[Esapi-dev] No more normalize
jim.manico at owasp.org
Sun Jan 17 19:19:04 EST 2010
I agree with this in principle and commit to NOT doing this in the future.
Normalize was actually broken all along in this branch - and I want to
force folks hand to stop using it. It's also a solution begging for a
problem that does not exist.
I agree this is an aggressive stance, and I'm mostly asking for
forgiveness - not permission. ;)
We are also very responsive on the support side of the house - and if
anyone runs into this problem for either branch (I'm about to cut-it-out
for ESAPI 2.0 as well) we will be sure to respond quickly.
And we are reaching a significant level of maturity with the next few
releases. I re-iterate that we will never do this again.
Hopefully, you an the user community will forgive us. :)
> I would think, on principal, that deprecation is called for, always.
> Let's say you have a user who is using normalize in the 1.4.1 branch, or is using normalize in a 2.x branch.
> (I was just about to become such a user, in 1.4.1). I drop in the 1.4.2 jar, and I have a compile issue right off the bat.
> Easily fixed ? Sure. But this is what deprecation is for - a fair warning.
> Unlike Sun you can actually remove the deprecated code in 1.4.3. You had put the onus on me to be prepared by then.
> You shouldn't just 'disappear' any interface method, IMO.
> On Jan 17, 2010, at 3:51 PM, esapi-dev-request at lists.owasp.org wrote:
>> I ?think? this API is obscure enough where we can just remove it
>> and ask for forgiveness. We provide excellent support over these
>> lists. Lets test our voting system. :) Should we deprecate normalize
>> or just kill it? 2 votes so far..
>> +1 (deprecate)
>> -1 (kill it)
>> Jim Manico
> Esapi-dev mailing list
> Esapi-dev at lists.owasp.org
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager
More information about the Esapi-dev