-
-
Notifications
You must be signed in to change notification settings - Fork 424
Dev on Duty
azurit edited this page Nov 18, 2025
·
1143 revisions
Dev on Duty is a program where the CRS project assigns a team member the role to be a first responder for incoming new issues.
| Period | Dev-on-duty | Assumed duty | Payment | Remarks |
|---|---|---|---|---|
| Week 1 6 Jan - 12 Jan |
@franbuehler | 6 Jan, 07:41 CET | Paid | GH: #320, #3978 SO: ML: TW: Slack: |
| Week 2 13 Jan - 19 Jan |
@Xhoenix | 09:35AM IST | Paid | GH: #3979, #3981 SO: ML: TW: Slack: |
| Week 3 20 Jan - 26 Jan |
@azurit | 20 Jan, 07:30 CET | Paid | GH: SO: ML: TW: Slack: |
| Week 4 27 Jan - 2 Feb |
@airween | 27 Jan, 09:33 CET | Paid | GH: #3988, #3989 SO: #1, #2, #3 ML: TW: Slack: #1 |
| Week 5 3 Feb - 9 Feb |
@Xhoenix | 3 Feb, 07:42 IST | Paid | GH: #3991 SO: ML: TW: Slack: |
| Week 6 10 Feb - 16 Feb |
@azurit | 10 Feb, 08:00 CET | Paid | GH: SO: ML: TW: Slack: |
| Week 7 17 Feb - 23 Feb |
@franbuehler | 17 Feb, 08:40 CET | Paid | GH: SO: #1 ML: TW: Slack: |
| Week 8 24 Feb - 2 Mar |
@airween | 24 Feb, 09:32 CET | Paid | GH: #4017 SO: ML: TW: Slack: |
| Week 9 3 Mar - 9 Mar |
@Xhoenix | 03 Mar, 09:18 IST | Paid | GH: #4034, #4035, #4039 SO: ML: TW: Slack: |
| Week 10 10 Mar - 16 Mar |
@azurit | 10 Mar, 09:24 CET | Paid | GH: #75 SO: ML: TW: Slack: |
| Week 11 17 Mar - 23 Mar |
@airween | 17 Mar, 11:08 CET | Paid | GH: - SO: #1 ML: - TW: - Slack: - |
| Week 12 24 Mar - 30 Mar |
@franbuehler | 24 Mar, 08:20 CET | Paid | GH: #4051 SO: #1 ML: TW: Slack: |
| Week 13 31 Mar - 6 Apr |
@Xhoenix | 31 Mar, 08:50AM IST | Paid | GH: SO: #1 ML: TW: Slack: #1 |
| Week 14 7 Apr - 13 Apr |
@airween | 07 Apr, 09:34 CEST | Paid | GH: SO: #1 ML: TW: Slack: #1 |
| Week 15 14 Apr - 20 Apr |
@azurit | 14 Apr, 08:05 CET | Paid | GH: #4098 SO: ML: TW: Slack: |
| Week 16 21 Apr - 27 Apr |
@Xhoenix | 21 Apr, 07:20 IST | Paid | GH: #4104 SO: ML: TW: Slack: |
| Week 17 28 Apr - 4 May |
@franbuehler | 28 Apr, 11:00 CEST | Paid | GH: #4110 SO: #1 ML: #1 TW: Slack: |
| Week 18 5 May - 11 May |
@airween | 05 May, 09:53 CEST | Paid | GH: #4121 SO: ML: TW: Slack: #1, #2 |
| Week 19 12 May - 18 May |
@azurit | 12 May, 07:55 CET | Paid | GH: #4128 SO: #1 ML: TW: Slack: |
| Week 20 19 May - 25 May |
@franbuehler | 19 May, 07:45 CEST | Paid | GH: #4137, #4140, #4145 SO: #1 ML: TW: Slack: |
| Week 21 26 May - 1 Jun |
@Xhoenix | 26 May, 08:30 IST | Paid | GH: #4149 SO: ML: TW: Slack: |
| Week 22 2 Jun - 8 Jun |
@airween | 02 Jun, 09:45 CEST | Paid | GH: #4154 SO: ML: TW: Slack: |
| Week 23 9 Jun - 15 Jun |
@azurit | 9 Jun, 09:50 CET | Paid | GH: #4160 SO: ML: TW: Slack: |
| Week 24 16 Jun - 22 Jun |
@airween | 16 Jun, 09:40 CEST | Paid | GH: SO: ML: #1, #2 TW: Slack: |
| Week 25 23 Jun - 29 Jun |
@franbuehler | 23 Jun, 07:30 CEST | Paid | GH: #4170 SO: ML: TW: Slack: |
| Week 26 30 Jun - 6 Jul |
@Xhoenix | 30 Jun, 12:30 IST | Paid | GH: #4179 SO: ML: TW: Slack: |
| Week 27 7 Jul - 13 Jul |
@airween | 07 Jul, 09:26 CEST | Q3 start | GH: #4188, #4189, #4191, #4192, #4195, #4196, #4197, #4198 SO: #1, #2, #3, #4, #5 ML: TW: Slack: #1 |
| Week 28 14 Jul - 20 Jul |
@azurit | 14 Jul, 10:04 CET | GH: #4212 SO: ML: TW: Slack: |
|
| Week 29 21 Jul - 27 Jul |
@airween | 21 Jul, 11:29 CEST | GH: #4213 SO: ML: TW: Slack: |
|
| Week 30 28 Jul - 3 Aug |
@azurit | 28 Jul, 10:04 CET | GH: SO: ML: TW: Slack: |
|
| Week 31 4 Aug - 10 Aug |
@franbuehler | 04 Aug, 14:00 CEST | GH: SO: ML: TW: Slack: #1 |
|
| Week 32 11 Aug - 17 Aug |
@airween | 11 Aug, 09:37 CEST | GH: - SO: - ML: - TW: - Slack: - |
|
| Week 33 18 Aug - 24 Aug |
@redxanadu | 18 Aug, 09:50 BST | GH: #31 SO: ML: TW: #1 Slack: #1, #2 |
|
| Week 34 25 Aug - 31 Aug |
@azurit | 25 Aug, 09:04 CET | GH: SO: ML: TW: Slack: |
|
| Week 35 1 Sep - 7 Sep |
@franbuehler | 01 Sep, 10:00 CEST | GH: SO: ML: TW: Slack: |
|
| Week 36 8 Sep - 14 Sep |
@airween | 08 Sep, 09:53 CEST | GH: - SO: #1 ML: - TW: - Slack: - |
|
| Week 37 15 Sep - 21 Sep |
@azurit | 15 Sep, 09:04 CET | GH: #4266, #4265, #4267, #4268 SO: ML: TW: Slack: |
|
| Week 38 22 Sep - 28 Sep |
@azurit | 22 Sep, 07:50 CET | GH: #4272, #4264 SO: ML: TW: Slack: |
|
| Week 39 29 Sep - 5 Oct |
@airween | 29 Sep, 09:09 CEST | GH: - SO: - ML: - TW: - Slack: - |
|
| Week 40 6 Oct - 12 Oct |
@azurit | 6 Oct, 09:55 CET | Q4 start | GH: #4282, #4285, #4286 SO: ML: TW: Slack: |
| Week 41 13 Oct - 19 Oct |
@franbuehler | 13 Oct, 08:00 CEST | GH: #4289 SO: ML: TW: Slack: |
|
| Week 42 20 Oct - 26 Oct |
@azurit | 20 Oct, 10:22 CET | GH: #4304, #4299, #96 SO: ML: #1, #2 TW: Slack: #1 |
|
| Week 43 27 Oct - 2 Nov |
@airween | 27 Oct, 09:45 CET | GH: #4312 SO: #1 ML: TW: Slack: #1 |
|
| Week 44 3 Nov - 9 Nov |
@azurit | 3 Nov, 7:35 CET | GH: SO: ML: TW: Slack: #1 |
|
| Week 45 10 Nov - 16 Nov |
@airween | 10 Nov, 10:37 CET | GH: SO: #1 ML: TW: Slack: |
|
| Week 46 17 Nov - 23 Nov |
@azurit | 17 Nov, 8:15 CET | GH: #4344 SO: ML: TW: Slack: |
|
| Week 47 24 Nov - 30 Nov |
Dev Retreat | GH: SO: ML: TW: Slack: |
||
| Week 48 1 Dec - 7 Dec |
@airween | GH: SO: ML: TW: Slack: |
||
| Week 49 8 Dec - 14 Dec |
@Xhoenix | GH: SO: ML: TW: Slack: |
||
| Week 50 15 Dec - 21 Dec |
@airween | GH: SO: ML: TW: Slack: |
||
| Week 51 22 Dec - 28 Dec |
@azurit | GH: SO: ML: TW: Slack: |
||
| Week 52 29 Dec - 4 Jan |
@Xhoenix | GH: SO: ML: TW: Slack: |
- Being a first responder to inquiries coming in as GitHub issues.
- Being a first responder to inquiries coming in via the CRS Google Group Mailing list.
- Being a first responder to inquiries coming in via the ModSecurity Mailing list if they touch on CRS.
- Being a first responder to inquiries coming in via the #coreruleset channel on Slack.
- Being a first responder to inquiries coming in via Stack Overflow / Stack Exchange / Server Fault if they touch on CRS.
- Being a first responder to inquiries (!) appearing on Twitter. See below for a list of queries. And no need to respond on links and what not. All we want to really address is support questions.
First response means to respond within 24 hours and cover the following items:
- Check out the response templates to see if there one available for this question. If yes: copy&paste, edit and respond.
- If there is a simple answer, then respond and close the issue (obviously closing on github)
- If the issues is incomplete and we need additional infos, then there is a response template for that.
- If it is a real issue, then test it (-> demo/sandbox!) and confirm if possible.
- If it is a real issue and it's on the Google Group Mailinglist, ModSecurity mailinglist, Slack, Twitter or Stack Overflow, then ask the reporter to open an issue on GH. If that does not work, then open the issue yourself.
- Tagging original authors or people where you think they can help in comments on github would be helpful. Actively approach people to make sure we find a solution quickly!
- If you do not see anybody jumping on the issue and you can not easily solve it, then make sure the issue is scheduled for the next issue chat.
All combined: Try to think for yourself, we are not providing paid support but we try to be helpful. This is best effort.
Before you can start your duty for the first time, you need to do following steps:
- Sign up for GitHub and watch, at least, issues in coreruleset repository.
- Create a Google account and join CRS Google Group Mailing list.
- Join the ModSecurity Mailinglist
- Sign up for OWASP on Slack and join #coreruleset channel.
- Sign up for Stack Overflow.
- Sign up on twitter or ask for the @CoreRuleSet twitter account (-> @lifeforms / @dune73)
We cover the following keywords / queries on Stack Overflow and Security Stack Exchange. Feel free to concentrate on CRS related questions and skip the ModSecurity stuff if it gets too much:
- SE: owasp-crs
- SO: owasp-crs
- SO: Core Rule Set
- SO: CoreRuleSet
- SO: Mod Security
- SO: ModSecurity
- SO: Mod-Security
- SO: Mod-Security2
- SO RSS mod-security
- SO RSS mod-security2
- SE: OWASP
- SE: mod-security
- SV: mod-security
It is also possible to search for questions created only during your duty using date filtering. Example search for keyword CoreRuleSet is here.
Hint: Log in to bypass captcha checks.
- Feel free to use your own twitter account and sign with
#CRSDevOnDuty - If you prefer, you can also ask for the @CoreRuleSet twitter account
- There is a response template for twitter for everything that does not fit into 240 chars.
Please cover the following hashtags / queries:
- ModSecurity (covers #ModSecurity hashtag + account @ModSecurity as well)
- CoreRuleSet (covers #CoreRuleSet hashtag + account @CoreRuleSet as well)
- Core Rule Set
Queries for CRS3, ModSec and the like brings too much noise.
We need to make sure we get the hand-over correct.
- Hand-over is organised between the previous and the new dev-on-duty. It's perfectly OK to ask if somebody could keep the duty a day longer or if you could hand over a day early (because you are on holiday or whatever. But you need to talk!)
- The new period starts when the new dev-on-duty fills out the "assumed duty" column above. Of course this is meant to happen on the day indicated above, but you can not silently assume the new dev-on-duty has taken over without formal confirmation.
- Please indicate the date and the rough time of the hand-over
Starting Oct 2021, we agreed on 200 USD per week of duty. Payment will be organized by the project leads via OWASP HQ. This may take a bit of time in the beginning until the process works.
-> Dev-on-Duty:-Response-Templates
This can auto-generate a schedule for a whole year if you wish.
Change start_week and end_week as required. Note that this one-liner sets the shell locale to "C" to cause the months to be written in English.
start_week=45 ; end_week=50 ; export LC_ALL="C" ; i=1 ; while [ $(date --date "$(date +%Y)-01-$i" +%A) != "Monday" ] ; do i=$((i+1)) ; done ; echo -e "\n| *Period* | *Dev-on-duty* | *Assumed duty* | *Payment* | *Remarks* |" ; echo "| --------------------------- | ------------- | ------------------- | ------------------ | ------------------------------------------ |" ; while [ $start_week -le $end_week ] ; do printf "%-30s" "$(echo -n "| Week $start_week<br/>" ; date --date "$(date +%Y)-01-$i +$((start_week-1)) weeks" "+%-d %b - " | tr -d '\n' ; date --date "$(date +%Y)-01-$i +$((start_week-1)) weeks +6 days" "+%-d %b " | tr -d '\n')" ; echo "| ... | | | GH: <br/>SO: <br/>ML: <br/>TW: <br/>Slack: |" ; start_week=$((start_week+1)) ; done ; echo
Variant to manually set a different year, i.e. to generate next year's schedule:
year=2026 ; start_week=1 ; end_week=52 ; export LC_ALL="C" ; i=1 ; while [ $(date --date "$year-01-$i" +%A) != "Monday" ] ; do i=$((i+1)) ; done ; echo -e "\n| *Period* | *Dev-on-duty* | *Assumed duty* | *Payment* | *Remarks* |" ; echo "| --------------------------- | ------------- | ------------------- | ------------------ | ------------------------------------------ |" ; while [ $start_week -le $end_week ] ; do printf "%-30s" "$(echo -n "| Week $start_week<br/>" ; date --date "$year-01-$i +$((start_week-1)) weeks" "+%-d %b - " | tr -d '\n' ; date --date "$year-01-$i +$((start_week-1)) weeks +6 days" "+%-d %b " | tr -d '\n')" ; echo "| ... | | | GH: <br/>SO: <br/>ML: <br/>TW: <br/>Slack: |" ; start_week=$((start_week+1)) ; done ; echo
The historical Dev on Duty schedules covering previous years are kept in a separate archive document for tidiness.