Good morning, We have settled the list of paranoia mode candidates mostly and the mechanics are also sorted out with only details remaining open.
I am about to start a paranoia mode branch on github (time permitting) and I am now thinking about how to construct the pull requests. Given I am not big on git, it makes sense to discuss the best approach here. In order to simplify the review, I am planning 4 separate pull requests: 1 - Add paranoia mode mechanics 2 - Move first rules to paranoia mode 3 - Add 2.2.X rules to paranoia mode 4 - Add stricter siblings In detail: 1: update all the files and add the paranoia mode sections and the skip marker; no rules in the paranoia mode 2: 3.0.0rc1 rules, which have been confirmed paranoia candidates 3: Bring back those 2.2.X rules which have been removed and have been selected for paranoia mode 4: Clone existing rules into siblings with stricter behaviour My reasoning is, that smaller pull requests make for simpler reviews. @Chaim: I think your input is most important here. So are you OK with this strategy. Ahoj, Christian -- It is not power that corrupts but fear. Fear of losing power corrupts those who wield it and fear of the scourge of power corrupts those who are subject to it. -- Aung San Suu Kyi _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
