"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes: > On Sun, Aug 24, 2003 at 08:59:06AM -0600, Jamin W. Collins wrote: > > > Before you object to this rather 'rude' bughandling, please keep in > > > mind that version 1.8.4 of snort, which is in stable, has 3 severe > > > security exploits, > > > > So, why hasn't a security update been released for it? > > Largely this is because snort should simply be removed from stable > completely, as it is not useful, even if the security exploits are > fixed. > > Snort depends on a set of rules to detect potentially malicious traffic. > Obviously this set of rules needs to be updates on a regular basis in > order to keep up with new security issues. ... > > In the case of tools like snort, I strongly believe that we either need > to remove it from stable or permit new upstream versions to be released > for stable with point releases.
Why don't you add an option to load newer rulesets and/or update information to snort. Once a day/week/month snort you probe some url for a signed ruleset or news file and report to the user about any updates. That way you can have the binary in stable and still provide changes on a more regular basis. Of cause you should first get up to a still suported version,but you could put that in the news file. MfG Goswin