[Emerging-Sigs] Fwd: [Snort-sigs] EOL for Snort and Snort rules reminder

Joel Esler jesler at sourcefire.com
Mon Oct 4 21:31:41 EDT 2010

On Mon, Oct 4, 2010 at 9:03 PM, evilghost at packetmail.net <
evilghost at packetmail.net> wrote:

> Hash: SHA1
> In-line replies.
> On 10/04/2010 07:50 PM, Joel Esler wrote:
> > On Mon, Oct 4, 2010 at 7:57 PM, evilghost at packetmail.net
> > <mailto:evilghost at packetmail.net> <evilghost at packetmail.net
> > <mailto:evilghost at packetmail.net>> wrote:
> >
> >     -----BEGIN PGP SIGNED MESSAGE-----
> >     Hash: SHA1
> >
> >     > Support for Snort rules will cease on October 22nd.
> >     >
> >     > With the release of Snort 2.9, support for Snort rules
> >     will end
> >     > 90 days from today, that is Jan 2nd 2011.
> >
> >     Perhaps I'm the only one but I feel like I'm in a perpetual state of
> >     forced-upgrading and instability.
> >
> >
> > I understand your concern.  It's been policy for awhile now, that we
> > maintain current version and one back.  Current version being 2.9.0 and
> > one back being
> When you're short-stroking releases this policy doesn't make sense.
> You're hosing your customer base.

I understand.

> Got an ETA on Snort 3?
Some of the innovations of Snort 3 have been brought to the Snort 2 codebase
already.   I will try and get some information out about the future
platforms as soon as I can.

> I thought you guys were maintaining rule releases?  This applies to the
> VRT rules correct, not the Snort source-tree?  Or am I missing something
> here?

I am not sure what you are talking about.  Can you explain?

> > Anyone that has concerns is always free to email us, or even email me,
> > and I'll do my best to make sure we satisfy the requirements as best we
> can.
> I appreciate your responses and time but you need to take a step back
> and look at the enterprise and a SoC; there's a reason why RHEL and
> CentOS are such successful GNU/Linux distributions and it's not that
> they're cutting-edge.
> Anyone who doesn't understand an enterprises moves slowly, especially
> larger enterprises, hasn't worked in a corporate environment for some time.
Yes, I understand.  Here's the thing.  We have two sides to the company.  We
have the commercial appliance side, and we have the Open-Source side.  Some
products cross into both sides, some don't.  Snort is one of the ones that
does.  There are advantages to having the commercial appliances, and there
are advantages to the Open-Source side.  One of the advantages of the
commercial appliances is that we pack all the rules, engine, and
preprocessors into a tidy update pack called an SEU, and all our users have
to do is click a couple buttons to install it.  The Open-Source side, well,
you have to compile it from scratch, check your dependancies, etc.  (I'm
always reminded of this joke:http://www.ubergeek.tv/article.php?pid=54)

But seriously, I totally understand the "enterprise".  I deal with them all
day, every day.  I travel all over installing and consulting with Sourcefire
stuff on the commercial side, and installing and consulting with Snort,
barnyard2, pulled-pork, BASE, etc. on the Open-Source side.  In my last job,
I helped run most of the Snort installations (>100 installs) and signature
development.  So I've dealt with it on the commercial side, I've contributed
back to the community (ET and Snort) and I've moved to Sourcefire and seen
it all from the corporate side of things as well.  Each has their
challenges.  I do my best to understand them, and do my best to help where I

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20101004/b1d66ca6/attachment.html

More information about the Emerging-sigs mailing list