Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: v2.8.4 incorrect logging to MySQL

From: Martin Roesch <roesch () sourcefire com>
Date: Wed, 15 Apr 2009 00:50:22 -0400
Alan,

If you didn't want to rehash it then why did you bring it up?

Open Source means a lot of different things to different people.  I
know people who would pillory developers that use of the GPL for not
going with a "truly free" BSD license whose real motives lay in their
desire to appropriate code for their own commercial uses.  I know
people who won't use anything but RSM-approved GPL software and call
"non-free" software unethical to develop.  I know people who are
trying to get work done and want excellent tools that they can devote
their time to because they don't have the money to buy a commercial
alternative.  All of these people have different opinions on open
source license options and interpretation and there is no one
universal truth to them unfortunately.

My request for people's opinion on Nmap's licensing and whether or not
they call it "open source" is pretty obvious I would think and it has
direct bearing on this conversation.  Nmap's license includes language
that's almost identical to Snort 3.0's AND it's in Debian's apt-get
system which typically marks non-free software as such (and Nmap isn't
so marked).  So if Debian calls it open source and Loyal and Alan
don't, welp, everyone's entitled to their opinion.

Snort 3's code is open and available for *users* to use and modify and
extend and redistribute as they choose.  It's not available for
commercial organizations to redistributed under a different license
and we've decided to make it so that that's an option with the new
code base for companies that would like to license it.  We've chosen
to adopt Nmap's licensing concept because it works well with both the
commercial needs of Sourcefire as well as the open source desires of
the community.  We have clarified and made exceptions because the GPL
has language that's open to interpretation.  I prefer this route over
spawning Yet Another Open Source License or some watered down
shareware license because it builds on something that's already
established and has worked well for at least one other dual-licensed
open source project.

Nobody is hiding behind anything and I find your characterization as
such to be distasteful.  Once again, we used what we believe to be
sound reasoning to support the logic of our decision.  If you don't
agree with that, that's fine.  If you or Loyal want to cast aspersions
on a public mailing list that I started regarding software that I
created then I'm going to tell you how I see it.

Marty

On Tue, Apr 14, 2009 at 9:39 PM, Alan Shimel <alan () stillsecure com> wrote:

Marty

I truly have no desire to rehash this with you. You can call Snort 3.0 open source, closed source, tomato sauce or 
clam sauce and it makes no difference to me ;-)

What I meant by hiding behind the GPL is that if the GPL 2.0 were so clear on what it is and what isn't open source, 
why would you have to clarify and make exceptions?  That is what I mean by hiding.  Marty, more than others on the 
list probably, I understand perfectly why you have to do what you are doing and don't have a problem with it.  Just 
say you did it for these reasons and if people want to say that makes it not open source and they don't want to use 
Snort because of it, so be it.

On your request about Nmap and Fyodor. Who cares? Last I checked no one appointed him and Nmap the judges or the 
yardstick against which all others are measured. Frankly his license pre-dates the GPL 2.0 I believe and I have 
thought it was not open source ever since we had to pay him a license fee. But that is irrelevant to this issue.

a

StillSecure
Alan Shimel
Chief Strategy Officer

O 561.886.0455
C 516.857.7409
F 303.381.3881

StillSecure, After All These Years

? Grab this Headline Animator

www.stillsecure.com
The information transmitted is intended only for the person
to whom it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer.


-----Original Message-----
From: Martin Roesch [mailto:roesch () sourcefire com]
Sent: Tuesday, April 14, 2009 7:31 PM
To: Alan Shimel
Cc: Loyal A Moses; snort-users () lists sourceforge net
Subject: Re: [Snort-users] v2.8.4 incorrect logging to MySQL

Alan,

We're not "hiding behind" anything.  Our licensing terms are clearly
outlined in Snort 3.  We (and I) believe this is a valid way to
license software using the GPL.

Nobody has answered my question and I'll modify it a bit: Is
Fyodor/Insecure.org "hiding behind" the GPL?

Marty

On Tue, Apr 14, 2009 at 6:23 PM, Alan Shimel <alan () stillsecure com> wrote:

Folks I have argued this point with Marty over and over and that was a year ago when this first came to light. Is it 
open source? Technically, yes it is open source. Does Sourcefire need the ability to dual license for other 
commercial entities that may want to embed Snort? Yes of course. So engineering aside, the plain truth is that if 
Sourcefire is going to protect their IP (intellectual property) and build a commercial business around it, they have 
no choice but to do this.

They could have just said it is not open source from 3.0 on and gone that way (as other open source projects have), 
but they choose not to. Also from a commercial point of view, how could they license code that they don't own.  So 
if they took contributed code and it was not assigned to sourcefire, what right would they have to license and 
charge someone for this code?

The bottom line is welcome to the world of commercial open source. It may shock some of you, offend others and most 
of you I suspect won't give a darn.  It really only effects you if you contribute code (a small percentage of you) 
or if you are seeking to embed Snort in your own commercial products.  But don't be naïve, this is what open source 
software that is owned by commercial companies is all about these days.

Last year we at StillSecure released our own product, Cobia on our own "community license" because we didn't want to 
hide behind a GPL duality. We were plain and open about why we did this and caught flak from the open source 
community. So I guess no matter what you do, you just can't please all the people all the time!

alan

StillSecure
Alan Shimel
Chief Strategy Officer

O 561.886.0455
C 516.857.7409
F 303.381.3881

StillSecure, After All These Years

? Grab this Headline Animator

www.stillsecure.com
The information transmitted is intended only for the person
to whom it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer.


-----Original Message-----
From: Martin Roesch [mailto:roesch () sourcefire com]
Sent: Tuesday, April 14, 2009 5:47 PM
To: Loyal A Moses
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] v2.8.4 incorrect logging to MySQL

It's actually a dual license if you want to get technical and it's
common practice in the open source world where you have a business as
the primary developer of the open source technology.

Do you consider Nmap to be open source?  It has nearly the exact same
license modifiers as we use and has for far longer than the Snort
project.  Does anyone consider it to not be open source for
noncommercial use?  It's in Debian's apt-get and listed as GPL2 and
uses almost exactly the same licensing language that Snort 3 uses, in
fact we derived our terms from Nmap's licensing language originally.

Snort 3.0 is distributed under the GPLv2, the license is included with
the code.  That makes it open source.  The fact that it doesn't bring
forward code contributions from Snort 2 has absolutely nothing to do
with the fact that they were contributed from 3rd parties.

The decision to undertake development of Snort 3.0 had nothing to do
with licensing issues and everything to do with engineering
requirements.  Go have a look at my blog if you want to understand the
scope of those engineering requirements.  *I* decided to start with a
fresh code base after mulling it over for months because I felt that
adapting the capabilities to the existing Snort 2.x code base wouldn't
help us at all in terms of time to release or capabilities.  We would
have changed so much that there would have been more effort involved
retrofitting the existing code than there would be writing new code.
I actually wrote some prototypes of what I wanted to accomplish in
Snort 3 on top of Snort 2 and rapidly decided that there was more risk
going that route instead of starting from scratch.

The fact that it doesn't carry over contributed code makes it no less
open source than it is today.  Snort 3 is open source.

Marty

On Tue, Apr 14, 2009 at 5:06 PM, Loyal A Moses <loyalmoses () mac com> wrote:


Marty,

Do you mean open source as in GPL or equivalent or as in we can all
read the source?

A quote from you:

"We're also saying that people who want to
contribute code to the project do so with the knowledge that we're
going to consider the code as assigned to Sourcefire unless other
arrangements are made."

That doesn't sound so "open source" to me and more like a charade.

And another quote in the same posting by you:

"Given that we need to be able to offer Snort under an alternative
license for commercial integrators who are integrating Snort and
don't want to adhere to the GPL it's essential that we retain the
right to relicense the totality of the codebase."

Now, there is the real reason.

Just be direct and communicate that version 3 will not be GPL and
Sourcefire will now retain all rights. Unless you plan on having two
source branches with zero intellectual-property cross over and
licensed independently.

I am not hostile towards the concept. The concept is business and it
is what it is.

Loyal.

On Apr 14, 2009, at 1:40 PM, Martin Roesch wrote:


Snort 3.0 is open source.

Marty

On Tue, Apr 14, 2009 at 4:21 PM, Loyal A Moses <loyalmoses () mac com>
wrote:


Snort is open source, until version 3. But that is a whole other
argument.
On Apr 14, 2009, at 1:11 PM, Joel Esler wrote:

No one is taking a vote, we just said, "if we had a vote in it..."
I'd
rather take the code out of the IDS/IPS and put it into an output
module.
 One that is maintained well (as Shawn said).
Snort is an open source program, I don't see harm in discussion on
Snort's
own mailing lists do you?
J

On Tue, Apr 14, 2009 at 3:35 PM, Loyal A Moses <loyalmoses () mac com>
wrote:


Is Sourcefire limited on development skill or man power?

It makes no sense at all to remove one of the most common facilities
in use by snort users because it is "too complex".

In the end, you'll do what you are going to do regardless of the
community -- we've seen it before. But don't use "complexity" and
"bugs" as the excuse.

Sourcefire is a publicly traded company -- Is it smart to be taking
votes on product development from a mailing list? I wouldn't think
so.

Loyal.

On Apr 14, 2009, at 11:52 AM, Jason Brvenik wrote:


I have an ulterior motive and it is simple.

Many of the bugs and issues over time with snort have been in
output
plugins. Make one well supported, tested, unified method designed
for
best performance and while doing so it improves the
supportability and
maintainability of the code base.

On Tue, Apr 14, 2009 at 2:39 PM, Loyal A Moses <loyalmoses () mac com>
wrote:

My vote is to provide as many output options as possible, to help
keep
snort used as a tool.

The argument of code complexity being a good reason to remove
output
facilities is only valid if the code is written poorly and not
modular. This wheel doesn't need re-invented and this
conversation is
kind of silly, unless there is ulterior motives for actually
wanting
to remove this support.

Loyal.


------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




--
joel esler | Sourcefire | gtalk: jesler () sourcefire com | 302-223-5974


------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





--
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org



------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





--
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org

------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





--
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org





-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org

------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: