This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Mailman retirement to Google Groups"

From OWASP
Jump to: navigation, search
(Saved after adding a bunch of content for CYA purposes)
(Save progress and keep editing)
Line 9: Line 9:
 
* Since the Foundation has a very small staff, administering a server takes away staff time from focusing on OWASP's mission / [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Core_Purpose core purpose].
 
* Since the Foundation has a very small staff, administering a server takes away staff time from focusing on OWASP's mission / [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Core_Purpose core purpose].
 
* The Anti-SPAM gateway service from Barracuda, which was previously donated, is ending on March 24th, 2019.  
 
* The Anti-SPAM gateway service from Barracuda, which was previously donated, is ending on March 24th, 2019.  
* Due to the current climate of increased privacy and the existence of the GDPR, the migration will allow the membership in our lists to be reviewed/audited by the current user base.
+
* Due to the current climate of increased privacy and the existence of the GDPR, the migration will allow the membership in our lists to be reviewed/audited by the current user base (aka opt-in).
 +
In 2017, the current community manager (Tiffany Long) suggested a migration from Mailman to Discourse.  This was the original direction of efforts until it was reconsidered at the 2019 Staff Summit, a face to face meeting to plan out 2019. Instead, Mailman will be migrated to Google Groups.  The following reasons were crucial in the choice of Google Groups
 +
* Functionally equivalent to Mailman as a 'mail list'
 +
* Already part of the G-Suite donation from Google
 +
* Can be run for $0 cost and with 0 administration of the underlying infrastructure
 +
* Includes Anti-SPAM filtering that is already part of our G-Suite email infrastructure
 +
* Inbound and outbound email handled by Google email infrastructure - no need to run a MTA (mail server)
 +
* Mobile-friendly, modern UI and significantly better TLS configuration for web interactions
 +
* Has robust admin and permissions available via G-Suite Admin tool
  
 
= Project Links =
 
= Project Links =
 
* [https://lists.owasp.org/mailman/listinfo Mailman legacy install]  
 
* [https://lists.owasp.org/mailman/listinfo Mailman legacy install]  
 
* [https://lists.owasp.org/pipermail/stats/ Mailman stats] - created via monthly cron job / run manually  
 
* [https://lists.owasp.org/pipermail/stats/ Mailman stats] - created via monthly cron job / run manually  
 +
* [https://docs.google.com/spreadsheets/d/1VDIeT0Wfrt2_v5hY6by984H5fya56xe7E_rZDird8qg/edit?usp=sharing Google Sheet of mail lists and their most recent post] (publicly available)
 +
* [https://docs.google.com/spreadsheets/d/1_Fn1t_-tcw3duCC0QMhKXEMqdKcHvqsi21e7LuiOphM/edit?usp=sharing Google Sheet of mail lists, most recent post and owner(s) of the list] (only available to Foundation Staff since it contains email addresses of list owners)
 +
* [https://support.google.com/groups/?hl=en#topic=9216 Google Groups Help pages]
  
 
= Goals =
 
= Goals =
  
Include top-level goals of the project in an ordered list
+
Overall Goal: Migration of any active list from lists.owasp.org to Google Groups.
Give thought to the ordering of goals. Revenue, attendance, launch date
+
 
Make sure goals are measurable from undisputed source
+
Details:
 +
* Active is defined as a list which as received at least 1 non-SPAM email in the last 12 months as of 2019-01-29 when initial activity reporting was run
 +
* Mail lists for inactive projects and chapters will not be migrated
 +
* Archives on lists.owasp.org will be migrated to a static host
  
 
= Milestones =
 
= Milestones =
  
* In an unordered list (billeted) list major milestones in chronological order
+
* Review the inventory of lists to determine which are inactive - DONE
* Use the syntax of 2019-01-19, Milestone name [Name of Owner]
+
* Use the data above to retire any inactive list - DONE
* When milestones are completed, mark them as such with ??
+
* Review remaining list for any that can be retired due to ownership (e.g. owned by staff and unused) or  mail in the last calendar year is SPAM
* A milestone isn’t everyone’s to-do list, it is the high level tasks of the project
+
* Review remaining lists and remove any projects or chapters which are inactive.  A new Google Group can be created for chapters that become active again
* If you have more than 20 milestones, you’re being too granular
+
* Send out initial communication to all lists which will be migrated,
 
 
= Communications =
 
  
* Posts to Leaders lists prior to creation of staff projects template
+
= Communications =
 +
The following lists communications where the retirement of Mailman was discussed publicly
 +
* Posts to Leaders lists (prior to creation of staff projects template)
 
** https://lists.owasp.org/pipermail/owasp-leaders/2019-January/019608.html
 
** https://lists.owasp.org/pipermail/owasp-leaders/2019-January/019608.html
 
** https://lists.owasp.org/pipermail/owasp-leaders/2019-January/019613.html
 
** https://lists.owasp.org/pipermail/owasp-leaders/2019-January/019613.html
Line 42: Line 56:
 
** https://owasp.blogspot.com/2019/02/owasp-community-and-chapter-reminders.html
 
** https://owasp.blogspot.com/2019/02/owasp-community-and-chapter-reminders.html
 
** [https://mailchi.mp/90cc34fc2cdd/0rleggjjx3-222491 February Connector]  
 
** [https://mailchi.mp/90cc34fc2cdd/0rleggjjx3-222491 February Connector]  
 +
* Leaders Meetings
 +
** AppSec EU 2018 (London) Leaders Meeting - [https://www.youtube.com/watch?v=vy6R0SbJrS8&list=PLpr-xdpM8wG9yT6HD6YeCbf6wymhAAqRb&index=6&t=0s recording]
 +
** AppSec US 2018 (San Jose) Leaders Meeting - recordings - [https://www.youtube.com/watch?v=sGEfVNuFIZk&t=0s&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd&index=6 part 1] & [https://www.youtube.com/watch?v=Wxqtiwzz90c&t=0s&list=PLpr-xdpM8wG-ma2GOBmdpGGfnVPVwFFQd&index=7 part 2]
 +
* Board Meetings
 +
** [[October 11, 2016|October 2016]] - Migration from Mailman raised by Tiffany in her [https://docs.google.com/document/d/1-4fIJfiLa8l02Hf1XBMqRYEiY2z6g4qwln-_ZLQ6GIs/edit Community Manager Report]
  
  

Revision as of 17:04, 26 February 2019

Overview

Since very early in OWASP's history, Mailman has been used to facilitate communication between various members of the community. While Mailman has served the community well for years, the decision has been made to migrate from a self-hosted Mailman installation to Google Groups. The migration will allow the community to continue to have an email address to reach a particular segments of the community just like Mailman provides but without the administrative burden of running a server for Mailman. The reasons for this migration were stated at length on the leaders list here but are summarized below in no particular order:

  • Mailman is old software and doesn't follow current security best practices.
    • It sends passwords in the clear which has been repeatedly pointed out by the community for quite some time as noted here.
    • It has a single shared password for overall site administration for the staff to use to oversee the installation
    • If a mail list has 2+ list owners, they must share a password for managing the list
  • Mailman has an extremely dated UI/web interface. This makes OWASP appear out of date/out of touch to new, potential community members
  • Since the Foundation has a very small staff, administering a server takes away staff time from focusing on OWASP's mission / core purpose.
  • The Anti-SPAM gateway service from Barracuda, which was previously donated, is ending on March 24th, 2019.
  • Due to the current climate of increased privacy and the existence of the GDPR, the migration will allow the membership in our lists to be reviewed/audited by the current user base (aka opt-in).

In 2017, the current community manager (Tiffany Long) suggested a migration from Mailman to Discourse. This was the original direction of efforts until it was reconsidered at the 2019 Staff Summit, a face to face meeting to plan out 2019. Instead, Mailman will be migrated to Google Groups. The following reasons were crucial in the choice of Google Groups

  • Functionally equivalent to Mailman as a 'mail list'
  • Already part of the G-Suite donation from Google
  • Can be run for $0 cost and with 0 administration of the underlying infrastructure
  • Includes Anti-SPAM filtering that is already part of our G-Suite email infrastructure
  • Inbound and outbound email handled by Google email infrastructure - no need to run a MTA (mail server)
  • Mobile-friendly, modern UI and significantly better TLS configuration for web interactions
  • Has robust admin and permissions available via G-Suite Admin tool

Project Links

Goals

Overall Goal: Migration of any active list from lists.owasp.org to Google Groups.

Details:

  • Active is defined as a list which as received at least 1 non-SPAM email in the last 12 months as of 2019-01-29 when initial activity reporting was run
  • Mail lists for inactive projects and chapters will not be migrated
  • Archives on lists.owasp.org will be migrated to a static host

Milestones

  • Review the inventory of lists to determine which are inactive - DONE
  • Use the data above to retire any inactive list - DONE
  • Review remaining list for any that can be retired due to ownership (e.g. owned by staff and unused) or mail in the last calendar year is SPAM
  • Review remaining lists and remove any projects or chapters which are inactive. A new Google Group can be created for chapters that become active again
  • Send out initial communication to all lists which will be migrated,

Communications

The following lists communications where the retirement of Mailman was discussed publicly


Leadership

  • unordered list of each leader and a hyperlink to their email address.
Retrieved from "https://wiki.owasp.org/index.php?title=Mailman_retirement_to_Google_Groups&oldid=247877"