[Snort-users] What's up with Snort's license? (Answer rollup)

Martin Roesch roesch at ...1935...
Thu Jul 19 17:11:23 EDT 2007

Hash: SHA1

Instead of responding to each email individually I'd like to roll up  
all the relevant questions into one email and answer them all here.

[*] General

Q.  Do these licensing updates change Sourcefire's commitment to open  
A.  No, Sourcefire remains committed to open source.  Snort will  
always remain an open source product - period.

[*] Snort 2.x licensing questions:

Q.  What are Sourcefire's issues with GPL v3?
A.  Simply stated, similar to Linus Torvalds' stance - GPL v3 is not  
the license we chose.  Without a complete legal review and opinion of  
the entire work we can't comment on the specifics.  We want to  
complete due diligence on the license and make an informed decision.   
We will publish our opinion when it's ready.

Q.  What is the practical impact to end users of the GPL v2 lock?
A.  None. The lock provides us time to review GPL v3 and make an  
informed decision.  End users are free to use, modify and  
redistribute Snort under GPL v2.

Q. Is it within Sourcefire's right to change the language in the  
source code preamble comments to lock the license at version 2 of the  
A.  The new language that we incorporated for the 2.7.x release  
changes a notification provision that applies to the GPL, IT DID NOT  
CHANGE THE GPL.  This is a permissible change because it's modifying  
the suggested language for header preambles in Snort 2.7.x, not the  
license itself.  If you read the GPL you'll see that this language is  
suggested in the section that comes AFTER the Terms and Conditions of  
the license.  The new language follows one of these suggestions and  
specifies which version we want our licensees to follow.

Q.  Is Sourcefire addressing the concerns raised by Victor and Will  
from the Snort-inline project.
A.  Yes, we made some mistakes and have corrected them.  Today's  
release of 2.7 addresses the issues raised by Will and Victor.  If  
you have concerns regarding the headers or copyrights on code that  
you've contributed let us know and we'll take care of it.

Q.  Do the GPL v2 derivative works clarifications used in the Snort  
3.0-alpha code base apply to the 2.x releases of  Snort?
A.  No, these clarifications apply only to Snort 3.0

Q.  Does the "assumptive assignment" clause from Snort 3.0 apply to  
the 2.6/2.7 releases of Snort?
A. No, the assignment provisions in the Snort 3.0 license do not  
apply past contributions.  Sourcefire is in no way attempting to take  
ownership of the copyrights of past contributers.

[*] Snort 3.0 Licensing Questions

Q.  Will Snort 3.0 be licensed under GPL (currently v2 only).
A.  Yes.

Q.  Is Sourcefire claiming ownership of all contributed code?
A.  No.  The assignment clause in 3.0 will maintain your ownership of  
copyrights.  It is simply a licensing agreement granting us the right  
to modify and relicense to 3rd parties.

Q.  Does this apply to past contributions?
A.  No.  Snort  3.0 is a completely new code base that is entirely  
developed and copyrighted by Sourcefire.  If we incorporate past  
contributions to the 2.x code base as work on the Snort 3.0 project  
continues they will maintain their original copyright and license.

Q.  What if I refuse to accept the terms of the assignment?
A.  As we said, simply tell us the terms under which you're  
contributing code and we'll work with you to come to an agreement.   
If we can't, you're free to maintain it as an external patch under  
any license you wish.

Q.  What is the practical effect of the derivative works clarifications?
A.  For end users there are none.  You are free to use and modify  
Snort as you do today.  For anyone that modifies and redistributes  
Snort *and* adheres to the terms of the GPL, there are none.  You may  
continue to modify and redistribute Snort as you do today.  The only  
impact is on organizations that redistribute Snort and fail to adhere  
to the terms of the GPL.


- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org

Version: GnuPG v1.4.5 (Darwin)


More information about the Snort-users mailing list