[Emerging-Sigs] GPL SID Change (was The New Rulesets are Ready!!)
jesler at sourcefire.com
Thu Oct 14 10:39:35 EDT 2010
Matt and I are talking offline about the best way to handle it as well. I
want to get my ducks in a row over here before we announce anything.
On Thu, Oct 14, 2010 at 10:31 AM, Mike Lococo <mikelococo at gmail.com> wrote:
> >>> On Oct 13, 2010, at 8:37 AM, Weir, Jason wrote:
> >>>> If I use the open-nongpl + vrt free rulesets then I wont get the
> >>>> GPL rules from you guys..
> >>>> ...
> >>>> What's your reason behind not changing the SIDs?
> >> On 10/13/2010 10:31 AM, Matthew Jonkman wrote:
> >>> Good points, but we're hoping VRT will follow any changes we make in
> >>> the VRT stuff. And so far they have, that's in everyone's interest.
> >>> My best recommendation, use the ET Pro rules. :)
> >> Is there any *benefit* to not changing the sid's, though? There are a
> >> lot of potential customers who are currently running VRT, and many of us
> >> are going to want to test the rulesets in parallel while we consider a
> >> switch to ET Pro.
> On 10/14/2010 04:38 AM, Matthew Jonkman wrote:
> > Appreciate your thoughts Mike. We could set up an etpro-nogpl, but
> > running those in parallel will be complete duplication, plus what pro
> etpro-nogpl would be better than nothing, although it's still not as
> flexible as simply fixing the sids since it continues to be difficult to
> do any parallel testing of the GPL rules themselves or to pick and
> choose between them.
> I think the bigger issue here is the apparent willingness to introduce
> incompatibilities between the rulesets. While I know your stated intent
> is to eclipse the VRT with a better product, and I wish you the best
> fortunes in that venture, it's long been the practice at ET not to
> sid-conflict with another major rules-project. That shouldn't change
> with etpro, it's the Right Thing (tm) and it puts end-users in the
> drivers-seat with regard to rule-selection. Already Jason, Kevin,
> Waldo, myself (and Joel, if he counts) have participated in discussion
> about workarounds for this issue... and while they're not
> rocket-science, they're not obvious even to experienced snorters like us
> and the rule-processing tools need updates to gracefully handle the
> I would feel much better with a commitment not to sid-conflict with
> another major rules project (VRT or otherwise).
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Emerging-sigs