Suricata

I wonder how we should handle the backport. We can't starting rejecting these rules, as they still work fine.

Victor Julien wrote in #note-2:

I wonder how we should handle the backport. We can't starting rejecting these rules, as they still work fine.

Leave a warning that using fast_pattern w base64_data has no effect so is useless and will be rejected in 8..?

Shivani Bhardwaj wrote in #note-3:

Victor Julien wrote in #note-2:

I wonder how we should handle the backport. We can't starting rejecting these rules, as they still work fine.

Leave a warning that using fast_pattern w base64_data has no effect so is useless and will be rejected in 8..?

We've seen that new warnings are often seen as too "severe" by integrators. So perhaps we should just give an info/notice message and accept the rule. Could also add a note or warning to the rule analyzer perhaps.

> We've seen that new warnings are often seen as too "severe" by integrators. So perhaps we should just give an info/notice message and accept the rule. Could also add a note or warning to the rule analyzer perhaps.

I see. Ok. Do you mean that we should accept it with info message even on 8? So, I should change the behavior in the PR https://github.com/OISF/suricata/pull/10641?

No, in 8 we can be strict. Just don't want to introduce errors/warnings for otherwise fairly harmless issues in a patch release.

Victor Julien wrote in #note-6:

No, in 8 we can be strict. Just don't want to introduce errors/warnings for otherwise fairly harmless issues in a patch release.

Got it. Will implement solution for 7.0.5 as discussed. Thank you!