On 7/18/07, Martin Roesch <roesch@sourcefire.com> wrote:
<snip>
I (and Sourcefire) are not asking for any support from commercial
vendors. On the other hand, we do put quite a bit of effort into
Snort and we distribute it under a license which we expect to be
adhered to. I don't care if companies integrate Snort, we're happy
when they do because it builds a larger community of Snort users
which is better for all of us. Competition doesn't worry us in this
regard, we feel that we serve our area of the market quite capably
irrespective of other companies that offer Snort-based solutions.
This isn't about that at all, it's about enforcing compliance with
the license that Snort is distributed under.
The primary problem I have with companies that don't contribute to
the project is when they don't like us being assertive about our
rights as the copyright holder. Their legitimacy to question our
licensing language is highly suspect given their past contributions
to and role in the community. If all a vendor does is take and they
don't give anything back to anyone then let's call it what it is and
say they're a vendor who's worried that they're going to actually
have to pay for something that you've been getting for free.
I don't think the clarifications in Snort 3.0 are clear enough, in fact they
may open up even more questions.
Under the GPL, I'm allowed to redistribute Snort, and charge for it, and
even put it on a system with my proprietary application as long as I make
the source code available, and don't claim ownership of it lalalala. It
sounds to me like Sourcefire wants to prevent this activity, but the license
on the Snort 3 alphas is not clear about this.
MySQL is an example that makes it clear. MySQL is GPL unless you are
redistributing it as part of your non open source application, then you are
required to license MySQL.
Now lets take for example StillSecure. They ship Snort as an RPM, perhaps
an RPM that is installed. But you can still go to their site and download
the RPM, and the SRPM which contains all the Snort source code as well as
any patches they may have applied. Presumably they manage the Snort process
and parse the output provided by one of the output plugins. This all sounds
to me like proper compliance with the GPL. Are they in compliance with
Sourcefires interpretation of the GPL? While I'm not positive (I've only
had experience with their StrataGuard free), I don't think StillSecure
products actually link with Snort, or integrate any of its source code.
Also, RPM can hardly be considered a proprietary installer.
If all GPL authors applied the same clarifications that Sourcefire is doing,
would RedHat even be able to exist with the current business model? I'm not
sure they could.
I can understand Sourcefire not wanting integrators to pull Snort source
code directly into their product and link with it, perhaps even concealing
the fact that Snort is being used, this would be a clear GPL violation. But
there are other integrators that comply to the GPL as it is generally
understood, are these vendors being targetting by Sourcefire as well?
Please consider making the usage terms blatantly clear. I don't need a
lawyer to determine if I need to license MySQL or not, its very clear. I
believe Sourcefire could save themselves from hassle by providing the same
clarity.
Thanks.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
