My 2 cents: * obiously, need a stable release. If there any important bugfix/securityfix, a 2.7.2 should be issued. else go for 2.8/3.0 whatever naming you prefer. * after, I'm more for regular/progressive release every 6-12 months like OpenBSD or Ubuntu. It gives time to incorporate changes/stabilize and adapt. * I think cleaning should be done once in a while as there is always bad stuff which accumulates over time and you don't want it to explode in your face at a bad moment * If you are not able to manage update once in 6-12 months, you should probably review your patch management and any certification supported by would probably be meaningless. I can't imagine any single society who can keep all its software fixed for years and there are always some software w regular security patch. * as for the rules/decoder, I'm also for a separate repository. git/svn them once a day/week/whatever would be nice
Cheers, Julien -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
