> < ... adjusting tin-foil hat and asbestos shorts ...> > > since i actually asked a simple question early on (~ "can we use > sa-update rather than RDJ to pull SARE rules ...") in the interminable > "SA vs RDJ" thread ;-) , and, afaict, it's still unanswered, > i'll "opine". > > a recent thread comment "from SARE" is the trigger here: > > "RDJ and SAupdate are really separate from SARE" > > while true & acknowledged, allow me to put my "average user > hat" on ... > > first, > > disclaimer: all this just my $0.01 (as a user, i'm > cheap) ... > > now, > > "this is stupid!" > > there. i said it! nyah! > > from a user's perspective, all this is confusing/confounding. as a > user, i want to see/use one mechanism for rules. > > currently, it all "smells" like a bunch o' (talented & well-meaning) > engineers discussing how NOT to do things, and WHETHER to do things. > and, a fair dosage of 'project pride' mixed in ... > > nothing generally bad. neither atypical nor unpredictable. simply, > wasted breath, imho. > > iiuc, SARE, & eventually RDJ, were created a while ago because, > historically , releasing new sa-project rules > > quite clearly, with the advent of SA-project released/blessed > sa-update, > it's not really necessary anymore. i.e., asynchronous rule & code > releases are provided for. > > as a user, might i suggest a "management mandate"? something to the > effect of: > > "This" will be doable-&-done within the SA-project. > This is the way we intend to do things. > This is how you do it. > This is how you migrate what you've done. > Full stop. > > perhaps add to the mandate a dedicated-to-the-topic & simply > documented > wiki page (or better yet, something off the main page) that > step-by-steps "how to create & maintain" an sa-update channel > for .cf's > & .pm's. > > yes, i know this is an "open source" project ... and that consensus is > some-part-n-parcel. but can y'all get to one? > > i know SA-proj leads have openly said, effectively, that if > people want > more explanation to let them know their questions and they'll try to > update the avilable info. > > rather than everybody waiting around for "the other project" to > undertake the effort/clarity, can there at least be SOME recognition > that clarity, if not simplicity, is a user requirement? > > and, that we're talking about core functionality here, not something > horribly tangential ... > SA *is* about managing/processing rules after all! ... > > </ removing tin-foil hat and asbestos shorts ... but keeping them > readily available>
Amen. And not to mention that RDJ is essentially non-existent for the average windows admin. I mean really-- to suggest that someone who doesn't much know how to run DOS commands understand, install, and learn to use CYGWIN, a Windows environment to emulate unix, is a completely unworkable solution. I *could* do this, yes. But no one I work with is probably capable of understanding even the logic behind it. I'd get chewed out by management for making the environment more complex than it needs to be. Honestly, it probably took me less time to write my own tool to do it. And that's something that no one here would understand either. Keeping the environment simpler and similar tasks done in a consistent manner is really essential in a lot of business environments. I get really tired of "you can't use this on Windows", when the real reason for most of it is simply a lack of understand of what does and doesn't work there. I'm happy for the cross-platform support. I'm happy to continue to debug things that aren't working right and suggest possible solutions via bugzilla. But I can't do that if you're gonna write a shell script for unix, and then defend it as the best way to do things. My environment isn't Windows by my choice, it's Windows by management directive, so I'm stuck with it. As for the "we just write the rules, it's up to you how you get them", you can't honestly expect that any admin can manually manage the number of rules available from various sources without some automation. I tried for a long time. It doesn't help that half the time the web page that points to the rules doesn't get updated with the version info. So, here we have it: automation is really essential for updating rules; RDJ isn't a solution for Windows admins; sa-update works very well with some limitations; SARE doesn't see the need for sa-update channels, so now we're dependent on another volunteer maintaining channels in a separate architecture to update channels for rules he doesn't write. While I'm happy that someone is doing it, I'm a little disappointed. It's like SARE saying, we want you to use the rules, but we won't make it easy to keep them updated. I do really understand the reason there isn't "one place" to go for sa rules. It's community-supported. OK. But when sa starts providing a way to make your rules more accessible and easy to keep updated-- I don't understand the avoidance. Yes, an official way to update rules. Finally. Well, maybe. At least it can update the official sa ruleset. Bret
