Hi there, On Sat, Mar 05, 2016 at 10:28:44PM +0100, Walter Hop wrote: > Though we can commit now, I propose for now to work in separate branches and > request a code review from another person before merging to the master > branch. So ideal workflow: Github issue -> discuss -> pull request -> code > review -> merge to master.
I like that as a best practice. Let's put this into the OWASP wiki as development guideline. I would not make it a formal requirement though, but something like 90% of commits should go that way. (There are always reasons to shortcut a process and barring that path takes away flexibility. We just have to make sure there are actually good reasons in these cases). > I see that Christian has already started tackling some reported issues on > Github, which is awesome! At some point we should make an effort to go over > the old issues too. I closed one or two of the old ones. It would be nice if we could make this a community effort. Everybody can go out and look at the open issues. https://github.com/SpiderLabs/owasp-modsecurity-crs/issues Many of them are really simple like misinterpretations of what the core rules are or lack of knowledge by the reporter to make a false positive disappear. Anybody can give the necessary infos to the reporter. If you want to have the issue closed afterwards, just drop me or Chaim or Walter a line. Other issues are harder and demand a bit of testing or adjustment of rules. If anybody has suggestions or ideas, adding to the conversation on github and reporting here on the ML seems like a good practice. We can then examine the proposed solution. In the end, I think a community should keep a low number of open issues. It looks much more welcoming that way. > Lots of them are about old CRS rules which are now gone in CRS v3. After the > paranoid project has settled down, we’ll know for sure which rules are > staying. I assume that CRS v2 will no longer get updates unless in > exceptional cases? If so, we can communicate that. So I’ll keep this as a > todo for after the paranoid rules are known. Yep. Cheers, Christian -- Ultimately, motivation gets us started, but discipline and habit are what enable us to finish. -- Matthew Helmke _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
