[OWASP-ESAPI] Fwd: ESAPI for PHP allocations and new members
Andrew van der Stock
vanderaj at owasp.org
Tue Aug 11 05:33:00 EDT 2009
I sent this to the current ESAPI for PHP group. If you did not receive
it, and wish to work on ESAPI for PHP, please contact me offline.
Begin forwarded message:
> From: Andrew van der Stock <vanderaj at owasp.org>
> Date: 11 August 2009 7:27:47 PM
> To: (removed)
> Subject: ESAPI for PHP allocations and new members
> Hi there,
> New Members
> I've added two more members to the project team - Abius X and Bipin
> Upadhyay. Please welcome them aboard. Bipin contributed code to turn
> the base services into proper factories. Abius has been hassling me
> (sorry!) since May to join, and really wants to help. My bad!
> Bipin - can you please commit that patch to SVN as soon as you're
> able to? Please make sure the before / after test cases fail to the
> same extent.
> Abius - you had some ideas you sent to me a while ago. Please feel
> free to work within the SVN branch now. I don't want to be a road
> block for you!
> Project Allocations
> What I'd like to do is understand how much time folks have between
> now and OWASP AppSec DC 2009 Conference (November 12, 2009). I'd
> really like to get ESAPI for PHP 1.6 (our current reference version)
> out the door by then. I can contribute about five hours a week -
> about an hour a day during the work week. If we can all do so, I
> think we have a pretty good shot at getting the current code base
> done. If you have none, that's fine, but please let me know if it
> changes as we need as many folks as possible.
> If you currently do not have an assigned task, please pipe up and
> I'll allocate a class for you to work with until your done with that
> class. We have plenty of classes with no names assigned.
> If you do have work assigned, and have patches, please check it in
> as soon as you can.
> File Formats Decision Time
> We need to decide soon on file formats for files in the resource
> directory (configuration, access control rules, etc). If at all
> possible, I'd like to remain compatible with the J2EE
> implementation. However, if we find the properties file format too
> hard to work with, let's talk over whether we go XML (my preference)
> or serialized PHP objects (fast, but could become incompatible over
> Please DO NOT BREAK THE BUILD (any more than its broken now). Run
> the test suite before you commit, update your code just prior to
> committing the tree to pick up others' changes, and then re-test. If
> it's still okay, then commit.
> I encourage small and rapid check-ins. If your code passes just one
> more test, that's great. Check it in. Thinking you can write for a
> couple of weeks and then check in at the end is what caught me out
> to this point. Let's just write doco + one method + one test at a
> time and get 'er done.
> Minimum Requirements
> Build: I'd like to change from using phpEclipse to PDT 2.1 w/
> Gallileo 3.5. Once using this, I don't propose we change the build
> platform again until after ESAPI for PHP 1.6 release.
> Our minimum runtime target should remain PHP 5.2.6 as this is the
> most common PHP out there today. I'd like for ESAPI for PHP to work
> with the vanilla PHP as well as that found on CentOS, Ubuntu and
> MacOS X. That way folks don't need to recompile PHP to make ESAPI
> for PHP work. If you find you must have a module like mhash /
> mcrypt / mb_string to work (and I think we will), we need to
> carefully document those requirements, and which platforms have
> those modules compiled in by default.
> I'd like to have a weekly catch up either via Skype or via e-mail on
> how things are going. I think as project manager, I've been remiss
> in talking to you folks every week to see how things are going and
> if there's anything I can do to remove road blocks.
> I'm available in the Australian Eastern Standard Time. I think most
> of you are in the USA. The times that work best for this are early
> morning (8 AM) my time, as this is towards the end of the day US
> EDT. If we have folks in too many time zones, I think e-mail will
> have to be the communications method.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-ESAPI