Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody?

From: "Weir, Jason" <jason.weir () nhrs org>
Date: Mon, 21 Mar 2011 11:55:45 -0400
But in the case of this rule #1313 - VRT no longer distributes it..
They retired it - but ET still has at least 6 versions of it.

Say I'm a VRT subscriber, so I get their GPL rules - I also wanna run
the ET rules so I get their Open-NoGPL rules..  I don't get #1313 - what
else don't I get?

See the problem here - ET is already maintaining those rules and by
porting them to Suricata they have already forked them..

You can't push a Suricata only modification back up the chain to VRT.

The rule sets need to stand on their own...  And that means different
sid ranges across the board...

-J


-----Original Message-----
From: emerging-sigs-bounces () emergingthreats net 
[mailto:emerging-sigs-bounces () emergingthreats net] On Behalf 
Of evilghost () packetmail net
Sent: Monday, March 21, 2011 11:43 AM
To: Martin Roesch
Cc: emerging-sigs () emergingthreats net; 
snort-users () lists sourceforge net; Matthew Jonkman
Subject: Re: [Emerging-Sigs] [Snort-users] GPL rules - who 
maintains them?Nobody?

On 03/21/11 10:26, Martin Roesch wrote:

Am I missing a case here?


Yeah, this is an obtuse approach.  There are two ET rule 
packs, Open and
Open-NoGPL.  They are just that, users of VRT who get the GPL 
rules would use
Open-NoGPL.  ET-only folks would use Open, which would 
include the GPL rules.

I don't understand the point behind re-SID and duplication, 
patching, etc.  If
the changes made to a "ET" GPL rule make sense, why wouldn't 
VRT want to
consider it for inclusion/update?  Vice versa.

There's no point to fork when adjustments are made to enhance 
detection, improve
performance, or reduce false positives.  Why wouldn't VRT 
want an improved rule?

Do you really suggest we ask dual-subscribers (VRT, and ET) 
to run two sets of
the same rule, one stagnated and legacy, the other an updated 
re-SID of the same
rule?

- -evilghost



_____________________________________________________________________________________________

Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.
------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: