[Snort-users] Re: [Snort-devel] Re: RFC: Forking Snort

Matt Jonkman jonkman at ...4024...
Wed Jul 3 18:41:03 EDT 2002

> I don't maintain the database plugin, I've never maintained
> the database
> plugin, why would I be the point of contact for future database plugin
> contributions?  I probably dropped it immediately because it
> was improperly
> submitted to the wrong person (me) and you didn't read far
> enough into the
> docs to see that Jed/Roman are the guys that develop the
> database code in
> Snort.

As I now understand. That was a poor example as the code was submitted by
someone I work with on our snort deployment. I don't know for certain who he
submitted to, only that it took about a month to get some fixes in. But that
is a poor example and he tells me now that the database maintainers have
been very responsive since the initial opening of the dialogue. I presented
a poor and pointles example. My bad on that.

> I'll decide how to distribute my time myself, thank you.
> Paying my bills is
> directly related to the quality of Snort now, take the next
> few logical
> steps to understand what this means in terms of Snort's quality and
> capabilities.  Combine that with my commitment to keeping
> Snort open source
> and I think this whole notion of forking "for the good of the
> people" to be
> a false premise.

The notion of forking for the people is dramatic and not what I'm driving
at. Forking for the good of Marty and thus the community I think might be
closer to the point I was trying to make, yet still dramatic.

I still stand by the idea that somewhere down the road, be it 6 months or 20
years, you as a leader of an open source project and a commercial
organization that is built on that same open source project may be put in a
position to have to make a choice that is right for the open source project
but could have a significant negative financial impact on Sourcefire. The
possibility is theoretical, and unlikely, but exists. That was and is my

My thoughts on this may have exaggerated in the absence of much recent news
about the makeup of sourcefire, and the rules. The thought would still have
enetered my head, but wouldn't have gone far enough to get out of my
fingertips most likely. I'm sure you haven't been quiet on the subject, but
I've not run across much word or many articles of late reaffirming your
dedication to keeping snort open sourced and independent, and about the
relationship of your investors to the community. Most likely that's because
I haven't done reading much more than these lists and the occasional
technical review of snort vs others in the propaganda magazines. And I also
never said or implied that I believed you *would* make a choice against
snort either, only making the point that you will be in the position to
affect two dependant yet separate entities. That's not the best position to
be in when there are thousands of people and organizations watching and
depending on the outcome, as well as your own income.

I see Jed's original post in this thread as a poorly hidden jab aimed at
defamation and stirring up trouble, and I'm sorry my sentiment was
associated with that. It merely got me thinking. Your later response (after
my post) reaffirming your dedication to the open source status of snort, and
more so your explanation of the groundrules and agreement set down before
your investors leaves me reassured that that possibility you'd have to make
that choice is slim. I more believe now that you'd first dump an investor
that might pressure you to do something not in the best interest of snort
before making a bad choice.

I would hope that this possibility is constantly considered as snort grows
and as sourcefire enjoys continued success. Snort is a great thing and
everyone has done a great job on it, Marty, the dev team, the users, and
those patient souls that answer the same basic questions on the users list
over and over without frustration. That's why this exists, and I believe
it's been so successful because of the absence of direct commercial control.
Development has not been based on whether the new feature would make more
money than would be invested in developing it, but whether it'll catch more
on the wire.


More information about the Snort-users mailing list