[Snort-users] EOL for Snort 188.8.131.52 and Snort 184.108.40.206 rules reminder
wkitty42 at ...14940...
Mon Oct 4 22:12:52 EDT 2010
On 10/4/2010 21:17, Nigel Houghton wrote:
> On Mon, 04 Oct 2010 18:07:14 -0400, Mike Lococo wrote:
>> While the emphasis on the word "major" is mine, the document is specific
>> about what that means. Based on that language, I would expect that
>> 2.8.final would be supported until 3.0 or 2.10 are released. Of course,
>> the February "current" examples aren't actually consistent with the
>> statement, listing a "previous" version instead of a "prior" version,
>> which is one *minor* revision behind, instead of one major revision behind.
>> I see the policy was updated in Feb, but don't know what it looked like
>> prior. Are these recent changes, policies which weren't enforced until
>> recently, or long-standing policies that I've simply never noticed?
>> Mike Lococo
>>  http://www.snort.org/vrt/rules/eol_policy
> Which says:
> "Prior Version: The major release previous to the current production
> release with the highest minor and patch releases"
> We provide rule sets for the current version and prior version of Snort.
the problem is the use of the term "major"...
220.127.116.11 -> 18.104.22.168 is a "sub-minor" release...
22.214.171.124 -> 126.96.36.199 is a "minor" release...
2.8.6.* -> 2.9.0.* is a "minor" release...
2.*.*.* -> 3.*.*.* is a "major" release...
> So, as of now, the current production release is 2.9.0 and the prior
> version would be 188.8.131.52.
> We are giving the 90 day notice as a courtesy, should be plenty of time
> to upgrade installations. As I seem to have to keep saying, keeping
> your security software up to date is a really good idea.
the courtesy is greatly appreciated... no matter how badly/madly it causes your
users to scramble to try to accommodate the update... the sad part is that some
cannot update when things like this happen... they are forced to update when the
product they use updates... if that product's update cycle is 6 months or even 1
year, then they loose out... especially when the rules updates are no longer
available and their working IDS/IPS solution falls flat on its face and leaves
them holding an open and unprotected internet pipeline (worst case) or at least
they no longer have access to current updates rules sets (best case) :?
More information about the Snort-users