is a hack. So it's a PR problem. Our
> audience will see that we don't care.
>
> The benchmark today is GatsbyJS, MDX and AST-based content mutations.
> I'm not saying let's do that but something similarly contemporary which
> can stay with owasp for another decade.
>
> Was there any call for proposal to the leaders to collect their
> suggestions regarding the new web implementation? Why we are trying to
> fix a design flaw now?
>
>
> On 2019. Oct 22., Tue at 15:36, Dirk Wetter <di...@owasp.org
> <mailto:leaders%252Buns...@owasp.org>>
> > > <mailto:leaders+u...@owasp.org
> <mailto:leaders%2Bunsu...@owasp.org>
> <mailto:leaders%2Bunsu...@owasp.org
> <mailto:leaders%252Buns...@owasp.org>>>.
> > > To view this discussion on the web visit
> > >
> https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com>
> > >
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>>.
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Leaders" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send an email to leaders+u...@owasp.org
> <mailto:leaders%2Bunsu...@owasp.org>
> <mailto:leaders+u...@owasp.org
> <mailto:leaders%2Bunsu...@owasp.org>>.
> > To view this discussion on the web visit
> > >
> https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com>
> > >
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>>.
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Leaders" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send an email to leaders+u...@owasp.org
> <mailto:leaders%2Bunsu...@owasp.org>
> <mailto:leaders+u...@owasp.org
> <mailto:leaders%2Bunsu...@owasp.org>>.
> > To view this discussion on the web visit
> https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org?utm_medium=email&utm_source=footer>.
>
> --
> OWASP Volunteer
> Send me encrypted mails (Key ID 0xD0A74569)
>
> --
> You received this message because you are subscribed to the Google
> Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to leaders+u...@owasp.org
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org?utm_medium=email&utm_source=footer>.
>
> --
> OWASP Volunteer
> Send me encrypted mails (Key ID 0xD0A74569)
>
> --
> You received this message because you are subscribed to the Google
> Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it,
> https://groups.google.com/a/owasp.org/d/msgid/leaders/fed3c65c-2ea8-974a-20be-1ddcb6bb2441%40owasp.org.
>
> --
> This message may contain confidential information - you should
> handle it
> accordingly.
>
>
> --
> This message may contain confidential information - you should
> handle it
> accordingly.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to leaders+u...@owasp.org
> <mailto:leaders+u...@owasp.org>.
> To view this discussion on the web visit
> https://groups.google.com/a/owasp.org/d/msgid/leaders/CABgY9HwMVasq8faMR%2BQdfxXGxmCHbAB%3DrAh-%2Bh97KsLUvksGNA%40mail.gmail.com
> You received this message because you are subscribed to the Google
> Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to leaders+u...@owasp.org
> <mailto:leaders+u...@owasp.org>.
> To view this discussion on the web visit
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CABgY9HwMVasq8faMR%2BQdfxXGxmCHbAB%3DrAh-%2Bh97KsLUvksGNA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
Paulo Silva
Oct 22, 2019, 10:40:30 AM10/22/19
to Anant Shrivastava, lea...@owasp.org
Because I raised some concerns, I want to make it clear that:
1. I don't care whether we go with Jekyll or GatsbyJS as long as the new website
fulfills all functional and non-function requirements.
2. What I don't like is to have to manage two different repositories which are,
in fact, strongly tied: the project repo and the new project's page.
A few minutes ago I released a new version of the OWASP Go Secure Coding
Practices project on GitHub and then I had to go to the Wiki page to update
the "Last Reviewed Release".
If page markdown files could live inside the project's repository (in the
root or a sub-folder e.g. `www`) I would be able to keep everything
up-to-date in a single place and with less effort.
3. Since this subject seems to have been discussed in-depth, I'll trust you guys
and make myself available to whatever you think I can help.
I'll start moving the pages I am responsible by.
Cheers,
Paulo A. Silva
> You received this message because you are subscribed to a topic in the Google Groups "Leaders" group.
> To unsubscribe from this topic, visit https://groups.google.com/a/owasp.org/d/topic/leaders/dGR73Mrahcw/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to leaders+u...@owasp.org.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/3732191a-112f-7e70-cab7-7d6fe7bc43cc%40owasp.org.
--
Paulo Silva
OWASP API Security Project - Project Main Maintainer
OWASP Go Secure Coding Practices Guide - Project Co-Leader
1. I don't care whether we go with Jekyll or GatsbyJS as long as the new website
fulfills all functional and non-function requirements.
2. What I don't like is to have to manage two different repositories which are,
in fact, strongly tied: the project repo and the new project's page.
A few minutes ago I released a new version of the OWASP Go Secure Coding
Practices project on GitHub and then I had to go to the Wiki page to update
the "Last Reviewed Release".
If page markdown files could live inside the project's repository (in the
root or a sub-folder e.g. `www`) I would be able to keep everything
up-to-date in a single place and with less effort.
3. Since this subject seems to have been discussed in-depth, I'll trust you guys
and make myself available to whatever you think I can help.
I'll start moving the pages I am responsible by.
Cheers,
Paulo A. Silva
> To unsubscribe from this topic, visit https://groups.google.com/a/owasp.org/d/topic/leaders/dGR73Mrahcw/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to leaders+u...@owasp.org.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/3732191a-112f-7e70-cab7-7d6fe7bc43cc%40owasp.org.
--
Paulo Silva
OWASP API Security Project - Project Main Maintainer
OWASP Go Secure Coding Practices Guide - Project Co-Leader
Timur 'x' Khrotko [owasp]
Oct 22, 2019, 10:48:00 AM10/22/19
to Paulo Silva, Anant Shrivastava, lea...@owasp.org
* that's what a properly designed platform could do for you, Paulo (eg GatsbyJS)
Where is the new website requirements specification which is fulfilled or not? (This website project lasts like for five years now.)
To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CAN%3DxGgMi8i9Q6WOOM4PtJTQ0bwYBcaQ9%2BVp%2BzasnAWu0sjUwYA%40mail.gmail.com.
Dirk Wetter
Oct 22, 2019, 11:02:04 AM10/22/19
to lea...@owasp.org, Timur 'x' Khrotko [owasp]
Hi,
is gitlab no option for us? If really not, we should give it a serious thought:
can't we think of a mechamism who does translate the flat github structure to
a proper structured website at least?
If we have no good design now -- compare it with software or network architecture --
it'll end up not good.
And as Timur indicated: the website should be a figurehead, especially give the W
in OWASP.
Cheers, Dirk
> > > <mailto:leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>>>.
> > > To view this discussion on the web visit
> > > https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com>
> > > <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>>.
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Leaders" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org> <mailto:leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org>>.
> > > https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com>
> > > <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>>.
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Leaders" group.
> > To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org <https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org?utm_medium=email&utm_source=footer>.
>
> --
> OWASP Volunteer
> Send me encrypted mails (Key ID 0xD0A74569)
>
> --
> You received this message because you are subscribed to the Google Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org>.
>
> --
> OWASP Volunteer
> Send me encrypted mails (Key ID 0xD0A74569)
>
> --
> You received this message because you are subscribed to the Google Groups "Leaders" group.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/fed3c65c-2ea8-974a-20be-1ddcb6bb2441%40owasp.org.
>
> --
> This message may contain confidential information - you should handle it
> accordingly.
>
>
> --
> This message may contain confidential information - you should handle it
> accordingly.
>
Steve Springett
Oct 22, 2019, 11:50:31 AM10/22/19
to lea...@owasp.org, Timur 'x' Khrotko [owasp], Dirk Wetter
I won’t comment on the merits of any technical decision, but will comment on the user experience for non-OWASP folks accessing the OWASP GitHub org.
Previously, random GitHub users could simply browse the OWASP GitHub org to discover doc, tool, and other projects that were previously unknown to them. It was a way for users to discover content. I used this approach as well in the past. It’s very useful. Due to the massive number of new repos to support the new website, this approach is no longer viable. Casual discoverability of OWASP doc and tool repos is no longer possible without putting a lot of effort into filtering out noise (www-*).
If the decision is made to keep the existing naming structure in place, then I highly suggest we move website repos to their own GitHub organization setup specifically for this task. Let’s not pollute our main GitHub org with a bunch of repos that make discoverability of content more complex.
Technical architecture aside, this is my major issue with the current approach.
—Steve
To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/c9a3036c-1fc4-cade-c60a-10f8e0b0e148%40owasp.org.
Anant Shrivastava
Oct 22, 2019, 12:00:39 PM10/22/19
to Steve Springett, lea...@owasp.org, Timur 'x' Khrotko [owasp], Dirk Wetter
+1 to moving website stuff to a different org structure would make it
much more easier to manage.
-Anant
> <mailto:leaders+u...@owasp.org>.
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/cbac2fa1-14c8-4763-8a18-0067c2f24628%40Spark?utm_medium=email&utm_source=footer>.
much more easier to manage.
-Anant
> To view this discussion on the web visit
> https://groups.google.com/a/owasp.org/d/msgid/leaders/cbac2fa1-14c8-4763-8a18-0067c2f24628%40Spark
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/cbac2fa1-14c8-4763-8a18-0067c2f24628%40Spark?utm_medium=email&utm_source=footer>.
Bjoern Kimminich
Oct 22, 2019, 12:14:12 PM10/22/19
to lea...@owasp.org
Hi! shields.io covers probably every use case of showing repo info elsewhere. Cheers, Bjoern
Paulo Silva
Oct 23, 2019, 1:48:00 PM10/23/19
to Leaders
Any update regarding project classification logos (e.g. builders, breakers, defenders)?
Can we link them from some "central repository" or should we track them within our project webpage repo?
Cheers,
<mailto:leaders%2Bunsubscribe@owasp.org>
<mailto:leaders%2Bunsubscribe@owasp.org
<mailto:leaders%252Buns...@owasp.org>><mailto:leaders%2Bunsubscribe@owasp.org><mailto:leaders+unsubscribe@owasp.org
<mailto:leaders%2Bunsubscribe@owasp.org
<mailto:leaders%252Buns...@owasp.org>>>.https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.comTo view this discussion on the web visit
<https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com><https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer
<https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>>.Groups "Leaders" group.
--
You received this message because you are subscribed to the GoogleTo unsubscribe from this group and stop receiving emails from it,send an email to leaders+u...@owasp.org
<mailto:leaders%2Bunsubscribe@owasp.org>
<mailto:leaders+unsubscribe@owasp.org
<mailto:leaders%2Bunsubscribe@owasp.org>>.
To view this discussion on the web visithttps://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org
<https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org?utm_medium=email&utm_source=footer>.
--
OWASP Volunteer
Send me encrypted mails (Key ID 0xD0A74569)
--
You received this message because you are subscribed to the Google
Groups "Leaders" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to leaders+u...@owasp.org
<mailto:leaders%2Bunsubscribe@owasp.org>.
To view this discussion on the web visit
https://groups.google.com/a/owasp.org/d/msgid/leaders/fed3c65c-2ea8-974a-20be-1ddcb6bb2441%40owasp.org.
--
This message may contain confidential information - you should
handle it
accordingly.
--
You received this message because you are subscribed to the Google
Groups "Leaders" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to leaders+u...@owasp.org
<mailto:leaders+unsubscribe@owasp.org>.
To view this discussion on the web visit
https://groups.google.com/a/owasp.org/d/msgid/leaders/CABgY9HwMVasq8faMR%2BQdfxXGxmCHbAB%3DrAh-%2Bh97KsLUvksGNA%40mail.gmail.com
<https://groups.google.com/a/owasp.org/d/msgid/leaders/CABgY9HwMVasq8faMR%2BQdfxXGxmCHbAB%3DrAh-%2Bh97KsLUvksGNA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
Mike McCamon
Oct 23, 2019, 1:51:54 PM10/23/19
to Paulo Silva, Harold Blankenship, Leaders
Harold is working on this (might already be done) - yes it's a good idea to have one central location!
<mailto:leaders%2Bunsu...@owasp.org>
<mailto:leaders%2Bunsu...@owasp.org
<mailto:leaders%252Buns...@owasp.org>><mailto:leaders%2Bunsu...@owasp.org><mailto:leaders+u...@owasp.org
<mailto:leaders%2Bunsu...@owasp.org
<mailto:leaders%252Buns...@owasp.org>>>.https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.comTo view this discussion on the web visit
<https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com><https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer
<https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>>.Groups "Leaders" group.
--
You received this message because you are subscribed to the GoogleTo unsubscribe from this group and stop receiving emails from it,send an email to leaders+u...@owasp.org
<mailto:leaders%2Bunsu...@owasp.org>
<mailto:leaders+u...@owasp.org
<mailto:leaders%2Bunsu...@owasp.org>>.
To view this discussion on the web visithttps://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org
<https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org?utm_medium=email&utm_source=footer>.
--
OWASP Volunteer
Send me encrypted mails (Key ID 0xD0A74569)
--
You received this message because you are subscribed to the Google
Groups "Leaders" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to leaders+u...@owasp.org
<mailto:leaders%2Bunsu...@owasp.org>.
To view this discussion on the web visit
https://groups.google.com/a/owasp.org/d/msgid/leaders/fed3c65c-2ea8-974a-20be-1ddcb6bb2441%40owasp.org.
--
This message may contain confidential information - you should
handle it
accordingly.
--
You received this message because you are subscribed to the Google
Groups "Leaders" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to leaders+u...@owasp.org
<mailto:leaders+u...@owasp.org>.
To view this discussion on the web visit
https://groups.google.com/a/owasp.org/d/msgid/leaders/CABgY9HwMVasq8faMR%2BQdfxXGxmCHbAB%3DrAh-%2Bh97KsLUvksGNA%40mail.gmail.com
<https://groups.google.com/a/owasp.org/d/msgid/leaders/CABgY9HwMVasq8faMR%2BQdfxXGxmCHbAB%3DrAh-%2Bh97KsLUvksGNA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to a topic in the Google Groups "Leaders" group.
To unsubscribe from this topic, visit https://groups.google.com/a/owasp.org/d/topic/leaders/dGR73Mrahcw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/3732191a-112f-7e70-cab7-7d6fe7bc43cc%40owasp.org.
--
You received this message because you are subscribed to a topic in the Google Groups "Leaders" group.
To unsubscribe from this topic, visit https://groups.google.com/a/owasp.org/d/topic/leaders/dGR73Mrahcw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/1fe1a135-1dfb-4900-b5f5-e432a5aa38d0%40owasp.org.
--------------------------------------------------
Mike McCamon
Executive Director, OWASP
o +1.781.876.6253 | m: +1.408.430.2767
Paulo Silva
Oct 23, 2019, 2:10:17 PM10/23/19
to Leaders
On Wednesday, October 23, 2019 at 6:51:54 PM UTC+1, Mike McCamon wrote:
Harold is working on this (might already be done) - yes it's a good idea to have one central location!
Great I will wait his feedback.
What about user pages/profiles (e.g., project leaders)?
This could also go into a "central repository".
Cheers,
<mailto:leaders%2Bunsubscribe@owasp.org>
<mailto:leaders%2Bunsubscribe@owasp.org
<mailto:leaders%252Buns...@owasp.org>><mailto:leaders%2Bunsubscribe@owasp.org><mailto:leaders+unsubscribe@owasp.org
<mailto:leaders%2Bunsubscribe@owasp.org
<mailto:leaders%252Buns...@owasp.org>>>.https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.comTo view this discussion on the web visit
<https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com><https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer
<https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>>.Groups "Leaders" group.
--
You received this message because you are subscribed to the GoogleTo unsubscribe from this group and stop receiving emails from it,send an email to leaders+u...@owasp.org
<mailto:leaders%2Bunsubscribe@owasp.org>
<mailto:leaders+unsubscribe@owasp.org
<mailto:leaders%2Bunsubscribe@owasp.org>>.
To view this discussion on the web visithttps://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org
<https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org?utm_medium=email&utm_source=footer>.
--
OWASP Volunteer
Send me encrypted mails (Key ID 0xD0A74569)
--
You received this message because you are subscribed to the Google
Groups "Leaders" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to leaders+u...@owasp.org
<mailto:leaders%2Bunsubscribe@owasp.org>.
To view this discussion on the web visit
https://groups.google.com/a/owasp.org/d/msgid/leaders/fed3c65c-2ea8-974a-20be-1ddcb6bb2441%40owasp.org.
--
This message may contain confidential information - you should
handle it
accordingly.
--
You received this message because you are subscribed to the Google
Groups "Leaders" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to leaders+u...@owasp.org
<mailto:leaders+unsubscribe@owasp.org>.
To view this discussion on the web visit
https://groups.google.com/a/owasp.org/d/msgid/leaders/CABgY9HwMVasq8faMR%2BQdfxXGxmCHbAB%3DrAh-%2Bh97KsLUvksGNA%40mail.gmail.com
<https://groups.google.com/a/owasp.org/d/msgid/leaders/CABgY9HwMVasq8faMR%2BQdfxXGxmCHbAB%3DrAh-%2Bh97KsLUvksGNA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to a topic in the Google Groups "Leaders" group.
To unsubscribe from this topic, visit https://groups.google.com/a/owasp.org/d/topic/leaders/dGR73Mrahcw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/3732191a-112f-7e70-cab7-7d6fe7bc43cc%40owasp.org.
--
You received this message because you are subscribed to a topic in the Google Groups "Leaders" group.
To unsubscribe from this topic, visit https://groups.google.com/a/owasp.org/d/topic/leaders/dGR73Mrahcw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/1fe1a135-1dfb-4900-b5f5-e432a5aa38d0%40owasp.org.
Harold Blankenship
Oct 23, 2019, 6:44:55 PM10/23/19
to Paulo Silva, Leaders
You can find a current set here:
https://github.com/OWASP/www--site-theme/tree/master/assets/images/common thanks to Steve Springett. We are working on updating those and adding missing ones.
You can link to them via https://www2.owasp.org/assets/images/common/owasp_breakers.svg (for instance).
There is also a subset of the fontawesome icons that can be used. For documentation projects, I have used fa-file-pdf. For tools, fa-tools. And for code, fa-file-code
Cheers,
Harold L. Blankenship
OWASP Foundation
Director of Technology and Projects
On Wed, Oct 23, 2019 at 12:48 PM Paulo Silva <paulo...@owasp.org> wrote:
<mailto:leaders%2Bunsu...@owasp.org>
<mailto:leaders%2Bunsu...@owasp.org
<mailto:leaders%252Buns...@owasp.org>><mailto:leaders%2Bunsu...@owasp.org><mailto:leaders+u...@owasp.org
<mailto:leaders%2Bunsu...@owasp.org
<mailto:leaders%252Buns...@owasp.org>>>.https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.comTo view this discussion on the web visit
<https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com><https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer
<https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>>.Groups "Leaders" group.
--
You received this message because you are subscribed to the GoogleTo unsubscribe from this group and stop receiving emails from it,send an email to leaders+u...@owasp.org
<mailto:leaders%2Bunsu...@owasp.org>
<mailto:leaders+u...@owasp.org
<mailto:leaders%2Bunsu...@owasp.org>>.
To view this discussion on the web visithttps://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org
<https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org?utm_medium=email&utm_source=footer>.
--
OWASP Volunteer
Send me encrypted mails (Key ID 0xD0A74569)
--
You received this message because you are subscribed to the Google
Groups "Leaders" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to leaders+u...@owasp.org
<mailto:leaders%2Bunsu...@owasp.org>.
To view this discussion on the web visit
https://groups.google.com/a/owasp.org/d/msgid/leaders/fed3c65c-2ea8-974a-20be-1ddcb6bb2441%40owasp.org.
--
This message may contain confidential information - you should
handle it
accordingly.
--
You received this message because you are subscribed to the Google
Groups "Leaders" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to leaders+u...@owasp.org
<mailto:leaders+u...@owasp.org>.
To view this discussion on the web visit
https://groups.google.com/a/owasp.org/d/msgid/leaders/CABgY9HwMVasq8faMR%2BQdfxXGxmCHbAB%3DrAh-%2Bh97KsLUvksGNA%40mail.gmail.com
<https://groups.google.com/a/owasp.org/d/msgid/leaders/CABgY9HwMVasq8faMR%2BQdfxXGxmCHbAB%3DrAh-%2Bh97KsLUvksGNA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to a topic in the Google Groups "Leaders" group.
To unsubscribe from this topic, visit https://groups.google.com/a/owasp.org/d/topic/leaders/dGR73Mrahcw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/3732191a-112f-7e70-cab7-7d6fe7bc43cc%40owasp.org.
--
You received this message because you are subscribed to the Google Groups "Leaders" group.
To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/1fe1a135-1dfb-4900-b5f5-e432a5aa38d0%40owasp.org.
Dirk Wetter
Oct 25, 2019, 3:00:51 AM10/25/19
to lea...@owasp.org, di...@owasp.org
Hi Mike,
any news on the concerns Timur and myself discussed here (flat, see below) or do you
plan to just go ahead with the orignal plan?
There's also my question open what to do with all the media uploads.
Thx, Dirk
On 10/23/19 7:51 PM, Mike McCamon wrote:
> Harold is working on this (might already be done) - yes it's a good idea to have one central location!
>
> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>
> <mailto:leaders%252Buns...@owasp.org <mailto:leaders%25252Bun...@owasp.org>>>
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/1fe1a135-1dfb-4900-b5f5-e432a5aa38d0%40owasp.org <https://groups.google.com/a/owasp.org/d/msgid/leaders/1fe1a135-1dfb-4900-b5f5-e432a5aa38d0%40owasp.org?utm_medium=email&utm_source=footer>.
any news on the concerns Timur and myself discussed here (flat, see below) or do you
plan to just go ahead with the orignal plan?
There's also my question open what to do with all the media uploads.
Thx, Dirk
On 10/23/19 7:51 PM, Mike McCamon wrote:
> Harold is working on this (might already be done) - yes it's a good idea to have one central location!
>
> On Wed, Oct 23, 2019 at 12:48 PM Paulo Silva <paulo...@owasp.org <mailto:paulo...@owasp.org>> wrote:
>
> Any update regarding project classification logos (e.g. builders, breakers, defenders)?
> Can we link them from some "central repository" or should we track them within our project webpage repo?
>
> Cheers,
> On Tuesday, October 22, 2019 at 5:14:12 PM UTC+1, bjoern.kimminich wrote:
>
> Hi! shields.io <http://shields.io> covers probably every use case of showing repo info elsewhere. Cheers, Bjoern
>
> Any update regarding project classification logos (e.g. builders, breakers, defenders)?
> Can we link them from some "central repository" or should we track them within our project webpage repo?
>
> Cheers,
> On Tuesday, October 22, 2019 at 5:14:12 PM UTC+1, bjoern.kimminich wrote:
>
> <mailto:leaders%252Buns...@owasp.org <mailto:leaders%25252Bun...@owasp.org>>>
>
> <mailto:leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org>
>
> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>>
> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>
> <mailto:leaders%252Buns...@owasp.org <mailto:leaders%25252Bun...@owasp.org>>>>.
> <mailto:leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org>
>
> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>>
> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>
>
> To view this discussion on the web visit
>
> https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com>
>
>
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>>.
>
>
> --
> You received this message because you are subscribed to the Google
>
> Groups "Leaders" group.
>
> To unsubscribe from this group and stop receiving emails from it,
>
> send an email to leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org>
> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>>
> <mailto:leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org>
> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>>>.
>
> To view this discussion on the web visit
>
> To view this discussion on the web visit
>
> https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com>
>
>
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>>.
>
>
> --
> You received this message because you are subscribed to the Google
>
> Groups "Leaders" group.
>
> To unsubscribe from this group and stop receiving emails from it,
>
> send an email to leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org>
> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>>
> <mailto:leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org>
> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>>>.
>
> To view this discussion on the web visit
>
> https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org?utm_medium=email&utm_source=footer>.
>
> --
> OWASP Volunteer
> Send me encrypted mails (Key ID 0xD0A74569)
>
> --
> You received this message because you are subscribed to the Google
> Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org>
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org?utm_medium=email&utm_source=footer>.
>
> --
> OWASP Volunteer
> Send me encrypted mails (Key ID 0xD0A74569)
>
> --
> You received this message because you are subscribed to the Google
> Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org>
> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>>.
> To view this discussion on the web visit
> To view this discussion on the web visit
> https://groups.google.com/a/owasp.org/d/msgid/leaders/fed3c65c-2ea8-974a-20be-1ddcb6bb2441%40owasp.org.
>
> --
> This message may contain confidential information - you should
> handle it
> accordingly.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org>
>
> --
> This message may contain confidential information - you should
> handle it
> accordingly.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it, send
> <mailto:leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org>>.
> To view this discussion on the web visit
> To view this discussion on the web visit
> https://groups.google.com/a/owasp.org/d/msgid/leaders/CABgY9HwMVasq8faMR%2BQdfxXGxmCHbAB%3DrAh-%2Bh97KsLUvksGNA%40mail.gmail.com
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CABgY9HwMVasq8faMR%2BQdfxXGxmCHbAB%3DrAh-%2Bh97KsLUvksGNA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
>
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Leaders" group.
> To unsubscribe from this topic, visit https://groups.google.com/a/owasp.org/d/topic/leaders/dGR73Mrahcw/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org>.
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CABgY9HwMVasq8faMR%2BQdfxXGxmCHbAB%3DrAh-%2Bh97KsLUvksGNA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
>
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Leaders" group.
> To unsubscribe from this topic, visit https://groups.google.com/a/owasp.org/d/topic/leaders/dGR73Mrahcw/unsubscribe.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/3732191a-112f-7e70-cab7-7d6fe7bc43cc%40owasp.org.
>
>
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Leaders" group.
> To unsubscribe from this topic, visit https://groups.google.com/a/owasp.org/d/topic/leaders/dGR73Mrahcw/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to leaders+u...@owasp.org <mailto:leaders+u...@owasp.org>.
>
>
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Leaders" group.
> To unsubscribe from this topic, visit https://groups.google.com/a/owasp.org/d/topic/leaders/dGR73Mrahcw/unsubscribe.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/1fe1a135-1dfb-4900-b5f5-e432a5aa38d0%40owasp.org <https://groups.google.com/a/owasp.org/d/msgid/leaders/1fe1a135-1dfb-4900-b5f5-e432a5aa38d0%40owasp.org?utm_medium=email&utm_source=footer>.
>
>
>
> --
> --------------------------------------------------
> Mike McCamon
> Executive Director, OWASP
> o +1.781.876.6253 | m: +1.408.430.2767
>
>
>
> --
> --------------------------------------------------
> Mike McCamon
> Executive Director, OWASP
> o +1.781.876.6253 | m: +1.408.430.2767
>
> --
> You received this message because you are subscribed to the Google Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org <mailto:leaders+u...@owasp.org>.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CADvcYBgvU9%2Ba-6EA_oFcg9ygEGjxAUPzMTQ19J8HATz3L_J5UA%40mail.gmail.com <https://groups.google.com/a/owasp.org/d/msgid/leaders/CADvcYBgvU9%2Ba-6EA_oFcg9ygEGjxAUPzMTQ19J8HATz3L_J5UA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> You received this message because you are subscribed to the Google Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org <mailto:leaders+u...@owasp.org>.
Paulo Silva
Oct 25, 2019, 3:09:26 AM10/25/19
to dirk wetter, lea...@owasp.org
I tracked sponsors logos and presentations in the www-* repo.
Cheers,
To unsubscribe from this group and all its topics, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/3f6b8164-d782-e382-505a-d5e0a74b7e2c%40owasp.org.
Dirk Wetter
Oct 25, 2019, 4:02:41 AM10/25/19
to Paulo Silva, di...@owasp.org, lea...@owasp.org
Hi Paulo,
sorry to follow up as I am not sure whether I got this right.
Maybe it's better to c&p it, (10/19/19, 2:19 PM):
--snip
I suppose there's quite some uploaded content under Special:Files [1]. How is that supposed to be treated?
Suggestions that while copying the text based content the owner should take care will probably not catching everything.
Talks e.g. and other documents might not be referenced in the wiki but on external sites.
[1] 5k documents in 5,5 years: https://www.owasp.org/index.php?title=Special:ListFiles&limit=5000&ilsearch=&user= . Can't
tell which ones aren't referenced in the wiki.
--snap
What do you mean by tracked (past tense). Is that already copied? How will that be linked?
Do we forget about external links (that could be also appsec conferences). And how to deal with
internal links to the presentations?
Cheers, Dirk
On 10/25/19 9:09 AM, Paulo Silva wrote:
> I tracked sponsors logos and presentations in the www-* repo.
>
> Cheers,
>
> > <mailto:leaders%252Buns...@owasp.org <mailto:leaders%25252Bun...@owasp.org> <mailto:leaders%25252Bun...@owasp.org <mailto:leaders%2525252Bu...@owasp.org>>>>
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/3f6b8164-d782-e382-505a-d5e0a74b7e2c%40owasp.org.
sorry to follow up as I am not sure whether I got this right.
Maybe it's better to c&p it, (10/19/19, 2:19 PM):
--snip
I suppose there's quite some uploaded content under Special:Files [1]. How is that supposed to be treated?
Suggestions that while copying the text based content the owner should take care will probably not catching everything.
Talks e.g. and other documents might not be referenced in the wiki but on external sites.
[1] 5k documents in 5,5 years: https://www.owasp.org/index.php?title=Special:ListFiles&limit=5000&ilsearch=&user= . Can't
tell which ones aren't referenced in the wiki.
--snap
What do you mean by tracked (past tense). Is that already copied? How will that be linked?
Do we forget about external links (that could be also appsec conferences). And how to deal with
internal links to the presentations?
Cheers, Dirk
On 10/25/19 9:09 AM, Paulo Silva wrote:
> I tracked sponsors logos and presentations in the www-* repo.
>
> Cheers,
>
> A sexta, 25/10/2019, 08:00, Dirk Wetter <di...@owasp.org <mailto:di...@owasp.org>> escreveu:
>
> Hi Mike,
>
> any news on the concerns Timur and myself discussed here (flat, see below) or do you
> plan to just go ahead with the orignal plan?
>
> There's also my question open what to do with all the media uploads.
>
> Thx, Dirk
>
>
> On 10/23/19 7:51 PM, Mike McCamon wrote:
> > Harold is working on this (might already be done) - yes it's a good idea to have one central location!
> >
> > On Wed, Oct 23, 2019 at 12:48 PM Paulo Silva <paulo...@owasp.org <mailto:paulo...@owasp.org> <mailto:paulo...@owasp.org <mailto:paulo...@owasp.org>>> wrote:
> >
> > Any update regarding project classification logos (e.g. builders, breakers, defenders)?
> > Can we link them from some "central repository" or should we track them within our project webpage repo?
> >
> > Cheers,
> > On Tuesday, October 22, 2019 at 5:14:12 PM UTC+1, bjoern.kimminich wrote:
> >
> > Hi! shields.io <http://shields.io> <http://shields.io> covers probably every use case of showing repo info elsewhere. Cheers, Bjoern
>
> Hi Mike,
>
> any news on the concerns Timur and myself discussed here (flat, see below) or do you
> plan to just go ahead with the orignal plan?
>
> There's also my question open what to do with all the media uploads.
>
> Thx, Dirk
>
>
> On 10/23/19 7:51 PM, Mike McCamon wrote:
> > Harold is working on this (might already be done) - yes it's a good idea to have one central location!
> >
> > On Wed, Oct 23, 2019 at 12:48 PM Paulo Silva <paulo...@owasp.org <mailto:paulo...@owasp.org> <mailto:paulo...@owasp.org <mailto:paulo...@owasp.org>>> wrote:
> >
> > Any update regarding project classification logos (e.g. builders, breakers, defenders)?
> > Can we link them from some "central repository" or should we track them within our project webpage repo?
> >
> > Cheers,
> > On Tuesday, October 22, 2019 at 5:14:12 PM UTC+1, bjoern.kimminich wrote:
> >
> >
> > Am 22. Oktober 2019 17:40:16 OESZ schrieb Paulo Silva <paulo...@owasp.org <mailto:paulo...@owasp.org> <mailto:paulo...@owasp.org <mailto:paulo...@owasp.org>>>:
> >
> > Because I raised some concerns, I want to make it clear that:
> >
> > 1. I don't care whether we go with Jekyll or GatsbyJS as long as the new website
> > fulfills all functional and non-function requirements.
> > 2. What I don't like is to have to manage two different repositories which are,
> > in fact, strongly tied: the project repo and the new project's page.
> >
> > A few minutes ago I released a new version of the OWASP Go Secure Coding
> > Practices project on GitHub and then I had to go to the Wiki page to update
> > the "Last Reviewed Release".
> >
> > If page markdown files could live inside the project's repository (in the
> > root or a sub-folder e.g. `www`) I would be able to keep everything
> > up-to-date in a single place and with less effort.
> > 3. Since this subject seems to have been discussed in-depth, I'll trust you guys
> > and make myself available to whatever you think I can help.
> >
> > I'll start moving the pages I am responsible by.
> >
> > Cheers,
> > Paulo A. Silva
> >
> > On Tue, Oct 22, 2019 at 3:34 PM Anant Shrivastava
> > Am 22. Oktober 2019 17:40:16 OESZ schrieb Paulo Silva <paulo...@owasp.org <mailto:paulo...@owasp.org> <mailto:paulo...@owasp.org <mailto:paulo...@owasp.org>>>:
> >
> > Because I raised some concerns, I want to make it clear that:
> >
> > 1. I don't care whether we go with Jekyll or GatsbyJS as long as the new website
> > fulfills all functional and non-function requirements.
> > 2. What I don't like is to have to manage two different repositories which are,
> > in fact, strongly tied: the project repo and the new project's page.
> >
> > A few minutes ago I released a new version of the OWASP Go Secure Coding
> > Practices project on GitHub and then I had to go to the Wiki page to update
> > the "Last Reviewed Release".
> >
> > If page markdown files could live inside the project's repository (in the
> > root or a sub-folder e.g. `www`) I would be able to keep everything
> > up-to-date in a single place and with less effort.
> > 3. Since this subject seems to have been discussed in-depth, I'll trust you guys
> > and make myself available to whatever you think I can help.
> >
> > I'll start moving the pages I am responsible by.
> >
> > Cheers,
> > Paulo A. Silva
> >
> > On Tue, Oct 22, 2019 at 3:34 PM Anant Shrivastava
> > <anant.sh...@owasp.org <mailto:anant.sh...@owasp.org> <mailto:anant.sh...@owasp.org <mailto:anant.sh...@owasp.org>>> wrote:
> >
> >
> > we are trying to fix things coz we only got to know that's the plan when
> > the plan was made public.
> >
> > -Anant
> >
> >
> > On 22/10/19 7:38 pm, Timur 'x' Khrotko [owasp] wrote:
> >
> > That doesn't work with GitHub which is ridiculously flat. That would
> > work with GitLab, what you suggest Dirk!
> >
> > That's why I'm saying that it's not late yet to redesign the
> > architecture and mechanics.
> >
> > And yes www- looks like a hack and is a hack. So it's a PR problem. Our
> > audience will see that we don't care.
> >
> > The benchmark today is GatsbyJS, MDX and AST-based content mutations.
> > I'm not saying let's do that but something similarly contemporary which
> > can stay with owasp for another decade.
> >
> > Was there any call for proposal to the leaders to collect their
> > suggestions regarding the new web implementation? Why we are trying to
> > fix a design flaw now?
> >
> >
> > On 2019. Oct 22., Tue at 15:36, Dirk Wetter <di...@owasp.org <mailto:di...@owasp.org> <mailto:di...@owasp.org <mailto:di...@owasp.org>>
> >
> >
> > we are trying to fix things coz we only got to know that's the plan when
> > the plan was made public.
> >
> > -Anant
> >
> >
> > On 22/10/19 7:38 pm, Timur 'x' Khrotko [owasp] wrote:
> >
> > That doesn't work with GitHub which is ridiculously flat. That would
> > work with GitLab, what you suggest Dirk!
> >
> > That's why I'm saying that it's not late yet to redesign the
> > architecture and mechanics.
> >
> > And yes www- looks like a hack and is a hack. So it's a PR problem. Our
> > audience will see that we don't care.
> >
> > The benchmark today is GatsbyJS, MDX and AST-based content mutations.
> > I'm not saying let's do that but something similarly contemporary which
> > can stay with owasp for another decade.
> >
> > Was there any call for proposal to the leaders to collect their
> > suggestions regarding the new web implementation? Why we are trying to
> > fix a design flaw now?
> >
> >
> > On 2019. Oct 22., Tue at 15:36, Dirk Wetter <di...@owasp.org <mailto:di...@owasp.org> <mailto:di...@owasp.org <mailto:di...@owasp.org>>
> >
> > <mailto:leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>>
> >
> > <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org> <mailto:leaders%252Buns...@owasp.org <mailto:leaders%25252Bun...@owasp.org>>>
> > <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org> <mailto:leaders%252Buns...@owasp.org <mailto:leaders%25252Bun...@owasp.org>>
> > <mailto:leaders%252Buns...@owasp.org <mailto:leaders%25252Bun...@owasp.org> <mailto:leaders%25252Bun...@owasp.org <mailto:leaders%2525252Bu...@owasp.org>>>>>.
> > <mailto:leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>>
> >
> > <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org> <mailto:leaders%252Buns...@owasp.org <mailto:leaders%25252Bun...@owasp.org>>>
> > <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org> <mailto:leaders%252Buns...@owasp.org <mailto:leaders%25252Bun...@owasp.org>>
> >
> > To view this discussion on the web visit
> >
> > https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com
> > <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com>
> >
> >
> > <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer
> > <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>>.
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> >
> > Groups "Leaders" group.
> >
> > To unsubscribe from this group and stop receiving emails from it,
> >
> > send an email to leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>>
> > <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org> <mailto:leaders%252Buns...@owasp.org <mailto:leaders%25252Bun...@owasp.org>>>
> > <mailto:leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>>
> > <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org> <mailto:leaders%252Buns...@owasp.org <mailto:leaders%25252Bun...@owasp.org>>>>.
> >
> > To view this discussion on the web visit
> >
> > To view this discussion on the web visit
> >
> > https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com
> > <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com>
> >
> >
> > <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer
> > <https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt780HU4QVeHSDV7Qek0NrNaxXh_ZoKd7s3tsHKKzUQRNQ%40mail.gmail.com?utm_medium=email&utm_source=footer>>.
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> >
> > Groups "Leaders" group.
> >
> > To unsubscribe from this group and stop receiving emails from it,
> >
> > send an email to leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>>
> > <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org> <mailto:leaders%252Buns...@owasp.org <mailto:leaders%25252Bun...@owasp.org>>>
> > <mailto:leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>>
> > <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org> <mailto:leaders%252Buns...@owasp.org <mailto:leaders%25252Bun...@owasp.org>>>>.
> >
> > To view this discussion on the web visit
> >
> > https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org
> > <https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org?utm_medium=email&utm_source=footer>.
> >
> > --
> > OWASP Volunteer
> > Send me encrypted mails (Key ID 0xD0A74569)
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Leaders" group.
> > To unsubscribe from this group and stop receiving emails from it,
> > send an email to leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>>
> > <https://groups.google.com/a/owasp.org/d/msgid/leaders/2fcb9ccd-f89e-411a-af53-a4c6259e68eb%40owasp.org?utm_medium=email&utm_source=footer>.
> >
> > --
> > OWASP Volunteer
> > Send me encrypted mails (Key ID 0xD0A74569)
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Leaders" group.
> > To unsubscribe from this group and stop receiving emails from it,
> > send an email to leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>>
> > <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org> <mailto:leaders%252Buns...@owasp.org <mailto:leaders%25252Bun...@owasp.org>>>.
> > To view this discussion on the web visit
> > To view this discussion on the web visit
> > https://groups.google.com/a/owasp.org/d/msgid/leaders/fed3c65c-2ea8-974a-20be-1ddcb6bb2441%40owasp.org.
> >
> > --
> > This message may contain confidential information - you should
> > handle it
> > accordingly.
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Leaders" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> >
> > --
> > This message may contain confidential information - you should
> > handle it
> > accordingly.
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Leaders" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> > an email to leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>>
> > <mailto:leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>>>.
> > To view this discussion on the web visit
> > <mailto:leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>>>.
> > To view this discussion on the web visit
> > https://groups.google.com/a/owasp.org/d/msgid/leaders/CABgY9HwMVasq8faMR%2BQdfxXGxmCHbAB%3DrAh-%2Bh97KsLUvksGNA%40mail.gmail.com
> > <https://groups.google.com/a/owasp.org/d/msgid/leaders/CABgY9HwMVasq8faMR%2BQdfxXGxmCHbAB%3DrAh-%2Bh97KsLUvksGNA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> >
> >
> > --
> > You received this message because you are subscribed to a topic in the Google Groups "Leaders" group.
> > To unsubscribe from this topic, visit https://groups.google.com/a/owasp.org/d/topic/leaders/dGR73Mrahcw/unsubscribe.
> > To unsubscribe from this group and all its topics, send an email to leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org> <mailto:leaders%2Bunsu...@owasp.org <mailto:leaders%252Buns...@owasp.org>>.
> > <https://groups.google.com/a/owasp.org/d/msgid/leaders/CABgY9HwMVasq8faMR%2BQdfxXGxmCHbAB%3DrAh-%2Bh97KsLUvksGNA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> >
> >
> > --
> > You received this message because you are subscribed to a topic in the Google Groups "Leaders" group.
> > To unsubscribe from this topic, visit https://groups.google.com/a/owasp.org/d/topic/leaders/dGR73Mrahcw/unsubscribe.
> > To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/3732191a-112f-7e70-cab7-7d6fe7bc43cc%40owasp.org.
> >
> >
> >
> > --
> > You received this message because you are subscribed to a topic in the Google Groups "Leaders" group.
> > To unsubscribe from this topic, visit https://groups.google.com/a/owasp.org/d/topic/leaders/dGR73Mrahcw/unsubscribe.
> > To unsubscribe from this group and all its topics, send an email to leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org> <mailto:leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org>>.
> >
> >
> >
> > --
> > You received this message because you are subscribed to a topic in the Google Groups "Leaders" group.
> > To unsubscribe from this topic, visit https://groups.google.com/a/owasp.org/d/topic/leaders/dGR73Mrahcw/unsubscribe.
> > To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/1fe1a135-1dfb-4900-b5f5-e432a5aa38d0%40owasp.org <https://groups.google.com/a/owasp.org/d/msgid/leaders/1fe1a135-1dfb-4900-b5f5-e432a5aa38d0%40owasp.org?utm_medium=email&utm_source=footer>.
> >
> >
> >
> > --
> > --------------------------------------------------
> > Mike McCamon
> > Executive Director, OWASP
> > o +1.781.876.6253 | m: +1.408.430.2767
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Leaders" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org> <mailto:leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org>>.
> >
> >
> >
> > --
> > --------------------------------------------------
> > Mike McCamon
> > Executive Director, OWASP
> > o +1.781.876.6253 | m: +1.408.430.2767
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Leaders" group.
> > To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CADvcYBgvU9%2Ba-6EA_oFcg9ygEGjxAUPzMTQ19J8HATz3L_J5UA%40mail.gmail.com <https://groups.google.com/a/owasp.org/d/msgid/leaders/CADvcYBgvU9%2Ba-6EA_oFcg9ygEGjxAUPzMTQ19J8HATz3L_J5UA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
>
> --
> OWASP Volunteer
> Send me encrypted mails (Key ID 0xD0A74569)
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Leaders" group.
> To unsubscribe from this topic, visit https://groups.google.com/a/owasp.org/d/topic/leaders/dGR73Mrahcw/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to leaders+u...@owasp.org <mailto:leaders%2Bunsu...@owasp.org>.
>
> --
> OWASP Volunteer
> Send me encrypted mails (Key ID 0xD0A74569)
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Leaders" group.
> To unsubscribe from this topic, visit https://groups.google.com/a/owasp.org/d/topic/leaders/dGR73Mrahcw/unsubscribe.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/3f6b8164-d782-e382-505a-d5e0a74b7e2c%40owasp.org.
Paulo Silva
Oct 25, 2019, 7:15:30 AM10/25/19
to Dirk Wetter, lea...@owasp.org
Hi Dirk,
I didn't look at the big picture.I was just sharing how I've proceeded while
migrating the OWASP API Security Project page.
By "tracked" I meant the contents linked in the API Security Project page.
Files, such as www.owasp.org/images/5/59/API_Security_Top_10_RC.pdf and
www.owasp.org/index.php/File:API_Security_Top_10_RC_-_Global_AppSec_AMS.pdf
were downloaded and moved into the `assets` directory in the www-* repo.
Cheers,
I didn't look at the big picture.I was just sharing how I've proceeded while
migrating the OWASP API Security Project page.
By "tracked" I meant the contents linked in the API Security Project page.
Files, such as www.owasp.org/images/5/59/API_Security_Top_10_RC.pdf and
www.owasp.org/index.php/File:API_Security_Top_10_RC_-_Global_AppSec_AMS.pdf
were downloaded and moved into the `assets` directory in the www-* repo.
Cheers,
--
Paulo Silva
OWASP API Security Project - Project Main Maintainer
OWASP Go Secure Coding Practices Guide - Project Co-Leader
Paulo Silva
OWASP API Security Project - Project Main Maintainer
Dirk Wetter
Oct 25, 2019, 7:38:41 AM10/25/19
to Paulo Silva, di...@owasp.org, lea...@owasp.org
Hi Paolo,
thanks && yes, your answer looked like that but I wansn't
sure and I thought it's better to repeat my question to
not only you ;-)
Thx & cheers, Dirk
thanks && yes, your answer looked like that but I wansn't
sure and I thought it's better to repeat my question to
not only you ;-)
Thx & cheers, Dirk
Timur 'x' Khrotko [owasp]
Nov 1, 2019, 8:03:41 PM11/1/19
to Mike McCamon, Leaders, Dirk Wetter, Paulo Silva, Anant Shrivastava, Azzeddine Ramrami, Steve Springett, Bjoern Kimminich
Mike, it seems to me that our issue shared with the folks in cc have been ignored so far?! Or is there an answer to that I missed?
Please note that your earlier answer which was closed with the statement that "It's a minor inconvenience for now, but I hope everyone can agree the organizational benefits outweigh a small learning curve" was not about the problem that we raised. It's not about the difficulty for those who contentmanage certain www- branches.
a) If the egress URLs will read like owasp.org/www-* that is not an inconvenience for us but an evidence of that owasp does not dig web technologies on expected level and uses cheap (in 2020-ish terms) architectural shortcuts. It damages our professional image in my - probably exaggerated - opinion. And is an inconvenience for visitors which damages user experience. While owasp tries to maintain its prestige on the new cybersec scene.
b) Hosting the www- repos together with the real project repos is not about "group[ing] all web content into one logical naming convention" -- it damages the usability of [already non-userfriendly] github collection of the real project repos. Which latter being the major part of the owasp's product/value (our capital on the cybersec scene).
c) The audience of the github.org/owasp repo collection is the public. While all www- repos are for internal use so can be anywhere, keeping the same level of minor inconvenience for us. Why messing it up together?
Please comment, maybe there are convincing counterarguments.
Best,
Timur
To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/1a66082b-b485-f1e9-275d-97cefc34d5ba%40owasp.org.
Kevin Johnson
Nov 1, 2019, 8:18:45 PM11/1/19
to Timur 'x' Khrotko [owasp], Mike McCamon, Leaders, Dirk Wetter, Paulo Silva, Anant Shrivastava, Azzeddine Ramrami, Steve Springett, Bjoern Kimminich
So this is probably going to come off way ruder than I mean it, but I am pretty irritable about this topic and I am on the last day of a month long trip for work, so take all of this with that precursor please.
Honestly I do not know why you would expect an answer. None of the other concerns raised for this or really any other OWASP project are actually addressed. For example the wrong account was added to the Jacksonville chapter repo with admin rights. When I asked about it I was told "That was the account provided" and then no further conversation. No it wasn't. The account provided was secretsquirrel (probably misspelled here as it isn't my account) . The account that was added had that as their name NOT their username. This is a pretty significant issue that really means that we should have all gotten some type of communication that said "Please check that permissions and accounts are right". But like usual communication is lacking. And when called out on it, we are told that "everyone is a volunteer". While true, that is a pretty piss poor excuse. We are ALL volunteers. But we should have some expectation of accountability and accuracy in work.
Honestly I do not know why you would expect an answer. None of the other concerns raised for this or really any other OWASP project are actually addressed. For example the wrong account was added to the Jacksonville chapter repo with admin rights. When I asked about it I was told "That was the account provided" and then no further conversation. No it wasn't. The account provided was secretsquirrel (probably misspelled here as it isn't my account) . The account that was added had that as their name NOT their username. This is a pretty significant issue that really means that we should have all gotten some type of communication that said "Please check that permissions and accounts are right". But like usual communication is lacking. And when called out on it, we are told that "everyone is a volunteer". While true, that is a pretty piss poor excuse. We are ALL volunteers. But we should have some expectation of accountability and accuracy in work.
I don't know the answer to this but I do know that I expect better of OWASP. But I will probably be disappointed as I have been every other time I ask for help or ask for information. Sad really. Maybe its time to rethink that life time membership and the fact that I pay for all of my employees to be members.
Kevin
*** Visit https://training.secureideas.com for our #affordabletraining offerings. This includes our brand new CISSP Mentor program ***
----
Kevin Johnson
CEO
Secure Ideas -- Professionally Evil®
https://www.secureideas.com
office - (866) 404-7837 ext 700 / cell - 904-403-8024
CEO
Secure Ideas -- Professionally Evil®
https://www.secureideas.com
office - (866) 404-7837 ext 700 / cell - 904-403-8024
Azzeddine Ramrami
Nov 1, 2019, 10:52:09 PM11/1/19
to Timur 'x' Khrotko [owasp], Mike McCamon, Leaders, Dirk Wetter, Paulo Silva, Anant Shrivastava, Steve Springett, Bjoern Kimminich
Hi
Fully agree with Timur.
The web application design must fellow the state of the art in enterprise architecture and cybee security.
Our website is our reputation, so it is important to deliver a good message to community and public.
Is there any Architecture Folder for the new website?
Is there a document describing the threat model for our website?
What about security testing of the new website?
Regards
Azzeddine RAMRAMI
Mike McCamon
Nov 1, 2019, 11:58:53 PM11/1/19
to Leaders
Several of us on staff do monitor this list - I do it through digest mode. We will not always be immediately responsive to every question. Kevin, I'm sorry if a mistake was made for a user name, so please let us know there are other issues. (BTW I did check the github migration form, and that was the username provided).
We do want to thank everyone for their feedback on this immense project. OWASP is in the active step of migrating a large site (close to 7,000 pages - some active, some abandoned, many conflicting with one another), with a great many content editors (about 3,000), and over 500 distinct user credential configurations. I understand some of the leaders don't like our repo convention, but I do want to report that others do. When we kicked off this project we consulted directly with Github on this design and due to a number of factors, including but not limited to, credential management, the requirement for global navigation and style sheets, long-term maintenance and simplicity, this is the design was selected and will be used for launch. We did not want to add too much novel new frameworks or libraries for longevity, security, stability, and reliability reasons - there is always a new-better-than-ever-framework launched nearly every week.
As many of you have pointed out; getting a new website launched has been a priority now for several years. It's embarrassing we can't get this done - but I promise we will and lots of us are jumping to get it launched before the end of the year (which is still six months later than I wanted).
Our current site gets around 18,000 visitors a day which is why I have been so aggressively pushing a "launch first, then iterate later" strategy with regards to some of the feedback we've been receiving. If we waited for total consensus on a plan at OWASP, I wonder if we could ever move forward. The current public website not a good experience, is a tremendously large missed visitor opportunity, and our migration to github will move us light years into the future compared to today.
What we need the most from the community right now is help to get content migrated. Unfortunately this isn't just a bot problem, there is a good deal of tedious manual rework that needs to be done. No need to move to a new house and not sort out the trash before you pack up. Also if you find a clever new feature that you think will help other chapters/projects either submit a pull request or email us directly. For instance, we would love to get a simple text processor that takes a Meetup endpoint json result and renders it into the info.md sidebar of each local chapter for an upcoming meeting schedule. Azzeddine it would be great if you could develop a document describing the threat models and security testing plan we should use when launching our new website. And if anyone on this list is really ambitious, check out all the Projects that have yet to migrate their pages on https://www2.owasp.org/projects.
Our current launch date is no later than December 20, 2019. You have my commitment that I will be doing everything and anything I can to make that deadline. Thank you everyone for support!
On Friday, October 18, 2019 at 9:34:42 AM UTC-5, Harold Blankenship wrote:
Hello, Leaders,The website migration is underway, with nearly all repositories having been created already. Not everyone has been added to your respective repositories; that is an on-going process. We now have a general document detailing the content in your repository at https://www2.owasp.org/migration
A nice-to-accomplish goal would be to get the chapters and projects migrated in the next 30 days.Regards,
Tanya Janca
Nov 2, 2019, 12:14:07 AM11/2/19
to Mike McCamon, Leaders
Hi everyone.
We have been trying to upgrade our website for years. Years and years. We never seem to have a consensus; all we do is argue and poke holes in the plans that others work hard to create. As a community we can 1) support this initiative, accept that it will be imperfect, but do the best we can with it 2) find hundreds of imperfections with this plan and block this project from progressing, essentially deciding that we will never have a new website or 3) we can wait and watch as others work very hard to drag us kicking and screaming onto a newer and more modern platform, but not stopping them or helping them.
I’m going to go with number 1. It’s not going to be perfect; I accept that. I do NOT accept us arguing endlessly and never having a new website, like we have for years and years and years already. If you don’t choose number 1, please consider choosing number 3.
Mike, OWASP Staff, Countless Volunteers on this project: thank you.
Tanya
--
You received this message because you are subscribed to the Google Groups "Leaders" group.
To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/ce9201e5-c892-4a11-b175-e89b0c7cb7ba%40owasp.org.
Steve Springett
Nov 2, 2019, 12:20:25 AM11/2/19
to Mike McCamon, Tanya Janca, Leaders
As others have pointed out, there are a number of issues with the current approach. Due to the number of repos, there isn’t a clear repo in which to submit issues.
A number of us have serious issues with the current design. Instead of flooding the leaders list, it would be really great it we knew which repo in which to file issues.
In what repo are we expected to submit issues regarding design, GitHub organizational structure, url conventions, etc? This should be clearly communicated so that we can iterate and improve.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/FE33DDC7-FCFD-434C-8C45-46D28F02B4A8%40owasp.org.
Bjoern Kimminich
Nov 2, 2019, 4:03:02 AM11/2/19
to lea...@owasp.org, Tanya Janca, Mike McCamon, Leaders
+1 for 1) and for providing feedback, feature requests or concrete improvements via GitHub issues or PRs. Both is way more constructive than endless complaints on the mailing list...
Cheers,
Bjoern
Cheers,
Bjoern
Bjoern Kimminich
Nov 2, 2019, 4:07:57 AM11/2/19
to lea...@owasp.org, Steve Springett, Mike McCamon, Tanya Janca, Leaders
Hi,
https://github.com/OWASP/www--site-theme seems like one good place for general theme/layout topics and https://github.com/OWASP/owasp.github.io for the general foundation pages.
For other things I'd just click "Edit on GitHub" wherever you are and open an issue where it takes me.
Cheers,
Bjoern
https://github.com/OWASP/www--site-theme seems like one good place for general theme/layout topics and https://github.com/OWASP/owasp.github.io for the general foundation pages.
For other things I'd just click "Edit on GitHub" wherever you are and open an issue where it takes me.
Cheers,
Bjoern
Dirk Wetter
Nov 2, 2019, 7:45:52 AM11/2/19
to lea...@owasp.org, di...@owasp.org
Hi Mike, all,
even if we think that this is what we want: 20th of December is a really ambitious target!
I doubt that this is doable. Please take into account that this is work which is done
in the spare time and end of the year is busy anyways.
Cheers, Dirk
> The website migration is underway, with nearly all repositories having been created already. Not everyone has been added to your respective repositories; that is an on-going process. We now have a general document detailing the content in your repository at https://www2.owasp.org/migration <https://www2.owasp.org/migration>
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/ce9201e5-c892-4a11-b175-e89b0c7cb7ba%40owasp.org <https://groups.google.com/a/owasp.org/d/msgid/leaders/ce9201e5-c892-4a11-b175-e89b0c7cb7ba%40owasp.org?utm_medium=email&utm_source=footer>.
even if we think that this is what we want: 20th of December is a really ambitious target!
I doubt that this is doable. Please take into account that this is work which is done
in the spare time and end of the year is busy anyways.
Cheers, Dirk
>
> A nice-to-accomplish goal would be to get the chapters and projects migrated in the next 30 days.
>
> Regards,
>
> Harold L. Blankenship
>
> OWASP Foundation
>
> Director of Technology and Projects
>
> A nice-to-accomplish goal would be to get the chapters and projects migrated in the next 30 days.
>
> Regards,
>
> Harold L. Blankenship
>
> OWASP Foundation
>
> Director of Technology and Projects
>
> --
> You received this message because you are subscribed to the Google Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org <mailto:leaders+u...@owasp.org>.
> You received this message because you are subscribed to the Google Groups "Leaders" group.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/ce9201e5-c892-4a11-b175-e89b0c7cb7ba%40owasp.org <https://groups.google.com/a/owasp.org/d/msgid/leaders/ce9201e5-c892-4a11-b175-e89b0c7cb7ba%40owasp.org?utm_medium=email&utm_source=footer>.
Dirk Wetter
Nov 2, 2019, 7:52:01 AM11/2/19
to lea...@owasp.org, di...@owasp.org
Hi Tanja / everyone,
it's not about not having 100% consensus. It's about a website which will
have problems later. They won't go away if they won't be addressed
or even refused to discussed.
Cheers, Dirk
On 11/2/19 5:14 AM, Tanya Janca wrote:
> Hi everyone.
>
> We have been trying to upgrade our website for years. Years and years. We never seem to have a consensus; all we do is argue and poke holes in the plans that others work hard to create. As a community we can 1) support this initiative, accept that it will be imperfect, but do the best we can with it 2) find hundreds of imperfections with this plan and block this project from progressing, essentially deciding that we will never have a new website or 3) we can wait and watch as others work very hard to drag us kicking and screaming onto a newer and more modern platform, but not stopping them or helping them.
>
> I’m going to go with number 1. It’s not going to be perfect; I accept that. I do NOT accept us arguing endlessly and never having a new website, like we have for years and years and years already. If you don’t choose number 1, please consider choosing number 3.
>
> *Mike, OWASP Staff, Countless Volunteers on this project: thank you.*
>> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/ce9201e5-c892-4a11-b175-e89b0c7cb7ba%40owasp.org <https://groups.google.com/a/owasp.org/d/msgid/leaders/ce9201e5-c892-4a11-b175-e89b0c7cb7ba%40owasp.org?utm_medium=email&utm_source=footer>.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/FE33DDC7-FCFD-434C-8C45-46D28F02B4A8%40owasp.org <https://groups.google.com/a/owasp.org/d/msgid/leaders/FE33DDC7-FCFD-434C-8C45-46D28F02B4A8%40owasp.org?utm_medium=email&utm_source=footer>.
it's not about not having 100% consensus. It's about a website which will
have problems later. They won't go away if they won't be addressed
or even refused to discussed.
Cheers, Dirk
On 11/2/19 5:14 AM, Tanya Janca wrote:
> Hi everyone.
>
> We have been trying to upgrade our website for years. Years and years. We never seem to have a consensus; all we do is argue and poke holes in the plans that others work hard to create. As a community we can 1) support this initiative, accept that it will be imperfect, but do the best we can with it 2) find hundreds of imperfections with this plan and block this project from progressing, essentially deciding that we will never have a new website or 3) we can wait and watch as others work very hard to drag us kicking and screaming onto a newer and more modern platform, but not stopping them or helping them.
>
> I’m going to go with number 1. It’s not going to be perfect; I accept that. I do NOT accept us arguing endlessly and never having a new website, like we have for years and years and years already. If you don’t choose number 1, please consider choosing number 3.
>
>
> Tanya
>
>
>
>
>
>
>> On Nov 2, 2019, at 2:28 PM, Mike McCamon <mike.m...@owasp.com <mailto:mike.m...@owasp.com>> wrote:
>>
>> Several of us on staff do monitor this list - I do it through digest mode. We will not always be immediately responsive to every question. Kevin, I'm sorry if a mistake was made for a user name, so please let us know there are other issues. (BTW I did check the github migration form, and that was the username provided).
>>
>> We do want to thank everyone for their feedback on this immense project. OWASP is in the active step of migrating a large site (close to 7,000 pages - some active, some abandoned, many conflicting with one another), with a great many content editors (about 3,000), and over 500 distinct user credential configurations. I understand some of the leaders don't like our repo convention, but I do want to report that others do. When we kicked off this project we consulted directly with Github on this design and due to a number of factors, including but not limited to, credential management, the requirement for global navigation and style sheets, long-term maintenance and simplicity, this is the design was selected and will be used for launch. We did not want to add too much novel new frameworks or libraries for longevity, security, stability, and reliability reasons - there is always a new-better-than-ever-framework launched nearly every week.
>>
>> As many of you have pointed out; getting a new website launched has been a priority now for several years. It's embarrassing we can't get this done - but I promise we will and lots of us are jumping to get it launched before the end of the year (which is still six months later than I wanted).
>>
>> Our current site gets around 18,000 visitors a day which is why I have been so aggressively pushing a "launch first, then iterate later" strategy with regards to some of the feedback we've been receiving. If we waited for total consensus on a plan at OWASP, I wonder if we could ever move forward. The current public website not a good experience, is a tremendously large missed visitor opportunity, and our migration to github will move us light years into the future compared to today.
>>
>> What we need the most from the community right now is help to get content migrated. Unfortunately this isn't just a bot problem, there is a good deal of tedious manual rework that needs to be done. No need to move to a new house and not sort out the trash before you pack up. Also if you find a clever new feature that you think will help other chapters/projects either submit a pull request or email us directly. For instance, we would love to get a simple text processor that takes a Meetup endpoint json result and renders it into the info.md sidebar of each local chapter for an upcoming meeting schedule. Azzeddine it would be great if you could develop a document describing the threat models and security testing plan we should use when launching our new website. And if anyone on this list is really ambitious, check out all the Projects that have yet to migrate their pages on https://www2.owasp.org/projects.
>>
>> Our current launch date is no later than December 20, 2019. You have my commitment that I will be doing everything and anything I can to make that deadline. Thank you everyone for support!
>>
>> On Friday, October 18, 2019 at 9:34:42 AM UTC-5, Harold Blankenship wrote:
>>
>> Hello, Leaders,
>>
>> The website migration is underway, with nearly all repositories having been created already. Not everyone has been added to your respective repositories; that is an on-going process. We now have a general document detailing the content in your repository at https://www2.owasp.org/migration <https://www2.owasp.org/migration>
> Tanya
>
>
>
>
>
>
>> On Nov 2, 2019, at 2:28 PM, Mike McCamon <mike.m...@owasp.com <mailto:mike.m...@owasp.com>> wrote:
>>
>> Several of us on staff do monitor this list - I do it through digest mode. We will not always be immediately responsive to every question. Kevin, I'm sorry if a mistake was made for a user name, so please let us know there are other issues. (BTW I did check the github migration form, and that was the username provided).
>>
>> We do want to thank everyone for their feedback on this immense project. OWASP is in the active step of migrating a large site (close to 7,000 pages - some active, some abandoned, many conflicting with one another), with a great many content editors (about 3,000), and over 500 distinct user credential configurations. I understand some of the leaders don't like our repo convention, but I do want to report that others do. When we kicked off this project we consulted directly with Github on this design and due to a number of factors, including but not limited to, credential management, the requirement for global navigation and style sheets, long-term maintenance and simplicity, this is the design was selected and will be used for launch. We did not want to add too much novel new frameworks or libraries for longevity, security, stability, and reliability reasons - there is always a new-better-than-ever-framework launched nearly every week.
>>
>> As many of you have pointed out; getting a new website launched has been a priority now for several years. It's embarrassing we can't get this done - but I promise we will and lots of us are jumping to get it launched before the end of the year (which is still six months later than I wanted).
>>
>> Our current site gets around 18,000 visitors a day which is why I have been so aggressively pushing a "launch first, then iterate later" strategy with regards to some of the feedback we've been receiving. If we waited for total consensus on a plan at OWASP, I wonder if we could ever move forward. The current public website not a good experience, is a tremendously large missed visitor opportunity, and our migration to github will move us light years into the future compared to today.
>>
>> What we need the most from the community right now is help to get content migrated. Unfortunately this isn't just a bot problem, there is a good deal of tedious manual rework that needs to be done. No need to move to a new house and not sort out the trash before you pack up. Also if you find a clever new feature that you think will help other chapters/projects either submit a pull request or email us directly. For instance, we would love to get a simple text processor that takes a Meetup endpoint json result and renders it into the info.md sidebar of each local chapter for an upcoming meeting schedule. Azzeddine it would be great if you could develop a document describing the threat models and security testing plan we should use when launching our new website. And if anyone on this list is really ambitious, check out all the Projects that have yet to migrate their pages on https://www2.owasp.org/projects.
>>
>> Our current launch date is no later than December 20, 2019. You have my commitment that I will be doing everything and anything I can to make that deadline. Thank you everyone for support!
>>
>> On Friday, October 18, 2019 at 9:34:42 AM UTC-5, Harold Blankenship wrote:
>>
>> Hello, Leaders,
>>
>>
>> A nice-to-accomplish goal would be to get the chapters and projects migrated in the next 30 days.
>>
>> Regards,
>>
>> Harold L. Blankenship
>> OWASP Foundation
>> Director of Technology and Projects
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups "Leaders" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org <mailto:leaders+u...@owasp.org>.
>> A nice-to-accomplish goal would be to get the chapters and projects migrated in the next 30 days.
>>
>> Regards,
>>
>> Harold L. Blankenship
>> OWASP Foundation
>> Director of Technology and Projects
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups "Leaders" group.
>> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/ce9201e5-c892-4a11-b175-e89b0c7cb7ba%40owasp.org <https://groups.google.com/a/owasp.org/d/msgid/leaders/ce9201e5-c892-4a11-b175-e89b0c7cb7ba%40owasp.org?utm_medium=email&utm_source=footer>.
>
> --
> You received this message because you are subscribed to the Google Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org <mailto:leaders+u...@owasp.org>.
> --
> You received this message because you are subscribed to the Google Groups "Leaders" group.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/FE33DDC7-FCFD-434C-8C45-46D28F02B4A8%40owasp.org <https://groups.google.com/a/owasp.org/d/msgid/leaders/FE33DDC7-FCFD-434C-8C45-46D28F02B4A8%40owasp.org?utm_medium=email&utm_source=footer>.
Timur 'x' Khrotko [owasp]
Nov 2, 2019, 10:13:14 AM11/2/19
to Tanya Janca, Mike McCamon, di...@owasp.org, lea...@owasp.org
Tanya, that's exactly the case: that we waited for 7 years for the site so waiting another 6 month to achieve something sound instead of something workable is a reasonable approach instead of chaising a xmas deadline to put a formal tick on a big issue.
It's up to you if you choose workable. This choice also has its benefits.
However don't downplay the other approach where we say that the proposed and forced to production solution has major issues. Which in my opinion are blocking issues in the view of our targets of high priority:
We plan to attract developers on the highly competitive in terms of attraction cybersec scene. For that apart of content you need sound/cool look. https://owasp.org/www-projects-xyzjkl looks non web professional in 2020+.
We try to maintain our professional authority on the competing cybersec scene. For that showing a mess of irrelevant for visitors repos in GitHub.org/owasp is a shot in our leg.
Even in frame of the chosen solution the www- repos could go to GitHub.org/owasp-www organisation. This tiny change could solve both above problems for 80%. It's not late to make this move. It needs only direct negotiations with GitHub (that Mike can do).
Cheers :)
Timur
To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/29d9386c-ea5d-6d50-e639-afa572f40fa3%40owasp.org.
Anant Shrivastava
Nov 2, 2019, 10:36:07 AM11/2/19
to lea...@owasp.org
I echo what Timur said. Thanks @Timur for articulating it nicely.
Its not that we only are cribbing about the way forward. problem is no
one has a visibility of what is the path we are going for. its rocky so
be it but at-least we need to know what is going on and where are we headed.
as rightly pointed out many times by myself and others the URL structure
of a website of OWASP (remember W still is Web even though we deal in a
lot more now) gives the first impression.
there was a discussion about having subdomains that also never got
picked even that could have solved the problem but what no one is
answering is with the current method of a direct CNAME Mapping how are
we handling the influx of 404's we will face. across the internet this
website is linked in 1000's of places with various internal link. is
there a roadmap on how we can even handle that.Right now the current
tech in place doesn't have any scope of handling it coz we are simply
handing over the control to github.
I can understand the frustration that people are feeling about website
but is it too hard to be O as in Open about what are we doing and take
inputs from those 3000 content author's / 500 unique creds Mike talked
about. A simple approach could have had been this is the path way we are
taking if any concern raise it if not then we will take this forward.
even if none of the concerns were listened people would have been in a
better space coz they would have known what's going on. Right now its a
blindfold and we are just asked to work on something but what is the end
no one tells us.
-Anant
On 02/11/19 7:42 pm, Timur 'x' Khrotko [owasp] wrote:
> Tanya, that's exactly the case: that we waited for 7 years for the site
> so waiting another 6 month to achieve something sound instead of
> something workable is a reasonable approach instead of chaising a xmas
> deadline to put a formal tick on a big issue.
>
> It's up to you if you choose workable. This choice also has its benefits.
>
> However don't downplay the other approach where we say that the proposed
> and forced to production solution has major issues. Which in my opinion
> are blocking issues in the view of our targets of high priority:
>
> We plan to attract developers on the highly competitive in terms of
> attraction cybersec scene. For that apart of content you need sound/cool
> look. https://owasp.org/www-projects-xyzjkl looks non web professional
> in 2020+.
>
> We try to maintain our professional authority on the competing cybersec
> scene. For that showing a mess of irrelevant for visitors repos in
> GitHub.org/owasp is a shot in our leg.
>
> Even in frame of the chosen solution the www- repos could go to
> GitHub.org/owasp-www organisation. This tiny change could solve both
> above problems for 80%. It's not late to make this move. It needs only
> direct negotiations with GitHub (that Mike can do).
>
> Cheers :)
>
> Timur
>
> On 2019. Nov 2., Sat at 12:52, Dirk Wetter <di...@owasp.org
> <mailto:mike.m...@owasp.com> <mailto:mike.m...@owasp.com
> <mailto:leaders%2Bunsu...@owasp.org>
> <mailto:leaders+u...@owasp.org
> <mailto:leaders%2Bunsu...@owasp.org>>.
> <mailto:leaders+u...@owasp.org
> <mailto:leaders%2Bunsu...@owasp.org>>.
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CABgY9Hz4DSjGRQgo5jgg%2BEUEYYBsWX41MNMqBAh1X0tkMDfszg%40mail.gmail.com?utm_medium=email&utm_source=footer>.
Its not that we only are cribbing about the way forward. problem is no
one has a visibility of what is the path we are going for. its rocky so
be it but at-least we need to know what is going on and where are we headed.
as rightly pointed out many times by myself and others the URL structure
of a website of OWASP (remember W still is Web even though we deal in a
lot more now) gives the first impression.
there was a discussion about having subdomains that also never got
picked even that could have solved the problem but what no one is
answering is with the current method of a direct CNAME Mapping how are
we handling the influx of 404's we will face. across the internet this
website is linked in 1000's of places with various internal link. is
there a roadmap on how we can even handle that.Right now the current
tech in place doesn't have any scope of handling it coz we are simply
handing over the control to github.
I can understand the frustration that people are feeling about website
but is it too hard to be O as in Open about what are we doing and take
inputs from those 3000 content author's / 500 unique creds Mike talked
about. A simple approach could have had been this is the path way we are
taking if any concern raise it if not then we will take this forward.
even if none of the concerns were listened people would have been in a
better space coz they would have known what's going on. Right now its a
blindfold and we are just asked to work on something but what is the end
no one tells us.
-Anant
On 02/11/19 7:42 pm, Timur 'x' Khrotko [owasp] wrote:
> Tanya, that's exactly the case: that we waited for 7 years for the site
> so waiting another 6 month to achieve something sound instead of
> something workable is a reasonable approach instead of chaising a xmas
> deadline to put a formal tick on a big issue.
>
> It's up to you if you choose workable. This choice also has its benefits.
>
> However don't downplay the other approach where we say that the proposed
> and forced to production solution has major issues. Which in my opinion
> are blocking issues in the view of our targets of high priority:
>
> We plan to attract developers on the highly competitive in terms of
> attraction cybersec scene. For that apart of content you need sound/cool
> look. https://owasp.org/www-projects-xyzjkl looks non web professional
> in 2020+.
>
> We try to maintain our professional authority on the competing cybersec
> scene. For that showing a mess of irrelevant for visitors repos in
> GitHub.org/owasp is a shot in our leg.
>
> Even in frame of the chosen solution the www- repos could go to
> GitHub.org/owasp-www organisation. This tiny change could solve both
> above problems for 80%. It's not late to make this move. It needs only
> direct negotiations with GitHub (that Mike can do).
>
> Cheers :)
>
> Timur
>
> On 2019. Nov 2., Sat at 12:52, Dirk Wetter <di...@owasp.org
> <mailto:leaders+u...@owasp.org
> <mailto:leaders%2Bunsu...@owasp.org>>.
> >> To view this discussion on the web visit
> https://groups.google.com/a/owasp.org/d/msgid/leaders/ce9201e5-c892-4a11-b175-e89b0c7cb7ba%40owasp.org
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/ce9201e5-c892-4a11-b175-e89b0c7cb7ba%40owasp.org?utm_medium=email&utm_source=footer>.
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Leaders" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send an email to leaders+u...@owasp.org
> <mailto:leaders%2Bunsu...@owasp.org>
> https://groups.google.com/a/owasp.org/d/msgid/leaders/ce9201e5-c892-4a11-b175-e89b0c7cb7ba%40owasp.org
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/ce9201e5-c892-4a11-b175-e89b0c7cb7ba%40owasp.org?utm_medium=email&utm_source=footer>.
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Leaders" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send an email to leaders+u...@owasp.org
> <mailto:leaders+u...@owasp.org
> <mailto:leaders%2Bunsu...@owasp.org>>.
> > To view this discussion on the web visit
> https://groups.google.com/a/owasp.org/d/msgid/leaders/FE33DDC7-FCFD-434C-8C45-46D28F02B4A8%40owasp.org
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/FE33DDC7-FCFD-434C-8C45-46D28F02B4A8%40owasp.org?utm_medium=email&utm_source=footer>.
>
> --
> OWASP Volunteer
> Send me encrypted mails (Key ID 0xD0A74569)
>
> --
> You received this message because you are subscribed to the Google
> Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to leaders+u...@owasp.org
> <mailto:leaders%2Bunsu...@owasp.org>.
> https://groups.google.com/a/owasp.org/d/msgid/leaders/FE33DDC7-FCFD-434C-8C45-46D28F02B4A8%40owasp.org
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/FE33DDC7-FCFD-434C-8C45-46D28F02B4A8%40owasp.org?utm_medium=email&utm_source=footer>.
>
> --
> OWASP Volunteer
> Send me encrypted mails (Key ID 0xD0A74569)
>
> --
> You received this message because you are subscribed to the Google
> Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to leaders+u...@owasp.org
> To view this discussion on the web visit
> https://groups.google.com/a/owasp.org/d/msgid/leaders/29d9386c-ea5d-6d50-e639-afa572f40fa3%40owasp.org.
>
> --
> This message may contain confidential information - you should
> handle it
> accordingly.
>
>
> --
> This message may contain confidential information - you should
> handle it
> accordingly.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to leaders+u...@owasp.org
> <mailto:leaders+u...@owasp.org>.
> To view this discussion on the web visit
> https://groups.google.com/a/owasp.org/d/msgid/leaders/CABgY9Hz4DSjGRQgo5jgg%2BEUEYYBsWX41MNMqBAh1X0tkMDfszg%40mail.gmail.com
> You received this message because you are subscribed to the Google
> Groups "Leaders" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to leaders+u...@owasp.org
> <mailto:leaders+u...@owasp.org>.
> To view this discussion on the web visit
> <https://groups.google.com/a/owasp.org/d/msgid/leaders/CABgY9Hz4DSjGRQgo5jgg%2BEUEYYBsWX41MNMqBAh1X0tkMDfszg%40mail.gmail.com?utm_medium=email&utm_source=footer>.
Tanya Janca
Nov 2, 2019, 5:31:20 PM11/2/19
to Anant Shrivastava, Leaders
Thank you (Anant, Timur, others) for your constructive feedback. It's helpful. Would you be willing to join the migration team? They need your insight.
Tanya
To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/d6d109d9-fc4c-50d3-ccd1-fda5189d0c32%40owasp.org.
Kevin Johnson
Nov 2, 2019, 9:25:02 PM11/2/19
to Mike McCamon, Leaders
My notes are inline below.
Kevin
*** Visit https://training.secureideas.com for our #affordabletraining offerings. This includes our brand new CISSP Mentor program ***
----
Kevin Johnson
CEO
Secure Ideas -- Professionally Evil®
https://www.secureideas.com
office - (866) 404-7837 ext 700 / cell - 904-403-8024
CEO
Secure Ideas -- Professionally Evil®
https://www.secureideas.com
office - (866) 404-7837 ext 700 / cell - 904-403-8024
On Fri, Nov 1, 2019 at 11:58 PM Mike McCamon <mike.m...@owasp.com> wrote:
Several of us on staff do monitor this list - I do it through digest mode. We will not always be immediately responsive to every question. Kevin, I'm sorry if a mistake was made for a user name, so please let us know there are other issues. (BTW I did check the github migration form, and that was the username provided).
See here is yet another time that people aren't listening. The feeling is that you read something and plan your response instead of considering what was said. I am well aware that the username he provided was secret squirrel (again I have no idea of the spelling without looking it up.) . The person added as an admin has a completely different user name. Their "real" name was secret squirrel. That is the issue. And when I pointed it out, I wasn't looking to bash anyone, I was saying "Hey a mistake was made, we should probably tell people to check their accounts to ensure the rght thing happened". Instead I was privately told the same thing you just said and NO one was contacted or any notification of checking stuff was done. So how many other accounts were given admin rights to OWASP repos by mistake? Who is going to verify that? Normally I would feel that it wasn't necessary to explain to OWASP people the risk and damage this could cause. But I am starting to believe that my expectations are not realistic.
We do want to thank everyone for their feedback on this immense project. OWASP is in the active step of migrating a large site (close to 7,000 pages - some active, some abandoned, many conflicting with one another), with a great many content editors (about 3,000), and over 500 distinct user credential configurations. I understand some of the leaders don't like our repo convention, but I do want to report that others do. When we kicked off this project we consulted directly with Github on this design and due to a number of factors, including but not limited to, credential management, the requirement for global navigation and style sheets, long-term maintenance and simplicity, this is the design was selected and will be used for launch. We did not want to add too much novel new frameworks or libraries for longevity, security, stability, and reliability reasons - there is always a new-better-than-ever-framework launched nearly every week.
Neat. Personally I don't care about the URL enough to argue about it, but I do have to wonder if anyone has considered putting the system behind a URL rewriting system? I mean that is the github recommended way to fix this. But don't let the TFM get in the way of a good pissing match.
Martín Villalba
Nov 3, 2019, 3:47:44 PM11/3/19
to Tanya Janca, Mike McCamon, Leaders
> As a community we can 1) support this initiative, accept that it will be imperfect, but do the best we can with it.
+1, and I also thank the people making this happen. For those that have strong suggestions for improvement of the upcoming site, let's use your energy to put together an actionable and positive plan for improvement of the new website in the near future (not just complaints or throwing ideas here and there, we need actionable plans).
Cheers,
Martín -
https://twitter.com/act1vand0
Santa Barbara Leader - https://owasp.org/index.php/Santa_Barbara
AppSec California Co-organizer - https://appseccalifornia.org
.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/FE33DDC7-FCFD-434C-8C45-46D28F02B4A8%40owasp.org.
Azzeddine Ramrami
Nov 3, 2019, 3:58:19 PM11/3/19
to Martín Villalba, Tanya Janca, Mike McCamon, Leaders
Hi,
I sent this question to OWASP team but didn't get any reply:
What is the procedure to migrate our OWASP chapter and CSRFGuard project contents?
Regards
Azzeddine RAMRAMI
Morocco Chapter Leader
CSRFGuard Project Leader
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CAOXDvD8vyCqTjsZmu-h%2BLVyF_86Yg9bu__SvLUtYf42%3D3haZXg%40mail.gmail.com.
Bjoern Kimminich
Nov 3, 2019, 4:07:33 PM11/3/19
to Azzeddine Ramrami, Martín Villalba, Tanya Janca, Mike McCamon, Leaders
Oh that's easy: The project/chapter leader requests access to the corresponding repositories and then migrates the content him-/herself. Harold sent an email some time ago with a Google form link for the repo permission request.
Kevin Johnson
Nov 3, 2019, 4:25:25 PM11/3/19
to Martín Villalba, Tanya Janca, Mike McCamon, Leaders
Great, so where would you like these actionable plans? Where was the discussion we can join that got us to here?
Kevin
*** Visit https://training.secureideas.com for our #affordabletraining offerings. This includes our brand new CISSP Mentor program ***
----
Kevin Johnson
CEO
Secure Ideas -- Professionally Evil®
https://www.secureideas.com
office - (866) 404-7837 ext 700 / cell - 904-403-8024
CEO
Secure Ideas -- Professionally Evil®
https://www.secureideas.com
office - (866) 404-7837 ext 700 / cell - 904-403-8024
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CAOXDvD8vyCqTjsZmu-h%2BLVyF_86Yg9bu__SvLUtYf42%3D3haZXg%40mail.gmail.com.
Martín Villalba
Nov 3, 2019, 4:46:42 PM11/3/19
to Kevin Johnson, Tanya Janca, Mike McCamon, Leaders
Kevin, I think you have very valid concerns and I would like to see if I can help getting them addressed. Perhaps you or someone else in this thread can start a shared google doc where we could work on a brief and concise summary of the potential issues that have been identified in this thread along with ideas on how we can address them during our second iteration of the site? That could potentially morph into a new internal project in itself, the OWASP website (if there isn't one already), with specific project leaders and volunteers. There seems to be people very knowledgeable about github and website infrastructure (not me unfortunately), so we could definitely use your/their help. What do you think?
Cheers,
Martín -
https://twitter.com/act1vand0
Santa Barbara Leader - https://owasp.org/index.php/Santa_Barbara
AppSec California Co-organizer - https://appseccalifornia.org
.
Timur 'x' Khrotko [owasp]
Nov 3, 2019, 4:56:41 PM11/3/19
to Martín Villalba, Kevin Johnson, Tanya Janca, Mike McCamon, Leaders
Martín, so you recognize that the first iteration was't/isn't that "inclusive", good. :))
Martín, regarding your earlier message: in the name of tolerance and inclusiveness which you respect I suggest to phrase with more respect to those trying to point out to issues which may harm the best interests of the community you care as much as we the grumblers do probably. May I correct your interpretation:
* Could you please point to an announcement of any kind on this list which I missed when we could've thrown "actionable" ideas or get involved in time regarding the website architecture? (In the leader's list it's just that Matt mentioned one year ago in a conversation with me that they are in process of cms selection - that's all I can find.) No RFP, no public announcement of the planned architecture. Is it correct, or? If so then what can we do now, only bark at the running train.
* Note that Mike selectively answered questions in this thread (🤔). So this also makes us grumblers left without answers, and making an impression as if we are just throwing complaints and ideas. Not a pleasant role btw.
Looking to return to the topic in that doc.
Timur
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CAOXDvD8C4Qdb90ywK0nQz39R-kCTsoK9V5Mv5YH%3DzSh1iTX1dA%40mail.gmail.com.
Martín Villalba
Nov 3, 2019, 8:22:46 PM11/3/19
to Timur 'x' Khrotko [owasp], Kevin Johnson, Tanya Janca, Mike McCamon, Leaders
> Could you please point to an announcement of any kind on this list which I missed when we could've thrown "actionable" ideas or get involved in time regarding the website architecture?
I cannot, and I never said I could. What I'm saying is, we can keep pointing fingers at each other and keep trying to call everyone out about what they did or didn't do, or we can use that time and energy to improve the aspects that people have complained about: 1) better communication regarding website project (and just in general), and 2) specific issues we may face with upcoming website design/infrastructure and ideas to solve them.
Timur, you had a really good technical feedback about the website design. Would you like to start a shared google doc where we could compile your good feedback along with Kevin Johnson's and others?
Cheers,
Martín -
https://twitter.com/act1vand0
Santa Barbara Leader - https://owasp.org/index.php/Santa_Barbara
AppSec California Co-organizer - https://appseccalifornia.org
.
Timur 'x' Khrotko [owasp]
Nov 3, 2019, 8:24:32 PM11/3/19
to Martín Villalba, Kevin Johnson, Leaders, Mike McCamon, Tanya Janca
Sure! Tomorrow I will. Thanks. Cheers.
Kevin Johnson
Nov 3, 2019, 8:52:23 PM11/3/19
to Martín Villalba, Tanya Janca, Mike McCamon, Leaders
Hi-
While I have no problem sharing a Google Doc, is that really where OWASP handles projects? Where did we do the original project? Why can't we use that? This seems like we are going to throw something at a problem because people are complaining. That is a surprise from an organization like OWASP.
I guess the key question (since so many questions are being unanswered) is where was the previous project run?
Kevin
*** Visit https://training.secureideas.com for our #affordabletraining offerings. This includes our brand new CISSP Mentor program ***
----
Kevin Johnson
CEO
Secure Ideas -- Professionally Evil®
https://www.secureideas.com
office - (866) 404-7837 ext 700 / cell - 904-403-8024
CEO
Secure Ideas -- Professionally Evil®
https://www.secureideas.com
office - (866) 404-7837 ext 700 / cell - 904-403-8024
Harold Blankenship
Nov 4, 2019, 1:08:44 AM11/4/19
to Leaders
As everyone is likely aware, the website migration idea has been floating around since something like 2016. When I came onboard in 2018 it was again brought up. Each time it seems that various issues got in the way of progress. Most often it has been turnover in the OWASP Foundation staff. We have finally begun to see progress toward an actual migration with Mike's decision to make it a priority for 2019. I can provide some of the details that a few of you have been lacking.
The initial staff project plan was begun in February. You can find the current iteration of that plan under the Staff Projects page on the website for the Website Migration. The migration plan was announced in May at Global AppSec TelAviv. The naming convention has been documented since June and the migration was announced in the July Connector as well. More details were again provided at the Global AppSec DC and Amsterdam meetings.
The decision to use github pages was done for a variety of reasons: static website, easy to understand markdown for people not familiar with html/css, the fact that the vast majority of you and most other open source software communities use it (github specifically, not necessarily pages), credential management, the reliability of github pages, the built-in ability to watch various repos and pages, etc. Further, most of our projects and event sites reside in github already.
Regarding the decision to use our projects github repo for the website, I apologize for cluttering the space. I know many of you probably regularly browse the repos looking for the latest updates and it is difficult to filter the various repositories if you don't know what you are looking for... I initially fought for keeping the 'www' sites in a separate organizational repo but the simple argument that most of the github users in OWASP already reside in the OWASP org repositories won me over.
As for the naming scheme issues, this has been answered and I apologize if the answer doesn't sit well with some of you. I have been in touch with github regarding the use of permalinks in repositories that reside under an org pages site. I am awaiting their answer and I will let you know when I hear something. Essentially, I would like to see permalinks work with our setup the way you think they should: if I put a permalink: /zap in www-project-zap, for instance, I would want the www2.owasp.org/zap link to point to the right place. Currently, it does not (it will instead work like: www2.owasp.org/www-project-zap/zap).
With regard to the various chapter, project,and committee repositories that have already been set up, please do as Kevin suggests and make sure the users that were added match what you think it should. Kevin, I apologize for my handling of the secretsquirrell username; I initially replied that the name was what I was given because, when I looked, the username in github matched the username I have on file (I didn't realize you had already changed it). One of the reasons I mentioned above for moving to github pages was so that we had better credential management than the wiki where anyone or their next of kin could update a project/chapter/committee page without the owner's consent and adding people incorrectly doesn't help get us there.
Moving forward, we have a great many challenges ahead. Not least among these is marking content that does not reside in a project, chapter, committee, or foundation policy area that we want to make sure gets migrated to the new site. We have contracted a company to help with SEO, redirects, and page identification but we would certainly appreciate community involvement in identifying 'loose' pages that are still relevant. Further, we have over 420 chapters and projects combined. Of those 420, only around 100 have at least one person who provided a github username - your fellow leaders could use a nudge. You can point them to https://owasp.wufoo.com/forms/q1mfqvds1ig96mh/ where they can provide github usernames.
One of the best ways to provide your feedback is through the use of an already existing github feature: open an issue. For issues and problems regarding the website theme, use the repository www--site-theme. For issues with the main website, use the owasp.github.io repository. For other issues, use the respective chapter, staff, policy, or project repository; if you are not sure of the repository, try typing 'www-project' or 'www-chapter' or 'www-policy' into the repository filter bar to start your search. Anyone can open an issue. And anyone can go to the bottom of any of the pages on the website and 'Edit on Github' to submit a pull request.
A number of you have already volunteered to help move the migration forward, including migrating your projects and chapters as examples for others to follow, and I thank you. If you are interested in helping in a more hands-on level, you may send me an email and I will add you to our trello board and we can work together toward a functional, migrated OWASP website.
Regards,
Harold L. Blankenship
OWASP Foundation
Director of Technology and Projects
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CAMLXGMFOBx7m2ET80S3dXX0J-VWO4KEpsO28%2Bsst4U1Fjxti%2Bg%40mail.gmail.com.
Timur 'x' Khrotko [owasp]
Nov 4, 2019, 12:48:37 PM11/4/19
to Harold Blankenship, Leaders
Harold, personally I'm happy with your answer and many thanks for the details!
I wish you submitted these infos as an RFP many mouths ago. Then you guys could have leverage on the relevant asset you have: that owasp leaders are good at web technologies. And maybe have a fruitful discussion with some picky persons like me. :)
I checked the page you referred to and I still see no reason why owasp-www organisation wasn't an option.
Will permalinks be a manually manage option for chosen ones? Or will it work automatically to cover all /www-something_i_dontcare-something_im_looking for URL-s?
Overall I would suggest that while the opinion of the visitors of conferences and of the readers of the newsletter indeed deserve more attention - still the demos of owasp are leaders. So such major plans as the website for the next decade are to be transparent for us.
Thanks,
Timur
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CAL6Jrt4MFAknbamTMBL%3DDdHp6dDey3U-e8tQqeSv2TsdO5u76g%40mail.gmail.com.
Kevin Johnson
Nov 4, 2019, 11:14:51 PM11/4/19
to Harold Blankenship, Leaders
My notes are inline.
And thank you for this comprehensive answer.
Kevin
On Mon, Nov 4, 2019 at 1:08 AM Harold Blankenship <harold.bl...@owasp.com> wrote:
As everyone is likely aware, the website migration idea has been floating around since something like 2016. When I came onboard in 2018 it was again brought up. Each time it seems that various issues got in the way of progress. Most often it has been turnover in the OWASP Foundation staff. We have finally begun to see progress toward an actual migration with Mike's decision to make it a priority for 2019. I can provide some of the details that a few of you have been lacking.
Thank you. I can understand how the website becomes stagnant and not a priority, but I am glad to see that you all realize that it really is the main "deliverable" from OWASP itself.
The initial staff project plan was begun in February. You can find the current iteration of that plan under the Staff Projects page on the website for the Website Migration. The migration plan was announced in May at Global AppSec TelAviv. The naming convention has been documented since June and the migration was announced in the July Connector as well. More details were again provided at the Global AppSec DC and Amsterdam meetings.
While this is a great page to point people at, it really isn't a place where the decisions were made or the conversations were held. And based on this paragraph, it seems that there wasn't a public place where this was performed? This seems contrary to the Open part of the OWASP name and core values. Is there somewhere we aren't aware of? For example a Slack channel? The reason I ask is that maybe it would explain the decisions so many people are now hearing about and disagreeing with.
The decision to use github pages was done for a variety of reasons: static website, easy to understand markdown for people not familiar with html/css, the fact that the vast majority of you and most other open source software communities use it (github specifically, not necessarily pages), credential management, the reliability of github pages, the built-in ability to watch various repos and pages, etc. Further, most of our projects and event sites reside in github already.
All of this makes sense. And I don't think anyone has disagreed with that. (They might prefer a different platform, but their preference seems to be for the same reasons you picked this. Of course we can't know that since we don't see the decisions, just the results.)
Regarding the decision to use our projects github repo for the website, I apologize for cluttering the space. I know many of you probably regularly browse the repos looking for the latest updates and it is difficult to filter the various repositories if you don't know what you are looking for... I initially fought for keeping the 'www' sites in a separate organizational repo but the simple argument that most of the github users in OWASP already reside in the OWASP org repositories won me over.
Can we un-"win you over"? It seems like that is the perfect answer to most of the problems outlined in the threads here.
As for the naming scheme issues, this has been answered and I apologize if the answer doesn't sit well with some of you. I have been in touch with github regarding the use of permalinks in repositories that reside under an org pages site. I am awaiting their answer and I will let you know when I hear something. Essentially, I would like to see permalinks work with our setup the way you think they should: if I put a permalink: /zap in www-project-zap, for instance, I would want the www2.owasp.org/zap link to point to the right place. Currently, it does not (it will instead work like: www2.owasp.org/www-project-zap/zap).
There are lots of ways to do this outside of Github. Meaning ways to do it that point to the right place on github, not moving to another place. I think this is one of the complaints others have stated that this lack seems to be using 1990's tech for a 2020 solution.
With regard to the various chapter, project,and committee repositories that have already been set up, please do as Kevin suggests and make sure the users that were added match what you think it should.
Personally I think you need to send this out some how better then here. I know for a fact that there are project leaders not on this mailing list. I also know that since this thread has gone way past where most people care to read, they are going to miss this. Personally I think this is a serious enough issue that we need to do something to ensure that Larry's account was the only one affected (I doubt this.) . I am not trying to harp on this to beat you all up. We are human and we make mistakes. It is how we recover that proves our worth.
Kevin, I apologize for my handling of the secretsquirrell username; I initially replied that the name was what I was given because, when I looked, the username in github matched the username I have on file (I didn't realize you had already changed it). One of the reasons I mentioned above for moving to github pages was so that we had better credential management than the wiki where anyone or their next of kin could update a project/chapter/committee page without the owner's consent and adding people incorrectly doesn't help get us there.
Understood and thanks. So you now understand what happened? Are we looking at the other repos?
Moving forward, we have a great many challenges ahead. Not least among these is marking content that does not reside in a project, chapter, committee, or foundation policy area that we want to make sure gets migrated to the new site. We have contracted a company to help with SEO, redirects, and page identification but we would certainly appreciate community involvement in identifying 'loose' pages that are still relevant. Further, we have over 420 chapters and projects combined. Of those 420, only around 100 have at least one person who provided a github username - your fellow leaders could use a nudge. You can point them to https://owasp.wufoo.com/forms/q1mfqvds1ig96mh/ where they can provide github usernames.
How are you vetting this?
One of the best ways to provide your feedback is through the use of an already existing github feature: open an issue. For issues and problems regarding the website theme, use the repository www--site-theme. For issues with the main website, use the owasp.github.io repository. For other issues, use the respective chapter, staff, policy, or project repository; if you are not sure of the repository, try typing 'www-project' or 'www-chapter' or 'www-policy' into the repository filter bar to start your search. Anyone can open an issue. And anyone can go to the bottom of any of the pages on the website and 'Edit on Github' to submit a pull request.
While this is great for issues, it really doesn't address the openness and conversation part of the issue we have seen over the last few days/weeks. What is the communication path to have a bidirectional conversation that has been stated so many times in this thread? Heck, the people complaining about issues kept getting told that we needed to be open and communicative and the answer we are given is a issue posting?
A number of you have already volunteered to help move the migration forward, including migrating your projects and chapters as examples for others to follow, and I thank you. If you are interested in helping in a more hands-on level, you may send me an email and I will add you to our trello board and we can work together toward a functional, migrated OWASP website.
I would love to help with this.
Steve Springett
Nov 8, 2019, 12:55:46 PM11/8/19
to Harold Blankenship, Kevin Johnson, Leaders
For those of you who have raised complaints about the URL structure (myself included), I’ve opened a ticket to track it.
--
You received this message because you are subscribed to the Google Groups "Leaders" group.
To unsubscribe from this group and stop receiving emails from it, send an email to leaders+u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CAMLXGMHSiAJm_jX2kRBhi6YeR1935FCX2HOBmvSr%2BKyv0kJ1Cg%40mail.gmail.com.
Sherif Mansour
Nov 9, 2019, 6:56:23 AM11/9/19
to Steve Springett, Harold Blankenship, Mike McCamon, Harold Blankenship, Kevin Johnson, Leaders
Thanks Steve,
This thread is now 80+ responses deep. @Harold Blankenship & @Mike McCamon when a discussion goes this long, a simple phone call /discussion with community members who feel strongly about this would save time.
I've commented on the issue, as I am not a fan of the URL scheme either, but I also appreciate Mike and Harold are trying the best they could. Has anyone researched/knows GitPages enough to suggest an alternative (given how Harold setup the site)?
I have setup a time to discuss here (see link)
What I would propose everyone who would like to attend and voice their concerns is to also review how the new OWASP site is designed and propose solutions to the challenges you are finding (that would help the conversation along much faster).
Equally if there is an issue you feel strongly about (that is a show stopper), and the foundation disagrees, you could bring it up to the board for a decision.
-Sherif
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/e8443fce-9b8f-4c0d-aee5-ac9f1de863ce%40Spark.
--
Sherif Mansour OWASP Global Board Member & OWASP London Chapter Leader
Site: https://www.owasp.org/index.php/London
Email: sherif....@owasp.org Follow OWASP London Chapter on Twitter: @owasplondon "Like" us on Facebook: https://www.facebook.com/OWASPLondon Subscribe to our (lightweight) mailing list: https://lists.owasp.org/mailman/listinfo/owasp-london
Kevin Johnson
Nov 9, 2019, 6:58:44 PM11/9/19
to Sherif Mansour, Steve Springett, Harold Blankenship, Mike McCamon, Harold Blankenship, Leaders
While I can understand the idea of a phone call being helpful, I would vote totally against this. It is yet another way that OWASP becomes WASP.
First, most people won't be able to get on such a call. We all are busy and live in random places around the world. I know that personally I will be onsite at a client during the proposed time. And I assume that the majority of people are in similar situations.
Second, there is no record of such a call. We have already called out the idea that none of this project was done very publicly. In answer we were told of the various places t was announced in person. And we want to repeat that failure?
Third, large phone calls/meetings are not the best venue for working out technical details. The best option is to get ideas drafted together in some format. Trello/Git Issues/Google Doc/something are various ideas that have been proposed. ( I always assumed that OWASP had a collaboration tool, but this thread has me doubting that.) . Then a project team can publicly work on it.
Again, I am really disappointed to find out how little OWASP has done to build a collaborative environment and how it continues to do things this way.
Kevin
OWASP LOS ANGELES
Nov 9, 2019, 9:55:23 PM11/9/19
to Leaders
AppSec California Earlybird pricing is Now!
Come join us on the beach January 21st through 24th.
Richard Greenberg, CISSP
AppSec Califonia Co-Chair
OWASP Global Board of Directors
ISSA Honor Roll & Distinguished Fellow
President, OWASP LA www.owaspla.org
President, ISSA LA www.issala.org
https://www.linkedin.com/in/richardagreenberg
(424) 307-4440
OWASP Global Board of Directors
ISSA Honor Roll & Distinguished Fellow
President, OWASP LA www.owaspla.org
President, ISSA LA www.issala.org
https://www.linkedin.com/in/richardagreenberg
(424) 307-4440
Sherif Mansour
Nov 10, 2019, 5:20:40 AM11/10/19
to Kevin Johnson, Steve Springett, Harold Blankenship, Mike McCamon, Harold Blankenship, Leaders
Hi Kevin,
I was planning on recording the meeting, but you could also use the git issues page https://github.com/OWASP/owasp.github.io/issues & I've setup a slack channel for this https://owasp.slack.com/archives/CQC4SEZ3N (both of which will also be on the invite).
However your touched on a few points I wanted to un-pack, but it's best on a separate thread as this one is now 80+ reponses deep, which is not really helpful. It's not just about the site migration but who we do things in general.
-Sherif
Sherif Mansour
Nov 10, 2019, 8:31:45 AM11/10/19
to Kevin Johnson, Steve Springett, Harold Blankenship, Mike McCamon, Harold Blankenship, Leaders
Dear all,
I wanted to get your feedback
and proposals on how the foundation can improve the way it engages the
community and involves you in important decision making.
Right
now, there are folks that think everything is fine, they put in a lot
of effort in soliciting feedback and there was also limited
participation.
Meanwhile, as I have seen
with the site migration thread, which went on for 80+ responses perhaps
there could be some improvement on the approach.
So I'd personally like your feedback on what you would want to see from the foundation, as in actionable feedback.
So
it doesn't look like a blank canvas I have jotted down a few things I
see could improve, and I also created a slack channel if it's easier to
discuss there. https://owasp.slack.com/archives/CQ16H5003
- We need on the main site a visible link & page on what we are trying to deliver each year & a public calendar for town halls or project office hours, and is communicated clearly in our community wide emails. (add it to email footers would also help).
- Also a very visible process of providing feedback,
and it should be easy to find (I was happy to see we link straight to
jira forms on the new site).
- Large
efforts should have a public slack channel for drop in. We have some
for different parts of the community, but we should have ones for large
initiatives as well.
- I created a slack channel for the site migration here: https://owasp.slack.com/archives/CQC4SEZ3N
- Regular office hours (i.e. one hour public calls) for chapter leaders and a separate one for project leaders. This is to avoid a lot of the misunderstandings we see on email threads where a project leader explodes after repeated frustrations. Equally the board has your back if there are bad actors.
- Meeting notes and decisions would then be logged on the site and progress for large initiatives would be updated.
- Equally
the community sets up a chapters & projects committees these would
help address these challenges by having a central community team dealing
with these issues directly with the board and the foundation, before
they result in
For any
issue, I would also recommend to the community members to also propose a
solution. It may not be how it's solved, bit it's helpful to know what
other options are there. if it is a showstopper and want to escalate to
the board, that is always an option.
Timur 'x' Khrotko [owasp]
Nov 13, 2019, 9:56:44 AM11/13/19
to Martín Villalba, Sherif Mansour, Azzeddine Ramrami, Harold Blankenship, Harold Blankenship, Kevin Johnson, Leaders, Mike McCamon, Steve Springett
Martín, I apologize I did not create the Google doc you suggested and I promised to make. It seems a less conflictive way to use the channels which the website project expects us to use. Let's see what the next iteration brings and decide if an alternative channel/discussion doc is reasonable, ok?!
Sherif, sorry for adding a new 8x-sh message to the thread. Unfortunately I can't attend the call. Though I still would like to remain part of the discussion.
My suggestion would be to maintain several channels and platforms for feedback and suggestions in case of such important for all topics like the site for the next decade. This ancient list should remain the one, imo, even if many experience it as a source of collateral spam.
And again the major issue to discuss *in my view*:
1) Why hasn't this website project been discussed leaders-publically. (Visitors of the OWASP conferences are still a minority however with reasonably prioritized opinions.)
2) How to avoid the silly www-* links. It can/should be done before going production.
3) How to separate the www- repos on GitHub.
4) How the legacy /index.php?* hardcoded in internets links remain functional?
timur
PS. Kevin, +1! ))
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/leaders/CAMJg_pvmQWOzztbRj9ArgzHZssyUNwjtWKKszyVYjYGNtU-yfw%40mail.gmail.com.
Sherif Mansour
Nov 13, 2019, 10:05:15 AM11/13/19
to Timur 'x' Khrotko [owasp], Martín Villalba, Azzeddine Ramrami, Harold Blankenship, Harold Blankenship, Kevin Johnson, Leaders, Mike McCamon, Steve Springett
no worries there is already a very lively discussion on Slack https://owasp.slack.com/archives/CQC4SEZ3N
and folks have been adding git issues https://github.com/OWASP/owasp.github.io/issues for the website migration issues and https://github.com/OWASP/www--site-theme/issues for design issues
Harold Blankenship
Nov 20, 2019, 6:03:00 PM11/20/19
to Leaders
As the foundation moves toward the migration of the OWASP web presence from the old wiki site to our new Github-hosted home, some of you may still have questions regarding what to move and how to move it. Essentially, if you have a chapter page or project page and you have not migrated it to the new website, that would be first. Steps on what to do and what is needed can be found at https://www2.owasp.org/migration There are also some minor instructions on the default project or chapter page itself. And if you are wondering where that page is located, you can go to https://github.com/OWASP and type your chapter or project name in the repository search bar. If your project or chapter is not there, contact me. Lastly, there are a number of excellent examples already done by other leaders (also linked on the migration page).
And, as a precaution, you should click over into the 'Settings' of your repository and then click the 'Collaborators & teams' link on the left menu and check to make sure that the usernames added to Collaborators match what you expect.
Some resources, mostly for projects, have been uploaded to the OWASP Site Theme Repository and can be linked to via the /assets/image/common/<file> url.
After your chapter or project page is done, there is a www-community repository which would include any files from the wiki that are not currently in a project or chapter or board/staff policy area. For instance, there are pages there for GSoC and XSS and CSRF. A list of the top pages that need to be migrated can be found attached to one of the TODO cards on our website migration Trello board which you are invited to join if you want to help migrate loose pages and/or perform some automation work.
Our current plan can be found on the Website Relaunch project page and includes the automatic migration of 'default' wiki xml to github markdown for chapter and project pages not migrated on 12/16/2019
If you have currently raised issues either here or within the Github repositories that have not yet been addressed, please know that these issues are still under consideration or investigation.
And, as a precaution, you should click over into the 'Settings' of your repository and then click the 'Collaborators & teams' link on the left menu and check to make sure that the usernames added to Collaborators match what you expect.
Some resources, mostly for projects, have been uploaded to the OWASP Site Theme Repository and can be linked to via the /assets/image/common/<file> url.
After your chapter or project page is done, there is a www-community repository which would include any files from the wiki that are not currently in a project or chapter or board/staff policy area. For instance, there are pages there for GSoC and XSS and CSRF. A list of the top pages that need to be migrated can be found attached to one of the TODO cards on our website migration Trello board which you are invited to join if you want to help migrate loose pages and/or perform some automation work.
Our current plan can be found on the Website Relaunch project page and includes the automatic migration of 'default' wiki xml to github markdown for chapter and project pages not migrated on 12/16/2019
If you have currently raised issues either here or within the Github repositories that have not yet been addressed, please know that these issues are still under consideration or investigation.
Reply all
Reply to author
Forward
0 new messages