[Snort-devel] Versioned rulesets and release schedule

Joel Esler (jesler) jesler at cisco.com
Tue Aug 21 12:55:03 EDT 2018


The way we handle this with other rule updaters is:

Check the md5 of the file to be downloaded first.  If the md5 is different from the md5 of the file you already have, then update the file.  This method seems to be very efficient.



On Aug 20, 2018, at 1:29 PM, mike <mike at flyn.org<mailto:mike at flyn.org>> wrote:

First, does the Snort team provide a versioned tarball of the
community rules available at:
https://www.snort.org/downloads/community/snort3-community-rules.tar.gz
?
The trouble with the unversioned tarball is that it seems to change
over time.

[...]

Versioned, as in... what?

Something like snort3-community-rules-X.Y.Z.tar.gz. The point I am trying to make from a distribution packager point of view is that the URL should always point to the same object with the same hash. Changing the object referenced by the URL and thus invalidating the hash unpredictably causes a build failure in a packaging system which works like OpenWrt's.

To put it another way, an update to snort3-community-rules-X.Y.Z.tar.gz could exist as snort3-community-rules-X.Y.(Z+1).tar.gz. This would leave the URL pointing to snort3-community-rules-X.Y.Z.tar.gz intact. Thus an OpenWrt package would continue to build using X.Y.Z up to the point the packager updates the OpenWrt package to instead make use of X.Y.(Z+1).

--
Mike
:wq

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20180821/6128bee4/attachment.html>


More information about the Snort-devel mailing list