On Mon, Apr 27, 2009 at 18:00, John Hardin <jhar...@impsec.org> wrote: > On Mon, 27 Apr 2009, Justin Mason wrote: > >> On Mon, Apr 27, 2009 at 17:38, John Hardin <jhar...@impsec.org> wrote: >> >>> But this is only part of the problem. How difficult is it for third >>> parties >>> to submit rules for review and inclusion in the base ruleset without >>> necessarily joining the dev group? Is posting the proposed rule to >>> bugzilla >>> sufficient? >> >> getting the rule into the "rulesrc" area is all that's needed. it >> gets auto-promoted based on linting ok, getting good performance etc.... >> >> it's a hell of a lot easier to use SVN these days though. Would it >> really be impossible to do it that way? that's as simple as >> >> svn up >> edit rulesrc/sandbox/jm/20_whatever.cf >> svn commit rulesrc/sandbox/jm/20_whatever.cf >> >> and wait ;) > > That's cool too. I was just wondering how much manual review newly-submitted > rules would/should be subject to. > > Does "good performance" mean it has to meet a minimal hit rate? Are there > other metrics?
that's pretty much it. low FPs and a useful number of hits (ie. over 1% iirc). any further review takes place after-commit -- ie if someone notices that it causes problems, or queries a dead DNSBL, or runs really slowly etc. they may mark it "nopublish" afterwards so it doesn't get published. --j.
