Christian, > On 06 Mar 2016, at 09:57, Christian Folini <christian.fol...@netnea.com> > wrote: > >> Two things. Do we have a paranoia-level assignment for each candidate? > > I think we should start with paranoia level 20. If somebody sees good > reasons for an individual rule getting an even higher setting, then > it's a separate discussion and get done any time.
I guess this should be “paranoia level 2”, since we agreed on using level 0 to 4, right? >> And what about the rule IDs for rules that were initially dropped but >> later assigned to paranoia mode? > > Technically, this is going to be pull request #3, is not it? I'd like to > keep this separate from #2. Right, got it. > It is important to add them to > https://github.com/SpiderLabs/owasp-modsecurity-crs/tree/v3.0.0-rc1/id_renumbering > as well. I understand this will be part of #3 as well. > P.S. You quote a private paranoia-level message in your mailinglist > message without making this clear (-> this could puzzle people who did > not get that message). And some people do not like their private > messages shared on mailinglists without asking first. > No hard feelings from my side. Just saying. Thanks for noting. This was careless acting on my side - sorry for that. Will keep this in mind. Cheers, Noël
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
