On Tue, Sep 13, 2005 at 10:26:01PM +0200, Javier Fernández-Sanguino Peña wrote: > On Wed, Sep 14, 2005 at 05:39:43AM +1000, rudolph wrote: > > I believe this adds weight to the argument for an update to v2.4 and > > beyond (see #320920). > > Do you really believe that updating to 2.4 and removing all the snort > rules is better than just backporting the patch? Personally, yes. I would be happy with a very big warning that says that 2.4 installs with 30 community rules, and it's up to the user to get/install more if they want. In my case, I will just use non-community rules, bleedingsnort, etc.
Obviously as the maintainer, it's your call whether you can continue to check and backport issues to 2.3. Porting the frag3 preprocessor alone seems like a big task and I don't have the time to do it myself. It may be better to simply wait until upstream gets back to you on the rules (as you noted in #320920), but again, it's your call. (btw, I am also having issues with mail from you, in that I don't get any sent directly from you to me. Presuming you're not getting bounces from my address, are you doing any strange outbound filtering?)
