On 11 Jan 2019, at 10:22, Kris Deugau wrote:
Bill Cole wrote:
On 10 Jan 2019, at 23:15, listsb wrote:
Update available for channel sought.rules.yerp.org: -1 ->
3402014020421
And finally: that rule channel has not been updated in almost 4 years
and almost surely will never be updated again.
I'm pretty sure it's been longer than that even.
Correct. Almost 5, according to the internal & signature timestamps. My
mistake was a symptom of it being early January...
Last time I checked closely it was empty; absolutely no __ rules and
the scored metas were "meta SOUGHT_1 (0)".
$ grep score 20*
20_sought.cf:score JM_SOUGHT_1 0
20_sought_fraud.cf:score JM_SOUGHT_FRAUD_1 0
20_sought_fraud.cf:score JM_SOUGHT_FRAUD_2 3.0
20_sought_fraud.cf:score JM_SOUGHT_FRAUD_3 3.0
Even if it downloads and validates, it's not actually doing anything,
and hasn't been for years.
Testing 282 simple but long body rules against every message is not
free.
The danger in the SOUGHT rules still being a part of SA 'lore' is that
they are a bit of abandoned attack surface. It's still possible to
download the tarball and forcibly install it or to use an obsolete or
modified sa-update to do so. If Justin lost control of the channel or
(less likely) turned malicious, the channel could be revived and turned
against a relatively inattentive subset of people using SA.
Breaking unmaintained zombie rules channel was a fortuitous side-effect
of sa-update switching from SHA1 to SHA256 and SHA512.
