Marty Roesch clarifies some of his previous comments
In the interest of reporting all sides of the story (I just love this journalist stuff ;-)), I wanted to let you know that Marty Roesch clarified some of his comments which led to my blog article last night/this morning. Things Marty said that may alter what I believed when I wrote my article:
1. Q. Is it within Sourcefire's right to change the language in the source code preamble comments to lock the license at version 2 of the GPL?
A. The new language that we incorporated for the 2.7.x release changes a notification provision that applies to the GPL, IT DID NOT CHANGE THE GPL. This is a permissible change because it's modifying the suggested language for header preambles in Snort 2.7.x, not the license itself. If you read the GPL you'll see that this language is suggested in the section that comes AFTER the Terms and Conditions of the license. The new language follows one of these suggestions and specifies which version we want our licensees to follow.
I am not sure I wholeheartedly agree here, it sounds like a bit of legal hair splitting. Marty and team say they did not change the license at all, it is still GPL, it just changes a notification provision. Frankly, I don't think they had the right to change anything there without the owners permissions, but since I was not effected, I really can't say. Would be interested in what others think.
2. Q. Is Sourcefire addressing the concerns raised by Victor and Will from the Snort-inline project.
A. Yes, we made some mistakes and have corrected them. Today's release of 2.7 addresses the issues raised by Will and Victor. If you have concerns regarding the headers or copyrights on code that you've contributed let us know and we'll take care of it.
This is good to hear and I am glad they did this. Some of the "non-license changes" they changed were to code that was licensed under non-GPL, BSD licensed code.
3. Q. Do the GPL v2 derivative works clarifications used in the Snort 3.0-alpha code base apply to the 2.x releases of Snort?
A. No, these clarifications apply only to Snort 3.0
So here, I just don't get it. Marty clearly has said that the clarifications in the Snort 3.0 license just clarify what the GPL meant all along. If so logic would dictate they apply to earlier versions as well, whether or not the clarifications were there or not. If they don't, how is that clarification not a change. It just doesn't make sense to me and is a I think a weakness in the argument here.
4. Q. Does the "assumptive assignment" clause from Snort 3.0 apply to the 2.6/2.7 releases of Snort?
A. No, the assignment provisions in the Snort 3.0 license do not apply past contributions. Sourcefire is in no way attempting to take ownership of the copyrights of past contributers.
I clearly misunderstood this and this is the way it should be. People should know before hand about a "assumptive assignment" and make a decision on whether or not to contribute code based upon it.
5. Q. Is Sourcefire claiming ownership of all contributed code?
A. No. The assignment clause in 3.0 will maintain your ownership of copyrights. It is simply a licensing agreement granting us the right to modify and relicense to 3rd parties.
Again, I was not clear on this and am glad to see it. Of course in reality you are giving Sourcefire a pretty broad license to profit from your work and are you entitled to anything from it is a question to ask. But at least you still retain ownership.
6. Q. Does this apply to past contributions?
A. No. Snort 3.0 is a completely new code base that is entirely developed and copyrighted by Sourcefire. If we incorporate past contributions to the 2.x code base as work on the Snort 3.0 project continues they will maintain their original copyright and license.
So sounds to me like maybe this whole issue goes away as they are using only Sourcefire owned and developed code in 3.0. That certainly make it less messy.
7. Q. What is the practical effect of the derivative works clarifications?
A. For end users there are none. You are free to use and modify Snort as you do today. For anyone that modifies and redistributes Snort *and* adheres to the terms of the GPL, there are none. You may continue to modify and redistribute Snort as you do today. The only impact is on organizations that redistribute Snort and fail to adhere to the terms of the GPL.
So this is where I think Marty is playing a bit fast and loose. The *and* adheres to the terms of the GPL thing. Is that the terms as Marty understands them. The same terms that he says needs to be clarified otherwise they don't apply? Or is it the terms as I understand them. Or for that matter how someone else understands them. The devil is in the details on that one and I suspect will be the crux of my future conversations with Marty and the Sourcefire team.
Comments