On Tue, 15 Dec 2009, Martin Gregorie wrote:
Clarification: I, for one, was only proposing that the whitelisting plugins and rules that query external databases are removed from the standard ruleset and sa_update and placed in a separate library of optional rules.
The 'issue' (as I see it) is that a great many servers install a 'standard' SA 'package', quite possibly just the one that came as a 'supported' version with their OS distro. So it is important to not simply exclude from that 'core' SA install anything that is contentious, but to make the best possible assessment of all rules, including whitelist rules, which will have the best chances of catching spam with few FP's.
Once we reach the level of a competent (sic) sysadmin reviewing the default configuratino and modifying it, it matters very little whether the rules are in the core set or added-on. In some ways it is still easier to have a rule included by default that can then be disabled if it proves to have poor results.
So although the 'modular' concept is always a good one, it does not allow us to sidestep that burden of responsiblity to have the core default SA be the best that it can be. :)
- Charles
