Snort mailing list archives
Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody?
From: "Weir, Jason" <jason.weir () nhrs org>
Date: Mon, 21 Mar 2011 11:55:45 -0400
But in the case of this rule #1313 - VRT no longer distributes it.. They retired it - but ET still has at least 6 versions of it. Say I'm a VRT subscriber, so I get their GPL rules - I also wanna run the ET rules so I get their Open-NoGPL rules.. I don't get #1313 - what else don't I get? See the problem here - ET is already maintaining those rules and by porting them to Suricata they have already forked them.. You can't push a Suricata only modification back up the chain to VRT. The rule sets need to stand on their own... And that means different sid ranges across the board... -J
-----Original Message----- From: emerging-sigs-bounces () emergingthreats net [mailto:emerging-sigs-bounces () emergingthreats net] On Behalf Of evilghost () packetmail net Sent: Monday, March 21, 2011 11:43 AM To: Martin Roesch Cc: emerging-sigs () emergingthreats net; snort-users () lists sourceforge net; Matthew Jonkman Subject: Re: [Emerging-Sigs] [Snort-users] GPL rules - who maintains them?Nobody? On 03/21/11 10:26, Martin Roesch wrote:Am I missing a case here?Yeah, this is an obtuse approach. There are two ET rule packs, Open and Open-NoGPL. They are just that, users of VRT who get the GPL rules would use Open-NoGPL. ET-only folks would use Open, which would include the GPL rules. I don't understand the point behind re-SID and duplication, patching, etc. If the changes made to a "ET" GPL rule make sense, why wouldn't VRT want to consider it for inclusion/update? Vice versa. There's no point to fork when adjustments are made to enhance detection, improve performance, or reduce false positives. Why wouldn't VRT want an improved rule? Do you really suggest we ask dual-subscribers (VRT, and ET) to run two sets of the same rule, one stagnated and legacy, the other an updated re-SID of the same rule? - -evilghost
_____________________________________________________________________________________________ Please visit www.nhrs.org to subscribe to NHRS email announcements and updates. ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody?, (continued)
- Message not available
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 19)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Brvenik (Mar 19)
- Message not available
- Message not available
- Message not available
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? evilghost () packetmail net (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Martin Roesch (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? evilghost () packetmail net (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? waldo kitty (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Weir, Jason (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Martin Holste (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Nigel Houghton (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Nigel Houghton (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Nigel Houghton (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? waldo kitty (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Nigel Houghton (Mar 21)