[Snort-users] What's up with Snort's license?

Ace Nimrod ace.nimrod at ...11827...
Wed Jul 18 23:34:09 EDT 2007

On 7/18/07, Martin Roesch <roesch at ...1935...> wrote:


I (and Sourcefire) are not asking for any support from commercial
> vendors.  On the other hand, we do put quite a bit of effort into
> Snort and we distribute it under a license which we expect to be
> adhered to.  I don't care if companies integrate Snort, we're happy
> when they do because it builds a larger community of Snort users
> which is better for all of us.  Competition doesn't worry us in this
> regard, we feel that we serve our area of the market quite capably
> irrespective of other companies that offer Snort-based solutions.
> This isn't about that at all, it's about enforcing compliance with
> the license that Snort is distributed under.
> The primary problem I have with companies that don't contribute to
> the project is when they don't like us being assertive about our
> rights as the copyright holder.  Their legitimacy to question our
> licensing language is highly suspect given their past contributions
> to and role in the community.  If all a vendor does is take and they
> don't give anything back to anyone then let's call it what it is and
> say they're a vendor who's worried that they're going to actually
> have to pay for something that you've been getting for free.

I don't think the clarifications in Snort 3.0 are clear enough, in fact they
may open up even more questions.

Under the GPL, I'm allowed to redistribute Snort, and charge for it, and
even put it on a system with my proprietary application as long as I make
the source code available, and don't claim ownership of it lalalala.  It
sounds to me like Sourcefire wants to prevent this activity, but the license
on the Snort 3 alphas is not clear about this.

MySQL is an example that makes it clear.  MySQL is GPL unless you are
redistributing it as part of your non open source application, then you are
required to license MySQL.

Now lets take for example StillSecure.  They ship Snort as an RPM, perhaps
an RPM that is installed.  But you can still go to their site and download
the RPM, and the SRPM which contains all the Snort source code as well as
any patches they may have applied.  Presumably they manage the Snort process
and parse the output provided by one of the output plugins.  This all sounds
to me like proper compliance with the GPL.  Are they in compliance with
Sourcefires interpretation of the GPL?  While I'm not positive (I've only
had experience with their StrataGuard free), I don't think StillSecure
products actually link with Snort, or integrate any of its source code.
Also, RPM can hardly be considered a proprietary installer.

If all GPL authors applied the same clarifications that Sourcefire is doing,
would RedHat even be able to exist with the current business model?  I'm not
sure they could.

I can understand Sourcefire not wanting integrators to pull Snort source
code directly into their product and link with it, perhaps even concealing
the fact that Snort is being used, this would be a clear GPL violation.  But
there are other integrators that comply to the GPL as it is generally
understood, are these vendors being targetting by Sourcefire as well?

Please consider making the usage terms blatantly clear.  I don't need a
lawyer to determine if I need to license MySQL or not, its very clear.  I
believe Sourcefire could save themselves from hassle by providing the same

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20070718/ca6c439c/attachment.html>

More information about the Snort-users mailing list