[Esapi-user] [Esapi-dev] WAF

Deepak Subramanian subudeepak at yahoo.com
Mon Mar 21 13:47:02 EDT 2011


I am in favor.

--- On Mon, 3/21/11, Rohit Sethi <rklists at gmail.com> wrote:

From: Rohit Sethi <rklists at gmail.com>
Subject: Re: [Esapi-dev] [Esapi-user] WAF
To: "Jim Manico" <jim.manico at owasp.org>
Cc: "ESAPI Devs" <esapi-dev at lists.owasp.org>, "ESAPI Users" <esapi-user at lists.owasp.org>, "Arshan Dabirsiaghi" <arshan.dabirsiaghi at gmail.com>
Date: Monday, March 21, 2011, 7:48 PM

+1

On Sun, Mar 20, 2011 at 10:50 PM, Jim Manico <jim.manico at owasp.org> wrote:

I agree, ripping it out now is a bad idea since we are so far along.



I saw we deprecate it for ESAPI 2.0 GA (starting next RC), and also

start owasp-java-waf as a separate stand-alone project. It's solid code

- I really do want to see it continually developed.





All in favor? If so, I'll set up the new project.



- Jim



> This is very risky to remove before the 2.0 GA Release. Can we just

> deprecate it for GA and remove it in a subsequent version?

>

> This isn't the first time this conversation has come up.

>

>

> On 3/9/11 6:03 PM, "Christian Heinrich" <christian.heinrich at owasp.org>

> wrote:

>

>> Jim,

>>

>> On Tue, Mar 8, 2011 at 5:16 PM, Jim Manico <jim.manico at owasp.org> wrote:

>>> I agree 100% that the ESAPI WAF should be split out into its own

>>> project. Arshan (the original author) asked for this in the first place!

>>>

>>> How about we start a new project: owasp-java-waf to work on this code

>>> standalone?

>>>

>>> Arshan, are you ok with this sir?

>>

>> The proposed transitional roadmap would be:

>> 1. Import the current Java WAF code from the current ESAPI RC into a

>> separate (i.e. new) SVN repository.

>> 2. Remove the Java WAF code from the next release of ESAPI RC and

>> update the changelog referencing the new repository.

>> 3. Mark the outstanding issues regarding WAF on the ESAPI Java as

>> closed but assigned to the new repository.

>>

>> I haven't heard from Arshan yet - would it be possible to simply give

>> him commit access to the new repository if we don't receive a

>> response?

>>

>

> Chris Schmidt

> ESAPI Project Manager (http://www.esapi.org)

> ESAPI4JS Project Owner (http://bit.ly/9hRTLH)

> Blog: http://yet-another-dev.blogspot.com

>

>

>



_______________________________________________

Esapi-dev mailing list

Esapi-dev at lists.owasp.org

https://lists.owasp.org/mailman/listinfo/esapi-dev




-- 
Rohit Sethi
Security Compass
http://www.securitycompass.com
twitter: rksethi


-----Inline Attachment Follows-----

_______________________________________________
Esapi-dev mailing list
Esapi-dev at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/esapi-dev



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110321/7df3e5e2/attachment.html 


More information about the Esapi-user mailing list