[Esapi-dev] No more normalize

Jim Manico jim.manico at owasp.org
Sun Jan 17 19:19:04 EST 2010


I agree with this in principle and commit to NOT doing this in the future.

Normalize was actually broken all along in this branch - and I want to
force folks hand to stop using it. It's also a solution begging for a
problem that does not exist.

I agree this is an aggressive stance, and I'm mostly asking for
forgiveness - not permission. ;)

We are also very responsive on the support side of the house - and if
anyone runs into this problem for either branch (I'm about to cut-it-out
for ESAPI 2.0 as well) we will be sure to respond quickly.

And we are reaching a significant level of maturity with the next few
releases. I re-iterate that we will never do this again.

Hopefully, you an the user community will forgive us. :)

- Jim

> I would think, on principal, that deprecation is called for, always.
> Let's say you have a user who is using normalize in the 1.4.1 branch, or is using normalize in a 2.x branch.
> (I was just about to become such a user, in 1.4.1). I drop in the 1.4.2 jar, and I have a compile issue right off the bat.
> Easily fixed ? Sure. But this is what deprecation is for  - a fair warning.
> Unlike Sun you can actually remove the deprecated code in 1.4.3. You had put the onus on me to be prepared by then.
> You shouldn't just 'disappear' any interface method, IMO.
> Allan
> On Jan 17, 2010, at 3:51 PM, esapi-dev-request at lists.owasp.org wrote:
>> Ed,
>> I ?think? this API is obscure enough where we can just remove it  
>> and ask for forgiveness. We provide excellent support over these  
>> lists. Lets test our voting system. :) Should we deprecate normalize  
>> or just kill it? 2 votes so far..
>> +1 (deprecate)
>> -1 (kill it)
>> Jim Manico
> _______________________________________________
> Esapi-dev mailing list
> Esapi-dev at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-dev

Jim Manico
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager

More information about the Esapi-dev mailing list