Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] What's up with Snort's license? (Answer rollup)

from [Alan Shimel] Network Security [Permanent Link]
Subject: Re: [Snort-users] What's up with Snort's license? (Answer rollup)
Date: Thu, 19 Jul 2007 17:22:27 -0600 
Marty

Thanks for the clarification. I think that clears up a number of issues.
My only concern is the last paragraph about adhering to the GPL.  I
don't think you answered the specific examples I and another person
raised about StillSecure's use of Snort for instance.

We can take it off line if you like, just let me know

Thanks
alan

StillSecure
Alan Shimel
Chief Strategy Officer

O 303.381.3815
C 516.857.7409
F 303.381.3881

  

StillSecure, After All These Years

www.stillsecure.com
The information transmitted is intended only for the person
to whom it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer. 


-----Original Message-----
From: snort-users-bounces@lists.sourceforge.net
[mailto:snort-users-bounces@lists.sourceforge.net] On Behalf Of Martin
Roesch
Sent: Thursday, July 19, 2007 5:11 PM
To: Snort Users
Subject: Re: [Snort-users] What's up with Snort's license? (Answer
rollup)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Instead of responding to each email individually I'd like to roll up  
all the relevant questions into one email and answer them all here.

[*] General

Q.  Do these licensing updates change Sourcefire's commitment to open  
source.
A.  No, Sourcefire remains committed to open source.  Snort will  
always remain an open source product - period.

[*] Snort 2.x licensing questions:

Q.  What are Sourcefire's issues with GPL v3?
A.  Simply stated, similar to Linus Torvalds' stance - GPL v3 is not  
the license we chose.  Without a complete legal review and opinion of  
the entire work we can't comment on the specifics.  We want to  
complete due diligence on the license and make an informed decision.   
We will publish our opinion when it's ready.

Q.  What is the practical impact to end users of the GPL v2 lock?
A.  None. The lock provides us time to review GPL v3 and make an  
informed decision.  End users are free to use, modify and  
redistribute Snort under GPL v2.

Q. Is it within Sourcefire's right to change the language in the  
source code preamble comments to lock the license at version 2 of the  
GPL?
A.  The new language that we incorporated for the 2.7.x release  
changes a notification provision that applies to the GPL, IT DID NOT  
CHANGE THE GPL.  This is a permissible change because it's modifying  
the suggested language for header preambles in Snort 2.7.x, not the  
license itself.  If you read the GPL you'll see that this language is  
suggested in the section that comes AFTER the Terms and Conditions of  
the license.  The new language follows one of these suggestions and  
specifies which version we want our licensees to follow.

Q.  Is Sourcefire addressing the concerns raised by Victor and Will  
from the Snort-inline project.
A.  Yes, we made some mistakes and have corrected them.  Today's  
release of 2.7 addresses the issues raised by Will and Victor.  If  
you have concerns regarding the headers or copyrights on code that  
you've contributed let us know and we'll take care of it.

Q.  Do the GPL v2 derivative works clarifications used in the Snort  
3.0-alpha code base apply to the 2.x releases of  Snort?
A.  No, these clarifications apply only to Snort 3.0

Q.  Does the "assumptive assignment" clause from Snort 3.0 apply to  
the 2.6/2.7 releases of Snort?
A. No, the assignment provisions in the Snort 3.0 license do not  
apply past contributions.  Sourcefire is in no way attempting to take  
ownership of the copyrights of past contributers.

[*] Snort 3.0 Licensing Questions

Q.  Will Snort 3.0 be licensed under GPL (currently v2 only).
A.  Yes.

Q.  Is Sourcefire claiming ownership of all contributed code?
A.  No.  The assignment clause in 3.0 will maintain your ownership of  
copyrights.  It is simply a licensing agreement granting us the right  
to modify and relicense to 3rd parties.

Q.  Does this apply to past contributions?
A.  No.  Snort  3.0 is a completely new code base that is entirely  
developed and copyrighted by Sourcefire.  If we incorporate past  
contributions to the 2.x code base as work on the Snort 3.0 project  
continues they will maintain their original copyright and license.

Q.  What if I refuse to accept the terms of the assignment?
A.  As we said, simply tell us the terms under which you're  
contributing code and we'll work with you to come to an agreement.   
If we can't, you're free to maintain it as an external patch under  
any license you wish.

Q.  What is the practical effect of the derivative works clarifications?
A.  For end users there are none.  You are free to use and modify  
Snort as you do today.  For anyone that modifies and redistributes  
Snort *and* adheres to the terms of the GPL, there are none.  You may  
continue to modify and redistribute Snort as you do today.  The only  
impact is on organizations that redistribute Snort and fail to adhere  
to the terms of the GPL.

        -Marty

- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFGn9N7qj0FAQQ3KOARAlZ3AJwI6/aEn8MydSfmFtLhMEbHHA57wgCggbgN
Xad9pECEruo714hKKMGJbFM=
=ZdYV
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-users] Snort v2.7.0 Now Available, Snort Releases
Next by Date:  Re: [Snort-users] [Bleeding-sigs] RE: What's up with Snort's license?, Matt Jonkman
Previous by Thread:  Re: [Snort-users] What's up with Snort's license? (Answer rollup), Martin Roesch
Next by Thread:  Re: [Snort-users] What's up with Snort's license? (Answer rollup), Matt Jonkman
Indexes:  [Date] [Thread] [Top] [All Lists]