[Snort-sigs] Recent [unilateral, unannounced] Rule Changes

JP Vossen jp at ...1432...
Thu Jul 1 01:53:12 EDT 2010


> Date: Wed, 30 Jun 2010 18:43:50 -0400
> Subject: [Snort-sigs] Recent Rule Changes
>
> As many of you know, we changed the way that we allow for downloads from Snort.org.

Yes, we know.  Now.

Apologies if I missed the 3-5 change notifications that any first-year 
sysadmin would know enough to start sending *weeks* in advance of a 
change like this, but checking the ML archives I don't see them either.

You guys REALLY, REALLY need to stop unilaterally pulling the rug out 
from under your paying users, with no notice whatsoever!

That's two show-stoppers in two months, and one change introduced last 
time you broke it is now gone this time you broke it ("There is no need 
for the _s anymore") [1].

2010-06-28: broke how rules are downloaded [2]
2010-04-26: broke how rules are downloaded [3]


I suggest you resurrect the "Announce" ML (dead since mid-2007), 
subscribe the other lists to it, feed it from the VRT Blog (maybe, 
debatable), and make *any* change that impacts your customers in *any* 
way without several notices going to that list a serious disciplinary 
offense.

Don't get me wrong, I love snort.  I even get that this latest change is 
going to be a big scalable help.  What I don't get is why you guys think 
it's OK to break one of the the fundamental things you have people 
paying for without any advance notice.

Would you put up from that from your vendor?
JP

PS--Not picking on Joel either, since he's on the sharp end, I doubt it 
was his idea to do it this way.  But the next time the IT guys say, "hey 
send out this announcement after the fact," you have to push them back. 
  No, you can't change fundamental, customer-facing facilities with zero 
warning.
___________________________
[1] http://marc.info/?l=snort-sigs&m=127782132231177&w=2
[2] http://marc.info/?l=snort-sigs&m=127775719011156&w=2
[3] 
http://vrt-sourcefire.blogspot.com/2010/04/rule-release-for-today-april-26th-2010.html
----------------------------|:::======|-------------------------------
JP Vossen, CISSP            |:::======|      http://bashcookbook.com/
My Account, My Opinions     |=========|      http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.




More information about the Snort-sigs mailing list