[Snort-sigs] rules licensing (slightly off-topic pondering)

Matt Kettler mkettler at ...189...
Thu Sep 11 13:48:03 EDT 2003

At 07:20 PM 9/10/2003 +0200, Milani Paolo wrote:
>if free-ids.org develops a new opensource ids software that can read snort 
>syntax, can he ship snort rule files with it? does this force him to go 
>GPL for his entire project (rather than use some other free software license)

Well, I'm unsure if the rules are GPL licensed or some other license, 
however I'm going to assume that they are for the purpose of this 
discussion. It's somewhat implied that they are, but not explicitly stated, 
someone from Sourcefire would have to clarify this point.

Disclaimer in advance: I'm neither a lawyer, nor a copyright holder of 
snort. If you want an authoritative answer, ask a lawyer and/or someone 
from Sourcefire. I'm just pontificating, and don't mistake me as knowing 
what I'm talking about.

Overall, my best suggestion is to try to get an answer about your specific 
situation from Sourcefire. Clearly if they say they have no problem with 
it, you're not likely to have any problems. If they have objections, try to 
work something out with them which isn't objectionable and still within 
reason. By and large they're pretty reasonable people.

As for the facts, I can only answer the distribution part of your question. 
It is quite common practice to have a GPL piece of software, compiled as a 
stand-alone binary from publicly available source code, be called upon by a 
separate closed source application. A large number of commercial embedded 
tools use GCC as a complier back-end (for example Wind River's VxWorks). 
However, said closed-source is really a completely separate entity ie: not 
linked to the code in any way, merely calling the OS's exec functions to 
make GCC run.  Also RedHat ships CD's containing packages with a wide 
variety of licenses, not just GPL, and not all compatible with GPL.

Hence, merely distributing a GPL product does not require all products 
distributed to be GPL, even if the products are distributed together, and 
even if one uses the output of another, as long as they are separate 
entities. That's pretty well established. The GPLed items still need GPLish 
treatment, but that doesn't inherently require GPL treatment of separate 
binaries shipped at the same time.

It's a bit unclear if the snort rule files are considered a separate item 
under the GPL, if they are even GPL licensed in the first place. However, 
if you can find the answer to that, the above should hold true.  My 
instinctive feel is that it would be hard to claim that the rule files are 
somehow a part of the program that reads them, thus can be considered a 
stand-alone element if they are GPLed. Doing something involving linking 
the entire textfiles directly into your binary executable could probably 
cause it to be considered single entity, but I can't imagine why anyone 
would do that in the first place. However, I'm not in a position to give a 
"real" answer on this, and that's strictly an opinion with no relative 
weight or authority.

More information about the Snort-sigs mailing list