Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody?

From: "Weir, Jason" <jason.weir () nhrs org>
Date: Mon, 21 Mar 2011 15:52:11 -0400
I agree with Wally...

BTW is it big word day?  First we get aggrandizing and now desiccation -
I've had to google too many words today, although I think that last one
was over judicious use of the spell checker...

-J


-----Original Message-----
From: emerging-sigs-bounces () emergingthreats net 
[mailto:emerging-sigs-bounces () emergingthreats net] On Behalf 
Of Jason Wallace
Sent: Monday, March 21, 2011 3:47 PM
To: Matthew Jonkman
Cc: emerging-sigs () emergingthreats net; Snort-Users
Subject: Re: [Emerging-Sigs] [Snort-users] GPL rules - who 
maintains them?Nobody?


No, it makes it easier to combine them, in my opinion, because then we
could pick and chose between the ET distributed GPL rules and the VRT
distributed rules. That is not possible today, because they use the
same SID and most rule management tools are SID driven so you can't
enable/disable a SID without SID duplication. The no-gpl model
requires a user to either use VRT+ET-no-gpl, just the VRT, or just the
ET set. We can't chose to use one gpl rule from the VRT and another
gpl rule from ET, because the two can't exist at the same time.

Like Mike said, the whole idea of coverage duplication being an issue
is a completely invalid, because that is already a nightmare now.

There is no valid reason to not fork and re-SID. That act will finally
put and end to this problem and let US, the end user, make our own
desiccation about where we get rules from without being forced down
some predetermined path.

Thx,
Wally



_____________________________________________________________________________________________

Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.
------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: