[Emerging-Sigs] Fwd: [Snort-sigs] EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder

Joel Esler jesler at sourcefire.com
Mon Oct 4 20:50:22 EDT 2010


On Mon, Oct 4, 2010 at 7:57 PM, evilghost at packetmail.net <
evilghost at packetmail.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > Support for Snort 2.8.5.3 rules will cease on October 22nd.
> >
> > With the release of Snort 2.9, support for Snort 2.8.6.0 rules will end
> > 90 days from today, that is Jan 2nd 2011.
>
> Perhaps I'm the only one but I feel like I'm in a perpetual state of
> forced-upgrading and instability.
>

I understand your concern.  It's been policy for awhile now, that we
maintain current version and one back.  Current version being 2.9.0 and one
back being 2.8.6.1.


>
> Dec 30, 2009 - Snort 2.8.5.2 released, Snort 2.8.6 BETA released
> Feb 18, 2010 - Snort 2.8.5.3 released.
> Apr 26, 2010 - Snort 2.8.6.0 released.
> Jul 28, 2010 - Snort 2.8.6.1 released; Snort 2.9 BETA released.
> Oct 04, 2010 - Snort 2.9.0.0 released.
> Oct 22, 2010 - Snort 2.8.5.3 EOL.
> Jan 02, 2011 - Snort 2.8.6.0 EOL.
>
> I assume 2.8.6.0 includes 2.8.6.1?  Either way, those are some *harsh*
> timelines especially for a product that is often adopted in the enterprise.
>
> No.  2.8.6.0 does not include 2.8.6.1.  Just as 2.8.5.0 did not end of life
2.8.5.3.  All we did was EOL 2.8.5.3, towards the end of the month, which is
now three versions back, and 2.8.6.0, which is EOL next year, is two
versions back.  We are building in a lot of user requested features and so
we release new versions.  It's apparently a catch 22.  If we don't put out
new stuff that's innovative and useful and we don't update the product, we
get criticized.  Then when we do, we get criticized.  I guess you can't
please everyone.



> Snort "VRT" TTL:
> 2.8.5.3 ~ 7 months
>
Actually ~8.


> 2.8.6.0 ~ 6 months
>
Actually ~9.



> If indeed 2.8.6.1 is now EOL then TTL is only ~3 months?!  Either way,
> by the time I get done planning, testing, deploying, and verifying a
> release and stabilizing my environment for bugs introduced in the
> release it's time to be strong-armed again into upgrading.
>

Maintaining software can be a big task.  Maybe we can make some upgrade
how-to guides to help people move from one version to another, explaining
the upgrade process and new features so that it doesn't take you 8 months to
do so.

I guess when you've lost touch with your customer-base it's easy to
> edict such an insane support cycle.  I feel like I'm running Fedora
> GNU/Linux, and even they'd be ahead supporting their product for 13 months.
>
> Amazing folks... they just keep making it easier and easier to justify
> to look at alternative rulesets.


As Brvenik said.  We encourage the fact that there are alternative rulesets.
 It's a difficult thing to manage and we are getting better and better at
it, with more rules in the cycle, that only servers to make the IDS
community stronger, make research better, and cultivate ideas.  Hopefully
soon we can disclose some of the ideas and things we've been working on in
the background in order to give Snort users a better experience.  Now I
know, evilghost, you'll yell at me for "dangling the carrot", but these
things take time, and I don't want do talk about things prematurely for,
again, another catch 22.  I don't want to announce something that may never
come to product, as we'll get yelled at for that as well.

Anyone that has concerns is always free to email us, or even email me, and
I'll do my best to make sure we satisfy the requirements as best we can.

Joel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20101004/0152b0b9/attachment.html


More information about the Emerging-sigs mailing list