Snort mailing list archives
Re: [Bleeding-sigs] Re: What's up with Snort's license? (Answer rollup)
From: Matt Jonkman <jonkman () bleedingthreats net>
Date: Sun, 22 Jul 2007 10:59:44 +1000
Paul Schmehl wrote:
I've been watching this discussion closely. ISTM that every time Sourcefire/Marty does something some people immediately assume the worst and start crying "crisis". (Matt, you are a senior member of that group.) Given the past history of snort, Sourcefire and Marty, ISTM that Sourcefire/Marty should be given the benefit of the doubt in cases such as this. IOW, rather than screaming "license change! License change!" it would be a great deal more productive to simply ask for clarification. Nothing I have read (and I've read it all) remotely approaches the cries of dire disaster coming from some quarters.
:) I am a close watcher of snort, as I have a significant interest in it and the community. No one was crying crisis until two weeks after mysterious license changes, cvs down, and a note that a significant change (not going v3) was being made. We waited, waited, and no word. At that point is when we all started getting nervous and tried to exert pressure to get a response from SF. No one implied or directly said that we suspected SF was up to evil. We were in the dark with very suspicious happenings.
One open question though: Are major code contributors going to be reimbursed for the revenue made from their code under separate commercial licenses in the 2.x branch?This is such a ridiculous question that I'm stunned you would ask it. The GPL permits not only the use of open source code but also its sale in a derivative, commercial product. There's not a single word about reimbursement of the contributors of the open source code.
The only ridiculous question is the one that's not asked. :) Given SF's long time (and justified) claim that many companies are making a load of cash on their and the other contributors to snorts work, and their recent moves to get an all SF copyrighted snort 3.0 with a commercial license, I think this is a perfectly sensible question. It was asked to make a point though, which apparently was lost.
If it were going to be licensed to someone under the GPLv2 (or 3) these contributors would not be entitled to anything as I understand. But under some other license I think the copyright owners must be compensated, no?You understand wrong. Here's what Marty wrote: " By sending these changes to Sourcefire or one of the Sourcefire-moderated mailing lists or forums, you are granting to Sourcefire, Inc. the unlimited, perpetual, non-exclusive right to reuse, modify, and/or relicense the code." Somehow, you (and several others) seem to have completely missed or deliberately ignored the "non" in "non-exclusive" use (after all, if we're going to impute negative motives to folks, let's not stop with Marty - those on the "other side" don't exactly have "clean hands" in this debate either - fair enough?). IOW, copyright holders of code (or rules or whatever else you want to assert is "contributing" to snort) STILL retain their copyright. All they are doing is granting Sourcefire the right in perpetuity to reuse, modify or relicense the code. Clearly this clause protects Sourcefire from vindictive or litigious copyright holders. It does *not* remove any existing rights from a copyright holder but does prevent them from changing the license terms after Sourcefire has made use of it.
Good points, but you're going places no one has gone. My question about reimbursement was in regard to commercial licenses, and pointing out that code contributors might also offer commercial licenses or support of snort as SF does now to make money on their work.
I realize that won't be an issue in the 3.0 branch as it's all SF code. But it seems fair that major contributors should be considered at least in current agreements.It doesn't seem fair at all to me. People who contribute to snort do not "deserve" to be compensated for income that Sourcefire generates from the sale of a *derivative* product that uses snort. Snort is still free. Snort is still open source. Nothing has changed in that regard, and no copyright holder has given up, lost or had stolen any of his or her rights to their contribution(s).
Not talking derivative, talking snort.
To be clear, I'm not one of those people. My contributions to date are almost all in signatures. But it's a question worth asking.I for one am getting quite irritated at the repeated attacks on Marty and Sourcefire. Marty's actions and decisions have been consistently pro-open source from the beginning of snort and remain so today. Now that he's actually making money from snort (by adding closed source added-value software to it in a package - something others complaining here are also doing) some seem to resent the change. Yet snort still remains open source. The community still contributes to snort, and the community still benefits from snort. No one (AFAIK) has to pay a dime for snort or for the rules (even though Sourcefire contributes most of the new code and does much of the rules-testing.)
I missed the attack part here. This conversation is one to get information on a change that was executed poorly. The entire conversation I've been involved in (not sure about others) has been asking questions and trying to get answers. No one called Marty evil.
From my viewpoint, what's changed is the attitudes of some in thecommunity, and at least *some* of them have interests other than those of us who simply use the product and are thankful to have a top quality IDS that we don't have to pay for.
ok... I respect your opinions Paul, and appreciate your contributions to BE and others. But I think you're over-reacting to this. But that is your right. Personally, I like the Reagan saying "Trust but Verify". I trust Marty to do the right thing, because he's always done things there were close enough to the good as a whole while keeping him in business. But that doesn't mean I'm going to not be watching and asking questions. Sometimes offending questions even, but I'm gonna ask. I think I have an especially greater responsibility in my role at BE to ask those questions as well. But that doesn't mean I think Marty evil. Matt -- -------------------------------------------- Matthew Jonkman Bleeding Edge Threats US Phone 765-429-0398 US Fax 312-264-0205 AUS Phone 61-42-4157-491 AUS Fax 61-29-4750-026 http://www.bleedingthreats.net -------------------------------------------- PGP: http://www.bleedingthreats.com/mattjonkman.asc ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- What's up with Snort's license? Martin Roesch (Jul 18)
- Message not available
- Re: What's up with Snort's license? Martin Roesch (Jul 18)
- Re: What's up with Snort's license? Ace Nimrod (Jul 18)
- Re: What's up with Snort's license? (Answer rollup) Martin Roesch (Jul 19)
- Re: What's up with Snort's license? (Answer rollup) Alan Shimel (Jul 19)
- Re: What's up with Snort's license? (Answer rollup) Matt Jonkman (Jul 20)
- Re: What's up with Snort's license? (Answer rollup) Paul Schmehl (Jul 21)
- Re: [Bleeding-sigs] Re: What's up with Snort's license? (Answer rollup) Matt Jonkman (Jul 21)
- Re: What's up with Snort's license? Martin Roesch (Jul 18)
- Message not available
- Re: [Bleeding-sigs] RE: What's up with Snort's license? Alan Shimel (Jul 19)
- Re: [Bleeding-sigs] RE: What's up with Snort's license? Matt Jonkman (Jul 19)
- Re: [Bleeding-sigs] RE: What's up with Snort'slicense? Alan Shimel (Jul 19)
- Re: [Bleeding-sigs] RE: What's up with Snort'slicense? Victor Julien (Jul 20)
- Re: [Bleeding-sigs] RE: What's up with Snort'slicense? Alan Shimel (Jul 20)
- <Possible follow-ups>
- Fwd: What's up with Snort's license? Martin Roesch (Jul 18)
- Re: What's up with Snort's license? Loyal Moses (Jul 18)
- Re: What's up with Snort's license? Harry Hoffman (Jul 19)