[Snort-users] Problem with Snort 2.0.4 and Snort Rules
mkettler at ...4108...
Wed Nov 19 09:09:09 EST 2003
At 09:10 PM 11/18/2003, Nigel Houghton wrote:
> Use the stable rules with 2.0.4, or just the rules that come with 2.0.4,
>: but the "current" rules are never guaranteed to work with anything but
>: the "current" version of snort, which is a development snapshot not a
>: numbered release.
>Please look at:
>"Right now, CURRENT is stable. Please use CURRENT."
Ahh, but if you look at
You'll see that the mis-statement has been corrected... STABLE is for
2.0.x, CURRENT is for 2.1.x.. CURRENT isn't STABLE anymore..
I hope everyone involved takes this as constructive criticism from an
honest supporter of snort, but one of these days Snort should strongly
consider having a consistent naming convention for files on their website,
set it down fairly firm and make both web and devel sides agree to it. I've
been using snort for many years now, and this kind of constant
naming/compatibility inconsistency as to what rules work with what versions
of snort is nothing new.
It's also long since been very true that the snort.org website notes about
the state of packages severely lags changes on the development side. A lot
of this is just a matter of the fact that the snort team seems to be a
bunch of very busy people. This is why having a consistent convention is
helpful not just to users, but the snort team as well. If current and
stable keep changing meaning on the devel side every 6 months, the website
will likely not always reflect the current status. However, if branches
retain their meaning, then nobody has to keep updating the website and
hunting through all the text to find all the now outdated and incorrect
I understand the need to make a development branch that may or may not work
with the latest numbered release, but the constant flip-flop between what
release names of what files end users should be using as a stable release
needs to stop. It's a bad trend for snort, it confuses users, and it makes
unnecessary work for your own website maintainers.
As far as I can tell the only guarantee that has held true over the past
several years is that CURRENT rules will always work with CURRENT code.
Sometimes CURRENT works with STABLE and the latest numbered release, but
that's not always true.
Certainly making statements like "CURRENT is now STABLE" is a bad idea in
general. I believe at the time it was done to facilitate 2.0.x and 1.9.x
existing in parallel, but a better idea would have been to create something
More information about the Snort-users