Dev on Duty
Franziska Bühler edited this page Jun 25, 2022
·
380 revisions
Pages 38
Clone this wiki locally
Dev on Duty is a program where the CRS project assigns a team member the role to be a first responder for incoming new issues.
Schedule 2022
| Period | Dev-on-duty | Assumed duty | Payment | Remarks |
|---|---|---|---|---|
| Week 1 3 Jan - 9 Jan |
@airween | Jan 03, 11:17 CET | Pending with OWASP | GH: #2346 SO: ML: #1 |
| Week 2 10 Jan - 16 Jan |
@redxanadu | 10 Jan, 10:45 UTC | Pending with OWASP | GH: SO: #1, #2, #3 ML: #1 |
| Week 3 17 Jan - 23 Jan |
@franbuehler | Jan 17, 09:15 CET | Pending with OWASP | GH: SO: #1, not answered, too broad ML: TW: #1, #2, #3 Slack: #1 -> PR |
| Week 4 24 Jan - 30 Jan |
@lifeforms | Jan 24, 11:57 CET | Pending with OWASP | GH: #2361 SO: log question, blocking large requests ML: TW: Slack: |
| Week 5 31 Jan - 6 Feb |
@azurit | Jan 31, 08:07 CET | Pending with OWASP | GH: #2364, #19, #2365, #2366, #2367 SO: ML: TW: Slack: |
| Week 6 7 Feb - 13 Feb |
@fzipi | Feb 7, 08:12 GMT-3 | Pending with OWASP | GH: #1 #2 #3 #4 #5 SO: ML: TW: Slack: |
| Week 7 14 Feb - 20 Feb |
@redxanadu | 14 Feb, 10:15 UTC | Pending with OWASP | GH: #2392, #2396, #2398 SO: #1 ML: #1 TW: #1 Slack: |
| Week 8 21 Feb - 27 Feb |
@airween | 20 Feb, 07:01 CET | Pending with OWASP | GH: #2403, #2409 SO: 1, 2, 3 ML: 1 TW: Slack: |
| Week 9 28 Feb - 6 Mar |
@azurit | 28 Feb, 07:07 CET | Pending with OWASP | GH: #2413, #2415, #2416, #2418, #2419, #2289 SO: ML: TW: Slack: |
| Week 10 7 Mar - 13 Mar |
@azurit | 7 Mar | Pending with OWASP | GH: #2424 SO: #1 ML: #1 TW: Slack: |
| Week 11 14 Mar - 20 Mar |
@airween | 14 Mar, 09:05 CET | Pending with OWASP | GH: #2434, #2438, #2440 SO: #1, #2 ML: TW: #1 Slack: #1 |
| Week 12 21 Mar - 27 Mar |
@franbuehler | 21 Mar, 08:15 CET | Pending with OWASP | GH: #2446, #2447,#2449, #2450, #2451 SO: #1, Not answered ML: TW: Slack: #1 |
| Week 13 28 Mar - 3 Apr |
@fzipi | 28 Mar, 10:05 GMT-3 | Pending with OWASP | GH: #1 #2 SO: 1 ML: TW: Slack: |
| Week 14 4 Apr - 10 Apr |
@azurit | 4 Apr, 07:25 CET | Pending with CRS | GH: - SO: - ML: - TW: - Slack: - |
| Week 15 11 Apr - 17 Apr |
@redxanadu (relieved @lifeforms midweek) |
11 Apr, 10:00 CET | Pending with CRS | GH: #2494 (@lifeforms), #2480 (@lifeforms) SO: #1, #2, #3, #4, #5 ML: #1 TW: Slack: |
| Week 16 18 Apr - 24 Apr |
@dune73 | 19 Apr, 0800 CET | Pending with CRS | GH: #2502, #1849 followup, #2506 SO: #1, #2 ML: - TW: - Slack: - |
| Week 17 25 Apr - 1 May |
@franbuehler | 25 Apr, 09:15 CEST | GH: #2509, #2512 -> PR #2521 SO: #1, #2 Update ML: #1 TW: #1, #2 Slack: |
|
| Week 18 2 May - 8 May |
@azurit | 2 May, 06:00 CET | GH: #2522, #5, #2526 SO: #1, #2 ML: TW: Slack: |
|
| Week 19 9 May - 15 May |
@airween | 9 May 07:20 CEST | GH: SO: #1, #2 ML: TW: Slack: |
|
| Week 20 16 May - 22 May |
@azurit | 16 May, 06:40 CET | GH: #3 SO: #1, #2, #3, #4 ML: #1 TW: Slack: |
|
| Week 21 23 May - 29 May |
@fzipi | 23 May, 9:25 UYT | GH: #1 SO: 1 ML: #1 #2 TW: Slack: |
|
| Week 22 30 May - 5 Jun |
@franbuehler | 30 May, 13:30 CEST | GH: #2610, #2612 SO: #1, #2, #3 ML: #1 TW: #1, #2 Slack: #1 |
|
| Week 23 6 Jun - 12 Jun |
@airween | 06 Jun, 09:26 CEST | GH: - SO: #1, #2, #3, #4, #5 ML: - TW: #1, #2 Slack: #1 |
|
| Week 24 13 Jun - 19 Jun |
@azurit | 13 Jun, 09:35 CET | GH: #2627 SO: ML: #1 TW: Slack: |
|
| Week 25 20 Jun - 26 Jun |
@franbuehler | 20 Jun, 10:45 CEST | GH: #2659 SO: #1 ML: TW: #1,#2 and some likes/retweets Slack: |
|
| Week 26 27 Jun - 3 Jul |
@dune73 | GH: SO: ML: TW: Slack: |
||
| Week 27 4 Jul - 10 Jul |
@airween | GH: SO: ML: TW: Slack: |
||
| Week 28 11 Jul - 17 Jul |
@azurit | GH: SO: ML: TW: Slack: |
||
| Week 29 18 Jul - 24 Jul |
... | GH: SO: ML: TW: Slack: |
||
| Week 30 25 Jul - 31 Jul |
... | GH: SO: ML: TW: Slack: |
||
| Week 31 1 Aug - 7 Aug |
@franbuehler | GH: SO: ML: TW: Slack: |
||
| Week 32 8 Aug - 14 Aug |
@airween | GH: SO: ML: TW: Slack: |
||
| Week 33 15 Aug - 21 Aug |
... | GH: SO: ML: TW: Slack: |
||
| Week 34 22 Aug - 28 Aug |
... | GH: SO: ML: TW: Slack: |
||
| Week 35 29 Aug - 4 Sep |
... | GH: SO: ML: TW: Slack: |
||
| Week 36 5 Sep - 11 Sep |
... | GH: SO: ML: TW: Slack: |
||
| Week 37 12 Sep - 18 Sep |
... | GH: SO: ML: TW: Slack: |
||
| Week 38 19 Sep - 26 Sep |
... | GH: SO: ML: TW: Slack: |
||
| Week 39 27 Sep - 2 Oct |
... | GH: SO: ML: TW: Slack: |
||
| Week 40 3 Oct - 9 Oct |
... | GH: SO: ML: TW: Slack: |
Schedule 2021
| Period | Dev-on-duty | Assumed duty | Payment | Remarks |
|---|---|---|---|---|
| Week 14 - 5-Apr - 11-Apr | @franbuehler | April 5, 22:00 CET | done | Bit of work on GitHub #1947, #2044, #2047 |
| Week 15 - 12-Apr - 18-Apr | @azurit | April 12, 7:30 CET | done | GH: #2054, #2055, #2043, #2042 |
| Week 16 - 19-Apr - 25-Apr | @dune73 | April 19, 09:00 CET | done | nothing new on GH, responded to a few SO queries, also old ones |
| Week 17 - 26-Apr - 2-May | @airween | April 26, 7:30 CET | done | Two issues on GH (#2060, #2062), nothing on ML, responded 8 SO questions |
| Week 18 - 3-May - 9-May | @franbuehler | May 3, 7:45 CEST | done | GitHub: #2064, SO: DoS, SO: Dynamic ARGS, SO: franbuehler image, SO: ModSec/CRS/NGINX Kong Ingress, SO: ModSec NGINX Windows, SO not responded: syslog-ng related |
| Week 19 - 10-May - 16-May | @lifeforms | May 10, 10:15 CEST | done | GH: 2071 |
| Week 20 - 17-May - 23-May | @azurit | May 17, 7:00 CEST | done | GH: 2091, #2093, #2089, #2079, #2076, #2075 |
| Week 21 - 24-May - 30-May | @airween | May 24, 08:15 CEST | done | GH: 2105, 2108, 4 issues on SO: #1, #2, #3, #4 |
| Week 22 - 31-May - 6-Jun | @franbuehler | May 31, 10:40 CEST | pending with OWASP | GH: 32, PR 21 Review, PR 66 Review, 2110, 2113, 2118, 2119,1 issue on SO: #1, #2 not responded, poorly asked |
| Week 23 - 7-Jun - 13-Jun | @fzipi | Jun 7, 14:30 CEST | pending with CRS | SO: modsec geodb SO: googlebot GH: modsec-docker, modsec-docker 2, #2123, created #2127, #2128 |
| Week 24 - 14-Jun - 20-Jun | @dune73 | Jun 14, 08:00 CEST | pending with OWASP | SO: auditlog on NGINX, SO: Rewrite ModSec in Spring, GH: Issue 2133 (a wee bit late, though) |
| Week 25 - 21-Jun - 27-Jun | @franbuehler | Jun 21, 08:00 CEST | pending with OWASP | SSE: FP Wordpress, GitHub Docker: #74, GitHub: #2139, created #2135 |
| Week 26 - 28-Jun - 4-Jul | @azurit | Jun 28, 06:45 CEST | pending with OWASP | GH: #2142 SO: #1, #2, #3 |
| Week 27 - 5-Jul - 11-Jul | @airween | Jul 05, 07:15 CEST | pending with OWASP | GH: #2150 SO: #1, #2, #3, #4 |
| Week 28 - 12-Jul - 18-Jul | @fzipi | Jul 12, 15:00 CEST | pending with CRS | SO: #1 Updated CII bestpractices repo #2 GH: #1991 |
| Week 29 - 19-Jul - 25-Jul | @azurit | Jul 19, 08:12 CEST | pending with OWASP | GH: #2167 SO: #1, #2 ML: #1 |
| Week 30 - 26-Jul - 1-Aug | @dune73 | Jul 26, 09:00 CEST | pending with OWASP | GH: #2162 ML: Containerized Logging (just noticed my response and the conversation evolving on Wed was private), Trustwave Rules SO: Docker Image Problems |
| Week 31 - 2-Aug - 8-Aug | @airween | Aug 02, 08:05 CEST | pending with OWASP | GH: #2170, #2171, #2173, #2175; SO: Azure WAF 403 Response |
| Week 32 - 9-Aug - 15-Aug | @azurit | Aug 09, 10:20 CEST | pending with OWASP | GH: #2176 SO: #1, #2 Slack: answered one question |
| Week 33 - 16-Aug - 22-Aug | @franbuehler | Aug 16, 14:30 CEST | pending with OWASP | GH: #2177, #2179, Docker #41 SSE: FP ruby 932150, Slack: FP 930100 |
| Week 34 - 23-Aug - 29-Aug | @azurit | Aug 23, 9:30 CEST | pending with OWASP | GH: #2182, #2181 SO: #1 ML: #1 |
| Week 35 - 30-Aug - 5-Sep | @fzipi | Aug 30, 9:30 CEST | pending with CRS | GH: #2163 #80 #2186 SO: #1 |
| Week 36 - 6-Sep - 12-Sep | @airween | Sep 06, 13:45 CEST | pending with OWASP | GH: #2198 SO: #1, #2 ML: - |
| Week 37 - 13-Sep - 19-Sep | @franbuehler | Sep 13, 10:30 CEST | pending with OWASP | GH: #44 SO: #1, #2 ML: - |
| Week 38 - 20-Sep - 26-Sep | @azurit | Sep 20, 11:10 CEST | pending with OWASP | GH: - SO: - ML: - |
| Week 39 - 27-Sep - 3-Oct | @spartantri | Sep 27, 14:10 CEST | pending with OWASP | GH: - SO: - ML: - |
| Week 40 - 4-Oct - 10-Oct | @redxanadu | Oct 04, 11:30 CEST | pending with OWASP | GH: #2220, #2219 SO: #1, #2, #3, #4, #5 ML: |
| Week 41 - 11-Oct - 17-Oct | @fzipi | Oct 11, 17:30 CEST | pending with OWASP | GH: #48 #42 SO: ML: |
| Week 42 - 18-Oct - 24-Oct | @azurit | Oct 18, 07:15 CEST | pending with OWASP | GH: #2235, #2 SO: #1 ML: - |
| Week 43 - 25-Oct - 31-Oct | ALLSTARS | Oct 26, 09:00 CEST | pending with OWASP | GH: SO: ML: #1, #2 |
| Week 44 - 01-Nov - 07-Nov | @spartantri | Nov 1, 09:00 CDT | pending with OWASP | GH: #2290, #2289 SO: Plain English firing Modsecurity/WAF/CRS rules ML: |
| Week 45 - 08-Nov - 14-Nov | @fzipi | Nov 8, 09:00 CDT | pending with OWASP | GH: #1 SO: #1 ML: |
| Week 46 - 15-Nov - 21-Nov | @airween | Nov 15, 07:25 CET | pending with OWASP | GH: #2314, #2316, #2317 SO: #1, #2, #3, #4, #5 ML: |
| Week 47 - 22-Nov - 28-Nov | @franbuehler | Nov 21, 08:55 CET | pending with OWASP | GH: - SO: - ML: - |
| Week 48 - 29-Nov - 05-Dec | @azurit | Nov 29, 07:45 CET | pending with OWASP | GH: - SO: #1, #2, #3 ML: - |
| Week 49 - 06-Dec - 12-Dec | @redxanadu | Dec 06, 11:30 UTC | pending with OWASP | GH: #2326 SO: #1, #2 ML: TW: #1 |
| Week 50 - 13-Dec - 19-Dec | @airween | Dec 13, 09:26 CET | pending with OWASP | GH: #2337 SO: #1, #2, #3 ML: #1, #2, #3 SLACK: #1 |
| Week 51 - 20-Dec - 26-Dec | @azurit | Dec 20, 17:23 CET | pending with OWASP | GH: #2341 SO: - ML: - TW: #1 |
| Week 52 - 27-Dec - 02-Jan | @azurit | Dec 27, 08:30 CET | pending with OWASP | GH: #2342 SO: #1 ML: - |
Duties
- Being a first responder to inquiries coming in as GitHub issues.
- Being a first responder to inquiries coming in via the CRS Google Group Mailing list.
- Being a first responder to inquiries coming in via the ModSecurity Mailing list if they touch on CRS.
- Being a first responder to inquiries coming in via the #coreruleset channel on Slack.
- Being a first responder to inquiries coming in via Stack Overflow / Stack Exchange if they touch on CRS.
- Being a first responder to inquiries (!) appearing on Twitter. See below for a list of queries. And no need to respond on links and what not. All we want to really address is support questions.
First response means to respond within 24 hours and cover the following items:
- Check out the response templates to see if there one available for this question. If yes: copy&paste, edit and respond.
- If there is a simple answer, then respond and close the issue (obviously closing on github)
- If the issues is incomplete and we need additional infos, then there is a response template for that.
- If it is a real issue, then test it (-> demo/sandbox!) and confirm if possible.
- If it is a real issue and it's on the Google Group Mailinglist, ModSecurity mailinglist, Slack, Twitter or Stack Overflow, then ask the reporter to open an issue on GH. If that does not work, then open the issue yourself.
- Tagging original authors or people where you think they can help in comments on github would be helpful. Actively approach people to make sure we find a solution quickly!
- If you do not see anybody jumping on the issue and you can not easily solve it, then make sure the issue is scheduled for the next issue chat.
All combined: Try to think for yourself, we are not providing paid support but we try to be helpful. This is best effort.
First steps
Before you can start your duty for the first time, you need to do following steps:
- Sign up for GitHub and watch, at least, issues in coreruleset repository.
- Create a Google account and join CRS Google Group Mailing list.
- Join the ModSecurity Mailinglist
- Sign up for OWASP on Slack and join #coreruleset channel.
- Sign up for Stack Overflow.
- Sign up on twitter or ask for the @CoreRuleSet twitter account (-> @lifeforms / @dune73)
Keeping track of Stack Overflow
We cover the following keywords / queries on Stack Overflow and Security Stack Exchange. Feel free to concentrate on CRS related questions and skip the ModSecurity stuff if it gets too much:
- SO: Core Rule Set
- SO: CoreRuleSet
- SO: Mod Security
- SO: ModSecurity
- SO: Mod-Security
- SO: Mod-Security2
- SO RSS mod-security
- SO RSS mod-security2
- SE: OWASP
- SE: mod-security
It is also possible to search for questions created only during your duty using date filtering. Example search for keyword CoreRuleSet is here.
Hint: Log in to bypass captcha checks.
Keeping Track of Twitter
- Feel free to use your own twitter account and sign with
#CRSDevOnDuty - If you prefer, you can also ask for the @CoreRuleSet twitter account
- There is a response template for twitter for everything that does not fit into 240 chars.
Please cover the following hashtags / queries:
- ModSecurity (covers #ModSecurity hashtag + account @ModSecurity as well)
- CoreRuleSet (covers #CoreRuleSet hashtag + account @CoreRuleSet as well)
- Core Rule Set
Queries for CRS3, ModSec and the like brings too much noise.
Hand-over : Assumed Duty column
We need to make sure we get the hand-over correct.
- Hand-over is organised between the previous and the new dev-on-duty. It's perfectly OK to ask if somebody could keep the duty a day longer or if you could hand over a day early (because you are on holiday or whatever. But you need to talk!)
- The new period starts when the new dev-on-duty fills out the "assumed duty" column above. Of course this is meant to happen on the day indicated above, but you can not silently assume the new dev-on-duty has taken over without formal confirmation.
- Please indicate the date and the rough time of the hand-over
Payment
Starting Oct 2021, we agreed on 200 USD per week of duty. Payment will be organized by the project leads via OWASP HQ. This may take a bit of time in the beginning until the process works.