Theo Van Dinter wrote: > On Wed, Apr 29, 2009 at 6:24 PM, Adam Katz <antis...@khopis.com> wrote: >> The mechanism for sa-update is brilliant, but >> doesn't lend itself to enormous indices of frequently-changing rulesets. > > I guess it depends what you mean by "enormous". A sought rule update is 135k.
And 135k doesn't add up to a lot of bandwidth? I suppose it depends on the number of users, and I'm figuring worst-case scenario, e.g. when/if it ships enabled in the default SA install. > The likelihood is, imo, that you would probably split up your updates > into multiple channels before they really got out of control in size. > For example, you could do something like a weekly, daily, and > sub-daily channel, and move rules appropriately between them. Yes, a > little more of a PITA for clients, but how much churn do you really > expect? How about hierarchical channel support, e.g. a channel's MIRRORED.BY file is merely itself a sa-update-channels file. >> Justin: Perhaps sa-update could support [version].torrent in addition >> to [version].tar.gz on each mirror? (This doesn't touch the current >> DNS-based version/announce system.) Channels hosted for versions of >> SA after the supporting release (e.g. 0.4.3.[channel] and "higher") >> would be allowed to host only the torrent file. > > I had actually thought about doing a P2P sa-update so as to better > withstand DoS issues, skip the need for a mirrored.by file, etc. But > the main issue is that most channel updates are rather small, and so > therefore the downloads are rather fast. Compared to doing a torrent, > which takes relatively a long time to get setup, and just as you > start, you're done. Also, it means clients are serving data, which > makes the "quick sa-update and move on" more of a procedure and you > have to worry about remote connectivity, etc, etc. > > In the end it didn't seem worthwhile beyond the security aspect, so I > didn't move beyond the "thinking about" stage. > > (and yes, I know I'm not Justin. ;)) You're close enough on the SA development order. For BT, I was actually envisioning much larger rulesets with sought merely heralding a future with lots of large auto-generated rulesets, but perhaps it doesn't scale at the right point. I think I'm trying to squeeze to much :-p -- Adam Katz khopesh on irc://irc.freenode.net/#spamassassin http://khopesh.com/Anti-spam
