[Snort-users] Re: [Snort-devel] Re: RFC: Forking Snort

Martin Roesch roesch at ...1935...
Tue Jul 2 19:04:05 EDT 2002

On 7/2/02 7:06 PM, "tlewis at ...468..." <tlewis at ...468...> wrote:

> On Tue, 2 Jul 2002, Andrew R. Baker wrote:
>> Snort is developed as part of a team effort, the team is led by
>> Marty.  Running the Snort project by committee can only serve to bring
>> the speed at which the system is developed to a near crawl.
> Bring it to a near crawl?  I added packet acquisition to snort coming
> on two years ago.  Don't even get me started on the silicon defense
> ACBM stuff.  When was IPv6 support first added by a contributor?
> How late is the initiation of snort v2?

Having code accepted for inclusion in the base Snort distro is a privilege,
not a right, you aren't entitled to seeing your code go into Snort just
because you ship it over.

Your packet acquisition code was a big change that I wasn't ready to make,
you didn't like it so you eventually started your own project.  You even had
commit access for a while to Snort CVS, you could have lobbied for a branch
and updated the code then but you didn't bother, you just walked away and
now snipe from the sidelines.  You didn't work within the established
framework of Snort development (i.e. Lobby for your major changes with the
rest of the snort developers, publicly post code on snort-devel, cajole me
into looking at it seriously if I'm busy with other things) and your code
ended up on the floor.  The lambasting of Snort's design and implementation
and management from the sidelines that you send over from time to time leads
me to believe that my instinct not to have you be a major contributor to
Snort was completely correct, thanks for the continued reaffirmation of that

ACBM was a prototype and was not ready for primetime.  We have something
better under development.  I know you liked it but I didn't, sorry if my
development goals aren't in line with your own but they never have been.

IPv6 has never been added by any contributor, the stub has been in there
since Snort was first released...

Snort v2 has been subsumed by Snort 1.9's development, things are going to
be a bit more incremental instead of a clean break, but that'll make
development go faster anyway.

> Competing one-armed retarded bureaucrats exchanging braile memos via
> wingless carrier pigeons during pigeon season could run the project
> faster than this.

Is it Monday morning?  I think we have a new quarterback for our team....

Please, go back and work on Hank and be happy, stop this worthless sniping.
Snort's been moving forward in ways that you never have had any input on
(stateful analysis, better preprocessors, more analysis capability, better
performance) and has been doing it at a rapid pace, just because your pet
features haven't made it in is more of a reflection of your own inability to
work within the framework of a team or peers than anything else.

If you have anything worthwhile to contribute and can do so in a manner
that's constructive instead of this constant negativity we see from you I'll
welcome it.


Martin Roesch - Founder/CTO Sourcefire Inc. - (410) 290-1616
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org

