[Emerging-Sigs] Fwd: [Snort-sigs] EOL for Snort 126.96.36.199 and Snort 188.8.131.52 rules reminder
jesler at sourcefire.com
Mon Oct 4 20:50:22 EDT 2010
On Mon, Oct 4, 2010 at 7:57 PM, evilghost at packetmail.net <
evilghost at packetmail.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> > Support for Snort 184.108.40.206 rules will cease on October 22nd.
> > With the release of Snort 2.9, support for Snort 220.127.116.11 rules will end
> > 90 days from today, that is Jan 2nd 2011.
> Perhaps I'm the only one but I feel like I'm in a perpetual state of
> forced-upgrading and instability.
I understand your concern. It's been policy for awhile now, that we
maintain current version and one back. Current version being 2.9.0 and one
back being 18.104.22.168.
> Dec 30, 2009 - Snort 22.214.171.124 released, Snort 2.8.6 BETA released
> Feb 18, 2010 - Snort 126.96.36.199 released.
> Apr 26, 2010 - Snort 188.8.131.52 released.
> Jul 28, 2010 - Snort 184.108.40.206 released; Snort 2.9 BETA released.
> Oct 04, 2010 - Snort 220.127.116.11 released.
> Oct 22, 2010 - Snort 18.104.22.168 EOL.
> Jan 02, 2011 - Snort 22.214.171.124 EOL.
> I assume 126.96.36.199 includes 188.8.131.52? Either way, those are some *harsh*
> timelines especially for a product that is often adopted in the enterprise.
> No. 184.108.40.206 does not include 220.127.116.11. Just as 18.104.22.168 did not end of life
22.214.171.124. All we did was EOL 126.96.36.199, towards the end of the month, which is
now three versions back, and 188.8.131.52, which is EOL next year, is two
versions back. We are building in a lot of user requested features and so
we release new versions. It's apparently a catch 22. If we don't put out
new stuff that's innovative and useful and we don't update the product, we
get criticized. Then when we do, we get criticized. I guess you can't
> Snort "VRT" TTL:
> 184.108.40.206 ~ 7 months
> 220.127.116.11 ~ 6 months
> If indeed 18.104.22.168 is now EOL then TTL is only ~3 months?! Either way,
> by the time I get done planning, testing, deploying, and verifying a
> release and stabilizing my environment for bugs introduced in the
> release it's time to be strong-armed again into upgrading.
Maintaining software can be a big task. Maybe we can make some upgrade
how-to guides to help people move from one version to another, explaining
the upgrade process and new features so that it doesn't take you 8 months to
I guess when you've lost touch with your customer-base it's easy to
> edict such an insane support cycle. I feel like I'm running Fedora
> GNU/Linux, and even they'd be ahead supporting their product for 13 months.
> Amazing folks... they just keep making it easier and easier to justify
> to look at alternative rulesets.
As Brvenik said. We encourage the fact that there are alternative rulesets.
It's a difficult thing to manage and we are getting better and better at
it, with more rules in the cycle, that only servers to make the IDS
community stronger, make research better, and cultivate ideas. Hopefully
soon we can disclose some of the ideas and things we've been working on in
the background in order to give Snort users a better experience. Now I
know, evilghost, you'll yell at me for "dangling the carrot", but these
things take time, and I don't want do talk about things prematurely for,
again, another catch 22. I don't want to announce something that may never
come to product, as we'll get yelled at for that as well.
Anyone that has concerns is always free to email us, or even email me, and
I'll do my best to make sure we satisfy the requirements as best we can.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Emerging-sigs