Snort mailing list archives
Re: What's up with Snort's license?
From: "Ace Nimrod" <ace.nimrod () gmail com>
Date: Wed, 18 Jul 2007 21:34:09 -0600
On 7/18/07, Martin Roesch <roesch () sourcefire com> wrote: <snip> I (and Sourcefire) are not asking for any support from commercial
vendors. On the other hand, we do put quite a bit of effort into Snort and we distribute it under a license which we expect to be adhered to. I don't care if companies integrate Snort, we're happy when they do because it builds a larger community of Snort users which is better for all of us. Competition doesn't worry us in this regard, we feel that we serve our area of the market quite capably irrespective of other companies that offer Snort-based solutions. This isn't about that at all, it's about enforcing compliance with the license that Snort is distributed under. The primary problem I have with companies that don't contribute to the project is when they don't like us being assertive about our rights as the copyright holder. Their legitimacy to question our licensing language is highly suspect given their past contributions to and role in the community. If all a vendor does is take and they don't give anything back to anyone then let's call it what it is and say they're a vendor who's worried that they're going to actually have to pay for something that you've been getting for free.
I don't think the clarifications in Snort 3.0 are clear enough, in fact they may open up even more questions. Under the GPL, I'm allowed to redistribute Snort, and charge for it, and even put it on a system with my proprietary application as long as I make the source code available, and don't claim ownership of it lalalala. It sounds to me like Sourcefire wants to prevent this activity, but the license on the Snort 3 alphas is not clear about this. MySQL is an example that makes it clear. MySQL is GPL unless you are redistributing it as part of your non open source application, then you are required to license MySQL. Now lets take for example StillSecure. They ship Snort as an RPM, perhaps an RPM that is installed. But you can still go to their site and download the RPM, and the SRPM which contains all the Snort source code as well as any patches they may have applied. Presumably they manage the Snort process and parse the output provided by one of the output plugins. This all sounds to me like proper compliance with the GPL. Are they in compliance with Sourcefires interpretation of the GPL? While I'm not positive (I've only had experience with their StrataGuard free), I don't think StillSecure products actually link with Snort, or integrate any of its source code. Also, RPM can hardly be considered a proprietary installer. If all GPL authors applied the same clarifications that Sourcefire is doing, would RedHat even be able to exist with the current business model? I'm not sure they could. I can understand Sourcefire not wanting integrators to pull Snort source code directly into their product and link with it, perhaps even concealing the fact that Snort is being used, this would be a clear GPL violation. But there are other integrators that comply to the GPL as it is generally understood, are these vendors being targetting by Sourcefire as well? Please consider making the usage terms blatantly clear. I don't need a lawyer to determine if I need to license MySQL or not, its very clear. I believe Sourcefire could save themselves from hassle by providing the same clarity. Thanks.
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- What's up with Snort's license? Martin Roesch (Jul 18)
- Message not available
- Re: What's up with Snort's license? Martin Roesch (Jul 18)
- Re: What's up with Snort's license? Ace Nimrod (Jul 18)
- Re: What's up with Snort's license? (Answer rollup) Martin Roesch (Jul 19)
- Re: What's up with Snort's license? (Answer rollup) Alan Shimel (Jul 19)
- Re: What's up with Snort's license? (Answer rollup) Matt Jonkman (Jul 20)
- Re: What's up with Snort's license? (Answer rollup) Paul Schmehl (Jul 21)
- Re: [Bleeding-sigs] Re: What's up with Snort's license? (Answer rollup) Matt Jonkman (Jul 21)
- Re: What's up with Snort's license? Martin Roesch (Jul 18)
- Message not available
- Re: [Bleeding-sigs] RE: What's up with Snort's license? Alan Shimel (Jul 19)
- Re: [Bleeding-sigs] RE: What's up with Snort's license? Matt Jonkman (Jul 19)
- Re: [Bleeding-sigs] RE: What's up with Snort'slicense? Alan Shimel (Jul 19)
- Re: [Bleeding-sigs] RE: What's up with Snort'slicense? Victor Julien (Jul 20)