Re: [Emerging-Sigs] Snort 2.9.0.1 Now Available

[Joel Esler <jesler () sourcefire com>]

On Wed, Nov 3, 2010 at 10:38 AM, Mike Lococo <mikelococo () gmail com> wrote:

> > > > As to the support of 2.8.6, with the release of 2.9.0, 2.8.6.x
> > > > is no longer supported.  When there is a new "3 digit" release no
> > > > further patches are made to the previous version of Snort.
> >
> > Apr 26, 2010 - Snort 2.8.6.0 released.
> > Jul 23, 2010 - Snort 2.8.6.1 released.
> > Oct 04, 2010 - Snort 2.9.0 released, 2.8.6.* is EOL?!?
> >
> > Every three of four months I'll just plan on recompiling Snort.  This is
> an
> > insanely small support window between the supported versions and VRT
> > permutations of support.
>
> I've had this discussion with SF staff recently, on snort-users I think.
>  It's a really poor lifecycle policy, IMO, and also doesn't actually
> match the written policy at http://www.snort.org/vrt/rules/eol_policy,
> which defines the supported prior version as:
>
>      "The *MAJOR* release previous to the current production
>      release with the highest minor and patch releases".
>
> "Major" releases are defined earlier in the document and the 2.8 to 2.9
> change is used to illustrate a "major" version bump.  2.9 to 2.9.1 would
> be a "minor" release as defined in that document.  According to my
> reading, 2.9.1 and 2.8.6.1 are the supported releases, and I have no
> idea how one can parse it otherwise but I've been told by SF staff that
> I am incorrect.

This is for *rules*, remember.  Current version, and one back is the
standard.  We'll take a look at the life cycle, wording, and policy on the
website to see if any modifications need to be made to clarify anything.

We can't bring the 2.9.0 or 2.9.0.1 improvements back to 2.8.x.  2.9.0 was a
big rewrite of the stream model (and many other things) and bringing back
the code to 2.8 would, as I said, be a monumental undertaking.  That's why
2.9 was released.


> I can only imagine that SF is trying to push enterprise customers who
> care about lifecycle to appliances by promoting what is known to be an
> unworkable lifecycle policy.


No.  That's not correct.  2.9.0.1 was released, as there were bugs in 2.9.0
that we were able to resolve.  Thusly the patch minor version.  We try to
keep the system up to date to deal with the current threats and enhance
functionality, all the while giving our open-source community a free
product.

I understand if the lifecycle of upgrading the systems is hard (some of you
guys forget that I used to be in your shoes before I came to Sourcefire
full-time), and we'll take a look at the policies and online content.

We do some new functionality coming to our website today that hopefully, you
guys will find helpful.  Stay tuned for that annoucement once it goes live.

J


> --
> Joel Esler

302-223-5974

------------------------------------------------------------------------------
Achieve Improved Network Security with IP and DNS Reputation.
Defend against bad network traffic, including botnets, malware, 
phishing sites, and compromised hosts - saving your company time, 
money, and embarrassment.   Learn More! 
http://p.sf.net/sfu/hpdev2dev-nov

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel