[Snort-users] EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder

waldo kitty wkitty42 at ...14940...
Mon Oct 4 22:12:52 EDT 2010


On 10/4/2010 21:17, Nigel Houghton wrote:
> On Mon, 04 Oct 2010 18:07:14 -0400, Mike Lococo wrote:
>> While the emphasis on the word "major" is mine, the document is specific
>> about what that means.  Based on that language, I would expect that
>> 2.8.final would be supported until 3.0 or 2.10 are released.  Of course,
>> the February "current" examples aren't actually consistent with the
>> statement, listing a "previous" version instead of a "prior" version,
>> which is one *minor* revision behind, instead of one major revision behind.
>>
>> I see the policy was updated in Feb, but don't know what it looked like
>> prior.  Are these recent changes, policies which weren't enforced until
>> recently, or long-standing policies that I've simply never noticed?
>>
>> Regards,
>> Mike Lococo
>>
>> [1] http://www.snort.org/vrt/rules/eol_policy
>
> Which says:
>
> "Prior Version: The major release previous to the current production
> release with the highest minor and patch releases"
>
> We provide rule sets for the current version and prior version of Snort.

the problem is the use of the term "major"...

2.8.6.0 -> 2.8.6.1 is a "sub-minor" release...
2.8.5.3 -> 2.6.8.0 is a "minor" release...
2.8.6.* -> 2.9.0.* is a "minor" release...
2.*.*.* -> 3.*.*.* is a "major" release...

> So, as of now, the current production release is 2.9.0 and the prior
> version would be 2.8.6.1.
>
> We are giving the 90 day notice as a courtesy, should be plenty of time
> to upgrade installations. As I seem to have to keep saying, keeping
> your security software up to date is a really good idea.

the courtesy is greatly appreciated... no matter how badly/madly it causes your 
users to scramble to try to accommodate the update... the sad part is that some 
cannot update when things like this happen... they are forced to update when the 
product they use updates... if that product's update cycle is 6 months or even 1 
year, then they loose out... especially when the rules updates are no longer 
available and their working IDS/IPS solution falls flat on its face and leaves 
them holding an open and unprotected internet pipeline (worst case) or at least 
they no longer have access to current updates rules sets (best case) :?




More information about the Snort-users mailing list