On 6/11/2011 6:43 AM, [email protected] wrote:
On 06/10, Karsten Bräckelmann wrote:
The Sought rule-set is re-generated multiple times a day, which is what
you get from the dedicated sa-update channel. With 3.3.x the plan is, to
frequently perform mass-checks and re-scoring, distributed via the
regular channel. This includes a recent snapshot of the Sought rules, so
On 06/10, Warren Togami Jr. wrote:
Alternatively, I think it is a mistake for us to ship SOUGHT rules
at all in the standard sa-update channel. That is, unless we plan
on updating the patterns and scores of SOUGHT on a daily basis. I
highly doubt we will do that.
What I quoted Karsten saying above sure sounded to me like a plan to update
sought in the standard sa-update channel at least on a daily basis. Which
I am strongly in favor of.
I don't like sought being separately distributed, and I don't like it not
going through mass-checks for rescoring as another safety check to reduce
false positives.
Sure, ideally I agree with you. But realistically I doubt we will ever
be able to handle updating it in the upstream sa-update on a regular basis.
Warren
