New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Drop the ssdeep library and remove its hash support #7525
Conversation
c7fb7c6
to
0f7dccb
Compare
30fab59
to
97b2f2d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reading about ssdeep, it seems like fuzzyhasing is somewhat important in some areas. But it also seems like this is pretty unmaintained, I don't know if we have good options
In discussion at office hours today, we concluded that while fuzzy hashing is useful, since the |
I'm totally agree with this choice, but in the other hand the fuzzy hashing can be useful for some users in experimental cases. What do you think to have the ssdeep feature as an extension so it can be used on demand? |
At present, the osquery foundation does not maintain or distribute extensions. I think it would be a great thing for people to try, but folks don't need our permission for that. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this PR! We should also remove this now unused variable:
https://github.com/osquery/osquery/pull/7525/files#diff-021da22b2dcfaaaf9c769954cde0773b7cb8ac1e684e7b79fd58ecd5662db2deL306
And actually delete also the folder libraries/cmake/source/ssdeep-cpp
Can you specify which variable should be removed please? |
Yeah sorry, sometimes those links don't work: it's |
Also for the ReadTheDocs failure, please rebase on latest master, which has the fix. |
* drop ssdeep support * CR comment * delete unused variable
…3 to master * commit '35edba4e8627f883dc6394f60a7fff60a5a39353': libs: Update OpenSSL from version 1.1.1l to 1.1.1n (osquery#7506) Drop shortcut_files table (osquery#7547) Drop the ssdeep library and remove its hash support (osquery#7525) libs: Update zlib from v1.2.11 to v1.2.12 (osquery#7548) Remove libelfin and elf parsing tables (osquery#7524) Update librpm to 4.17.0 (osquery#7529) libs: Update expat from version 2.2.10 to 2.4.7 (osquery#7526)
Fixes #7520