[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Updating Snort Signatures In Stable ?



On Sat, Dec 07, 2002 at 01:51:11PM +0100, Javier Fern?ndez-Sanguino Pe?a wrote:
> > IIRC "important new versions of existing packages" are allowed into
> > point releases, so maybe Woody's main Snort engine binary packages can
> > be updated when 3.0r1 happens.
> 
> 	That won't happen sorry. That's just not the way Debian works,
> 3.0r1 will have no new code, just important bug (and security) fixes.

Well, a case could be made for the presense of an old, unmaintained,
unusable snort being a security bug.

> 	The problem is that if the snort people change the engine _and_
> the rulebase then Debian can never support new rules for old (stable)
> releases (which could be asked for point releases). 

Obviously this is a problem that will face other distributors, as well
as Debian.  Our policy WRT stable revisions, though, may be unique.
Situations such as this do expose weaknesses in our policy, and warrant
further thought.  I don't believe we should leave our users in the state
that they're in with the woody version of snort being the only
"supported" version available.

noah

-- 
 _______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: pgpmzG0M8oe0l.pgp
Description: PGP signature


Reply to: