For what it’s worth hyperscan is available on EL8 via EPEL, it looks like it just didn’t make it to the standard EL8 repo, it is currently only in epel8.playground. That is an easy fix.
From the EPEL/Fedora packaging perspective, I am not sure how many people use the packages and all the reasoning for why not.
The one thing that has come up with regard to EPEL is that it usually doesn’t follow the latest release but is one major release behind. Also the lack of hyperscan in EL7 due to the old boost libs one had bundle the boost libraries with their suricata src to build the RPM.
I have run the EPEL RPM along side the dev version (master branch) packaged in an RPM. The two ran side by side but it took a bit of work to get things so they didn’t conflict. It certainly can be done though and seemed to work rather well for us at the time.
I think it would be best to allow the EPEL/Fedora and OISF RPMs to exist side by side. I can get a sample spec to share on how I handled the dev version to it didn’t stomp the prod/stable version.
What hardware platforms would be supported with the OISF RPMs? Would it match with the EPEL/Fedora platforms? (ignoring the current ppcle hiccup with linking with the 4.x release)