Revision as of 16:16, 26 February 2019

Overview

Since very early in OWASP's history, Mailman has been used to facilitate communication between various members of the community. While Mailman has served the community well for years, the decision has been made to migrate from a self-hosted Mailman installation to Google Groups. The migration will allow the community to continue to have an email address to reach a particular segments of the community just like Mailman provides but without the administrative burden of running a server for Mailman. The reasons for this migration were stated at length on the leaders list here but are summarized below in no particular order:

• Mailman is old software and doesn't follow current security best practices.
  • It sends passwords in the clear which has been repeatedly pointed out by the community for quite some time as noted here.
  • It has a single shared password for overall site administration for the staff to use to oversee the installation
  • If a mail list has 2+ list owners, they must share a password for managing the list
• Mailman has an extremely dated UI/web interface. This makes OWASP appear out of date/out of touch to new, potential community members
• Since the Foundation has a very small staff, administering a server takes away staff time from focusing on OWASP's mission / core purpose.
• The Anti-SPAM gateway service from Barracuda, which was previously donated, is ending on March 24th, 2019.
• Due to the current climate of increased privacy and the existence of the GDPR, the migration will allow the membership in our lists to be reviewed/audited by the current user base.

Project Links

• Mailman legacy install
• Mailman stats - created via monthly cron job / run manually

Goals

Include top-level goals of the project in an ordered list Give thought to the ordering of goals. Revenue, attendance, launch date Make sure goals are measurable from undisputed source

Milestones

• In an unordered list (billeted) list major milestones in chronological order
• Use the syntax of 2019-01-19, Milestone name [Name of Owner]
• When milestones are completed, mark them as such with ??
• A milestone isn’t everyone’s to-do list, it is the high level tasks of the project
• If you have more than 20 milestones, you’re being too granular

Communications

• Posts to Leaders lists prior to creation of staff projects template
  • https://lists.owasp.org/pipermail/owasp-leaders/2019-January/019608.html
  • https://lists.owasp.org/pipermail/owasp-leaders/2019-January/019613.html
  • https://lists.owasp.org/pipermail/owasp-leaders/2019-February/019663.html
  • https://lists.owasp.org/pipermail/owasp-leaders/2019-February/019675.html
  • https://lists.owasp.org/pipermail/owasp-leaders/2019-February/019700.html
• Posts to the Blog and Connector
  • https://owasp.blogspot.com/2018/12/december-2018-connector.html & December Connector
  • https://owasp.blogspot.com/2019/02/owasp-community-our-instance-of-mailman.html
  • https://owasp.blogspot.com/2019/02/owasp-community-and-chapter-reminders.html
  • February Connector

Leadership

• unordered list of each leader and a hyperlink to their email address.