--On July 21, 2007 9:35:05 AM +1000 Matt Jonkman
<jonkman@bleedingthreats.net> wrote:
Thanks for the answers Marty. I hope you and SF considers answering
these questions BEFORE it becomes a crisis next time. Having these
regular communication problems and blackouts is very taxing on the
community's ability to stay together.
I've been watching this discussion closely. ISTM that every time
Sourcefire/Marty does something some people immediately assume the worst
and start crying "crisis". (Matt, you are a senior member of that group.)
Given the past history of snort, Sourcefire and Marty, ISTM that
Sourcefire/Marty should be given the benefit of the doubt in cases such as
this. IOW, rather than screaming "license change! License change!" it
would be a great deal more productive to simply ask for clarification.
Nothing I have read (and I've read it all) remotely approaches the cries
of dire disaster coming from some quarters.
One open question though: Are major code contributors going to be
reimbursed for the revenue made from their code under separate
commercial licenses in the 2.x branch?
This is such a ridiculous question that I'm stunned you would ask it. The
GPL permits not only the use of open source code but also its sale in a
derivative, commercial product. There's not a single word about
reimbursement of the contributors of the open source code.
<http://www.gnu.org/copyleft/gpl.html>
"When we speak of free software, we are referring to freedom, not price.
Our General Public Licenses are designed to make sure that you have the
freedom to distribute copies of free software (and charge for them if you
wish), that you receive source code or can get it if you want it, that you
can change the software or use pieces of it in new free programs, and that
you know you can do these things."
Marty was taken to task for writing "It's Free as in "Free Speech", not
Free as in "Free Money" people!" ISTM his language reflects the language
of the preamble to the GPL license. Clearly Marty is more familiar with
the GPL than some of his critics.
If it were going to be licensed
to someone under the GPLv2 (or 3) these contributors would not be
entitled to anything as I understand. But under some other license I
think the copyright owners must be compensated, no?
You understand wrong. Here's what Marty wrote:
" By sending these changes to Sourcefire or one of the
Sourcefire-moderated mailing lists or forums, you are granting to
Sourcefire, Inc. the
unlimited, perpetual, non-exclusive right to reuse, modify, and/or
relicense the code."
Somehow, you (and several others) seem to have completely missed or
deliberately ignored the "non" in "non-exclusive" use (after all, if we're
going to impute negative motives to folks, let's not stop with Marty -
those on the "other side" don't exactly have "clean hands" in this debate
either - fair enough?). IOW, copyright holders of code (or rules or
whatever else you want to assert is "contributing" to snort) STILL retain
their copyright. All they are doing is granting Sourcefire the right in
perpetuity to reuse, modify or relicense the code. Clearly this clause
protects Sourcefire from vindictive or litigious copyright holders. It
does *not* remove any existing rights from a copyright holder but does
prevent them from changing the license terms after Sourcefire has made use
of it.
I realize that won't be an issue in the 3.0 branch as it's all SF code.
But it seems fair that major contributors should be considered at least
in current agreements.
It doesn't seem fair at all to me. People who contribute to snort do not
"deserve" to be compensated for income that Sourcefire generates from the
sale of a *derivative* product that uses snort. Snort is still free.
Snort is still open source. Nothing has changed in that regard, and no
copyright holder has given up, lost or had stolen any of his or her rights
to their contribution(s).
To be clear, I'm not one of those people. My contributions to date are
almost all in signatures. But it's a question worth asking.
I for one am getting quite irritated at the repeated attacks on Marty and
Sourcefire. Marty's actions and decisions have been consistently pro-open
source from the beginning of snort and remain so today. Now that he's
actually making money from snort (by adding closed source added-value
software to it in a package - something others complaining here are also
doing) some seem to resent the change. Yet snort still remains open
source. The community still contributes to snort, and the community still
benefits from snort. No one (AFAIK) has to pay a dime for snort or for
the rules (even though Sourcefire contributes most of the new code and
does much of the rules-testing.)
From my viewpoint, what's changed is the attitudes of some in the
community, and at least *some* of them have interests other than those of
us who simply use the product and are thankful to have a top quality IDS
that we don't have to pay for.
Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
p7scyszh9Nm0c.p7s
Description: S/MIME cryptographic signature
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
