[Snort-users] Sourcefire Licensing and Bleeding Snort

Matt Jonkman matt at ...12231...
Fri Mar 4 05:12:35 EST 2005

I wasn't getting email from sourceforge today for some reason, not in a 
timely manner at least. I didn't intend to be silent for this 
discussion, but Frank expressed my thoughts well, thanks. I'd just like 
to add a few thoughts.

All of the admins at Bleeding Snort (which I just realized our initials 
are BS, hmm) are flattered that the community is concerned that we stay 
as we are. We must be doing it right enough to be doing good. I like that.

What I see as a major threat to a productive outcome regarding the SF 
license changes and any possible upcoming cooperative relationship 
between "BS" and SF is the rumor mill. I'm committed to keeping the 
process transparent to keep everyone in the loop. But jumping to 
conclusions and assuming the worst will make that difficult. Devils' 
advocate is a position we do need filled, but we need to keep it to the 
facts and reality. :)

What we're doing and considering is a consortium that BS and SF and 
likely anyone else with something to contribute can join. The premise 
would be I hope exactly what BS is now. We may formalize the technical 
resources a bit, and maybe move to a Stable and Unstable ruleset kind of 
system, but the process will be the same, and continue to move at the 
same speed.

We're talking about it. SF and I pretty much approached eachother with 
the same idea at the same time after the licensing changes crept out. SF 
is committed to re-engaging (my word) with the snort community, and are 
making significant resources available to do so alongside the part of 
their efforts that will be subscription based. It looks like they've 
struck a fair mix in that regard if it works out as intended.

We're only talking about it. I am very optimistic, but if it isn't right 
then we'll not do it. As I mentioned on the site, if we can't work out a 
charter for a consortium that maintains BS as it is and allows it to 
continue to evolve, then we'll just part ways and remain friends with 
SF, and work together as we can. I'm certain the SF guys will respect that.

But if it comes down to it and things get ugly and we start slinging mud 
between SF and BS, BS can stand on it's own legal ground and has no 
legal threat to fear from SF. We're licensed properly, are using 
everything properly, and are giving credit where it's due. There's no 
threat implied by SF, and none to be inferred. There are no hostile 
takeover ideas that we are fending off, etc. This is a completely 
voluntary discussion for mutual benefit.

We have a number of goals to work out in that consortium, one that will 
alleviate some fears is that SF the corporation does not get a say in 
how BS works, or how it runs. Individual SF employees may have a say as 
admins, but no admins would have any greater say in decisions than any 
others. It should continue to be governed by committee and popular 
opinion. That's worked well to now, and I think will work well in the 
future, if we keep the popular opinion based on the facts.

As you all know, if we do something to piss off the users of bleeding 
snort, they'll move on to other things and BS will suffocate and die. So 
you ultimately have the final say in how we operate by participating in 
the project or not, as well as by voicing your concerns now.

But as I mentioned, we do need the devil's advocates, and I'm sure 
there'll be a line for the job. :) Speak up, let us know what concerns 
you and we'll make sure to address it. But if at the end of the day it 
doesn't look good to do something, well then we won't. BS will do just 
fine on the track it's on. But I truly believe that SF has the best 
intentions for contributing, and will be an invaluable partner to keep 
us growing and maturing. Who better to help write sigs than the guys 
that wrote the language?


> On Thu, 2005-03-03 at 00:24 -0500, Peter J Manis wrote:
>>I agree.  This is sad.  Essentially, what is happening here is taking the 
>>open out of the opensource. 
> Whoooaaa.... hold your horsie... Who says what? You're falling for the
> fear Michael (probably unintentionally) spread, are you? Snort will
> remain open source. So do the Community rules. So do the Bleeding rules.
> No one said anything about Snort going away.
>> First the rules from Sourcefire, and now they 
>>are trying to take Bleeding Snort. 
> uhm... they are not "taking Bleeding Snort". What we're doing is finding
> a way to combine efforts to give you better rules.
>> I understand if Sourcefire is upset 
>>about a few individuals using their rules, but what business do they have 
>>attempting to take Bleeding Snort under their control? 
> *sigh*   They are not. 
>>[...blah blah...]
> You're not working for a company affected by the license change by any
> chance, are you?
> Please, there is no reason for concern. Let's not spread FUD like ...
> well, let's not go there.
> -Frank

Matthew Jonkman, CISSP
Senior Security Engineer
765-429-0398 Direct Anytime
765-448-6847 Office
866-679-5177 24x7 NOC

NOTICE: The information contained in this email is confidential
and intended solely for the intended recipient. Any use,
distribution, transmittal or retransmittal of information
contained in this email by persons who are not intended
recipients may be a violation of law and is strictly prohibited.
If you are not the intended recipient, please contact the sender
and delete all copies.

More information about the Snort-users mailing list