[Bro-Dev] Organizing plugins (Re: [JIRA] (BIT-1222) topic/robin/reader-writer-plugins)

Seth Hall seth at icir.org
Mon Aug 4 18:15:34 PDT 2014 

On Aug 4, 2014, at 4:48 PM, Robin Sommer <robin at icir.org> wrote:

>       Question is: do we want to change that? I'm reluctant to do
>       that right now, as it would be major structural change, and we
>       don't have much experience yet with the plugins' organization.
>       I would prefer to leave the standard scripts as they are for
>       now.

Mmmppphhh... Not sure if I should say "let's do it!" or not.  I'm *really* tempted to say that we should make the break.  We're early in the 2.4 dev cycle and now's the perfect time to get that plugin organizational experience.  At the very least, this would force some better practices on us and the community.  Only one way to get the experience. :)

I'm actually starting to wonder now what you mean by "standard scripts"?  You're obviously saying that the ES and dataseries scripts should be broken out, but could you give an example where you think we should leave it alone for now?  I may be losing track of this conversation.

>       Generally, I think we should start a separate bro-plugins
>       repository where we keep non-standard plugins (both from us,
>       and from external folks as long as there's a clear maintainer).

Agreed.  Those should be easy to break out even further into separate repositories once we have an easy system for managing dependencies (i.e. a package manager).

>       We could then take the stance that everything dependending on
>       optional functionality would go there, rather than into Bro
>       itself. Right now, I think that would mean support for
>       DataSeries and ElasticSearch.

And libgeoip!

> So, in short: what would you guys think about solving the problem by
> moving DataSeries and ElasticSearch (including their scripts and
> tests) out into a new bro-plugin repository, but otherwise leaving
> things as they are right now?

In case it's not obvious, I'm voting for making the larger change, whatever that is.  It just feels wrong to leave this code split up half way done.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20140804/3eb95e1d/attachment.bin

More information about the bro-dev mailing list