tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Request for removal : net/snort-rules




----- Le 18 Juin 17, à 14:11, Greg Troxel gdt%lexort.com@localhost a écrit :

> Benny Siegert <bsiegert%gmail.com@localhost> writes:
> 
>>> I know I'm late on this one, but I'm trying my luck anyway : does someone still
>>> uses net/snort-rules ?
>>> I believe we can get rid of it :
>>
>> That sounds convincing. How about the following: we leave it in for
>> 2017Q2, announce that in the release notes, then remove it after the
>> branch. OK?

I'm fine with post-branch removal.

> I certainly don't object to that.  But I don't think we have a norm that
> we announce removals in release notes ahead of time.

I had a look at the release notes for the past 5 pkgsrc releases.
The removal announcements are not ahead of time, so I guess we'll have to keep it in mind for 2017Q3.

> As someone who is on the more conservative side of removals, my question
> is always "Are there any users (and I know we can't really know that)
> and if so, can you tell them, with a clear conscience, and without
> understanding their sitation, that it is ridiculous that they are still
> using it?".

Like I stated in my previous mail, these rules haven't been updated since 2012.
Some examples of what's missing in these rules :
- Heartbleed (publicly known since 2014) ;
- Poodle  (publicly known since 2014) ;
- Wannacry (very recent).

I would not call it ridiculous, but highly inefficient to a point it's almost totally useless.

Regards,

Nils


Home | Main Index | Thread Index | Old Index