[Emerging-Sigs] GPL SID Change (was The New Rulesets are Ready!!)

Joel Esler jesler at sourcefire.com
Thu Oct 14 10:39:35 EDT 2010


Matt and I are talking offline about the best way to handle it as well.  I
want to get my ducks in a row over here before we announce anything.



On Thu, Oct 14, 2010 at 10:31 AM, Mike Lococo <mikelococo at gmail.com> wrote:

> >>> On Oct 13, 2010, at 8:37 AM, Weir, Jason wrote:
> >>>> If I use the open-nongpl + vrt free rulesets then I wont get the
> updated
> >>>> GPL rules from you guys..
> >>>> ...
> >>>> What's your reason behind not changing the SIDs?
> >>
> >> On 10/13/2010 10:31 AM, Matthew Jonkman wrote:
> >>> Good points, but we're hoping VRT will follow any changes we make in
> >>> the VRT stuff. And so far they have, that's in everyone's interest.
> >>>
> >>> My best recommendation, use the ET Pro rules. :)
> >>
> >> Is there any *benefit* to not changing the sid's, though?  There are a
> >> lot of potential customers who are currently running VRT, and many of us
> >> are going to want to test the rulesets in parallel while we consider a
> >> switch to ET Pro.
>
> On 10/14/2010 04:38 AM, Matthew Jonkman wrote:
> > Appreciate your thoughts Mike. We could set up an etpro-nogpl, but
> > running those in parallel will be complete duplication, plus what pro
> does.
>
> etpro-nogpl would be better than nothing, although it's still not as
> flexible as simply fixing the sids since it continues to be difficult to
> do any parallel testing of the GPL rules themselves or to pick and
> choose between them.
>
> I think the bigger issue here is the apparent willingness to introduce
> incompatibilities between the rulesets.  While I know your stated intent
> is to eclipse the VRT with a better product, and I wish you the best
> fortunes in that venture, it's long been the practice at ET not to
> sid-conflict with another major rules-project.  That shouldn't change
> with etpro, it's the Right Thing (tm) and it puts end-users in the
> drivers-seat with regard to rule-selection.  Already Jason, Kevin,
> Waldo, myself (and Joel, if he counts) have participated in discussion
> about workarounds for this issue... and while they're not
> rocket-science, they're not obvious even to experienced snorters like us
> and the rule-processing tools need updates to gracefully handle the
> situation.
>
> I would feel much better with a commitment not to sid-conflict with
> another major rules project (VRT or otherwise).
>
> Cheers,
> Mike
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and
> Lanyards
> http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20101014/6277c37c/attachment.html


More information about the Emerging-sigs mailing list