[Emerging-Sigs] Fwd: [Snort-sigs] EOL for Snort 126.96.36.199 and Snort 188.8.131.52 rules reminder
evilghost at packetmail.net
Mon Oct 4 21:03:52 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
On 10/04/2010 07:50 PM, Joel Esler wrote:
> On Mon, Oct 4, 2010 at 7:57 PM, evilghost at packetmail.net
> <mailto:evilghost at packetmail.net> <evilghost at packetmail.net
> <mailto:evilghost at packetmail.net>> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> > Support for Snort 184.108.40.206 rules will cease on October 22nd.
> > With the release of Snort 2.9, support for Snort 220.127.116.11 rules
> will end
> > 90 days from today, that is Jan 2nd 2011.
> Perhaps I'm the only one but I feel like I'm in a perpetual state of
> forced-upgrading and instability.
> I understand your concern. It's been policy for awhile now, that we
> maintain current version and one back. Current version being 2.9.0 and
> one back being 18.104.22.168.
When you're short-stroking releases this policy doesn't make sense.
You're hosing your customer base.
> Dec 30, 2009 - Snort 22.214.171.124 released, Snort 2.8.6 BETA released
> Feb 18, 2010 - Snort 126.96.36.199 released.
> Apr 26, 2010 - Snort 188.8.131.52 released.
> Jul 28, 2010 - Snort 184.108.40.206 released; Snort 2.9 BETA released.
> Oct 04, 2010 - Snort 220.127.116.11 released.
> Oct 22, 2010 - Snort 18.104.22.168 EOL.
> Jan 02, 2011 - Snort 22.214.171.124 EOL.
> I assume 126.96.36.199 includes 188.8.131.52? Either way, those are some *harsh*
> timelines especially for a product that is often adopted in the
> No. 184.108.40.206 does not include 220.127.116.11. Just as 18.104.22.168 did not end of
> life 22.214.171.124. All we did was EOL 126.96.36.199, towards the end of the month,
> which is now three versions back, and 188.8.131.52, which is EOL next year,
> is two versions back. We are building in a lot of user requested
> features and so we release new versions. It's apparently a catch 22.
> If we don't put out new stuff that's innovative and useful and we don't
> update the product, we get criticized. Then when we do, we get
> criticized. I guess you can't please everyone.
Whew! Well at least I'll be able to hang on to 184.108.40.206 for a few more
months until you roll a minor release for 2.9 and EOL 220.127.116.11, thanks
for the clarification.
Got an ETA on Snort 3?
> Snort "VRT" TTL:
> 18.104.22.168 ~ 7 months
> Actually ~8.
> 22.214.171.124 ~ 6 months
> Actually ~9.
I never was good at calendaring, hopefully the ~ means +- 1 month :)
> If indeed 126.96.36.199 is now EOL then TTL is only ~3 months?! Either way,
> by the time I get done planning, testing, deploying, and verifying a
> release and stabilizing my environment for bugs introduced in the
> release it's time to be strong-armed again into upgrading.
> Maintaining software can be a big task. Maybe we can make some upgrade
> how-to guides to help people move from one version to another,
> explaining the upgrade process and new features so that it doesn't take
> you 8 months to do so.
I thought you guys were maintaining rule releases? This applies to the
VRT rules correct, not the Snort source-tree? Or am I missing something
I'm really curious to see how EOLing 188.8.131.52 and supporting 184.108.40.206
Don't really see any changes here that would affect the VRT release or
rule structure. Looks like bug fixes.
> I guess when you've lost touch with your customer-base it's easy to
> edict such an insane support cycle. I feel like I'm running Fedora
> GNU/Linux, and even they'd be ahead supporting their product for 13
> Amazing folks... they just keep making it easier and easier to justify
> to look at alternative rulesets.
> As Brvenik said. We encourage the fact that there are alternative
> rulesets. It's a difficult thing to manage and we are getting better
> and better at it, with more rules in the cycle, that only servers to
> make the IDS community stronger, make research better, and cultivate
> ideas. Hopefully soon we can disclose some of the ideas and things
> we've been working on in the background in order to give Snort users a
> better experience. Now I know, evilghost, you'll yell at me for
> "dangling the carrot", but these things take time, and I don't want do
> talk about things prematurely for, again, another catch 22. I don't
> want to announce something that may never come to product, as we'll get
> yelled at for that as well.
I've expanded my office to accommodate the wall....
> Anyone that has concerns is always free to email us, or even email me,
> and I'll do my best to make sure we satisfy the requirements as best we can.
I appreciate your responses and time but you need to take a step back
and look at the enterprise and a SoC; there's a reason why RHEL and
CentOS are such successful GNU/Linux distributions and it's not that
Anyone who doesn't understand an enterprises moves slowly, especially
larger enterprises, hasn't worked in a corporate environment for some time.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Emerging-sigs