Snort mailing list archives
Re: [Emerging-Sigs] GPL rules - who maintainsthem?Nobody?
From: Nigel Houghton <nhoughton () sourcefire com>
Date: Mon, 21 Mar 2011 11:25:53 -0400
On Mon, 21 Mar 2011 10:33:37 -0400, Weir, Jason wrote:
-----Original Message----- From: evilghost () packetmail net [mailto:evilghost () packetmail net] Sent: Monday, March 21, 2011 10:29 AM To: Matthew Jonkman Cc: Weir, Jason; emerging-sigs () emergingthreats net; snort-users () lists sourceforge net Subject: Re: [Emerging-Sigs] [Snort-users] GPL rules - who maintainsthem?Nobody?On 03/21/11 09:24, Matthew Jonkman wrote:Any other ideas?I do not like the idea of re-SIDing. It doesn't make sense, promotes unnecessary duplication, and can result in performance degradation and disparity between the GPL rules. In the spirit of the GPL, if you make changes, you submit said changes upstream. If we make improvements we should submit them to VRT, and vice versa. Their inclusion is up to VRT/ET respectively. I do not vote we re-SID. I do vote we preserve SID and communicate upstream/downstream on changes. A rational person would evaluate the changes, engage in mutual discussion, and agree on modifications. Re-SIDing is stupid.evilghost - I agree that re-SIDing is stupid... But the rest of your suggestions require VRT and ET cooperate and have a healthy back in forth relationship. It seems clear that will never happen.. -J
For what it's worth, we do not re-use SIDs. So, even though we don't ship the porn.rules anymore, we aren't re-using those SIDs so copying them off and giving them new SIDs is a fruitless exercise. There is nothing to be gained from doing so. Those rules were originally written as an example of what you could do if that was traffic you were interested in (Marty wrote them, so I guess he was interested in that traffic at some point for some reason). They aren't comprehensive by any means and there are probably thousands of rules you could write to find traffic of that nature. -- Nigel Houghton Head Mentalist SF VRT Department of Intelligence Excellence http://vrt-blog.snort.org/ && http://labs.snort.org/ ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody?, (continued)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matt Olney (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Randal T. Rioux (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Weir, Jason (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Matthew Jonkman (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintainsthem?Nobody? evilghost () packetmail net (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintainsthem?Nobody? Weir, Jason (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintainsthem?Nobody? Jacob Kitchel (Mar 21)
- Re: [Emerging-Sigs] GPL rules - whomaintainsthem?Nobody? evilghost () packetmail net (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintainsthem?Nobody? Martin Holste (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintainsthem?Nobody? Nigel Houghton (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Victor Julien (Mar 21)
- Message not available
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 19)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Brvenik (Mar 19)
- Message not available
- Message not available
- Message not available
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? evilghost () packetmail net (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Martin Roesch (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? evilghost () packetmail net (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? waldo kitty (Mar 21)