Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody?

[Joel Esler <jesler () sourcefire com>]

I'm not saying we don't want an improved rule if the changes improve the
rule.  I'm saying that the changes have not been submitted back to us.

J

On Mon, Mar 21, 2011 at 11:43 AM, evilghost () packetmail net <
evilghost () packetmail net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 03/21/11 10:26, Martin Roesch wrote:
> > Am I missing a case here?
>
> Yeah, this is an obtuse approach.  There are two ET rule packs, Open and
> Open-NoGPL.  They are just that, users of VRT who get the GPL rules would
> use
> Open-NoGPL.  ET-only folks would use Open, which would include the GPL
> rules.
>
> I don't understand the point behind re-SID and duplication, patching, etc.
>  If
> the changes made to a "ET" GPL rule make sense, why wouldn't VRT want to
> consider it for inclusion/update?  Vice versa.
>
> There's no point to fork when adjustments are made to enhance detection,
> improve
> performance, or reduce false positives.  Why wouldn't VRT want an improved
> rule?
>
> Do you really suggest we ask dual-subscribers (VRT, and ET) to run two sets
> of
> the same rule, one stagnated and legacy, the other an updated re-SID of the
> same
> rule?
>
> - --
> It has been said that "hate" is a powerful emotion, perhaps that's why I'm
> so
> strong.
>
> - -evilghost
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQIcBAEBAgAGBQJNh3INAAoJENgimYXu6xOHCSgQAIlOmfVumbIkK7QjtZy8pc03
> 7Es3/PMGHxSGxtWEQQNjmyVT+GLUtigawHow665UjHWLTTq5c4GRgZRx0aP6qFTL
> 36m62vMu/7s0/btPtFXgfxBF0jTkV5GEpu2ogqRA5jR6k9AqzxubY2VehZUb7wCx
> APE8vw3GkC2XQ2qjii5yZC7dQU9KmbdjnrUL1uURFW5o8Xn7toXlT/DzClUod08g
> A3a6d/Ot+nzF3BlaZIPYc+tO/a03PFAD37jrBVR6tRpMFHiT3DLEpuZ873lBDvxp
> 2w3+kHbYdUYew7aCkcJBuVROLStQdcrpxxxbAqZIdzDVOptLKdRGS8aYkBwh5NAu
> Em2WxiUVgqo2lspynXL//M2jigJtPhMoJXnLDRB7WkVuWRsftAmqWMd3251yVyy7
> mr7p4JTJmxRXLDCoSeDc4HlKW79sD7qXoC9Kqd/fHm6T1KtcRHXFQmC1j1RW2ewt
> /6AcLpLoUjnLNfu4zktAtV4+4W6xa7VwKeUazwZZY6gQ0FjeiHSVHQdp4xWsQhUR
> cwqLIKiSdU7nZZB2lkHtDIwub6Hiyh7ulvY3qv8W4Y47PRM0bbjcpVctt8TK9rYH
> uzMiChlHBgTjLvSo42I1MXEmpnf4P1AqBRVlkWkn0qIKXViIBg1Q6eKLW1DpbRgO
> Ah28muAgarxxxO8fSN88
> =SEjV
> -----END PGP SIGNATURE-----


-- 
Joel Esler | http://blog.snort.org | http://vrt-blog.snort.org |
http://blog.clamav.net

------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users