On Fri, Dec 06, 2002 at 04:18:52AM +0000, Nick Boyce wrote: > I've been running Snort for a month or so now on a Woody box at work, > and am now wondering whether the Debian Project (or packager) has a > Plan for providing signature file updates to users of the stable > distribution. This has been discussed before. The thing is, I think that if you're serious about using snort, you should not even consider using the one in Debian. snort.org doesn't even distribute up-to-date rules files for the version in stable. So if you want to have a useful ruleset, you either need to figure out how to write it for the version in stable, or you need to get a new version from snort.org. Either way, you're working "outside" the Debian system. There have been proposals for the creation of a dynamic section of the Debian distribution to contain data that frequently changes. However, in the case of snort, where the new data may well not work with the old software, this doesn't help. Really, I don't think snort should be packaged in Debian at all. It's one of those things that needs to be current in order to be useful, and we just can't provide that. Providing an ineffective version is doing a disservice to our users, since it provides them with incorrect data (e.g. by telling them that there are no known vulnerabilities on the machines they scan). noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
Attachment:
pgpJrd7RTeika.pgp
Description: PGP signature