Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody?

[Jason Brvenik <jason () sourcefire com>]

On Fri, Mar 18, 2011 at 7:50 PM, evilghost () packetmail net
<evilghost () packetmail net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 03/18/11 18:45, Jason Brvenik wrote:
> > Define "them" please
> >
> > Is your assertion that users don't need to run VRT and ET Rules sets?
>
> He's talking about GPL duplication across both the VRT and ET sets, there's no
> point to run true duplicated rules, matter of fact it results in SID collision
> and breakage.
>
> So, if ET is making changes to these GPL rules, hopefully they'll be committed
> into the VRT set (if they're not deprecated) so that there is uniformity across
> both rule sets.

ok. Sure. Submit the changes and if they are appropriate I'm confident
they will be committed.

That being said. Rule duplication is bad all around and actively
maintaining duplication is bad form at best, especially if the
duplicates are not exact copies. I can somewhat understand a desire to
maintain a copy of the rules set but not to actively distribute
duplication, that just hurts users. I believe this is driven by the
potential for updates or for the situation where a suggested change is
not committed for any reason.

IMHO the potential update conflict is easy to resolve... Create a new
rule, assign a new SID in the appropriate range, and add the old rule
SID and it's source as a reference. This solves the problems of
duplication, natural change, divergence in purpose, etc without
causing the users pain.

Make sense? What's missing?

> - --
> It has been said that "hate" is a powerful emotion, perhaps that's why I'm so
> strong.
>
> - -evilghost
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQIcBAEBAgAGBQJNg+/aAAoJENgimYXu6xOHYsEP/0HtXypl/Jno92agj7F0A/92
> qc9tD6ma/oXV60CLvFXoYERZG7/DuT51E5b9rr+p/U2awh3WUVRdT6mPrtj7rlbJ
> qTDWDmuTPUryJBU1EYTdTwroLEZCYR1lp02OrBIAjKMtUDYqMyFTInkTon4JkiYo
> JRK9NeeYV62XXL1fVxWCRty1D4BfMIhWbBp+5tntgxXdbvjj2CL5C8afrGeiwBgF
> QazLhx/MQy8nFAw90zxapc7J7GOpQ7loXo/iyjvpG6J8BH+f1S6vubJXE1qXlWFx
> Mkyk/odwrEv//Rcj5aYaei5y2YpL1un4n+wKlyQCThzJUZ85LYW4OqrbD9TILidY
> Dh7QV37K/zPRuAINd7YVrHuevFpwiIb+CgSgmwwEGOhTN74KbvKmKtZNLLgwUQhr
> 9mRnHHBdjxekQ6CjgN9zJM9vo/7yd5MTjkKHzwcIF50DDlSMPG2p91r9FLIRV56n
> kS5Agg69sUzHt+EgXOq2qeNY00nGy36Kvt5Gega3em3SUkm2pc0YE+pETgF+CLAS
> AdoC//lIJohxKMuhlb67DnnPgACootPh5mDReOqUMEzA5BEWGa3vWf0ssNXe7Hpr
> npqnSR1uIu/Z1SPeTDA+Cot5FddtPnMAzWJSfRp3QB/5ehnxALtlk6xQUd1tcAYO
> kbsTjJpGbJZw/KD8nqi5
> =o0bj
> -----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users