Re: Snort: Mass Bug Closing

[Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>]

"Noah L. Meyerhans" <noahm@debian.org> writes:

> On Sun, Aug 24, 2003 at 08:59:06AM -0600, Jamin W. Collins wrote:
> > > Before you object to this rather 'rude' bughandling, please keep in
> > > mind that version 1.8.4 of snort, which is in stable, has 3 severe
> > > security exploits, 
> > 
> > So, why hasn't a security update been released for it?
> 
> Largely this is because snort should simply be removed from stable
> completely, as it is not useful, even if the security exploits are
> fixed.
> 
> Snort depends on a set of rules to detect potentially malicious traffic.
> Obviously this set of rules needs to be updates on a regular basis in
> order to keep up with new security issues.
...
> 
> In the case of tools like snort, I strongly believe that we either need
> to remove it from stable or permit new upstream versions to be released
> for stable with point releases.

Why don't you add an option to load newer rulesets and/or update
information to snort. Once a day/week/month snort you probe some url
for a signed ruleset or news file and report to the user about any
updates.

That way you can have the binary in stable and still provide changes
on a more regular basis.

Of cause you should first get up to a still suported version,but you
could put that in the news file.

MfG
        Goswin