Home page logo

snort logo Snort mailing list archives

Re: [Emerging-Sigs] Snort Now Available
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 3 Nov 2010 10:54:51 -0400

On Wed, Nov 3, 2010 at 10:38 AM, Mike Lococo <mikelococo () gmail com> wrote:

As to the support of 2.8.6, with the release of 2.9.0, 2.8.6.x
is no longer supported.  When there is a new "3 digit" release no
further patches are made to the previous version of Snort.

Apr 26, 2010 - Snort released.
Jul 23, 2010 - Snort released.
Oct 04, 2010 - Snort 2.9.0 released, 2.8.6.* is EOL?!?

Every three of four months I'll just plan on recompiling Snort.  This is
insanely small support window between the supported versions and VRT
permutations of support.

I've had this discussion with SF staff recently, on snort-users I think.
 It's a really poor lifecycle policy, IMO, and also doesn't actually
match the written policy at http://www.snort.org/vrt/rules/eol_policy,
which defines the supported prior version as:

     "The *MAJOR* release previous to the current production
     release with the highest minor and patch releases".

"Major" releases are defined earlier in the document and the 2.8 to 2.9
change is used to illustrate a "major" version bump.  2.9 to 2.9.1 would
be a "minor" release as defined in that document.  According to my
reading, 2.9.1 and are the supported releases, and I have no
idea how one can parse it otherwise but I've been told by SF staff that
I am incorrect.

This is for *rules*, remember.  Current version, and one back is the
standard.  We'll take a look at the life cycle, wording, and policy on the
website to see if any modifications need to be made to clarify anything.

We can't bring the 2.9.0 or improvements back to 2.8.x.  2.9.0 was a
big rewrite of the stream model (and many other things) and bringing back
the code to 2.8 would, as I said, be a monumental undertaking.  That's why
2.9 was released.

I can only imagine that SF is trying to push enterprise customers who
care about lifecycle to appliances by promoting what is known to be an
unworkable lifecycle policy.

No.  That's not correct. was released, as there were bugs in 2.9.0
that we were able to resolve.  Thusly the patch minor version.  We try to
keep the system up to date to deal with the current threats and enhance
functionality, all the while giving our open-source community a free

I understand if the lifecycle of upgrading the systems is hard (some of you
guys forget that I used to be in your shoes before I came to Sourcefire
full-time), and we'll take a look at the policies and online content.

We do some new functionality coming to our website today that hopefully, you
guys will find helpful.  Stay tuned for that annoucement once it goes live.


Joel Esler

Achieve Improved Network Security with IP and DNS Reputation.
Defend against bad network traffic, including botnets, malware, 
phishing sites, and compromised hosts - saving your company time, 
money, and embarrassment.   Learn More! 
Snort-devel mailing list
Snort-devel () lists sourceforge net

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]