[Snort-devel] rescinding draft rfc - an extensible rule system

Todd Lewis tlewis at ...255...
Mon Apr 2 01:13:05 EDT 2001


I would like to rescind my draft rfc entitled "An Extensible Rule System".

I got to thinking about not just how to manage rules but how to
evaluate real-world cases, and I realized that my original approach was
too simplistic.  I took the duty upon myself of spending Saturday and
Sunday afternoons in the sunshine, drinking beer, reading up on database
systems and watching the ladies for inspiration, and I think that I
have a pretty good take on redesigning the core rule system for 2.0.
I've just completed my outline for the proposal, and I hope to finish
and submit it tomorrow (Monday).  (I am hoping to attend the Braves'
home season opener on Tuesday and definitely intend to have it finished
by then.  God, how I do love retirement.  8^)

If you're just getting back from vacation and are reading your mail
in reverse, like all veterans do, then I suggest that you ignore my
thoughts on this matter from earlier; my new proposal includes all of
the good stuff.

I don't want to waste any more of everyone else's time, and so I am
going to try to get this proposal into good shape before submitting
it and asking everyone to review it.  (I had a document drafted last
night that I'm glad that I didn't send, as I was able myself to work
through the questions I posed.)  That said, input from fellow developers
is almost always helpful in drafting these sorts of things, and this
proposal is going to be big enough that I may have trouble keeping the
whole thing coherent.  Therefore, if anyone would like to volunteer to
read an advance copy or two and give me their feedback, then I would be
very appreciative of the help and would of course credit you accordingly
in the final document.

--
Todd Lewis
tlewis at ...255...





More information about the Snort-devel mailing list