Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: v2.8.4 incorrect logging to MySQL

From: Martin Roesch <roesch () sourcefire com>
Date: Tue, 14 Apr 2009 17:01:29 -0400
You're certainly entitled to your perspective.  I'm going to keep
writing code and distributing it under open source licenses.

Marty


On Tue, Apr 14, 2009 at 4:36 PM, Loyal A Moses <loyalmoses () mac com> wrote:


As I just said in an earlier mailing list response, it is open source
until version 3.

This is my original line of comments on the NEW direction Sourcefire
was taking.

http://archives.neohapsis.com/archives/snort/2007-07/0047.html

The product itself is not at all the debate. Snort as a product is
great, and I believe that Marty has done an excellent job developing
the majority of what is quite obviously the worlds most widely used
intrusion detection system.

The argument on direction is one of open source vs. commercially
owned. We've seen this a dozen or more times over.

A little story...

Jack is an open source buff who believes in free software for the
world, so he builds and releases it GPL or equivalent. Then one day,
he needs to feed his family from his open source fame, but doesn't
have the rights to the software as he wants, because it was released
open source and there are hundreds of contributors to the success of
the application. So a simple little plan is hatched to slowly and ever
so slightly change the licensing and take ownership of contributions
and limit the use of these components, then create an all new version
X that apparently is 100% written from the ground up with absolutely
zero contributed code. Hmmmm...

If you don't quite understand the little story, do read some of the
older snort mailing list entries to get a feel for how every signature
contributed or otherwise is now licensed by Sourcefire.

As I said, they are going to do what they are going to do.

On Apr 14, 2009, at 1:16 PM, Paul Schmehl wrote:


Sourcefire develops and provides snort, to the community, for free.
They do *not* develop ancilliary apps for free.  If you want a
coordinated, polished interface, you buy Sourcefire (as we have.)
If you want an open source build-your-own IDS, you install snort
*plus* whatever additional pieces you want.  It isn't Sourcefire's
responsibility to develop ancilliary tools for snort, although they
do some work in that area and encourage others to do it as well.

As to your "we've seen it before" comment, I think you have to look
at the performance of Sourcefire since the company was established.
You would have to admit, then, that Marty has managed to sustain his
goal of continuous development of the open source product alongside
the proprietary one with a minimum of disruptions.  The only change
has been in the timing of rules releases, and that is a small price
to pay for such an accomplished product. Those rules are written by
Sourcefire engineers to serve their customers and provided to the
community free of charge, with a slight delay.

I think that is commendable, and I thank Marty for his contributions
to the open source community and his sterling example of how to
maintain open source products while creating a commercially viable
company.

Besides, you can always write your own rules or use emerging threats
and other sources for rules.

As to whether it's smart to discuss development on a public list,
their source code is freely available.  It's kind of hard to hide
the direction of their development.

--On Tuesday, April 14, 2009 14:35:33 -0500 Loyal A Moses <loyalmoses () mac com

wrote:





Is Sourcefire limited on development skill or man power?

It makes no sense at all to remove one of the most common facilities
in use by snort users because it is "too complex".

In the end, you'll do what you are going to do regardless of the
community -- we've seen it before. But don't use "complexity" and
"bugs" as the excuse.

Sourcefire is a publicly traded company -- Is it smart to be taking
votes on product development from a mailing list? I wouldn't think
so.

Loyal.

On Apr 14, 2009, at 11:52 AM, Jason Brvenik wrote:


I have an ulterior motive and it is simple.

Many of the bugs and issues over time with snort have been in output
plugins. Make one well supported, tested, unified method designed
for
best performance and while doing so it improves the supportability
and
maintainability of the code base.

On Tue, Apr 14, 2009 at 2:39 PM, Loyal A Moses <loyalmoses () mac com>
wrote:

My vote is to provide as many output options as possible, to help
keep
snort used as a tool.

The argument of code complexity being a good reason to remove
output
facilities is only valid if the code is written poorly and not
modular. This wheel doesn't need re-invented and this
conversation is
kind of silly, unless there is ulterior motives for actually
wanting
to remove this support.

Loyal.

---------------------------------------------------------------------------
--- This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
Check the headers before clicking on Reply.




------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org

------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: