[Snort-users] v2.8.4 incorrect logging to MySQL

Martin Roesch roesch at ...1935...
Tue Apr 14 17:47:05 EDT 2009


It's actually a dual license if you want to get technical and it's
common practice in the open source world where you have a business as
the primary developer of the open source technology.

Do you consider Nmap to be open source?  It has nearly the exact same
license modifiers as we use and has for far longer than the Snort
project.  Does anyone consider it to not be open source for
noncommercial use?  It's in Debian's apt-get and listed as GPL2 and
uses almost exactly the same licensing language that Snort 3 uses, in
fact we derived our terms from Nmap's licensing language originally.

Snort 3.0 is distributed under the GPLv2, the license is included with
the code.  That makes it open source.  The fact that it doesn't bring
forward code contributions from Snort 2 has absolutely nothing to do
with the fact that they were contributed from 3rd parties.

The decision to undertake development of Snort 3.0 had nothing to do
with licensing issues and everything to do with engineering
requirements.  Go have a look at my blog if you want to understand the
scope of those engineering requirements.  *I* decided to start with a
fresh code base after mulling it over for months because I felt that
adapting the capabilities to the existing Snort 2.x code base wouldn't
help us at all in terms of time to release or capabilities.  We would
have changed so much that there would have been more effort involved
retrofitting the existing code than there would be writing new code.
I actually wrote some prototypes of what I wanted to accomplish in
Snort 3 on top of Snort 2 and rapidly decided that there was more risk
going that route instead of starting from scratch.

The fact that it doesn't carry over contributed code makes it no less
open source than it is today.  Snort 3 is open source.

Marty

On Tue, Apr 14, 2009 at 5:06 PM, Loyal A Moses <loyalmoses at ...3027...> wrote:
>
> Marty,
>
> Do you mean open source as in GPL or equivalent or as in we can all
> read the source?
>
> A quote from you:
>
> "We're also saying that people who want to
> contribute code to the project do so with the knowledge that we're
> going to consider the code as assigned to Sourcefire unless other
> arrangements are made."
>
> That doesn't sound so "open source" to me and more like a charade.
>
> And another quote in the same posting by you:
>
> "Given that we need to be able to offer Snort under an alternative
> license for commercial integrators who are integrating Snort and
> don't want to adhere to the GPL it's essential that we retain the
> right to relicense the totality of the codebase."
>
> Now, there is the real reason.
>
> Just be direct and communicate that version 3 will not be GPL and
> Sourcefire will now retain all rights. Unless you plan on having two
> source branches with zero intellectual-property cross over and
> licensed independently.
>
> I am not hostile towards the concept. The concept is business and it
> is what it is.
>
> Loyal.
>
> On Apr 14, 2009, at 1:40 PM, Martin Roesch wrote:
>
>> Snort 3.0 is open source.
>>
>> Marty
>>
>> On Tue, Apr 14, 2009 at 4:21 PM, Loyal A Moses <loyalmoses at ...3027...>
>> wrote:
>>>
>>> Snort is open source, until version 3. But that is a whole other
>>> argument.
>>> On Apr 14, 2009, at 1:11 PM, Joel Esler wrote:
>>>
>>> No one is taking a vote, we just said, "if we had a vote in it..."
>>> I'd
>>> rather take the code out of the IDS/IPS and put it into an output
>>> module.
>>>  One that is maintained well (as Shawn said).
>>> Snort is an open source program, I don't see harm in discussion on
>>> Snort's
>>> own mailing lists do you?
>>> J
>>>
>>> On Tue, Apr 14, 2009 at 3:35 PM, Loyal A Moses <loyalmoses at ...3027...>
>>> wrote:
>>>>
>>>> Is Sourcefire limited on development skill or man power?
>>>>
>>>> It makes no sense at all to remove one of the most common facilities
>>>> in use by snort users because it is "too complex".
>>>>
>>>> In the end, you'll do what you are going to do regardless of the
>>>> community -- we've seen it before. But don't use "complexity" and
>>>> "bugs" as the excuse.
>>>>
>>>> Sourcefire is a publicly traded company -- Is it smart to be taking
>>>> votes on product development from a mailing list? I wouldn't think
>>>> so.
>>>>
>>>> Loyal.
>>>>
>>>> On Apr 14, 2009, at 11:52 AM, Jason Brvenik wrote:
>>>>
>>>>> I have an ulterior motive and it is simple.
>>>>>
>>>>> Many of the bugs and issues over time with snort have been in
>>>>> output
>>>>> plugins. Make one well supported, tested, unified method designed
>>>>> for
>>>>> best performance and while doing so it improves the
>>>>> supportability and
>>>>> maintainability of the code base.
>>>>>
>>>>> On Tue, Apr 14, 2009 at 2:39 PM, Loyal A Moses <loyalmoses at ...3027...>
>>>>> wrote:
>>>>>> My vote is to provide as many output options as possible, to help
>>>>>> keep
>>>>>> snort used as a tool.
>>>>>>
>>>>>> The argument of code complexity being a good reason to remove
>>>>>> output
>>>>>> facilities is only valid if the code is written poorly and not
>>>>>> modular. This wheel doesn't need re-invented and this
>>>>>> conversation is
>>>>>> kind of silly, unless there is ulterior motives for actually
>>>>>> wanting
>>>>>> to remove this support.
>>>>>>
>>>>>> Loyal.
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> This SF.net email is sponsored by:
>>>>>> High Quality Requirements in a Collaborative Environment.
>>>>>> Download a free trial of Rational Requirements Composer Now!
>>>>>> http://p.sf.net/sfu/www-ibm-com
>>>>>> _______________________________________________
>>>>>> Snort-users mailing list
>>>>>> Snort-users at lists.sourceforge.net
>>>>>> Go to this URL to change user options or unsubscribe:
>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>>> Snort-users list archive:
>>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> This SF.net email is sponsored by:
>>>> High Quality Requirements in a Collaborative Environment.
>>>> Download a free trial of Rational Requirements Composer Now!
>>>> http://p.sf.net/sfu/www-ibm-com
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>>
>>>
>>> --
>>> joel esler | Sourcefire | gtalk: jesler at ...1935... | 302-223-5974
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> This SF.net email is sponsored by:
>>> High Quality Requirements in a Collaborative Environment.
>>> Download a free trial of Rational Requirements Composer Now!
>>> http://p.sf.net/sfu/www-ibm-com
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>
>>
>>
>> --
>> Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
>> Sourcefire - Security for the Real World - http://www.sourcefire.com
>> Snort: Open Source IDP - http://www.snort.org
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> High Quality Requirements in a Collaborative Environment.
> Download a free trial of Rational Requirements Composer Now!
> http://p.sf.net/sfu/www-ibm-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org




More information about the Snort-users mailing list