Re: rules update

[Martin Roesch <roesch () sourcefire com>]

> This is true, so my complexity argument against automatic cron job updates
> of rule files is invalid.
>
> Still it is not likely a good idea to automatically update from a cron job
> for the other reasons (purposeful or accidental check-in dysfunctional
> rules, etc).

True, I don't recommend auto-updating ever, but that's my personal
preference (I have a number of reasons for it, of course). :)

> And with CVS there is the further issue that the current CVS snort rules
> may only work with the current CVS code, so if you update one, you should
> consider updating both.

Right.  I will say that I don't think we're going to be making any
changes to the rule spec for a bit though.

> Perhaps I'm off-base, but it does strike me as a bad idea to automatically
> pull rules updates from CVS. Although I do agree with the idea of using cvs
> update to pull out the latest rules manually with minimal headaches.

Yup.  Auto-incorporation is a bad idea, but you can certainly see what's
going on, what's changed and have an active method of getting updates
without hosing your configuration.


     -Marty


> Anyone have any more insightful comments on that issue than I can provide?
>
> At 09:29 PM 11/19/2001, Martin Roesch wrote:
> > Since the snort-current rules stuff is just built out of CVS, you could
> > always to a 'cvs update' and not have to worry about custom local
> > configuration getting whacked...
> >
> >      -Marty

--
Martin Roesch
roesch () sourcefire com
http://www.sourcefire.com - http://www.snort.org



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users