You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by John Hardin <jh...@impsec.org> on 2011/05/23 15:27:48 UTC
3.3.2 release with stale and unmaintained rules?
All:
The rules on the 3.3 branch are pretty much stale (the last 3.3 rules
update was published 12/24/2010).
There is no masscheck+promotion process running on the 3.3 branch, and
rule sandbox updates (apart from bugfixes) are only being done with any
regularity on trunk.
Are we going to do a new release with stale rules?
Should there be a nightly masscheck+promotion job set up for the 3.3 (i.e.
stable production) branch as well and should rule devs remember to do
parallel commits?
Do we need to copy the trunk sandboxes to the 3.3 branch and do a
masscheck/promotion/scoring pass before release?
I'd suggest that there should be nightly masschecks and rule autopromotion
and update generation for the production branch as well as for trunk.
We're doing a lot of rule dev on trunk, but how widely used is it in
actual production?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
An entitlement beneficiary is a person or special interest group
who didn't earn your money, but demands the right to take your
money because they *want* it. -- John McKay, _The Welfare State:
No Mercy for the Middle Class_
-----------------------------------------------------------------------
165 days since the first successful private orbital launch (SpaceX)
Re: 3.3.2 release with stale and unmaintained rules?
Posted by John Hardin <jh...@impsec.org>.
On Mon, 23 May 2011, Daryl C. W. O'Shea wrote:
> On 23/05/2011 3:53 PM, John Hardin wrote:
>> On Mon, 23 May 2011, Daryl C. W. O'Shea wrote:
>> > On 23/05/2011 9:27 AM, John Hardin wrote:
>> > > I'd suggest that there should be nightly masschecks and rule
>> > > autopromotion and update generation for the production branch as
>> > > well as for trunk. We're doing a lot of rule dev on trunk, but how
>> > > widely used is it in actual production?
>> >
>> > I'm just waiting for approval from the group to turn the stable
>> > updates back up. trunk updates are of course ongoing already. Are
>> > you asking for generated scores to be released with the trunk update
>> > packages?
>>
>> Where would the scores for sandbox rules in a stable update come from if
>> not the generated scores? Would they all be scored at 1.0 unless a
>> manual explicit score was entered in a file under rules/ ?
>
> If we weren't generating scores for stable updates, that is if we were to
> omit the 72_scores.cf file, you'd get a package that looks like your rules
> directory after run make on trunk.
>
> For sandbox rules, in the above scenario, you would:
>
> - NOT get the scores from the sandboxes, as they are stripped out
> - would get scores set in a file in rules/ ... but you run into the issue of
> rules from the sandbox coming and going out of sync with the additions and
> deletions of scores from rules/ ... I don't know why you would want to do
> this
> - would get default scores of either 1.0, 0.01 or 0.001 depending on the
> rules type... or the negatives of those scores for nice rules. Default
> scores of 1.0 could be A Bad Thing(tm), for some promoted rules, which was
> one of the initial reasons for using generated scores. Often a 1.0 default
> caused FPs whereas a 0.4 score was OK.
>
> I'm not really sure if I'm answering what you're looking for... I don't
> understand the line of thought/questions.
You covered it. Since the sandbox scores are now limits rather than
scores, any non-generated scores for sandbox rules would come from a
manually-maintained .cf file or would be the type-specific default score.
I suppose I was trying to express that falling back to the default scores
might not be the best idea, as you stated. We've got a score generator,
why not use it?
> From your previous email I thought that maybe you wanted generated
> scores included in the trunk nightly rule updates.
I do think that's a good idea. Any reason _not_ to do that?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
You know things are bad when Pravda says we [the USA] have gone
too far to the left. -- Joe Huffman
-----------------------------------------------------------------------
165 days since the first successful private orbital launch (SpaceX)
Re: 3.3.2 release with stale and unmaintained rules?
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
On 23/05/2011 3:53 PM, John Hardin wrote:
> On Mon, 23 May 2011, Daryl C. W. O'Shea wrote:
>> On 23/05/2011 9:27 AM, John Hardin wrote:
>>> I'd suggest that there should be nightly masschecks and rule
>>> autopromotion and update generation for the production branch as well as
>>> for trunk. We're doing a lot of rule dev on trunk, but how widely used
>>> is it in actual production?
>>
>> I'm just waiting for approval from the group to turn the stable
>> updates back up. trunk updates are of course ongoing already. Are you
>> asking for generated scores to be released with the trunk update
>> packages?
>
> Where would the scores for sandbox rules in a stable update come from if
> not the generated scores? Would they all be scored at 1.0 unless a
> manual explicit score was entered in a file under rules/ ?
If we weren't generating scores for stable updates, that is if we were
to omit the 72_scores.cf file, you'd get a package that looks like your
rules directory after run make on trunk.
For sandbox rules, in the above scenario, you would:
- NOT get the scores from the sandboxes, as they are stripped out
- would get scores set in a file in rules/ ... but you run into the
issue of rules from the sandbox coming and going out of sync with the
additions and deletions of scores from rules/ ... I don't know why you
would want to do this
- would get default scores of either 1.0, 0.01 or 0.001 depending on the
rules type... or the negatives of those scores for nice rules. Default
scores of 1.0 could be A Bad Thing(tm), for some promoted rules, which
was one of the initial reasons for using generated scores. Often a 1.0
default caused FPs whereas a 0.4 score was OK.
I'm not really sure if I'm answering what you're looking for... I don't
understand the line of thought/questions. From your previous email I
thought that maybe you wanted generated scores included in the trunk
nightly rule updates.
Daryl
Re: 3.3.2 release with stale and unmaintained rules?
Posted by John Hardin <jh...@impsec.org>.
On Mon, 23 May 2011, Daryl C. W. O'Shea wrote:
> On 23/05/2011 9:27 AM, John Hardin wrote:
>> Are we going to do a new release with stale rules?
>
> As you know, I made the improvement to the update generation to limit scores
> to those defined in sandboxes to act as a safety net against too high scores
> being assigned.
Yes, I was aware of that.
>> Do we need to copy the trunk sandboxes to the 3.3 branch and do a
>> masscheck/promotion/scoring pass before release?
>
> I also, per Warren's request, provided a current (as of last week) update for
> review prior to re-enabling nightly updates. The update is also the most
> suitable package to be used as the 3.3.2 release's associated rule package.
> I have not heard from *anyone* in regards to their satisfaction with that
> update.
I must admit I haven't looked at it.
> In case it's not clear, the rule updates are generated with the rules from
> the *trunk* sandboxes (which is why there is a somewhat elaborate lint
> testing procedure against every tagged stable release for the update
> packages). So copying trunk sandboxes to the 3.3 branch would not achieve
> anything.
Ah, I wasn't aware of that (or had forgotten since stable updates have
been turned off).
>> I'd suggest that there should be nightly masschecks and rule
>> autopromotion and update generation for the production branch as well as
>> for trunk. We're doing a lot of rule dev on trunk, but how widely used
>> is it in actual production?
>
> I'm just waiting for approval from the group to turn the stable updates back
> up. trunk updates are of course ongoing already. Are you asking for
> generated scores to be released with the trunk update packages?
Where would the scores for sandbox rules in a stable update come from if
not the generated scores? Would they all be scored at 1.0 unless a manual
explicit score was entered in a file under rules/ ?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
(J)ustice is justice, whereas "social justice" is code for one set
of rules for the rich, another for the poor; one set for whites,
another set for minorities; one set for straight men, another for
women and gays. In short, it's the opposite of actual justice.
-- Burt Prelutsky
-----------------------------------------------------------------------
165 days since the first successful private orbital launch (SpaceX)
Re: 3.3.2 release with stale and unmaintained rules?
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
On 23/05/2011 9:27 AM, John Hardin wrote:
> All:
>
> The rules on the 3.3 branch are pretty much stale (the last 3.3 rules
> update was published 12/24/2010).
>
> There is no masscheck+promotion process running on the 3.3 branch, and
> rule sandbox updates (apart from bugfixes) are only being done with any
> regularity on trunk.
>
> Are we going to do a new release with stale rules?
As you know, I made the improvement to the update generation to limit
scores to those defined in sandboxes to act as a safety net against too
high scores being assigned.
> Should there be a nightly masscheck+promotion job set up for the 3.3
> (i.e. stable production) branch as well and should rule devs remember to
> do parallel commits?
>
> Do we need to copy the trunk sandboxes to the 3.3 branch and do a
> masscheck/promotion/scoring pass before release?
I also, per Warren's request, provided a current (as of last week)
update for review prior to re-enabling nightly updates. The update is
also the most suitable package to be used as the 3.3.2 release's
associated rule package. I have not heard from *anyone* in regards to
their satisfaction with that update.
In case it's not clear, the rule updates are generated with the rules
from the *trunk* sandboxes (which is why there is a somewhat elaborate
lint testing procedure against every tagged stable release for the
update packages). So copying trunk sandboxes to the 3.3 branch would
not achieve anything.
> I'd suggest that there should be nightly masschecks and rule
> autopromotion and update generation for the production branch as well as
> for trunk. We're doing a lot of rule dev on trunk, but how widely used
> is it in actual production?
I'm just waiting for approval from the group to turn the stable updates
back up. trunk updates are of course ongoing already. Are you asking
for generated scores to be released with the trunk update packages?
Daryl