[Snort-users] v2.8.4 incorrect logging to MySQL

Martin Roesch roesch at ...1935...
Tue Apr 14 20:06:14 EDT 2009


You're missing my point.  The existing Snort 2.x code base is under
the GPLv2.  The new Snort 3 code base is under the GPLv2 with
Sourcefire clarifications and definitions.  There is no contributed
code in the Snort 3 code base at this point save a patch or two that
were submitted under the GPLv2 with SF clarifications.  There has been
no change of license to a pre-existing set of code, this license is on
the new code.

The question that you're not answering is whether you regard the
nearly exact same licensing language on a different code base to be
"open source" or not.

As I recall, Nmap has always had the terms it has now or something
very close to them.  Is it open source or isn't it?

Marty


On Tue, Apr 14, 2009 at 7:35 PM, Loyal A Moses <loyalmoses at ...3027...> wrote:
>
> I'll answer.
>
> I'll send an email to Fydor and find out if he was GPL before he made
> his custom license changes. Heck, lets go dig up some original nmap
> packages from packetstorm.
>
> If Nmap was always under his restricted / altered license and
> contributors knew this from the beginning, there is no problem.
>
> If he modified the license after GPL contribution by users and the
> ultimate success of Nmap, then yes he is in the wrong.
>
> Loyal.
>
> On Apr 14, 2009, at 4:31 PM, Martin Roesch wrote:
>
>> Alan,
>>
>> We're not "hiding behind" anything.  Our licensing terms are clearly
>> outlined in Snort 3.  We (and I) believe this is a valid way to
>> license software using the GPL.
>>
>> Nobody has answered my question and I'll modify it a bit: Is
>> Fyodor/Insecure.org "hiding behind" the GPL?
>>
>> Marty
>>
>> On Tue, Apr 14, 2009 at 6:23 PM, Alan Shimel <alan at ...13458...>
>> wrote:
>>> Folks I have argued this point with Marty over and over and that
>>> was a year ago when this first came to light. Is it open source?
>>> Technically, yes it is open source. Does Sourcefire need the
>>> ability to dual license for other commercial entities that may want
>>> to embed Snort? Yes of course. So engineering aside, the plain
>>> truth is that if Sourcefire is going to protect their IP
>>> (intellectual property) and build a commercial business around it,
>>> they have no choice but to do this.
>>>
>>> They could have just said it is not open source from 3.0 on and
>>> gone that way (as other open source projects have), but they choose
>>> not to. Also from a commercial point of view, how could they
>>> license code that they don't own.  So if they took contributed code
>>> and it was not assigned to sourcefire, what right would they have
>>> to license and charge someone for this code?
>>>
>>> The bottom line is welcome to the world of commercial open source.
>>> It may shock some of you, offend others and most of you I suspect
>>> won't give a darn.  It really only effects you if you contribute
>>> code (a small percentage of you) or if you are seeking to embed
>>> Snort in your own commercial products.  But don't be naïve, this is
>>> what open source software that is owned by commercial companies is
>>> all about these days.
>>>
>>> Last year we at StillSecure released our own product, Cobia on our
>>> own "community license" because we didn't want to hide behind a GPL
>>> duality. We were plain and open about why we did this and caught
>>> flak from the open source community. So I guess no matter what you
>>> do, you just can't please all the people all the time!
>>>
>>> alan
>>>
>>> StillSecure
>>> Alan Shimel
>>> Chief Strategy Officer
>>>
>>> O 561.886.0455
>>> C 516.857.7409
>>> F 303.381.3881
>>>
>>> StillSecure, After All These Years
>>>
>>> ? Grab this Headline Animator
>>>
>>> www.stillsecure.com
>>> The information transmitted is intended only for the person
>>> to whom it is addressed and may contain confidential material.
>>> Review or other use of this information by persons other than
>>> the intended recipient is prohibited. If you've received
>>> this in error, please contact the sender and delete
>>> from any computer.
>>>
>>>
>>> -----Original Message-----
>>> From: Martin Roesch [mailto:roesch at ...1935...]
>>> Sent: Tuesday, April 14, 2009 5:47 PM
>>> To: Loyal A Moses
>>> Cc: snort-users at lists.sourceforge.net
>>> Subject: Re: [Snort-users] v2.8.4 incorrect logging to MySQL
>>>
>>> It's actually a dual license if you want to get technical and it's
>>> common practice in the open source world where you have a business as
>>> the primary developer of the open source technology.
>>>
>>> Do you consider Nmap to be open source?  It has nearly the exact same
>>> license modifiers as we use and has for far longer than the Snort
>>> project.  Does anyone consider it to not be open source for
>>> noncommercial use?  It's in Debian's apt-get and listed as GPL2 and
>>> uses almost exactly the same licensing language that Snort 3 uses, in
>>> fact we derived our terms from Nmap's licensing language originally.
>>>
>>> Snort 3.0 is distributed under the GPLv2, the license is included
>>> with
>>> the code.  That makes it open source.  The fact that it doesn't bring
>>> forward code contributions from Snort 2 has absolutely nothing to do
>>> with the fact that they were contributed from 3rd parties.
>>>
>>> The decision to undertake development of Snort 3.0 had nothing to do
>>> with licensing issues and everything to do with engineering
>>> requirements.  Go have a look at my blog if you want to understand
>>> the
>>> scope of those engineering requirements.  *I* decided to start with a
>>> fresh code base after mulling it over for months because I felt that
>>> adapting the capabilities to the existing Snort 2.x code base
>>> wouldn't
>>> help us at all in terms of time to release or capabilities.  We would
>>> have changed so much that there would have been more effort involved
>>> retrofitting the existing code than there would be writing new code.
>>> I actually wrote some prototypes of what I wanted to accomplish in
>>> Snort 3 on top of Snort 2 and rapidly decided that there was more
>>> risk
>>> going that route instead of starting from scratch.
>>>
>>> The fact that it doesn't carry over contributed code makes it no less
>>> open source than it is today.  Snort 3 is open source.
>>>
>>> Marty
>>>
>>> On Tue, Apr 14, 2009 at 5:06 PM, Loyal A Moses <loyalmoses at ...3027...>
>>> wrote:
>>>>
>>>> Marty,
>>>>
>>>> Do you mean open source as in GPL or equivalent or as in we can all
>>>> read the source?
>>>>
>>>> A quote from you:
>>>>
>>>> "We're also saying that people who want to
>>>> contribute code to the project do so with the knowledge that we're
>>>> going to consider the code as assigned to Sourcefire unless other
>>>> arrangements are made."
>>>>
>>>> That doesn't sound so "open source" to me and more like a charade.
>>>>
>>>> And another quote in the same posting by you:
>>>>
>>>> "Given that we need to be able to offer Snort under an alternative
>>>> license for commercial integrators who are integrating Snort and
>>>> don't want to adhere to the GPL it's essential that we retain the
>>>> right to relicense the totality of the codebase."
>>>>
>>>> Now, there is the real reason.
>>>>
>>>> Just be direct and communicate that version 3 will not be GPL and
>>>> Sourcefire will now retain all rights. Unless you plan on having two
>>>> source branches with zero intellectual-property cross over and
>>>> licensed independently.
>>>>
>>>> I am not hostile towards the concept. The concept is business and it
>>>> is what it is.
>>>>
>>>> Loyal.
>>>>
>>>> On Apr 14, 2009, at 1:40 PM, Martin Roesch wrote:
>>>>
>>>>> Snort 3.0 is open source.
>>>>>
>>>>> Marty
>>>>>
>>>>> On Tue, Apr 14, 2009 at 4:21 PM, Loyal A Moses <loyalmoses at ...3027...>
>>>>> wrote:
>>>>>>
>>>>>> Snort is open source, until version 3. But that is a whole other
>>>>>> argument.
>>>>>> On Apr 14, 2009, at 1:11 PM, Joel Esler wrote:
>>>>>>
>>>>>> No one is taking a vote, we just said, "if we had a vote in it..."
>>>>>> I'd
>>>>>> rather take the code out of the IDS/IPS and put it into an output
>>>>>> module.
>>>>>>  One that is maintained well (as Shawn said).
>>>>>> Snort is an open source program, I don't see harm in discussion on
>>>>>> Snort's
>>>>>> own mailing lists do you?
>>>>>> J
>>>>>>
>>>>>> On Tue, Apr 14, 2009 at 3:35 PM, Loyal A Moses
>>>>>> <loyalmoses at ...3027...>
>>>>>> wrote:
>>>>>>>
>>>>>>> Is Sourcefire limited on development skill or man power?
>>>>>>>
>>>>>>> It makes no sense at all to remove one of the most common
>>>>>>> facilities
>>>>>>> in use by snort users because it is "too complex".
>>>>>>>
>>>>>>> In the end, you'll do what you are going to do regardless of the
>>>>>>> community -- we've seen it before. But don't use "complexity" and
>>>>>>> "bugs" as the excuse.
>>>>>>>
>>>>>>> Sourcefire is a publicly traded company -- Is it smart to be
>>>>>>> taking
>>>>>>> votes on product development from a mailing list? I wouldn't
>>>>>>> think
>>>>>>> so.
>>>>>>>
>>>>>>> Loyal.
>>>>>>>
>>>>>>> On Apr 14, 2009, at 11:52 AM, Jason Brvenik wrote:
>>>>>>>
>>>>>>>> I have an ulterior motive and it is simple.
>>>>>>>>
>>>>>>>> Many of the bugs and issues over time with snort have been in
>>>>>>>> output
>>>>>>>> plugins. Make one well supported, tested, unified method
>>>>>>>> designed
>>>>>>>> for
>>>>>>>> best performance and while doing so it improves the
>>>>>>>> supportability and
>>>>>>>> maintainability of the code base.
>>>>>>>>
>>>>>>>> On Tue, Apr 14, 2009 at 2:39 PM, Loyal A Moses <loyalmoses at ...14563......
>>>>>>>> >
>>>>>>>> wrote:
>>>>>>>>> My vote is to provide as many output options as possible, to
>>>>>>>>> help
>>>>>>>>> keep
>>>>>>>>> snort used as a tool.
>>>>>>>>>
>>>>>>>>> The argument of code complexity being a good reason to remove
>>>>>>>>> output
>>>>>>>>> facilities is only valid if the code is written poorly and not
>>>>>>>>> modular. This wheel doesn't need re-invented and this
>>>>>>>>> conversation is
>>>>>>>>> kind of silly, unless there is ulterior motives for actually
>>>>>>>>> wanting
>>>>>>>>> to remove this support.
>>>>>>>>>
>>>>>>>>> Loyal.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>> This SF.net email is sponsored by:
>>>>>>>>> High Quality Requirements in a Collaborative Environment.
>>>>>>>>> Download a free trial of Rational Requirements Composer Now!
>>>>>>>>> http://p.sf.net/sfu/www-ibm-com
>>>>>>>>> _______________________________________________
>>>>>>>>> Snort-users mailing list
>>>>>>>>> Snort-users at lists.sourceforge.net
>>>>>>>>> Go to this URL to change user options or unsubscribe:
>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>>>>>> Snort-users list archive:
>>>>>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ------------------------------------------------------------------------------
>>>>>>> This SF.net email is sponsored by:
>>>>>>> High Quality Requirements in a Collaborative Environment.
>>>>>>> Download a free trial of Rational Requirements Composer Now!
>>>>>>> http://p.sf.net/sfu/www-ibm-com
>>>>>>> _______________________________________________
>>>>>>> Snort-users mailing list
>>>>>>> Snort-users at lists.sourceforge.net
>>>>>>> Go to this URL to change user options or unsubscribe:
>>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>>>> Snort-users list archive:
>>>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> joel esler | Sourcefire | gtalk: jesler at ...1935... |
>>>>>> 302-223-5974
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> This SF.net email is sponsored by:
>>>>>> High Quality Requirements in a Collaborative Environment.
>>>>>> Download a free trial of Rational Requirements Composer Now!
>>>>>> http://p.sf.net/sfu/www-ibm-com
>>>>>> _______________________________________________
>>>>>> Snort-users mailing list
>>>>>> Snort-users at lists.sourceforge.net
>>>>>> Go to this URL to change user options or unsubscribe:
>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>>> Snort-users list archive:
>>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
>>>>> Sourcefire - Security for the Real World - http://
>>>>> www.sourcefire.com
>>>>> Snort: Open Source IDP - http://www.snort.org
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> This SF.net email is sponsored by:
>>>> High Quality Requirements in a Collaborative Environment.
>>>> Download a free trial of Rational Requirements Composer Now!
>>>> http://p.sf.net/sfu/www-ibm-com
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>
>>>
>>>
>>>
>>> --
>>> Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
>>> Sourcefire - Security for the Real World - http://www.sourcefire.com
>>> Snort: Open Source IDP - http://www.snort.org
>>>
>>> ------------------------------------------------------------------------------
>>> This SF.net email is sponsored by:
>>> High Quality Requirements in a Collaborative Environment.
>>> Download a free trial of Rational Requirements Composer Now!
>>> http://p.sf.net/sfu/www-ibm-com
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>
>>
>>
>> --
>> Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
>> Sourcefire - Security for the Real World - http://www.sourcefire.com
>> Snort: Open Source IDP - http://www.snort.org
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> High Quality Requirements in a Collaborative Environment.
> Download a free trial of Rational Requirements Composer Now!
> http://p.sf.net/sfu/www-ibm-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org




More information about the Snort-users mailing list