[OWASP-ESAPI] ESAPI versioning number convention

Kevin W. Wall kevin.w.wall at gmail.com
Tue Dec 1 01:20:13 EST 2009


Chris Schmidt wrote:
> +1 for me
> 
> On Sun, Nov 29, 2009 at 4:48 PM, Mike Boberski <mike.boberski at gmail.com>wrote:
> 
>> Yes, I like the Firefox scheme.
>>
>> Mike
>>
>>
>>
>> On Sun, Nov 29, 2009 at 6:44 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>
>>>  > I'm onboard with what appears to be the de facto numbering
>>>
>>> Indeed it is, sounds good to me for the most part. But I think we need to
>>> add one more number to this scheme for interstitial releases.
>>>
>>> For example, the 1.4 branch version is currently ESAPI 1.4 per this scheme
>>>
>>> Soon, I'll push out a new 1.4 release candidate - small fixes with no API
>>> changes that only fix critical issues, as well as upgrading maven. I'd like
>>> to label that ESAPI 1.4.1rc1,and eventually release ESAPI 1.4.1.
>>>
>>>  So per FireFox, there is never a ESAPI 2.0.0, but there could be a ESAPI
>>> 2.0.1. Anytime there is a "second zero" it is dropped from the numbering
>>> scheme.
>>>
>>> You like, Mike+team?
>>>
>>> - Jim
>>>
>>> I'm not sure that 1.4rc1 == 1.4.1
>>>
>>> I'm onboard with what appears to be the de facto numbering, e.g.
>>>
>>> 1.1a1
>>> 1.6b3
>>> 1.9rc1
>>> 1.4
>>> 2.0
>>>
>>> i.e.
>>> http://en.wikipedia.org/wiki/Software_versioning#Pre-release_versions
>>>
>>> Mike
>>>
>>>
>>> On Sun, Nov 29, 2009 at 5:36 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>>
>>>> I'd like to recommend that we go with a 3 number versioning system for
>>>> ESAPI moving forward.
>>>>
>>>> Per this scheme, our last release was 2.0.4 (ESAPI 2.0, rc4).
>>>>
>>>> and the 1.4 branch is at 1.4.1 now. (ESAPI 1.4 rc1, which went live
>>>> right away).
>>>>
>>>> Soon we will release a new ESAPI release candidate (ESAPI 2.0.5). I'm
>>>> also working on the getting a new release out for the 1.4 branch (ESAPI
>>>> 1.4.2).
>>>>
>>>> All in favor?

Not to throw a monkey wrench into the works, but I was just wondering...
are we sure that the version numbering scheme proposed here (referred
to as the Firefox scheme) compatibly with version numbering for Maven
repositories? I think that it does, but someone more familiar with Maven
than me should confirm this. It's discussed in section 9.3.1 of Sonatype's
_Maven: The Definitive Guide_ available at
http://www.sonatype.com/products/maven/documentation/book-defguide
if someone would care to double-check.  As I read it, it seems to be
compatible, but I may be missing some nuances here and there.

-kevin
-- 
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME


More information about the OWASP-ESAPI mailing list