On Mon, 23 May 2011, Daryl C. W. O'Shea wrote:
On 23/05/2011 3:53 PM, John Hardin wrote:
On Mon, 23 May 2011, Daryl C. W. O'Shea wrote:
> On 23/05/2011 9:27 AM, John Hardin wrote:
> > I'd suggest that there should be nightly masschecks and rule
> > autopromotion and update generation for the production branch as
> > well as for trunk. We're doing a lot of rule dev on trunk, but how
> > widely used is it in actual production?
>
> I'm just waiting for approval from the group to turn the stable
> updates back up. trunk updates are of course ongoing already. Are
> you asking for generated scores to be released with the trunk update
> packages?
Where would the scores for sandbox rules in a stable update come from if
not the generated scores? Would they all be scored at 1.0 unless a
manual explicit score was entered in a file under rules/ ?
If we weren't generating scores for stable updates, that is if we were to
omit the 72_scores.cf file, you'd get a package that looks like your rules
directory after run make on trunk.
For sandbox rules, in the above scenario, you would:
- NOT get the scores from the sandboxes, as they are stripped out
- would get scores set in a file in rules/ ... but you run into the issue of
rules from the sandbox coming and going out of sync with the additions and
deletions of scores from rules/ ... I don't know why you would want to do
this
- would get default scores of either 1.0, 0.01 or 0.001 depending on the
rules type... or the negatives of those scores for nice rules. Default
scores of 1.0 could be A Bad Thing(tm), for some promoted rules, which was
one of the initial reasons for using generated scores. Often a 1.0 default
caused FPs whereas a 0.4 score was OK.
I'm not really sure if I'm answering what you're looking for... I don't
understand the line of thought/questions.
You covered it. Since the sandbox scores are now limits rather than
scores, any non-generated scores for sandbox rules would come from a
manually-maintained .cf file or would be the type-specific default score.
I suppose I was trying to express that falling back to the default scores
might not be the best idea, as you stated. We've got a score generator,
why not use it?
From your previous email I thought that maybe you wanted generated
scores included in the trunk nightly rule updates.
I do think that's a good idea. Any reason _not_ to do that?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[email protected] FALaholic #11174 pgpk -a [email protected]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
You know things are bad when Pravda says we [the USA] have gone
too far to the left. -- Joe Huffman
-----------------------------------------------------------------------
165 days since the first successful private orbital launch (SpaceX)
