[Snort-users] What's up with Snort's license?

Loyal Moses loyalmoses at ...3027...
Wed Jul 18 20:46:38 EDT 2007

I believe this has a lot less to do with GPL than is being lead to  

Some thoughts on the Intellectual Property topic:

Marty: "This is the most controversial provision of the  
clarifications that
we put into the Snort 3.0 license."

Oh you bet. This is most definitely the hottest topic.

Marty: "By sending these changes to Sourcefire or one of the Sourcefire-
moderated mailing lists or forums, you are granting to Sourcefire,  
Inc. the
unlimited, perpetual, non-exclusive right to reuse, modify, and/or  
the code."

You are between a rock and hard spot here. Your product is based on  
the combined
works of dozens of contributors over the past several years while  
your project was licensed
as GPL.

If you were not GPL, then you have the absolute right to make a  
license change at anytime,
however you do not have the right to take ownership of user  
contributions which were made
within the boundaries of the GPL license with that understanding.

Marty: "we don't feel that contributing a 3-line patch to a 200k+ LOC  
codebase means that the
contributer has copyright claims over Snort "

I don't think the community in general believes this at all either.  
What they believe is they retain
copyright over 'their' submitted contribution.

Marty: " In the early years there were many people who contributed  
(in any way) to Snort but over the
years since Sourcefire was incorporated the total contribution by  
these external contributers has
decreased substantially. After that, Sourcefire developed more and  
more of the code, especially
the core functionality of the detection engine and preprocessors, not  
to mention tons of the rules as well."

Time has no relevance here. Copyright and ownership of intellectual  
property does not disappear because
a few years has passed. Even derivative works from copyrighted  
materials is a very gray area.

Marty: "I have felt for a long time that we need to have a sense of  
proportionality about this and we should
also have the ability to be flexible with the code base in terms of  
licensing without needing to approach
every contributer individually to get sign-off on any changes that we  

Unfortunately, you chose a GPL license and it was understood at that  
time by every contributing user that
they were not just 'donating' their time, skill and efforts to your  
pocket book, but to a project that was going
to remain GPL to serve and support the industry in whole.

Each contributor has a right to his source code, again unless is was  
contributed under different conditions,
however it wasn't, it was contributed under a GPL.

Marty: "we need to be able to retain the right to offer it under our  
commercial license."

This is where the concerns come in, you now need this code for your  
newly formulated business goals and
are making modifications to your license to serve this purpose.  
However, you are going to be unable to
simply take ownership of the source code without some very obvious  
legal hurdles to overcome.

Marry: "If you've got a problem with this, don't contribute the code  
to us"

This was a rather harsh statement to make and really makes users of  
snort take a step back and look at the
over all situation.

Great; from now on users should stop contributing any further source  
code or signature content.

Past contributors should take a full inventory of their contributions  
to date, which were made under
the GPL license, and if / when hi-jacked contributions or derivatives  
from are discovered in future
snort releases, users should seek after valid and compensating law  

I don't believe contributing users should be expected to simply walk  
away from their intellectual property
to serve the business goals of a post-incident incorporated  

Marty: " If all a vendor does is take and they don't give anything  
back to anyone then let's call it what it is and
say they're a vendor who's worried that they're going to actually  
have to pay for something that you've been
getting for free."

I don't think the community has a problem here. It's the bait and  
switch tactic that is causing concern.

If you want it called how it is, then lets hear it. You (Sourcefire)  
wants to break out of the GPL license once step
at a time, by first taking copyright over all contributing  
intellectual property so future versions can be branded
as commercially, fully owned by Sourcefire for the purpose of business.

Marty: "It's Free as in 'Free Speech', not Free as in 'Free Money'  

Here is where you are quite wrong.

Lets compute this for a moment, and discuss the effects of linux  
under the GPL. In this hypothetical scenario,
Linus Torvalds decides that he is tired of the community making money  
from his original project. Can he bait
and switch now? Can he claim that it was 'Free Speech' and not 'Free  
Money', and take complete ownership
of all contributions?

Marty: "true open source champions should be applauding us for our  

No comment.


In conclusion, snort is a great product developed and maintained by a  
world of very happy and satisfied

Ultimately, what makes you (Sourcefire) think that you can take the  
contributed works of dozens of people
and stake full ownership for commercial gain?

If you believe this to be true, then what should stop any one of the  
contributors from taking the snort
source code and commercially licensing it with full ownership?

It all is going to come down to how you originally licensed snort.

This issue wouldn't have even risen if you hadn't licensed it GPL.  
However, it is GPL by your own inclusion
and licensing and unfortunately all works thereof fall under that  

Personally, I am very interested to see some of the legal claims that  
will arise from this.

On a business line of thought. This is primarily why our product  
Aanval (Snort & Syslog Console), does not
install or charge for the existence of snort. We only provide an  
alternative method of viewing and managing
the application and do not sell an intrusion detection system / engine.

Plug: http://www.aanval.com

If you made it here, thanks for taking the time.


More information about the Snort-users mailing list