Re: utoh... 2.8.6.1 is out but what about the rules files??

[waldo kitty <wkitty42 () windstream net>]

On 7/26/2010 07:14, Joel Esler wrote:
> On Jul 25, 2010, at 11:53 PM, waldo kitty <wkitty42 () windstream net
> <mailto:wkitty42 () windstream net>> wrote:
> > that's probably a good guess... however, as we can see, it causes problems and,
> > ideally, i current copy of the latest registered user rules for that version
> > should be created so that this kind of thing doesn't happen and "we", inclusive,
> > don't get flooded with complaints like this ;)
>
> We did that as a one time thing when 2.8.6.0 came out to get people to upgrade.
> We can't be giving the subscribers rules out early to registered users every
> time we upgrade.

we're missing something... i'm not asking for subscribers rules to be given out 
early... i'm saying that there should be a link or a real file that points to 
the existing registered users rules when the new version of snort is released...

ie: "RU" means registered user...
when 2.8.5.3 was current...
2.8.5.3RU -> snortrules-snapshot-2853.tar.gz
then 2.8.6.0 was released so...
2.8.6.0RU -> ln -s snortrules-snapshot-2853.tar.gz snortrules-snapshot.2860.tar.gz
then, when the real archive file is created for 2.8.6.0 registered users, the 
link is removed and replaced with the real file...

if you don't like softlinks, then copy the real archive file to the new name... 
the result is the same... if i install 2.8.6.1 on a brand new system today, as a 
registered user, i cannot get any rules based on your published methodology... 
why? because i'd be looking for snortrules-snapshot-2861.tar.gz which doesn't 
yet exist... so you're saying to me that i can't run snort for at least 30 days 
until the rules pack for 2861 is available... that's not right and i don't think 
that's what you are intending to say ;)

these links to older versions should be no problem either and those older 
versions' archives really should remain available for those who have to 
reinstall their environments and get operational before they can start applying 
their updates...

[TRIM]

> > FWIW: these two formats are the ones that i've complained about not being
> > depicted in the blog and other places where the two new format examples are
> > given... i can only assume that one of those examples, the one with 2.8.6 as the
> > version, were given so as to demonstrate the trailing zero padding necessary...
> > but none of them discuss or show that the oinkmaster users need not change
> > anything... in fact, several posts alert oinkmaster users to make changes that
> > won't/don't work :?
>
> We've put out corrected information.

thanks... i'll go hunt it down and see how it reads now ;)


------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share 
of $1 Million in cash or HP Products. Visit us here for more details:
http://ad.doubleclick.net/clk;226879339;13503038;l?
http://clk.atdmt.com/CRS/go/247765532/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users