[OWASP-ESAPI] ESAPI versioning number convention

Jim Manico jim.manico at owasp.org
Wed Dec 2 16:58:17 EST 2009


Around the end of the year for ESAPI 2.0 final. One week for ESAPI  
1.4.1.

Jim Manico

On Dec 2, 2009, at 11:53 AM, Ashish Mishra <m.ashish at gmail.com> wrote:

> Hi,
> I know that I was unable to follow the thread for some time as I was
> out of station. Can anyone please let me know when we are gonna have
> 2.0 release. Eagerly waiting for that.
>
> Thanks,
> Ashish Mishra
>
>
> On Tue, Dec 1, 2009 at 11:50 AM, Kevin W. Wall  
> <kevin.w.wall at gmail.com> wrote:
>> Chris Schmidt wrote:
>>> +1 for me
>>>
>>> On Sun, Nov 29, 2009 at 4:48 PM, Mike Boberski <mike.boberski at gmail.com 
>>> >wrote:
>>>
>>>> Yes, I like the Firefox scheme.
>>>>
>>>> Mike
>>>>
>>>>
>>>>
>>>> On Sun, Nov 29, 2009 at 6:44 PM, Jim Manico  
>>>> <jim.manico at owasp.org> wrote:
>>>>
>>>>>  > I'm onboard with what appears to be the de facto numbering
>>>>>
>>>>> Indeed it is, sounds good to me for the most part. But I think  
>>>>> we need to
>>>>> add one more number to this scheme for interstitial releases.
>>>>>
>>>>> For example, the 1.4 branch version is currently ESAPI 1.4 per  
>>>>> this scheme
>>>>>
>>>>> Soon, I'll push out a new 1.4 release candidate - small fixes  
>>>>> with no API
>>>>> changes that only fix critical issues, as well as upgrading  
>>>>> maven. I'd like
>>>>> to label that ESAPI 1.4.1rc1,and eventually release ESAPI 1.4.1.
>>>>>
>>>>>  So per FireFox, there is never a ESAPI 2.0.0, but there could  
>>>>> be a ESAPI
>>>>> 2.0.1. Anytime there is a "second zero" it is dropped from the  
>>>>> numbering
>>>>> scheme.
>>>>>
>>>>> You like, Mike+team?
>>>>>
>>>>> - Jim
>>>>>
>>>>> I'm not sure that 1.4rc1 == 1.4.1
>>>>>
>>>>> I'm onboard with what appears to be the de facto numbering, e.g.
>>>>>
>>>>> 1.1a1
>>>>> 1.6b3
>>>>> 1.9rc1
>>>>> 1.4
>>>>> 2.0
>>>>>
>>>>> i.e.
>>>>> http://en.wikipedia.org/wiki/Software_versioning#Pre-release_versions
>>>>>
>>>>> Mike
>>>>>
>>>>>
>>>>> On Sun, Nov 29, 2009 at 5:36 PM, Jim Manico  
>>>>> <jim.manico at owasp.org> wrote:
>>>>>
>>>>>> I'd like to recommend that we go with a 3 number versioning  
>>>>>> system for
>>>>>> ESAPI moving forward.
>>>>>>
>>>>>> Per this scheme, our last release was 2.0.4 (ESAPI 2.0, rc4).
>>>>>>
>>>>>> and the 1.4 branch is at 1.4.1 now. (ESAPI 1.4 rc1, which went  
>>>>>> live
>>>>>> right away).
>>>>>>
>>>>>> Soon we will release a new ESAPI release candidate (ESAPI  
>>>>>> 2.0.5). I'm
>>>>>> also working on the getting a new release out for the 1.4  
>>>>>> branch (ESAPI
>>>>>> 1.4.2).
>>>>>>
>>>>>> All in favor?
>>
>> Not to throw a monkey wrench into the works, but I was just  
>> wondering...
>> are we sure that the version numbering scheme proposed here (referred
>> to as the Firefox scheme) compatibly with version numbering for Maven
>> repositories? I think that it does, but someone more familiar with  
>> Maven
>> than me should confirm this. It's discussed in section 9.3.1 of  
>> Sonatype's
>> _Maven: The Definitive Guide_ available at
>> http://www.sonatype.com/products/maven/documentation/book-defguide
>> if someone would care to double-check.  As I read it, it seems to be
>> compatible, but I may be missing some nuances here and there.
>>
>> -kevin
>> --
>> Kevin W. Wall
>> "The most likely way for the world to be destroyed, most experts  
>> agree,
>> is by accident. That's where we come in; we're computer  
>> professionals.
>> We cause accidents."        -- Nathaniel Borenstein, co-creator of  
>> MIME
>> _______________________________________________
>> OWASP-ESAPI mailing list
>> OWASP-ESAPI at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-esapi
>>
> _______________________________________________
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-esapi


More information about the OWASP-ESAPI mailing list