[Emerging-Sigs] Fwd: [Snort-sigs] EOL for Snort 184.108.40.206 and Snort 220.127.116.11 rules reminder
wkitty42 at windstream.net
Mon Oct 4 20:39:28 EDT 2010
On 10/4/2010 19:57, evilghost at packetmail.net wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>> Support for Snort 18.104.22.168 rules will cease on October 22nd.
>> With the release of Snort 2.9, support for Snort 22.214.171.124 rules will end
>> 90 days from today, that is Jan 2nd 2011.
> Perhaps I'm the only one but I feel like I'm in a perpetual state of
> forced-upgrading and instability.
i/we see that in my/our environment, as well... but only to a point... our main
distribution does choose that which they will release in the overall package and
support but, as far as rules snapshots go, yes... there is a crunch felt and
either the main distribution has to put out a new overall release or someone has
to come up with an out-of-band snort update which is viewed as a "mod" for this
environment... especially with the rules snapshots and the updates offered for
> Dec 30, 2009 - Snort 126.96.36.199 released, Snort 2.8.6 BETA released
> Feb 18, 2010 - Snort 188.8.131.52 released.
> Apr 26, 2010 - Snort 184.108.40.206 released.
> Jul 28, 2010 - Snort 220.127.116.11 released; Snort 2.9 BETA released.
> Oct 04, 2010 - Snort 18.104.22.168 released.
> Oct 22, 2010 - Snort 22.214.171.124 EOL.
> Jan 02, 2011 - Snort 126.96.36.199 EOL.
> I assume 188.8.131.52 includes 184.108.40.206? Either way, those are some *harsh*
> timelines especially for a product that is often adopted in the enterprise.
not from what i've observed... 220.127.116.11 EOL support will come later, IIUC...
> Snort "VRT" TTL:
> 18.104.22.168 ~ 7 months
> 22.214.171.124 ~ 6 months
> If indeed 126.96.36.199 is now EOL then TTL is only ~3 months?! Either way,
> by the time I get done planning, testing, deploying, and verifying a
> release and stabilizing my environment for bugs introduced in the
> release it's time to be strong-armed again into upgrading.
i don't know what VRT views as a "major release"... their numbering is
counter-intuitive to a point :( if 188.8.131.52 was one major release and 184.108.40.206 is
another, then ok... but still :sigh:
> I guess when you've lost touch with your customer-base it's easy to
> edict such an insane support cycle. I feel like I'm running Fedora
> GNU/Linux, and even they'd be ahead supporting their product for 13 months.
> Amazing folks... they just keep making it easier and easier to justify
> to look at alternative rulesets.
this has come up more than one in our environment and one of my mods does offer
the option of the ET rules and/or the VRT rules... sadly, though, this mod has
not yet made it into the mainstream yet :? :(
More information about the Emerging-sigs