[Emerging-Sigs] Fwd: [Snort-sigs] EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder

waldo kitty wkitty42 at windstream.net
Mon Oct 4 20:39:28 EDT 2010


On 10/4/2010 19:57, evilghost at packetmail.net wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>> Support for Snort 2.8.5.3 rules will cease on October 22nd.
>>
>> With the release of Snort 2.9, support for Snort 2.8.6.0 rules will end
>> 90 days from today, that is Jan 2nd 2011.
>
> Perhaps I'm the only one but I feel like I'm in a perpetual state of
> forced-upgrading and instability.

i/we see that in my/our environment, as well... but only to a point... our main 
distribution does choose that which they will release in the overall package and 
support but, as far as rules snapshots go, yes... there is a crunch felt and 
either the main distribution has to put out a new overall release or someone has 
to come up with an out-of-band snort update which is viewed as a "mod" for this 
environment... especially with the rules snapshots and the updates offered for 
them...

> Dec 30, 2009 - Snort 2.8.5.2 released, Snort 2.8.6 BETA released
> Feb 18, 2010 - Snort 2.8.5.3 released.
> Apr 26, 2010 - Snort 2.8.6.0 released.
> Jul 28, 2010 - Snort 2.8.6.1 released; Snort 2.9 BETA released.
> Oct 04, 2010 - Snort 2.9.0.0 released.
> Oct 22, 2010 - Snort 2.8.5.3 EOL.
> Jan 02, 2011 - Snort 2.8.6.0 EOL.
>
> I assume 2.8.6.0 includes 2.8.6.1?  Either way, those are some *harsh*
> timelines especially for a product that is often adopted in the enterprise.

not from what i've observed... 2.8.6.1 EOL support will come later, IIUC...

> Snort "VRT" TTL:
> 2.8.5.3 ~ 7 months
> 2.8.6.0 ~ 6 months
>
> If indeed 2.8.6.1 is now EOL then TTL is only ~3 months?!  Either way,
> by the time I get done planning, testing, deploying, and verifying a
> release and stabilizing my environment for bugs introduced in the
> release it's time to be strong-armed again into upgrading.

i don't know what VRT views as a "major release"... their numbering is 
counter-intuitive to a point :( if 2.8.6.0 was one major release and 2.8.6.1 is 
another, then ok... but still :sigh:

> I guess when you've lost touch with your customer-base it's easy to
> edict such an insane support cycle.  I feel like I'm running Fedora
> GNU/Linux, and even they'd be ahead supporting their product for 13 months.
>
> Amazing folks... they just keep making it easier and easier to justify
> to look at alternative rulesets.

this has come up more than one in our environment and one of my mods does offer 
the option of the ET rules and/or the VRT rules... sadly, though, this mod has 
not yet made it into the mainstream yet :? :(


More information about the Emerging-sigs mailing list