[Snort-users] What's up with Snort's license? (Answer rollup)
roesch at ...1935...
Thu Jul 19 17:11:23 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Instead of responding to each email individually I'd like to roll up
all the relevant questions into one email and answer them all here.
Q. Do these licensing updates change Sourcefire's commitment to open
A. No, Sourcefire remains committed to open source. Snort will
always remain an open source product - period.
[*] Snort 2.x licensing questions:
Q. What are Sourcefire's issues with GPL v3?
A. Simply stated, similar to Linus Torvalds' stance - GPL v3 is not
the license we chose. Without a complete legal review and opinion of
the entire work we can't comment on the specifics. We want to
complete due diligence on the license and make an informed decision.
We will publish our opinion when it's ready.
Q. What is the practical impact to end users of the GPL v2 lock?
A. None. The lock provides us time to review GPL v3 and make an
informed decision. End users are free to use, modify and
redistribute Snort under GPL v2.
Q. Is it within Sourcefire's right to change the language in the
source code preamble comments to lock the license at version 2 of the
A. The new language that we incorporated for the 2.7.x release
changes a notification provision that applies to the GPL, IT DID NOT
CHANGE THE GPL. This is a permissible change because it's modifying
the suggested language for header preambles in Snort 2.7.x, not the
license itself. If you read the GPL you'll see that this language is
suggested in the section that comes AFTER the Terms and Conditions of
the license. The new language follows one of these suggestions and
specifies which version we want our licensees to follow.
Q. Is Sourcefire addressing the concerns raised by Victor and Will
from the Snort-inline project.
A. Yes, we made some mistakes and have corrected them. Today's
release of 2.7 addresses the issues raised by Will and Victor. If
you have concerns regarding the headers or copyrights on code that
you've contributed let us know and we'll take care of it.
Q. Do the GPL v2 derivative works clarifications used in the Snort
3.0-alpha code base apply to the 2.x releases of Snort?
A. No, these clarifications apply only to Snort 3.0
Q. Does the "assumptive assignment" clause from Snort 3.0 apply to
the 2.6/2.7 releases of Snort?
A. No, the assignment provisions in the Snort 3.0 license do not
apply past contributions. Sourcefire is in no way attempting to take
ownership of the copyrights of past contributers.
[*] Snort 3.0 Licensing Questions
Q. Will Snort 3.0 be licensed under GPL (currently v2 only).
Q. Is Sourcefire claiming ownership of all contributed code?
A. No. The assignment clause in 3.0 will maintain your ownership of
copyrights. It is simply a licensing agreement granting us the right
to modify and relicense to 3rd parties.
Q. Does this apply to past contributions?
A. No. Snort 3.0 is a completely new code base that is entirely
developed and copyrighted by Sourcefire. If we incorporate past
contributions to the 2.x code base as work on the Snort 3.0 project
continues they will maintain their original copyright and license.
Q. What if I refuse to accept the terms of the assignment?
A. As we said, simply tell us the terms under which you're
contributing code and we'll work with you to come to an agreement.
If we can't, you're free to maintain it as an external patch under
any license you wish.
Q. What is the practical effect of the derivative works clarifications?
A. For end users there are none. You are free to use and modify
Snort as you do today. For anyone that modifies and redistributes
Snort *and* adheres to the terms of the GPL, there are none. You may
continue to modify and redistribute Snort as you do today. The only
impact is on organizations that redistribute Snort and fail to adhere
to the terms of the GPL.
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
-----END PGP SIGNATURE-----
More information about the Snort-users