Upgrading suricata-upgrade when coupled to Suricata

I was curious to know the recommendations on upgrading suricata-update when it is “coupled” to an installed Suricata installation.

For example, on a device I see this:

$ suricata-update check-versions
16/7/2023 -- 18:13:50 - <Info> -- Using data-directory /var/lib/suricata.
16/7/2023 -- 18:13:50 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml
16/7/2023 -- 18:13:50 - <Info> -- Using /etc/suricata/rules for Suricata provided rules.
16/7/2023 -- 18:13:50 - <Info> -- Found Suricata version 6.0.1 at /usr/bin/suricata.
16/7/2023 -- 18:13:50 - <Warning> -- Suricata version 6.0.1 is outdated. Please upgrade to 6.0.13.

Oddly suricata-update’s check-versions check doesn’t report the installed version of itself. This is possible from the the --version argument, or from system pip though:

$ python3 -m pip list | grep suricata
suricata                     6.0.1
suricata-update              1.2.1

That’s v1.2.1, and v1.2.6 is the latest on PyPI. On this system, Suricata and suricata-update were installed from OS package repos and are limited to available versions:

$ dpkg -l | grep suricata
ii  suricata                                 1:6.0.1-3                                  amd64        Next Generation Intrusion Detection and Prevention Tool
ii  suricata-update                          1.2.1-1                                    amd64        tool for updating Suricata rules

Is it recommended to use pip to upgrade suricata-update when it has been (1) coupled/sourced from a Suricata installation (as it is by default)? I notice that pip cannot uninstall suricata-update in these cases, but it can upgrade it with install -U (however, it can’t uninstall the old version as it normally would). I wanted to make sure updating suricata-update in place using pip is a safe or recommended approach.

Also should we file an issue to have suricata-update check-versions output the suricata-update version? The help says:

$ suricata-update --help
other commands:
    check-versions             Check version of suricata-update

What distribution is this?
Not all distributions keep Suricata up-to-date, so you have to either use other repos like our Ubuntu PPA for example or build it yourself to make sure to run the latest versions.

I think as usual, Python can be a mess when you mix Python packages installed by the package manager with versions installed by pip, so the same goes here. Stick to one, and ideally the one provided by your package manager. Pip is not recommended for installing suricata-update as you should use the one that came with the version of Suricata you installed.

I wish distros wouldn’t break the 2 apart, but I understand its policy in some cases. But creates confusion.