On Sat, Jun 22, 2002 at 12:21:12AM -0500, Steve Langasek wrote: > Hello Matthew, > > I'm glad to see others thinking along the same lines. However, > precisely because of the nature of the issues surrounding such packages > -- the need for frequent updates even when running stable, the fact that > this data should *not* be shipped on CDs, the relatively small mirror > requirements -- I believe such a repository for definition files could > thrive outside of the main Debian archive network. I'm also rather > confident that, at least initially, it will be a lot *easier* to > implement this outside of the main Debian archive network. Debian is > effective at a lot of things, but when you start talking about IDS > updates, you really want something a little more flexible and a little > less process-laden. ;) > > On Sat, Jun 22, 2002 at 03:55:46PM +1200, Matthew Grant wrote: > > > o Updating vulnerability databases does not work as generally the new > > data on the 'Net is no longer compatible with the binaries in stable. > > > o New versions have new detection algorithms, capabilities, and > > methodologies that are needed to deal with current and serious threats. > > I would hesitate to endorse providing Debian packages for such security > software if the binaries themselves really need to be updated that > frequently. Where binaries can be provided and managed through the > normal unstable->testing->stable system -- complete with security > updates from our world-class security team -- I think having > asynchronous updates to definiton files is a great boon; but where the > programs have to be updated frequently to remain useful, I would argue > that the software is simply not mature enough to receive the Debian seal > of approval at all. > > Thus, the responsibilities of the maintainers of such an archive would > not be to backport the software to stable, but to backport the > definition files to stable.
I would think of using xdelta, or similar to distrubute changes as binary patches, since there could be a real server overload when a few hundred administrators and mere people start downloading the brand new deifinitions simultaneously. What about a public rsync? Maybe a usual announce mailing list? In my oppinion, a package created ten minutes ago can't go into stable. Even if it is a simple virus/worm/blacklist/... definion. Bugs can crawl anywhere. Therefore, I don't think the proposed type of packages can ever be a part of stable. I guess it should be like: use unstable for just those packages, and stable for all the rest. -- Pav -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
