[OWASP-ESAPI] Fwd: ESAPI for PHP allocations and new members

Andrew van der Stock vanderaj at owasp.org
Tue Aug 11 05:33:00 EDT 2009

I sent this to the current ESAPI for PHP group. If you did not receive  
it, and wish to work on ESAPI for PHP, please contact me offline.


Begin forwarded message:

> From: Andrew van der Stock <vanderaj at owasp.org>
> Date: 11 August 2009 7:27:47 PM
> To: (removed)
> Subject: ESAPI for PHP allocations and new members
> Hi there,
> New Members
> I've added two more members to the project team - Abius X and Bipin  
> Upadhyay. Please welcome them aboard. Bipin contributed code to turn  
> the base services into proper factories. Abius has been hassling me  
> (sorry!) since May to join, and really wants to help. My bad!
> Bipin - can you please commit that patch to SVN as soon as you're  
> able to? Please make sure the before / after test cases fail to the  
> same extent.
> Abius - you had some ideas you sent to me a while ago. Please feel  
> free to work within the SVN branch now. I don't want to be a road  
> block for you!
> Project Allocations
> What I'd like to do is understand how much time folks have between  
> now and OWASP AppSec DC 2009 Conference (November 12, 2009). I'd  
> really like to get ESAPI for PHP 1.6 (our current reference version)  
> out the door by then. I can contribute about five hours a week -  
> about an hour a day during the work week. If we can all do so, I  
> think we have a pretty good shot at getting the current code base  
> done. If you have none, that's fine, but please let me know if it  
> changes as we need as many folks as possible.
> If you currently do not have an assigned task, please pipe up and  
> I'll allocate a class for you to work with until your done with that  
> class. We have plenty of classes with no names assigned.
> If you do have work assigned, and have patches, please check it in  
> as soon as you can.
> File Formats Decision Time
> We need to decide soon on file formats for files in the resource  
> directory (configuration, access control rules, etc). If at all  
> possible, I'd like to remain compatible with the J2EE  
> implementation. However, if we find the properties file format too  
> hard to work with, let's talk over whether we go XML (my preference)  
> or serialized PHP objects (fast, but could become incompatible over  
> time).
> Thoughts?
> Building
> Please DO NOT BREAK THE BUILD (any more than its broken now). Run  
> the test suite before you commit, update your code just prior to  
> committing the tree to pick up others' changes, and then re-test. If  
> it's still okay, then commit.
> I encourage small and rapid check-ins. If your code passes just one  
> more test, that's great. Check it in. Thinking you can write for a  
> couple of weeks and then check in at the end is what caught me out  
> to this point. Let's just write doco + one method + one test at a  
> time and get 'er done.
> Minimum Requirements
> Build: I'd like to change from using phpEclipse to PDT 2.1 w/  
> Gallileo 3.5. Once using this, I don't propose we change the build  
> platform again until after ESAPI for PHP 1.6 release.
> Our minimum runtime target should remain PHP 5.2.6 as this is the  
> most common PHP out there today. I'd like for ESAPI for PHP to work  
> with the vanilla PHP as well as that found on CentOS, Ubuntu and  
> MacOS X. That way folks don't need to recompile PHP to make ESAPI  
> for PHP work. If you find you must have a module like mhash /  
> mcrypt / mb_string to work (and I think we will), we need to  
> carefully document those requirements, and which platforms have  
> those modules compiled in by default.
> Thoughts?
> Momentum
> I'd like to have a weekly catch up either via Skype or via e-mail on  
> how things are going. I think as project manager, I've been remiss  
> in talking to you folks every week to see how things are going and  
> if there's anything I can do to remove road blocks.
> I'm available in the Australian Eastern Standard Time. I think most  
> of you are in the USA. The times that work best for this are early  
> morning (8 AM) my time, as this is towards the end of the day US  
> EDT. If we have folks in too many time zones, I think e-mail will  
> have to be the communications method.
> thanks,
> Andrew

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20090811/2bd64ebd/attachment.html 

More information about the OWASP-ESAPI mailing list