[OWASP-ESAPI] Fwd: ESAPI for PHP allocations and new members

Andrew van der Stock vanderaj at owasp.org
Tue Aug 11 05:33:00 EDT 2009


I sent this to the current ESAPI for PHP group. If you did not receive  
it, and wish to work on ESAPI for PHP, please contact me offline.

thanks,
Andrew

Begin forwarded message:

> From: Andrew van der Stock <vanderaj at owasp.org>
> Date: 11 August 2009 7:27:47 PM
> To: (removed)
> Subject: ESAPI for PHP allocations and new members
>
> Hi there,
>
> New Members
>
> I've added two more members to the project team - Abius X and Bipin  
> Upadhyay. Please welcome them aboard. Bipin contributed code to turn  
> the base services into proper factories. Abius has been hassling me  
> (sorry!) since May to join, and really wants to help. My bad!
>
> Bipin - can you please commit that patch to SVN as soon as you're  
> able to? Please make sure the before / after test cases fail to the  
> same extent.
> Abius - you had some ideas you sent to me a while ago. Please feel  
> free to work within the SVN branch now. I don't want to be a road  
> block for you!
>
>
> Project Allocations
>
> What I'd like to do is understand how much time folks have between  
> now and OWASP AppSec DC 2009 Conference (November 12, 2009). I'd  
> really like to get ESAPI for PHP 1.6 (our current reference version)  
> out the door by then. I can contribute about five hours a week -  
> about an hour a day during the work week. If we can all do so, I  
> think we have a pretty good shot at getting the current code base  
> done. If you have none, that's fine, but please let me know if it  
> changes as we need as many folks as possible.
>
> If you currently do not have an assigned task, please pipe up and  
> I'll allocate a class for you to work with until your done with that  
> class. We have plenty of classes with no names assigned.
>
> If you do have work assigned, and have patches, please check it in  
> as soon as you can.
>
>
> File Formats Decision Time
>
> We need to decide soon on file formats for files in the resource  
> directory (configuration, access control rules, etc). If at all  
> possible, I'd like to remain compatible with the J2EE  
> implementation. However, if we find the properties file format too  
> hard to work with, let's talk over whether we go XML (my preference)  
> or serialized PHP objects (fast, but could become incompatible over  
> time).
>
> Thoughts?
>
>
> Building
>
> Please DO NOT BREAK THE BUILD (any more than its broken now). Run  
> the test suite before you commit, update your code just prior to  
> committing the tree to pick up others' changes, and then re-test. If  
> it's still okay, then commit.
>
> I encourage small and rapid check-ins. If your code passes just one  
> more test, that's great. Check it in. Thinking you can write for a  
> couple of weeks and then check in at the end is what caught me out  
> to this point. Let's just write doco + one method + one test at a  
> time and get 'er done.
>
>
> Minimum Requirements
>
> Build: I'd like to change from using phpEclipse to PDT 2.1 w/  
> Gallileo 3.5. Once using this, I don't propose we change the build  
> platform again until after ESAPI for PHP 1.6 release.
>
> Our minimum runtime target should remain PHP 5.2.6 as this is the  
> most common PHP out there today. I'd like for ESAPI for PHP to work  
> with the vanilla PHP as well as that found on CentOS, Ubuntu and  
> MacOS X. That way folks don't need to recompile PHP to make ESAPI  
> for PHP work. If you find you must have a module like mhash /  
> mcrypt / mb_string to work (and I think we will), we need to  
> carefully document those requirements, and which platforms have  
> those modules compiled in by default.
>
> Thoughts?
>
>
> Momentum
>
> I'd like to have a weekly catch up either via Skype or via e-mail on  
> how things are going. I think as project manager, I've been remiss  
> in talking to you folks every week to see how things are going and  
> if there's anything I can do to remove road blocks.
>
> I'm available in the Australian Eastern Standard Time. I think most  
> of you are in the USA. The times that work best for this are early  
> morning (8 AM) my time, as this is towards the end of the day US  
> EDT. If we have folks in too many time zones, I think e-mail will  
> have to be the communications method.
>
>
> thanks,
> Andrew

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20090811/2bd64ebd/attachment.html 


More information about the OWASP-ESAPI mailing list