[Owasp-modsecurity-core-rule-set] Paranoia Mode Status

Christian Folini christian.folini at netnea.com
Sun Mar 6 08:57:20 UTC 2016


Good morning Noël,

On Sun, Mar 06, 2016 at 09:29:23AM +0100, Noël Zindel wrote:
> I probably missed this information somewhen during our conversation.

It was more implicit, I guess.

> Two things. Do we have a paranoia-level assignment for each candidate?

I think we should start with paranoia level 20. If somebody sees good
reasons for an individual rule getting an even higher setting, then
it's a separate discussion and get done any time.

> And what about the rule IDs for rules that were initially dropped but
> later assigned to paranoia mode?

Technically, this is going to be pull request #3, is not it? I'd like to
keep this separate from #2.

But then, I think we should just move the formerly dropped 2.2.X rules
into the respective files and continue with the numbers in steps of 10
of the individual files. It is important to add them to 
https://github.com/SpiderLabs/owasp-modsecurity-crs/tree/v3.0.0-rc1/id_renumbering
as well.

Ahoj,

Christian

P.S. You quote a private paranoia-level message in your mailinglist
message without making this clear (-> this could puzzle people who did
not get that message). And some people do not like their private
messages shared on mailinglists without asking first.
No hard feelings from my side. Just saying.


-- 
History repeats itself, first as tragedy, second as XML.
--- Comment found on slashdot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20160306/e3da7f10/attachment.pgp>


More information about the Owasp-modsecurity-core-rule-set mailing list