Thanks for the trust Chaim! :) The best work is yet to come!
Though we can commit now, I propose for now to work in separate branches and request a code review from another person before merging to the master branch. So ideal workflow: Github issue -> discuss -> pull request -> code review -> merge to master. I’ll start writing tests for the rules I will be changing. Until we can use the Official QA Tool, I’ll use my httpcheck format, and I will convert it to the chosen format later. I see that Christian has already started tackling some reported issues on Github, which is awesome! At some point we should make an effort to go over the old issues too. Lots of them are about old CRS rules which are now gone in CRS v3. After the paranoid project has settled down, we’ll know for sure which rules are staying. I assume that CRS v2 will no longer get updates unless in exceptional cases? If so, we can communicate that. So I’ll keep this as a todo for after the paranoid rules are known. Cheers! WH > On 29 Feb 2016, at 18:24, Chaim Sanders <csand...@trustwave.com> wrote: > > In general the Core Rule Set project has been moving along at a much faster > pace in the past few months thanks to increased community involvement. In > general I wanted to call out two individuals specifically, although there are > MANY others involved and their help is also greatly valued; not only by me > but by everyone in the community. As many of you know both Christian Folini > (Dune73) and Walter Hop (Lifeforms) have been working extremely hard > organizing and committing to various aspects of the upcoming OWASP > CRS-3.0.0-RC1 release. In recognition of their support and hard work, I would > like to announce that they have been given write-access to the OWASP-CRS > GitHub. While we don’t have official titles, I bestow the unofficial title of > ‘Core Contributor/Developer’ upon you both. I’d like to take this opportunity > to congratulate both of these gentlemen and thank them for their diligent > work. Thank you. > > > This transmission may contain information that is privileged, confidential, > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, or use of the information contained herein (including any > reliance thereon) is strictly prohibited. If you received this transmission > in error, please immediately contact the sender and destroy the material in > its entirety, whether in electronic or hard copy format. -- Walter Hop | PGP key: https://lifeforms.nl/pgp
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
