In response to several issues raised...
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=191105
Not having updated signatures is not an issue that should keep snort out
of stable as administrators may write their own signatures for snort.
Perhaps however a wishlist bug asking for a comment (to be put in the
description) about signature updating and snort's value without updated
signatures should be filed...
I would even go so far to say that perhaps this is more than a wishlist
issue, but as it's likely not RC then this false sense of security should
be documented before snort gets frozen in sarge.
The security updates can usually be backported when applicable.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=183719 and bug 189267
say:
DSA 297 closes these bugs. It may be worth noting that potato was not
affected.
What other security issues are there? I made that statement given
information from another party, was I incorrect? I'll look up my
correspondence and even do some testing if you believe that I was wrong.
The ssh precedent of updating non-rc issues in stable was due to no other
clear way to resolve the rc issues and political pressure. As Colin Watson
said, this is also not a good example as there were many bugs caused by
this upgrade.
Imho it's ok to close non-rc bugs on stable (main Debian developers do).
My rational is that we only fix RC bugs on stable.
I like your automated message to some of the bugs, it could probably be
done to most of the bugs. I looked through some of the bugs and saw that:
95153 may not even be applicable to snort in stable but should be RC.
133049 seems to indicate to me that this old snort should probably be
removed from a few archs.
158040 doesn't have your automated message. It means that snort is
unusable. This is likely the problem that was mentioned to you about your
backport. Merge 165555, 176223 with it (also no automated message)? Is
this an upgrade problem?
161659 talks about how a new config file doesn't get generated on even a
fresh install. Perhaps this is the issue in 158040 et al?
165107 suggests that the config file/rule file problem is in sid sarge and
woody? Tagging this correctly may help the testing script...
135603 is an upgrade problem... rules are incompatible. Is this a stable
to stable upgrade?
173331 seems to be related to 158040 (missing config), but talks about how
the cron script fails, patch included.
170580 looks like a problem with the debconf script. A simple, obvious
workaround is mentioned. This sounds like an upgrade problem.
165135 is a policy violation, which versions are affected? Reported well
after woody was released... A quick check of the source code could reveal
the answer.
I don't know if you should close the upgrade bugs as I've heard the
argument "users should only be using stable releases of packages" and I
don't know about snort in potato (is it there? does it upgrade
correctly?).
I'm getting a bit frustrated going through these myself. It seems that
there's a lot of duplication, and (without testing) it looks like many of
these bugs are still in sid.
If you would like help going through these bugs, tagging them correctly,
merging them, closing some, etc. I'd be happy to look even closer.
Drew Daniels