It’s hard to believe that it’s already been another year since the last OWASP ModSecurity Core Rule Set Developer Retreat in Varese near Milan in northern Italy. This year, the core team is meeting in the Hungarian capital Budapest from November 5th to 12th. The team members travelled from all directions – some got up inhumanly early, others flew across the Atlantic and still others had been travelling by train for two days … but not even the Deutsche Bahn could prevent all registered participants from arriving at the Hotel Nádas Pihenőpark by late afternoon on Sunday.
The first day was all about organization. The projects to be pursued during the week were determined together and the team members were divided up among them. The plan for the week is that most of the mornings will be spent working on the projects, while the afternoons are intended for workshops and discussions. To this end, the following projects were selected:
In fact, a problem was already written off on the first day: To avoid backlogs in the changelog, the core team member approving a PR will have to write a changelog comment that will later be reviewed and added to the CHANGES.md. A PR can’t be merged without this comment. This check will be automated. If all problems are solved this quickly next week, it promises to be a very efficient retreat!
In addition, various hot topics such as sponsors, the future of ModSecurity and, last but not least, how Felipe wants to gain control of the universe were discussed until late. It is not (yet) known whether further discussions took place during the nightly pool visit of some participants.
The discussion of the CRS roadmap is planned for Monday afternoon. That should be very exciting again.