Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Recent [unilateral, unannounced] Rule Changes

From: JP Vossen <jp () jpsdomain org>
Date: Thu, 01 Jul 2010 01:53:12 -0400
Date: Wed, 30 Jun 2010 18:43:50 -0400
Subject: [Snort-sigs] Recent Rule Changes

As many of you know, we changed the way that we allow for downloads from Snort.org.


Yes, we know.  Now.

Apologies if I missed the 3-5 change notifications that any first-year 
sysadmin would know enough to start sending *weeks* in advance of a 
change like this, but checking the ML archives I don't see them either.

You guys REALLY, REALLY need to stop unilaterally pulling the rug out 
from under your paying users, with no notice whatsoever!

That's two show-stoppers in two months, and one change introduced last 
time you broke it is now gone this time you broke it ("There is no need 
for the _s anymore") [1].

2010-06-28: broke how rules are downloaded [2]
2010-04-26: broke how rules are downloaded [3]


I suggest you resurrect the "Announce" ML (dead since mid-2007), 
subscribe the other lists to it, feed it from the VRT Blog (maybe, 
debatable), and make *any* change that impacts your customers in *any* 
way without several notices going to that list a serious disciplinary 
offense.

Don't get me wrong, I love snort.  I even get that this latest change is 
going to be a big scalable help.  What I don't get is why you guys think 
it's OK to break one of the the fundamental things you have people 
paying for without any advance notice.

Would you put up from that from your vendor?
JP

PS--Not picking on Joel either, since he's on the sharp end, I doubt it 
was his idea to do it this way.  But the next time the IT guys say, "hey 
send out this announcement after the fact," you have to push them back. 
  No, you can't change fundamental, customer-facing facilities with zero 
warning.
___________________________
[1] http://marc.info/?l=snort-sigs&m=127782132231177&w=2
[2] http://marc.info/?l=snort-sigs&m=127775719011156&w=2
[3] 
http://vrt-sourcefire.blogspot.com/2010/04/rule-release-for-today-april-26th-2010.html
----------------------------|:::======|-------------------------------
JP Vossen, CISSP            |:::======|      http://bashcookbook.com/
My Account, My Opinions     |=========|      http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
Previous By Date Next
Previous By Thread Next

Current thread: