[Snort-users] What's up with Snort's license? (Answer rollup)
pauls at ...6838...
Sat Jul 21 19:47:35 EDT 2007
--On July 21, 2007 9:35:05 AM +1000 Matt Jonkman
<jonkman at ...14019...> wrote:
> Thanks for the answers Marty. I hope you and SF considers answering
> these questions BEFORE it becomes a crisis next time. Having these
> regular communication problems and blackouts is very taxing on the
> community's ability to stay together.
I've been watching this discussion closely. ISTM that every time
Sourcefire/Marty does something some people immediately assume the worst
and start crying "crisis". (Matt, you are a senior member of that group.)
Given the past history of snort, Sourcefire and Marty, ISTM that
Sourcefire/Marty should be given the benefit of the doubt in cases such as
this. IOW, rather than screaming "license change! License change!" it
would be a great deal more productive to simply ask for clarification.
Nothing I have read (and I've read it all) remotely approaches the cries
of dire disaster coming from some quarters.
> One open question though: Are major code contributors going to be
> reimbursed for the revenue made from their code under separate
> commercial licenses in the 2.x branch?
This is such a ridiculous question that I'm stunned you would ask it. The
GPL permits not only the use of open source code but also its sale in a
derivative, commercial product. There's not a single word about
reimbursement of the contributors of the open source code.
"When we speak of free software, we are referring to freedom, not price.
Our General Public Licenses are designed to make sure that you have the
freedom to distribute copies of free software (and charge for them if you
wish), that you receive source code or can get it if you want it, that you
can change the software or use pieces of it in new free programs, and that
you know you can do these things."
Marty was taken to task for writing "It's Free as in "Free Speech", not
Free as in "Free Money" people!" ISTM his language reflects the language
of the preamble to the GPL license. Clearly Marty is more familiar with
the GPL than some of his critics.
> If it were going to be licensed
> to someone under the GPLv2 (or 3) these contributors would not be
> entitled to anything as I understand. But under some other license I
> think the copyright owners must be compensated, no?
You understand wrong. Here's what Marty wrote:
" By sending these changes to Sourcefire or one of the
Sourcefire-moderated mailing lists or forums, you are granting to
Sourcefire, Inc. the
unlimited, perpetual, non-exclusive right to reuse, modify, and/or
relicense the code."
Somehow, you (and several others) seem to have completely missed or
deliberately ignored the "non" in "non-exclusive" use (after all, if we're
going to impute negative motives to folks, let's not stop with Marty -
those on the "other side" don't exactly have "clean hands" in this debate
either - fair enough?). IOW, copyright holders of code (or rules or
whatever else you want to assert is "contributing" to snort) STILL retain
their copyright. All they are doing is granting Sourcefire the right in
perpetuity to reuse, modify or relicense the code. Clearly this clause
protects Sourcefire from vindictive or litigious copyright holders. It
does *not* remove any existing rights from a copyright holder but does
prevent them from changing the license terms after Sourcefire has made use
> I realize that won't be an issue in the 3.0 branch as it's all SF code.
> But it seems fair that major contributors should be considered at least
> in current agreements.
It doesn't seem fair at all to me. People who contribute to snort do not
"deserve" to be compensated for income that Sourcefire generates from the
sale of a *derivative* product that uses snort. Snort is still free.
Snort is still open source. Nothing has changed in that regard, and no
copyright holder has given up, lost or had stolen any of his or her rights
to their contribution(s).
> To be clear, I'm not one of those people. My contributions to date are
> almost all in signatures. But it's a question worth asking.
I for one am getting quite irritated at the repeated attacks on Marty and
Sourcefire. Marty's actions and decisions have been consistently pro-open
source from the beginning of snort and remain so today. Now that he's
actually making money from snort (by adding closed source added-value
software to it in a package - something others complaining here are also
doing) some seem to resent the change. Yet snort still remains open
source. The community still contributes to snort, and the community still
benefits from snort. No one (AFAIK) has to pay a dime for snort or for
the rules (even though Sourcefire contributes most of the new code and
does much of the rules-testing.)
>From my viewpoint, what's changed is the attitudes of some in the
community, and at least *some* of them have interests other than those of
us who simply use the product and are thankful to have a top quality IDS
that we don't have to pay for.
Paul Schmehl (pauls at ...6838...)
Senior Information Security Analyst
The University of Texas at Dallas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 3701 bytes
Desc: not available
More information about the Snort-users