Snort mailing list archives
Re: Problem with Snort 2.0.4 and Snort Rules
From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 19 Nov 2003 12:09:24 -0500
At 09:10 PM 11/18/2003, Nigel Houghton wrote:
Use the stable rules with 2.0.4, or just the rules that come with 2.0.4, : but the "current" rules are never guaranteed to work with anything but : the "current" version of snort, which is a development snapshot not a : numbered release. Please look at: http://www.snort.org/source.html "Right now, CURRENT is stable. Please use CURRENT."
Ahh, but if you look at http://www.snort.org/dl/rules/You'll see that the mis-statement has been corrected... STABLE is for 2.0.x, CURRENT is for 2.1.x.. CURRENT isn't STABLE anymore..
I hope everyone involved takes this as constructive criticism from an honest supporter of snort, but one of these days Snort should strongly consider having a consistent naming convention for files on their website, set it down fairly firm and make both web and devel sides agree to it. I've been using snort for many years now, and this kind of constant naming/compatibility inconsistency as to what rules work with what versions of snort is nothing new.
It's also long since been very true that the snort.org website notes about the state of packages severely lags changes on the development side. A lot of this is just a matter of the fact that the snort team seems to be a bunch of very busy people. This is why having a consistent convention is helpful not just to users, but the snort team as well. If current and stable keep changing meaning on the devel side every 6 months, the website will likely not always reflect the current status. However, if branches retain their meaning, then nobody has to keep updating the website and hunting through all the text to find all the now outdated and incorrect references.
I understand the need to make a development branch that may or may not work with the latest numbered release, but the constant flip-flop between what release names of what files end users should be using as a stable release needs to stop. It's a bad trend for snort, it confuses users, and it makes unnecessary work for your own website maintainers.
As far as I can tell the only guarantee that has held true over the past several years is that CURRENT rules will always work with CURRENT code. Sometimes CURRENT works with STABLE and the latest numbered release, but that's not always true.
Certainly making statements like "CURRENT is now STABLE" is a bad idea in general. I believe at the time it was done to facilitate 2.0.x and 1.9.x existing in parallel, but a better idea would have been to create something like STABLE-19.
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problem with Snort 2.0.4 and Snort Rules Mark Ewert (Nov 18)
- Message not available
- Re: Problem with Snort 2.0.4 and Snort Rules Matt Kettler (Nov 18)
- Message not available
- <Possible follow-ups>
- RE: Problem with Snort 2.0.4 and Snort Rules Mark Ewert (Nov 18)
- Re: Problem with Snort 2.0.4 and Snort Rules Nigel Houghton (Nov 18)
- Message not available
- Re: Problem with Snort 2.0.4 and Snort Rules Matt Kettler (Nov 19)
- Message not available