[Esapi-user] [Esapi-dev] WAF

Deepak Subramanian subudeepak at yahoo.com
Mon Mar 21 13:47:02 EDT 2011

I am in favor.

--- On Mon, 3/21/11, Rohit Sethi <rklists at gmail.com> wrote:

From: Rohit Sethi <rklists at gmail.com>
Subject: Re: [Esapi-dev] [Esapi-user] WAF
To: "Jim Manico" <jim.manico at owasp.org>
Cc: "ESAPI Devs" <esapi-dev at lists.owasp.org>, "ESAPI Users" <esapi-user at lists.owasp.org>, "Arshan Dabirsiaghi" <arshan.dabirsiaghi at gmail.com>
Date: Monday, March 21, 2011, 7:48 PM


On Sun, Mar 20, 2011 at 10:50 PM, Jim Manico <jim.manico at owasp.org> wrote:

I agree, ripping it out now is a bad idea since we are so far along.

I saw we deprecate it for ESAPI 2.0 GA (starting next RC), and also

start owasp-java-waf as a separate stand-alone project. It's solid code

- I really do want to see it continually developed.

All in favor? If so, I'll set up the new project.

- Jim

> This is very risky to remove before the 2.0 GA Release. Can we just

> deprecate it for GA and remove it in a subsequent version?


> This isn't the first time this conversation has come up.



> On 3/9/11 6:03 PM, "Christian Heinrich" <christian.heinrich at owasp.org>

> wrote:


>> Jim,


>> On Tue, Mar 8, 2011 at 5:16 PM, Jim Manico <jim.manico at owasp.org> wrote:

>>> I agree 100% that the ESAPI WAF should be split out into its own

>>> project. Arshan (the original author) asked for this in the first place!


>>> How about we start a new project: owasp-java-waf to work on this code

>>> standalone?


>>> Arshan, are you ok with this sir?


>> The proposed transitional roadmap would be:

>> 1. Import the current Java WAF code from the current ESAPI RC into a

>> separate (i.e. new) SVN repository.

>> 2. Remove the Java WAF code from the next release of ESAPI RC and

>> update the changelog referencing the new repository.

>> 3. Mark the outstanding issues regarding WAF on the ESAPI Java as

>> closed but assigned to the new repository.


>> I haven't heard from Arshan yet - would it be possible to simply give

>> him commit access to the new repository if we don't receive a

>> response?



> Chris Schmidt

> ESAPI Project Manager (http://www.esapi.org)

> ESAPI4JS Project Owner (http://bit.ly/9hRTLH)

> Blog: http://yet-another-dev.blogspot.com





Esapi-dev mailing list

Esapi-dev at lists.owasp.org


Rohit Sethi
Security Compass
twitter: rksethi

-----Inline Attachment Follows-----

Esapi-dev mailing list
Esapi-dev at lists.owasp.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110321/7df3e5e2/attachment.html 

More information about the Esapi-user mailing list