[Emerging-Sigs] Fwd: [Snort-sigs] EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder

evilghost@packetmail.net evilghost at packetmail.net
Mon Oct 4 21:03:52 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In-line replies.

On 10/04/2010 07:50 PM, Joel Esler wrote:
> On Mon, Oct 4, 2010 at 7:57 PM, evilghost at packetmail.net
> <mailto:evilghost at packetmail.net> <evilghost at packetmail.net
> <mailto:evilghost at packetmail.net>> wrote:
> 
>     -----BEGIN PGP SIGNED MESSAGE-----
>     Hash: SHA1
> 
>     > Support for Snort 2.8.5.3 rules will cease on October 22nd.
>     >
>     > With the release of Snort 2.9, support for Snort 2.8.6.0 rules
>     will end
>     > 90 days from today, that is Jan 2nd 2011.
> 
>     Perhaps I'm the only one but I feel like I'm in a perpetual state of
>     forced-upgrading and instability.
> 
> 
> I understand your concern.  It's been policy for awhile now, that we
> maintain current version and one back.  Current version being 2.9.0 and
> one back being 2.8.6.1.

When you're short-stroking releases this policy doesn't make sense.
You're hosing your customer base.

>  
> 
> 
>     Dec 30, 2009 - Snort 2.8.5.2 released, Snort 2.8.6 BETA released
>     Feb 18, 2010 - Snort 2.8.5.3 released.
>     Apr 26, 2010 - Snort 2.8.6.0 released.
>     Jul 28, 2010 - Snort 2.8.6.1 released; Snort 2.9 BETA released.
>     Oct 04, 2010 - Snort 2.9.0.0 released.
>     Oct 22, 2010 - Snort 2.8.5.3 EOL.
>     Jan 02, 2011 - Snort 2.8.6.0 EOL.
> 
>     I assume 2.8.6.0 includes 2.8.6.1?  Either way, those are some *harsh*
>     timelines especially for a product that is often adopted in the
>     enterprise.
> 
> No.  2.8.6.0 does not include 2.8.6.1.  Just as 2.8.5.0 did not end of
> life 2.8.5.3.  All we did was EOL 2.8.5.3, towards the end of the month,
> which is now three versions back, and 2.8.6.0, which is EOL next year,
> is two versions back.  We are building in a lot of user requested
> features and so we release new versions.  It's apparently a catch 22.
>  If we don't put out new stuff that's innovative and useful and we don't
> update the product, we get criticized.  Then when we do, we get
> criticized.  I guess you can't please everyone.

Whew!  Well at least I'll be able to hang on to 2.8.6.1 for a few more
months until you roll a minor release for 2.9 and EOL 2.8.6.1, thanks
for the clarification.

Got an ETA on Snort 3?

> 
>  
> 
>     Snort "VRT" TTL:
>     2.8.5.3 ~ 7 months
> 
> Actually ~8.
>  
> 
>     2.8.6.0 ~ 6 months
> 
> Actually ~9.

I never was good at calendaring, hopefully the ~ means +- 1 month :)

> 
>  
> 
>     If indeed 2.8.6.1 is now EOL then TTL is only ~3 months?!  Either way,
>     by the time I get done planning, testing, deploying, and verifying a
>     release and stabilizing my environment for bugs introduced in the
>     release it's time to be strong-armed again into upgrading.
> 
> 
> Maintaining software can be a big task.  Maybe we can make some upgrade
> how-to guides to help people move from one version to another,
> explaining the upgrade process and new features so that it doesn't take
> you 8 months to do so.

I thought you guys were maintaining rule releases?  This applies to the
VRT rules correct, not the Snort source-tree?  Or am I missing something
here?

I'm really curious to see how EOLing 2.8.6.0 and supporting 2.8.6.1
makes sense;
http://www.snort.org/news/2010/07/28/snort-2-8-6-1-and-snort-2-9-beta-released/

Don't really see any changes here that would affect the VRT release or
rule structure.  Looks like bug fixes.

> 
>     I guess when you've lost touch with your customer-base it's easy to
>     edict such an insane support cycle.  I feel like I'm running Fedora
>     GNU/Linux, and even they'd be ahead supporting their product for 13
>     months.
> 
>     Amazing folks... they just keep making it easier and easier to justify
>     to look at alternative rulesets.
> 
> 
> As Brvenik said.  We encourage the fact that there are alternative
> rulesets.  It's a difficult thing to manage and we are getting better
> and better at it, with more rules in the cycle, that only servers to
> make the IDS community stronger, make research better, and cultivate
> ideas.  Hopefully soon we can disclose some of the ideas and things
> we've been working on in the background in order to give Snort users a
> better experience.  Now I know, evilghost, you'll yell at me for
> "dangling the carrot", but these things take time, and I don't want do
> talk about things prematurely for, again, another catch 22.  I don't
> want to announce something that may never come to product, as we'll get
> yelled at for that as well.

I've expanded my office to accommodate the wall....

> Anyone that has concerns is always free to email us, or even email me,
> and I'll do my best to make sure we satisfy the requirements as best we can.

I appreciate your responses and time but you need to take a step back
and look at the enterprise and a SoC; there's a reason why RHEL and
CentOS are such successful GNU/Linux distributions and it's not that
they're cutting-edge.

Anyone who doesn't understand an enterprises moves slowly, especially
larger enterprises, hasn't worked in a corporate environment for some time.

> Joel

- -evilghost
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJMqnl4AAoJENgimYXu6xOHvjEP/38Kw7R506IYaMWkELR3EINj
RV82mF1fXeFbqip+ptzVu+A5RjNXwjPSkn2+HPcUiUKbdj3msXj61xLVEEK2akFr
fOl6lkDFHu7UX24ZwKIUntzg9AtH4H5hRM4ZTP6/3j+dUsBqtUrP8wynj1moyxIt
C8wWaam7ZoYMLOCCN0s0f/OeXFtCpBeyVRNEY94vw47qHmsWk/jwbkvLLfyiW5uT
4M4r8lAitDaLtujW8lorAg73+j5CY/XfGlcBZbEBjp5iGDwQsCrTvWHS4NHTGLge
AGETJ/24ZQwpPWISGNC8qSykvouoFj8TBzos0ey7heUSVURArnaG3EK950elGNRB
sJxInwPe8RPUvSMvQHMRF1GgZAhRL8blb7WodoKFWBWQ+j+RoryRzZMH4bcdyKF9
JVY4atP1jUvcZu8xgNZlkrFhRkI0Uu6znuO37Evfua527yi+R3JF20RDCfIG6BPi
X+9xDgAq9YI3rimsyiyM3Mqzs+hxTX5Bfj1blj6gklJOOE0XLquJm9ff3LRiKGD3
DSGdkkg4KqpM/S43o9LUdtZl+wn2vjOHTTxvz+UQIGRL44hiajXeal4uj7gPcGfe
n1jgmZj9A0oSfLukMEPjDMNdd9H1gBf+R7d786Gzv2r5ffAaOdpoVe/opckMmav5
GWWgj1zTwt0VwZVsdnJ2
=cbhR
-----END PGP SIGNATURE-----


More information about the Emerging-sigs mailing list