[IntelMQ-dev] RFC on IEP007: Running IntelMQ as Python Library

Mika Silander mika.silander at csc.fi
Tue Apr 25 13:43:43 CEST 2023


Hi Sebastian, 

References to the discussions on motivations for the library proposal are welcome, but when and if you find them, IMHO I think the best location for them is the IEP itself. The document could for example, start with a "Background" or similar section that tries to answer why this is a desired thing, what benefits it would bring and maybe some examples. A long time ago I wrote a wrapper script that allowed chaining bots on the command line. It did of course not provide all the features that are outlined in your IEP, but it gave me the possibility to simple sampling of events and testing bots with e.g. 

wrapper BotA | wrapper BotB | wrapper BotC ... 

so I was struggling to find good use cases to support a library implementation. 

What comes to the API-breaking vs. less intrusive implementation, I think I did understand these were two separate options, but the API-breaking I found a bit scary and reacted to that only. And yes, I can imagine it's been a big effort to reach versions 3.0 and 3.1. Had I known all the effort I've had to do put to the interconnected systems related to our IntelMQ setup (IntelMQ itself was not that hard), I would have never even started :-). Still, as said, my vote is on the less intrusive implementation option and sticking to KISS, but if it turns out the API-breaking one wins, please consider techniques that could provide some degree of backward compatibility as I suggested. 

I don't think I'm a very active debater on this forum, so it would be nice to read what other developers think. Especially the ones like me who do not form part of the core developers but just need to add some components and features of their own to IntelMQ. 

Br, Mika 

From: "Sebix" <sebix at sebix.at> 
To: "intelmq-dev" <intelmq-dev at lists.cert.at> 
Cc: "Mika Silander" <mika.silander at csc.fi> 
Sent: Tuesday, 25 April, 2023 13:05:50 
Subject: Re: [IntelMQ-dev] RFC on IEP007: Running IntelMQ as Python Library 



Dear Mika, 
On 4/25/23 11:28 AM, Mika Silander wrote: 



Reading through the IEP in question, I thought I would find reasons or motivations as to why having a library is desired. It's possible I've missed discussions or mails and the reasons have been discussed/documented elsewhere. 


Thanks for the input, I'll try to find some references from the 3.0 discussions when we first discussed this feature request in more details, or otherwise expand this section on my own. 

BQ_BEGIN

If the implementation you choose for IEP is the API-breaking generator one 

BQ_END


I think there was a misunderstanding: It is precisely the question if we also want to address this topic. It has its pros and cons, whereas the biggest downside is the API-breaking part with all its implications. 




You know that it was a long and bumpy road towards IntelMQ 3.0, and accumulating multiple significant development steps in a short period was challenging (OTOH had the - temporary - development capacity at that time to make this leap). I'm fully aware that breaking changes can mean a lot of trouble and I'm all for small, separated steps (hence this IEP), which allow more straightforward discussion, review and maintenance. When writing PoCs for this IEP, I found a similar area for improvement in IntelMQ which could also be interesting to tackle. It is not up to me to decide the direction of the IntelMQ roadmap but to the community . Hence, I posed this question and asked for comments, and I am very grateful that you are contributing so actively through code and discussion. 


best regards 
Sebastian 


-- 
Institute for Common Good Technology
gemeinnütziger Kulturverein - nonprofit cultural society [ https://sebix.at/ | https://sebix.at/ ] ZVR 1510673578 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20230425/da375898/attachment.htm>


More information about the IntelMQ-dev mailing list