[Emerging-Sigs] Fwd: [Snort-sigs] EOL for Snort and Snort rules reminder

waldo kitty wkitty42 at windstream.net
Mon Oct 4 20:39:28 EDT 2010

On 10/4/2010 19:57, evilghost at packetmail.net wrote:
> Hash: SHA1
>> Support for Snort rules will cease on October 22nd.
>> With the release of Snort 2.9, support for Snort rules will end
>> 90 days from today, that is Jan 2nd 2011.
> Perhaps I'm the only one but I feel like I'm in a perpetual state of
> forced-upgrading and instability.

i/we see that in my/our environment, as well... but only to a point... our main 
distribution does choose that which they will release in the overall package and 
support but, as far as rules snapshots go, yes... there is a crunch felt and 
either the main distribution has to put out a new overall release or someone has 
to come up with an out-of-band snort update which is viewed as a "mod" for this 
environment... especially with the rules snapshots and the updates offered for 

> Dec 30, 2009 - Snort released, Snort 2.8.6 BETA released
> Feb 18, 2010 - Snort released.
> Apr 26, 2010 - Snort released.
> Jul 28, 2010 - Snort released; Snort 2.9 BETA released.
> Oct 04, 2010 - Snort released.
> Oct 22, 2010 - Snort EOL.
> Jan 02, 2011 - Snort EOL.
> I assume includes  Either way, those are some *harsh*
> timelines especially for a product that is often adopted in the enterprise.

not from what i've observed... EOL support will come later, IIUC...

> Snort "VRT" TTL:
> ~ 7 months
> ~ 6 months
> If indeed is now EOL then TTL is only ~3 months?!  Either way,
> by the time I get done planning, testing, deploying, and verifying a
> release and stabilizing my environment for bugs introduced in the
> release it's time to be strong-armed again into upgrading.

i don't know what VRT views as a "major release"... their numbering is 
counter-intuitive to a point :( if was one major release and is 
another, then ok... but still :sigh:

> I guess when you've lost touch with your customer-base it's easy to
> edict such an insane support cycle.  I feel like I'm running Fedora
> GNU/Linux, and even they'd be ahead supporting their product for 13 months.
> Amazing folks... they just keep making it easier and easier to justify
> to look at alternative rulesets.

this has come up more than one in our environment and one of my mods does offer 
the option of the ET rules and/or the VRT rules... sadly, though, this mod has 
not yet made it into the mainstream yet :? :(

More information about the Emerging-sigs mailing list