Snort mailing list archives
Re: What's up with Snort's license?
From: Loyal Moses <loyalmoses () mac com>
Date: Wed, 18 Jul 2007 17:46:38 -0700
I believe this has a lot less to do with GPL than is being lead to believe. Some thoughts on the Intellectual Property topic: Marty: "This is the most controversial provision of the clarifications that we put into the Snort 3.0 license." Oh you bet. This is most definitely the hottest topic. Marty: "By sending these changes to Sourcefire or one of the Sourcefire- moderated mailing lists or forums, you are granting to Sourcefire, Inc. the unlimited, perpetual, non-exclusive right to reuse, modify, and/or relicense the code." You are between a rock and hard spot here. Your product is based on the combined works of dozens of contributors over the past several years while your project was licensed as GPL. If you were not GPL, then you have the absolute right to make a license change at anytime, however you do not have the right to take ownership of user contributions which were made within the boundaries of the GPL license with that understanding. Marty: "we don't feel that contributing a 3-line patch to a 200k+ LOC codebase means that the contributer has copyright claims over Snort " I don't think the community in general believes this at all either. What they believe is they retain copyright over 'their' submitted contribution. Marty: " In the early years there were many people who contributed (in any way) to Snort but over the years since Sourcefire was incorporated the total contribution by these external contributers has decreased substantially. After that, Sourcefire developed more and more of the code, especially the core functionality of the detection engine and preprocessors, not to mention tons of the rules as well." Time has no relevance here. Copyright and ownership of intellectual property does not disappear because a few years has passed. Even derivative works from copyrighted materials is a very gray area. Marty: "I have felt for a long time that we need to have a sense of proportionality about this and we should also have the ability to be flexible with the code base in terms of licensing without needing to approach every contributer individually to get sign-off on any changes that we make." Unfortunately, you chose a GPL license and it was understood at that time by every contributing user that they were not just 'donating' their time, skill and efforts to your pocket book, but to a project that was going to remain GPL to serve and support the industry in whole. Each contributor has a right to his source code, again unless is was contributed under different conditions, however it wasn't, it was contributed under a GPL. Marty: "we need to be able to retain the right to offer it under our commercial license." This is where the concerns come in, you now need this code for your newly formulated business goals and are making modifications to your license to serve this purpose. However, you are going to be unable to simply take ownership of the source code without some very obvious legal hurdles to overcome. Marry: "If you've got a problem with this, don't contribute the code to us" This was a rather harsh statement to make and really makes users of snort take a step back and look at the over all situation. Great; from now on users should stop contributing any further source code or signature content. Past contributors should take a full inventory of their contributions to date, which were made under the GPL license, and if / when hi-jacked contributions or derivatives from are discovered in future snort releases, users should seek after valid and compensating law suits. I don't believe contributing users should be expected to simply walk away from their intellectual property to serve the business goals of a post-incident incorporated organization. Marty: " If all a vendor does is take and they don't give anything back to anyone then let's call it what it is and say they're a vendor who's worried that they're going to actually have to pay for something that you've been getting for free." I don't think the community has a problem here. It's the bait and switch tactic that is causing concern. If you want it called how it is, then lets hear it. You (Sourcefire) wants to break out of the GPL license once step at a time, by first taking copyright over all contributing intellectual property so future versions can be branded as commercially, fully owned by Sourcefire for the purpose of business. Marty: "It's Free as in 'Free Speech', not Free as in 'Free Money' people!" Here is where you are quite wrong. Lets compute this for a moment, and discuss the effects of linux under the GPL. In this hypothetical scenario, Linus Torvalds decides that he is tired of the community making money from his original project. Can he bait and switch now? Can he claim that it was 'Free Speech' and not 'Free Money', and take complete ownership of all contributions? Marty: "true open source champions should be applauding us for our position." No comment. --- In conclusion, snort is a great product developed and maintained by a world of very happy and satisfied users. Ultimately, what makes you (Sourcefire) think that you can take the contributed works of dozens of people and stake full ownership for commercial gain? If you believe this to be true, then what should stop any one of the contributors from taking the snort source code and commercially licensing it with full ownership? It all is going to come down to how you originally licensed snort. This issue wouldn't have even risen if you hadn't licensed it GPL. However, it is GPL by your own inclusion and licensing and unfortunately all works thereof fall under that provision. Personally, I am very interested to see some of the legal claims that will arise from this. On a business line of thought. This is primarily why our product Aanval (Snort & Syslog Console), does not install or charge for the existence of snort. We only provide an alternative method of viewing and managing the application and do not sell an intrusion detection system / engine. Plug: http://www.aanval.com If you made it here, thanks for taking the time. Loyal. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: What's up with Snort's license? (Answer rollup), (continued)
- Re: What's up with Snort's license? (Answer rollup) Paul Schmehl (Jul 21)
- Re: [Bleeding-sigs] Re: What's up with Snort's license? (Answer rollup) Matt Jonkman (Jul 21)
- Re: What's up with Snort's license? Matt Jonkman (Jul 18)
- Re: [Bleeding-sigs] RE: What's up with Snort's license? Alan Shimel (Jul 19)
- Re: [Bleeding-sigs] RE: What's up with Snort's license? Matt Jonkman (Jul 19)
- Re: [Bleeding-sigs] RE: What's up with Snort'slicense? Alan Shimel (Jul 19)
- Re: [Bleeding-sigs] RE: What's up with Snort'slicense? Victor Julien (Jul 20)
- Re: [Bleeding-sigs] RE: What's up with Snort'slicense? Alan Shimel (Jul 20)
- Re: [Bleeding-sigs] RE: What's up with Snort's license? Alan Shimel (Jul 19)
- Re: [Bleeding-sigs] RE: What's up with Snort's license? Martin Roesch (Jul 23)
- Re: What's up with Snort's license? Harry Hoffman (Jul 19)
- Re: What's up with Snort's license? Tom Le (Jul 19)