Snort mailing list archives
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody?
From: Matthew Jonkman <jonkman () emergingthreatspro com>
Date: Mon, 21 Mar 2011 15:53:06 -0400
On Mar 21, 2011, at 10:43 AM, Joel Esler wrote:
I haven't diff'ed your version of the gpl rules to ours, I'll try and make time to do that today if I can -- and I haven't diffed our gpl rules from 2005 to now (3464 and below), but I suspect they haven't changed much maybe some references and what not, but I'd like to see what else.
We started with the 2005 pre-VRT versions, so we'll have significant differences I imagine.
I have a couple ideas that I have discussed with Sourcefire internally, and I'm not going to talk about those until they come out. I don't want to say "here's my idea" and then have someone print it out and staple it to a wall. (evilghost -- ;). I'd like the maintainers of the ET GPL rules to please send me any changes that you have made to the rules that we could incorporate, as that has not been done yet, and it should be.
They're downloadable at http://rules.emergingthreats.net/ We have many versions, and suricata as well. Pick which you'd like to diff from. Thanks Joel!
I'd like the maintainers of the ET GPL rules, if you insist on keeping the GPL rules, please fork them, re-sid them, and add a reference back to the original SID. Please do not duplicate the SIDS that are already assigned. That's the major point of this whole thread. To avoid this whole thread from occurring again.
We're not duplicating though, we're just modifying. But what seems to be the core issue is that we will have versions and platforms that are not supported by SF, so why would we send the changes to those (suricata, or snort 2.8.6 for example) to SF for inclusion there? We need to maintain our own versions, and I don't expect we'll have a lot of overlap. I'm still anti re-sid'ing. We lose a lot of history there and reference. But if the sentiment of the community goes there we can make that happen. But I think we have other issues to solve then, like deduplication for folks that still combine the et open rules with vrt. It'd be a week or more of work to re-sid and update, so we'd probably not have a contiguous range of sids.
If we are going to coexist, (ET and VRT) then this is the way it must be. We are a community. We are acting like one, we will have our fights and our disagreements, that's fine. But let's make them constructive.
We definitely want to coexist. I think we've made great concessions there in making our rules fit with VRT for folks that want to use them.
On a personal note, I've tried to reach out heavily to you Matt both on list and privately to try and unify the communities, you go your way with PRO sigs and we go our way with PRO sigs. But meet in the middle somewhere. I've received zero push back from Sourcefire on this, and I've received nothing but "I don't believe you", "It hasn't worked before", etc from your side.
I realize I may be pessimistic, but it's been nearly 10 years of that now. I don't feel like we've gotten many of the things you and I and the community have wanted to do approved or off the ground. So I'm quite pessimistic I'm sure. But not against things moving along if they might....
I do feel a bit insulted that you'd insult me or Jason's integrity or "community spirit" (as that's my job), and even more insulted that anyone would insult the VRT. They are a very hardworking group of individuals, and no one understands what goes on in that group if you aren't inside. On purpose. Are we going to open that kimono a bit? I hope so.
No insult intended, and apologies if it was taken that way. My comments earlier were based on what we see. And since we can see very little there is a lot of assumption in there. More openness would go a long way.
I'm not asking for an apology, this is my job. To have these discussions and come up with a solution that is best for the community. I have a couple ideas that may or may not work, and that's fine either way. If they don't work, then we'll keep going the way we have been going. If they do work, then we'll have a closer community. But please don't say that I have no community spirit or aren't working to unify it.
I don't think I said that, and wouldn't. You've been the best hope we;ve had for a very long time to make collaboration work!!
Would I like to have a healthy working relationship between ET, the VRT, and the community? Yes. I do not presume to speak for VRT, but I am sure a healthy community is also in their interests as well. Do I think we have a dysfunctional marriage right now? Yes. Do I think we can fix it? Yes.
I hope we can as well. Matt ---------------------------------------------------- Matthew Jonkman Emergingthreats.net Emerging Threats Pro Open Information Security Foundation (OISF) Phone 765-807-8630 x110 Fax 312-264-0205 http://www.emergingthreatspro.com http://www.openinfosecfoundation.org ---------------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc
------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody?, (continued)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Wallace (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Weir, Jason (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jeff Kell (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 22)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Wallace (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Brvenik (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? waldo kitty (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? NA (Mar 22)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Mike Lococo (Mar 23)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 22)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)