On 18/05/2011 8:13 AM, Warren Togami Jr. wrote:
On 5/17/2011 5:10 PM, Daryl C. W. O'Shea wrote:
Update 1104058 on the update mirrors.
No real changes... the last round of issues were rules that triggered
code issues -- unavoidable, I think.
I've made one important improvement. Scores in the sandboxes are now
used to set the absolute maximum rule score (positive or negative).
Evolved scores may be less than the score value in the sandbox but
should not exceed it.
I plan to write a script to handle reverting to a known good update in
an emergency before I re-enable the updates. The script will need to be
run as updatesd on the Solaris zone and will have syntax something like:
./revert-stable-update 1083704
Usage details will follow when its ready. The script will:
- accept an update number (that will be on the update mirrors already)
- test the given update against the stable versions of SA
- update DNS immediately
- *maybe* automatically halt future automatic update generation
Daryl
How about we wait until we have the update system working again and
we're happy with a newly generated rules tarball. At that point we cut
3.3.2-rc2 for more testing.
Is there something else I need to fix before everyone's happy with the
rule updates going live? Other than the above mentioned script to do
the emergency update reversion (which won't have any affect on *how*
updates are generated, but maybe *if* they are generated).
Daryl
