The Ashimmy Blog

Quiet period or not, Marty Roesch was nice enough to post his take on Snort 3.0 licensing over on his blog. I was hoping to hear from him or someone at Sourcefire (Marty for the record, I saw the license all along, I just wanted to make sure your position on this was clear.  Labeling it COPYING instead of license didn't make it to difficult) on this and it would appear my previous article has moved Marty to clarify, which I appreciate. I agree with Marty that for the overwhelming majority of people who use Snort directly from Snort.org, this whole thing over a change in license is much ado about nothing. Snort 2.x was released under GPL and Snort 3.0 will be too. The only people that will care about the finer nuances here are those vendors that as Marty points out are using Snort as part of a product offering and the tens of thousands or more of people who use products from these vendors.

Here is where I don't agree with Marty. According to what Marty says (and if I am wrong here please say so), the new preamble that defines derivative is not in fact a change to the GPL. According to Marty the GPL is vague on this and it is his position that the Sourcefire definition of derivative is in fact the intent of the license. Under this logic even vendors who use Snort as part of the 2.x license are in violation if their use conflicts with Sourcefire's interpretation of derivative. He clearly says, "If you're a commercial company that's using Snort as part of a product offering in such a way that you've breached the terms of the GPL license, you have two choices. You can distribute the source code for your product under the GPL or you can seek an alternative license from Sourcefire." However, Marty then contradicts himself when he says, "If you don't like Snort 3.0's license language you can keep using Snort 2.x, you can use one of the other free IDS/IPS engine technologies out there or you can write your own." So clearly Marty says if you don't agree with his definition of derivative, then you can use the old version. But Marty didn't you say that your definition of derivative is in fact what the GPL is? That many vendors "misinterpret" this language to their own benefit. Didn't you say that all the preamble does is clarify what is meant by derivative and is what was meant by it all along? So which is it, does the preamble apply then only to Snort 3.0 and not Snort 2.0 because you did not specifically mention it in the 2.x license previously? If so, then it is in fact a change, if not then it is not.

Semantics or not, here is the deal: Marty Roesch, Alan Shimel or Fydor at Nmap don't get the chance to define what the GPL is. I think the definition of derivative is something the courts will decide (and btw, there is plenty of fodder out there on what is and isn't a derivative). Personally, I have no desire to go that route nor for the record do I have a desire to fork Snort. I just don't agree with definition of derivative that is being put forth here and I don't think the law on the matter does either.

If you are still reading this and are interested in finding out more about this scintillating issue, here is a good article from Lawrence Rosen of Rosenlaw and a general counsel with the OSI on derivatives.  While as Mr. Rosen says, you should get your own legal advice, it does give some good examples of the issues and what he believes about them.