[Snort-sigs] bleeding -> snort rules?

Frank Knobbe frank at ...1978...
Sat Dec 3 10:39:02 EST 2005


On Sat, 2005-12-03 at 11:36 -0600, Rich Adamson wrote:
> Yes, the above makes sense. It kind of bothers me that a significant
> number of bleeding rules have been around for a while (and are very good),
> but the naming convention (and process) essentially implies they are all
> still bleeding-edge.

heh... maybe we should drop the B then ;)

> Based on previous postings relative to ossrc, the implication was that 
> production quality rules would be moved from bleeding into some snort sort
> of open-source rule set (eg, community).

Yeah, I think one of the goals is to create a central repository where
stable Community and stable Bleeding rules could be moved into and
maintained by the OSSRC admins or assigned rule custodians. A lot of
rules in the Community set could use improvements. I think finding a
group of people willing to donate time to improve these rules is the
current challenge. If no one volunteers to maintain/improve/tweak these,
the chances of finding people to staff an OSSRC repository seem rather
slim.

I hope I'm not appearing as overly critical when I say that it might be
the organizational structure of the OSSRC that may slow down the
development of the planned projects (like a central OSSRC rule
repository). These things just don't work well on a routine schedule
with meetings and all. It takes dedicated people to step forward and
pull the wagon fast and furious to gain momentum. Without these people,
volunteer organizations typically slow to a crawl and wither (I've been,
and still am, in several where I volunteer my time, so I see these
things unfold first-hand).

That's also the reason I have not been able to volunteer for the OSSRC
as the time I can afford for non-profits has reached the max (I know, I
know, I need to shoft more time towards Snortsam which has slowed down
again.... argh!.. it's a juggling act).

Anyway, what I'm saying is that people need to step forward and get
actively involved and make things happen. I wouldn't wait for meetings
to formalize things, I'd be rolling up my sleeves, pester OSSRC people
for passwords to the OSSRC system and be setting up the rule repository,
then coordinating import of rules. So if you, or anyone else, has time
to spare, please get actively involved in the OSSRC. It's at a critical
time right now where it needs to gain momentum. The service is for you
guys, but it also depends on you to function. It takes some effort to
get this thing started, but once running will provide you with valueable
services in return. 

It just takes people to step forward and start pulling the wagon.

Cheers,
Frank




-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20051203/e6fda5dd/attachment.sig>


More information about the Snort-sigs mailing list