[Emerging-Sigs] Fwd: [Snort-sigs] EOL for Snort and Snort rules reminder

evilghost@packetmail.net evilghost at packetmail.net
Mon Oct 4 21:03:52 EDT 2010

Hash: SHA1

In-line replies.

On 10/04/2010 07:50 PM, Joel Esler wrote:
> On Mon, Oct 4, 2010 at 7:57 PM, evilghost at packetmail.net
> <mailto:evilghost at packetmail.net> <evilghost at packetmail.net
> <mailto:evilghost at packetmail.net>> wrote:
>     Hash: SHA1
>     > Support for Snort rules will cease on October 22nd.
>     >
>     > With the release of Snort 2.9, support for Snort rules
>     will end
>     > 90 days from today, that is Jan 2nd 2011.
>     Perhaps I'm the only one but I feel like I'm in a perpetual state of
>     forced-upgrading and instability.
> I understand your concern.  It's been policy for awhile now, that we
> maintain current version and one back.  Current version being 2.9.0 and
> one back being

When you're short-stroking releases this policy doesn't make sense.
You're hosing your customer base.

>     Dec 30, 2009 - Snort released, Snort 2.8.6 BETA released
>     Feb 18, 2010 - Snort released.
>     Apr 26, 2010 - Snort released.
>     Jul 28, 2010 - Snort released; Snort 2.9 BETA released.
>     Oct 04, 2010 - Snort released.
>     Oct 22, 2010 - Snort EOL.
>     Jan 02, 2011 - Snort EOL.
>     I assume includes  Either way, those are some *harsh*
>     timelines especially for a product that is often adopted in the
>     enterprise.
> No. does not include  Just as did not end of
> life  All we did was EOL, towards the end of the month,
> which is now three versions back, and, which is EOL next year,
> is two versions back.  We are building in a lot of user requested
> features and so we release new versions.  It's apparently a catch 22.
>  If we don't put out new stuff that's innovative and useful and we don't
> update the product, we get criticized.  Then when we do, we get
> criticized.  I guess you can't please everyone.

Whew!  Well at least I'll be able to hang on to for a few more
months until you roll a minor release for 2.9 and EOL, thanks
for the clarification.

Got an ETA on Snort 3?

>     Snort "VRT" TTL:
> ~ 7 months
> Actually ~8.
> ~ 6 months
> Actually ~9.

I never was good at calendaring, hopefully the ~ means +- 1 month :)

>     If indeed is now EOL then TTL is only ~3 months?!  Either way,
>     by the time I get done planning, testing, deploying, and verifying a
>     release and stabilizing my environment for bugs introduced in the
>     release it's time to be strong-armed again into upgrading.
> Maintaining software can be a big task.  Maybe we can make some upgrade
> how-to guides to help people move from one version to another,
> explaining the upgrade process and new features so that it doesn't take
> you 8 months to do so.

I thought you guys were maintaining rule releases?  This applies to the
VRT rules correct, not the Snort source-tree?  Or am I missing something

I'm really curious to see how EOLing and supporting
makes sense;

Don't really see any changes here that would affect the VRT release or
rule structure.  Looks like bug fixes.

>     I guess when you've lost touch with your customer-base it's easy to
>     edict such an insane support cycle.  I feel like I'm running Fedora
>     GNU/Linux, and even they'd be ahead supporting their product for 13
>     months.
>     Amazing folks... they just keep making it easier and easier to justify
>     to look at alternative rulesets.
> As Brvenik said.  We encourage the fact that there are alternative
> rulesets.  It's a difficult thing to manage and we are getting better
> and better at it, with more rules in the cycle, that only servers to
> make the IDS community stronger, make research better, and cultivate
> ideas.  Hopefully soon we can disclose some of the ideas and things
> we've been working on in the background in order to give Snort users a
> better experience.  Now I know, evilghost, you'll yell at me for
> "dangling the carrot", but these things take time, and I don't want do
> talk about things prematurely for, again, another catch 22.  I don't
> want to announce something that may never come to product, as we'll get
> yelled at for that as well.

I've expanded my office to accommodate the wall....

> Anyone that has concerns is always free to email us, or even email me,
> and I'll do my best to make sure we satisfy the requirements as best we can.

I appreciate your responses and time but you need to take a step back
and look at the enterprise and a SoC; there's a reason why RHEL and
CentOS are such successful GNU/Linux distributions and it's not that
they're cutting-edge.

Anyone who doesn't understand an enterprises moves slowly, especially
larger enterprises, hasn't worked in a corporate environment for some time.

> Joel

- -evilghost
Version: GnuPG v1.4.10 (GNU/Linux)


More information about the Emerging-sigs mailing list